The OVAL Repository5.102015-09-03T08:34:13.181-04:00ELSA-2015-1115 -- Oracle opensslOracle Linux 7opensslOpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. A flaw was found in the way OpenSSL handled Cryptographic Message Syntax messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDELSA-2015-0999 -- Oracle qemu-kvmOracle Linux 7qemu-kvmlibcacardKVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host"s QEMU process corresponding to the guest. Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDELSA-2015-0092 -- glibc security update (critical)Oracle Linux 6Oracle Linux 7glibc[2.17-55.0.4.el7_0.5]
- Remove strstr and strcasestr implementations using sse4.2 instructions.
- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and
1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi)
[2.17-55.5]
- Rebuild and run regression testing.
[2.17-55.4]
- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183535).
[2.17-55.3]
- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118)
[2.17-55.2]
- ftell: seek to end only when there are unflushed bytes (#1170187).
[2.17-55.1]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1976 -- rpm security update (important)Oracle Linux 7rpm[4.11.1-18]
- Add check against malicious CPIO file name size (#1163060)
- Fixes CVE-2014-8118
[4.11.1-17]
- Fix race condidition where unchecked data is exposed in the file system
(#1163060)
- Fixes CVE-2013-6435Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1983 -- xorg-x11-server security update (important)Oracle Linux 6Oracle Linux 7xorg-x11-server[1.15.0-7.0.1.el7_0.3]
- Invalid BUG_RETURN_VAL fix, upstream patch (orabug 18896390)
[1.15.0-7.3]
- CVE fixes for: CVE-2014-8099, CVE-2014-8098, CVE-2014-8097, CVE-2014-8096,
CVE-2014-8095, CVE-2014-8094, CVE-2014-8093, CVE-2014-8092, CVE-2014-8091,
CVE-2014-8101, CVE-2014-8100, CVE-2014-8103, CVE-2014-8102Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1984 -- bind security update (important)Oracle Linux 5Oracle Linux 6Oracle Linux 7bind[32:9.9.4-14.0.1.el7_0.1]
- Rebuild to fix libmysqlclient dependency
[32:9.9.4-14.1]
- Fix CVE-2014-8500 (#1171975)Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDELSA-2014-2021 -- jasper security update (important)Oracle Linux 6Oracle Linux 7jasper[1.900.1-16.2]
- CVE-2014-8137 - double-free in in jas_iccattrval_destroy (#1173566)
- CVE-2014-8138 - heap overflow in jp2_decode (#1173566)
[1.900.1-16.1]
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
marker segment decoders (#1171208)
[1.900.1-16]
- CERT VU#887409: heap buffer overflow flaws lead to arbitrary code execution
(#749150)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1971 -- kernel security and bug fix update (important)Oracle Linux 7kernel[3.10.0-123.13.1]
- Oracle Linux certificates (Alexey Petrenko)
[3.10.0-123.13.1]
- [powerpc] mm: Make sure a local_irq_disable prevent a parallel THP split (Don Zickus) [1151057 1083296]
- [powerpc] Implement __get_user_pages_fast() (Don Zickus) [1151057 1083296]
- [scsi] vmw_pvscsi: Some improvements in pvscsi driver (Ewan Milne) [1144016 1075090]
- [scsi] vmw_pvscsi: Add support for I/O requests coalescing (Ewan Milne) [1144016 1075090]
- [scsi] vmw_pvscsi: Fix pvscsi_abort() function (Ewan Milne) [1144016 1075090]
[3.10.0-123.12.1]
- [alsa] control: Make sure that id->index does not overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656}
- [alsa] control: Handle numid overflow (Jaroslav Kysela) [1117313 1117314] {CVE-2014-4656}
- [alsa] control: Protect user controls against concurrent access (Jaroslav Kysela) [1117338 1117339] {CVE-2014-4652}
- [alsa] control: Fix replacing user controls (Jaroslav Kysela) [1117323 1117324] {CVE-2014-4654 CVE-2014-4655}
- [net] sctp: fix remote memory pressure from excessive queueing (Daniel Borkmann) [1155750 1152755] {CVE-2014-3688}
- [net] sctp: fix panic on duplicate ASCONF chunks (Daniel Borkmann) [1155737 1152755] {CVE-2014-3687}
- [net] sctp: fix skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [1147856 1152755] {CVE-2014-3673}
- [net] sctp: handle association restarts when the socket is closed (Daniel Borkmann) [1147856 1152755] [1155737 1152755] [1155750 1152755]
- [pci] Add ACS quirk for Intel 10G NICs (Alex Williamson) [1156447 1141399]
- [pci] Add ACS quirk for Solarflare SFC9120 & SFC9140 (Alex Williamson) [1158316 1131552]
- [lib] assoc_array: Fix termination condition in assoc array garbage collection (David Howells) [1155136 1139431] {CVE-2014-3631}
- [block] cfq-iosched: Add comments on update timing of weight (Vivek Goyal) [1152874 1116126]
- [block] cfq-iosched: Fix wrong children_weight calculation (Vivek Goyal) [1152874 1116126]
- [powerpc] mm: Check paca psize is up to date for huge mappings (Gustavo Duarte) [1151927 1107337]
- [x86] perf/intel: ignore CondChgd bit to avoid false NMI handling (Don Zickus) [1146819 1110264]
- [x86] smpboot: initialize secondary CPU only if master CPU will wait for it (Phillip Lougher) [1144295 968147]
- [x86] smpboot: Log error on secondary CPU wakeup failure at ERR level (Igor Mammedov) [1144295 968147]
- [x86] smpboot: Fix list/memory corruption on CPU hotplug (Igor Mammedov) [1144295 968147]
- [acpi] processor: do not mark present at boot but not onlined CPU as onlined (Igor Mammedov) [1144295 968147]
- [fs] udf: Avoid infinite loop when processing indirect ICBs (Jacob Tanenbaum) [1142321 1142322] {CVE-2014-6410}
- [hid] picolcd: fix memory corruption via OOB write (Jacob Tanenbaum) [1141408 1141409] {CVE-2014-3186}
- [usb] serial/whiteheat: fix memory corruption flaw (Jacob Tanenbaum) [1141403 1141404] {CVE-2014-3185}
- [hid] fix off by one error in various _report_fixup routines (Jacob Tanenbaum) [1141393 1141394] {CVE-2014-3184}
- [hid] logitech-dj: fix OOB array access (Jacob Tanenbaum) [1141211 1141212] {CVE-2014-3182}
- [hid] fix OOB write in magicmouse driver (Jacob Tanenbaum) [1141176 1141177] {CVE-2014-3181}
- [acpi] Fix bug when ACPI reset register is implemented in system memory (Nigel Croxon) [1136525 1109971]
- [fs] vfs: fix ref count leak in path_mountpoint() (Ian Kent) [1122481 1122376] {CVE-2014-5045}
- [kernel] ptrace: get_dumpable() incorrect tests (Jacob Tanenbaum) [1111605 1111606] {CVE-2013-2929}
- [media] media-device: fix an information leakage (Jacob Tanenbaum) [1109776 1109777] {CVE-2014-1739}
- [target] rd: Refactor rd_build_device_space + rd_release_device_space (Denys Vlasenko) [1108754 1108755] {CVE-2014-4027}
- [block] blkcg: fix use-after-free in __blkg_release_rcu() by making blkcg_gq refcnt an atomic_t (Vivek Goyal) [1158313 1118436]
- [virt] kvm: fix PIT timer race condition (Petr Matousek) [1144879 1144880] {CVE-2014-3611}
- [virt] kvm/vmx: handle invept and invvpid vm exits gracefully (Petr Matousek) [1145449 1116936] [1144828 1144829] {CVE-2014-3645 CVE-2014-3646}
[3.10.0-123.11.1]
- [net] fix UDP tunnel GSO of frag_list GRO packets (Phillip Lougher) [1149661 1119392]
[3.10.0-123.10.1]
- [pci] hotplug: Prevent NULL dereference during pciehp probe (Myron Stowe) [1142393 1133107]
- [kernel] workqueue: apply __WQ_ORDERED to create_singlethread_workqueue() (Tomas Henzl) [1151314 1131563]Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1870 -- libXfont security update (important)Oracle Linux 6Oracle Linux 7libXfont[1.4.5-4]
- CVE-2014-0209: integer overflow of allocations in font metadata file parsing (bug 1163602, bug 1163601)
- CVE-2014-0210: unvalidated length fields when parsing xfs protocol replies (bug 1163602, bug 1163601)
- CVE-2014-0211: integer overflows calculating memory needs for xfs replies (bug 1163602, bug 1163601)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1956 -- wpa_supplicant security update (moderate)Oracle Linux 7wpa_supplicant[1:2.0-13]
- Use os_exec() for action script execution (CVE-2014-3686)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-3096 -- Unbreakable Enterprise kernel security update (important)Oracle Linux 6Oracle Linux 7kernel-uekUnbreakable Enterprise kernel security updateSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1999 -- mailx security update (moderate)Oracle Linux 6Oracle Linux 7mailx[12.4-8]
- CVE-2004-2771 mailx: command execution flaw
resolves: #1171175Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1826 -- libvncserver security update (moderate)Oracle Linux 6Oracle Linux 7libvncserver[0.9.7-7.1]
- Fix CVE-2014-6051 (integer overflow in screen size handling) (bug #1157668)
- Fix CVE-2014-6052 (NULL pointer dereference in framebuffer setup)
(bug #1157668)
- Fix CVE-2014-6053 (NULL pointer dereference in ClientCutText message
handling) (bug #1157668)
- Fix CVE-2014-6054 (server divide-by-zero in scaling factor handling)
(bug #1157668)
- Fix CVE-2014-6055 (server stacked-based buffer overflow in file transfer
handling) (bug #1157668)
[0.9.7-7]
- Revert CVE-2011-0904 and CVE-2011-0905 patch because libvncserver is not
vulnerable (bug #696767)
[0.9.7-6]
- Fix CVE-2011-0904 and CVE-2011-0905 in more generic way (bug #696767)
[0.9.7-5]
- Fix CVE-2011-0904 (bug #696767)
- Fix CVE-2011-0905 (bug #696767)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-2010 -- kernel security update (important)Oracle Linux 7kernel[3.10.0-123.13.2]
- Oracle Linux certificates (Alexey Petrenko)
[3.10.0-123.13.2]
- [x86] traps: stop using IST for #SS (Petr Matousek) [1172812 1172813] {CVE-2014-9322}Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-3103 -- Unbreakable Enterprise kernel security update (important)Oracle Linux 6Oracle Linux 7kernel-uekkernel-uek [3.8.13-55.1.1] - ALSA: control: Protect user controls against
concurrent access (Lars-Peter Clausen) [Orabug: 20192540] {CVE-2014-4652} - target/rd:
Refactor rd_build_device_space + rd_release_device_space (Nicholas Bellinger) [Orabug:
20192516] {CVE-2014-4027} - HID: logitech: perform bounds checking on device_id early
enough (Jiri Kosina) [Orabug: 20192477] {CVE-2014-3182} - udf: Avoid infinite loop when
processing indirect ICBs (Jan Kara) [Orabug: 20192448] {CVE-2014-6410} - ALSA: control:
Make sure that id->index does not overflow (Lars-Peter Clausen) [Orabug: 20192416]
{CVE-2014-4656} - ALSA: control: Handle numid overflow (Lars-Peter Clausen) [Orabug:
20192367] {CVE-2014-4656} - HID: picolcd: sanity check report size in raw_event() callback
(Jiri Kosina) [Orabug: 20192208] {CVE-2014-3186} - net: sctp: fix remote memory pressure
from excessive queueing (Daniel Borkmann) [Orabug: 20192058] {CVE-2014-3688}Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-2024 -- ntp security update (important)Oracle Linux 6Oracle Linux 7ntp[4.2.6p5-2]
- don't generate weak control key for resolver (CVE-2014-9293)
- don't generate weak MD5 keys in ntp-keygen (CVE-2014-9294)
- fix buffer overflows via specially-crafted packets (CVE-2014-9295)
- don't mobilize passive association when authentication fails (CVE-2014-9296)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1912 -- ruby security update (moderate)Oracle Linux 7ruby[2.0.0.353-22]
- Fix REXML billion laughs attack via parameter entity expansion
(CVE-2014-8080).
Resolves: rhbz#1163998
- REXML incomplete fix for CVE-2014-8080 (CVE-2014-8090).
Resolves: rhbz#1163998
[2.0.0.353-21]
- Fix off-by-one stack-based buffer overflow in the encodes() function
(CVE-2014-4975)
Resolves: rhbz#1163998
[2.0.0.353-21]
- Fix FTBFS with new tzdata
Related: rhbz#1163998Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-3092 -- bash security update (important)Oracle Linux 7bash[4.2.45-5.4.0.1]
- Fix segfaults from CVE-2014-6277 and CVE-2014-6278 completely. [orabug 19905256]Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-3087 -- Unbreakable Enterprise kernel security update (important)Oracle Linux 6Oracle Linux 7kernel-uekkernel-uek [3.8.13-44.1.5.el6uek] - net: sctp: fix panic on duplicate ASCONF
chunks (Daniel Borkmann) [Orabug: 20010590] {CVE-2014-3687} - net: sctp: fix
skb_over_panic when receiving malformed ASCONF chunks (Daniel Borkmann) [Orabug: 20010577]
{CVE-2014-3673}Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1827 -- kdenetwork security update (moderate)Oracle Linux 7kdenetwork[7:4.10.5-8]
- Resolves: CVE-2014-6055Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1846 -- gnutls security update (moderate)Oracle Linux 7gnutls[3.1.18-10]
- Applied fix for CVE-2014-8564 (#1161472)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1919 -- firefox security update (critical)Oracle Linux 5Oracle Linux 6Oracle Linux 7firefox[31.3.0-4.0.1]
- Add firefox-oracle-default-prefs.js and firefox-oracle-default-bookmarks.html
and remove the corresponding Red Hat ones
[31.3.0-4]
- Update to 31.3.0 ESR Build 2
- Fix for geolocation API (rhbz#1063739)
[31.2.0-5]
- splice workaround (rhbz#1150082)
[31.2.0-4]
- ppc build fix (rhbz#1151959)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-2023 -- glibc security and bug fix update (moderate)Oracle Linux 7glibc[2.17-55.0.4.el7_0.3]
- Remove strstr and strcasestr implementations using sse4.2 instructions.
- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and
1818483b15d22016b0eae41d37ee91cc87b37510 backported. (Jose E. Marchesi)
[2.17-55.3]
- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1170118)
[2.17-55.2]
- ftell: seek to end only when there are unflushed bytes (#1170187).
[2.17-55.1]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-3106 -- Unbreakable Enterprise kernel security update (important)Oracle Linux 6Oracle Linux 7kernel-uekkernel-uek [3.8.13-55.1.2.el6uek] - isofs: Fix unbounded recursion when
processing relocated directories (Jan Kara) [Orabug: 20224059] {CVE-2014-5471}
{CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug:
20224027] {CVE-2014-9090} {CVE-2014-9322}Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1801 -- shim security update (moderate)Oracle Linux 7shimshim
[0.7-8.0.1]
- update Oracle Linux certificates (Alexey Petrenko)
- replace securebootca.cer (Alexey Petrenko)
[0.7-8]
- out-of-bounds memory read flaw in DHCPv6 packet processing
Resolves: CVE-2014-3675
- heap-based buffer overflow flaw in IPv6 address parsing
Resolves: CVE-2014-3676
- memory corruption flaw when processing Machine Owner Keys (MOKs)
Resolves: CVE-2014-3677
[0.7-7]
- Use the right key for ARM Aarch64.
[0.7-6]
- Preliminary build for ARM Aarch64.
shim-signed
[0.7-8.0.1]
- Oracle Linux certificates (Alexey Petrenko)
[0.7-8]
- out-of-bounds memory read flaw in DHCPv6 packet processing
Resolves: CVE-2014-3675
- heap-based buffer overflow flaw in IPv6 address parsing
Resolves: CVE-2014-3676
- memory corruption flaw when processing Machine Owner Keys (MOKs)
Resolves: CVE-2014-3677
[0.7-5.2]
- Get the right signatures on shim-redhat.efi
Related: rhbz#1064449
[0.7-5.1]
- Update for signed shim for RHEL 7
Resolves: rhbz#1064449Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update (important)Oracle Linux 5Oracle Linux 6Oracle Linux 7nss[3.16.2.3-2.0.1.el7_0]
- Added nss-vendor.patch to change vendor
[3.16.2.3-2]
- Restore patch for certutil man page
- supply missing options descriptions
- Resolves: Bug 1165525 - Upgrade to NSS 3.16.2.3 for Firefox 31.3Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-3095 -- docker security and bug fix update (important)Oracle Linux 6Oracle Linux 7docker[1.3.2-1.0.1]
- Rename requirement of docker-io-pkg-devel in %package devel as docker-pkg-devel
- Restore SysV init scripts for Oracle Linux 6
- Require Oracle Unbreakable Enterprise Kernel Release 3 or higher
- Rename as docker.
- Re-enable btrfs graphdriver support
[1.3.2-1]
- Update source to 1.3.2 from https://github.com/docker/docker/releases/tag/v1.3.2
Prevent host privilege escalation from an image extraction vulnerability (CVE-2014-6407).
Prevent container escalation from malicious security options applied to images (CVE-2014-6408).
The '--insecure-registry' flag of the 'docker run' command has undergone several refinements and additions.
You can now specify a sub-net in order to set a range of registries which the Docker daemon will consider insecure.
By default, Docker now defines 'localhost' as an insecure registry.
Registries can now be referenced using the Classless Inter-Domain Routing (CIDR) format.
When mirroring is enabled, the experimental registry v2 API is skipped.
[1.3.1-2]
- Remove pandoc from build reqs
[1.3.1-1]
- update to v1.3.1
[1.3.0-1]
- Resolves: rhbz#1153936 - update to v1.3.0
- iptables=false => ip-masq=false
[1.2.0-3]
- Resolves: rhbz#1139415 - correct path for bash completion
/usr/share/bash-completion/completions
- sysvinit script update as per upstream commit
640d2ef6f54d96ac4fc3f0f745cb1e6a35148607
- dont own dirs for vim highlighting, bash completion and udev
[1.2.0-2]
- Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage
From: Colin Walters <walters@redhat.com>
- patch to ignore selinux if its disabled
https://github.com/docker/docker/commit/9e2eb0f1cc3c4ef000e139f1d85a20f0e00971e6
From: Dan Walsh <dwalsh@redhat.com>
- Resolves: rhbz#1139415 - correct path for bash completion
- init script waits upto 5 mins before terminating daemon
[1.2.0-1]
- Resolves: rhbz#1132824 - update to v1.2.0Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1861 -- mariadb security update (important)Oracle Linux 7mariadb[1:5.5.40-1]
- Rebase to 5.5.40
Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464
CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520
CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564
Resolves: #1160548
[1:5.5.37-1]
- Rebase to 5.5.37
https://kb.askmonty.org/en/mariadb-5537-changelog/
Also fixes: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431
CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419
Resolves: #1101062Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0921 -- httpd security update (important)Oracle Linux 7httpd[2.4.6-18.0.1.el7_0]
- replace index.html with Oracle's index page oracle_index.html
[2.4.6-18]
- mod_cgid: add security fix for CVE-2014-0231 (#1120607)
- mod_proxy: add security fix for CVE-2014-0117 (#1120607)
- mod_deflate: add security fix for CVE-2014-0118 (#1120607)
- mod_status: add security fix for CVE-2014-0226 (#1120607)
- mod_cache: add secutiry fix for CVE-2013-4352 (#1120607)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0907 -- java-1.6.0-openjdk security and bug fix update (important)Oracle Linux 5Oracle Linux 6Oracle Linux 7java-1.6.0-openjdk[1:1.6.0.1-6.1.13.4]
- moved to icedteaver 1.13.4
- moved to openjdkver b32 and openjdkdate 15_jul_2014
- added upstreamed patch patch9 rh1115580-unsyncHashMap.patch
- Resolves: rhbz#1115580
- Resolves: rhbz#1115867Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0702 -- mariadb security update (moderate)Oracle Linux 7mariadb[1:5.5.37-1]
- Rebase to 5.5.37
https://kb.askmonty.org/en/mariadb-5537-changelog/
Also fixes: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431
CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419
Resolves: #1101062Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0675 -- java-1.7.0-openjdk security update (critical)Oracle Linux 7java-1.7.0-openjdk[1.7.0.55-2.4.7.2.0.1.el7_0]
- Update DISTRO_NAME in specfile
[1.7.0.55-2.4.7.2]
- Remove NSS patches. Issues with PKCS11 provider mean it shouldn't be enabled.
- Always setup nss.cfg and depend on nss-devel at build-time to do so.
- This allows users who wish to use PKCS11+NSS to just add it to java.security.
- Patches to PKCS11 provider will be included upstream in 2.4.8 (ETA July 2014)
- Resolves: rhbz#1099565
[1.7.0.55-2.4.7.0.el7]
- bumped to future icedtea-forest 2.4.7
- updatever set to 55, buildver se to 13, release reset to 0
- removed upstreamed patch402 gstackbounds.patch
- removed Requires: rhino, BuildRequires is enough
- ppc64 repalced by power64 macro
- patch111 applied as dry-run (6.6 forward port)
- nss enabled, but notused as default (6.6 forward port)
- Resolves: rhbz#1099565Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0786 -- kernel security, bug fix, and enhancement update (important)Oracle Linux 7kernel[3.10.0-123.4.2]
- Oracle Linux certificates (Alexey Petrenko)
[3.10.0-123.4.2]
- [fs] aio: fix plug memory disclosure and fix reqs_active accounting backport (Jeff Moyer) [1094604 1094605] {CVE-2014-0206}
- [fs] aio: plug memory disclosure and fix reqs_active accounting (Mateusz Guzik) [1094604 1094605] {CVE-2014-0206}Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1676 -- wireshark security update (moderate)Oracle Linux 6Oracle Linux 7wireshark[1.10.3-12.0.1.el7]
- Add oracle-ocfs2-network.patch to allow disassembly of OCFS2 interconnectSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0923 -- kernel security update (important)Oracle Linux 7kernel[3.10.0-123.4.4]
- Oracle Linux certificates (Alexey Petrenko)
[3.10.0-123.4.4]
- [net] l2tp_ppp: fail when socket option level is not SOL_PPPOL2TP (Petr Matousek) [1119465 1119466] {CVE-2014-4943}
[3.10.0-123.4.3]
- [x86] ptrace: force IRET path after a ptrace_stop() (Oleg Nesterov) [1115934 1115935] {CVE-2014-4699}Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0703 -- json-c security update (moderate)Oracle Linux 7json-c[0.11-4]
- fix has collision CVE-2013-6371
- fix buffer overflow CVE-2013-6370
- enable upstream test suiteSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0684 -- gnutls security update (important)Oracle Linux 7gnutls[3.1.18-9]
- fix session ID length check (#1102027)
- fixes null pointer dereference (#1101727)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1724 -- kernel security and bug fix update (important)Oracle Linux 7kernel[3.10.0-123.9.2]
- Oracle Linux certificates (Alexey Petrenko)
[3.10.0-123.9.2]
- [virt] kvm: fix PIT timer race condition (Petr Matousek) [1144879 1144880] {CVE-2014-3611}
- [virt] kvm/vmx: handle invept and invvpid vm exits gracefully (Petr Matousek) [1145449 1116936] [1144828 1144829] {CVE-2014-3645 CVE-2014-3646}
[3.10.0-123.9.1]
- [md] raid6: avoid data corruption during recovery of double-degraded RAID6 (Jes Sorensen) [1143850 1130905]
- [fs] ext4: fix type declaration of ext4_validate_block_bitmap (Lukas Czerner) [1140978 1091055]
- [fs] ext4: error out if verifying the block bitmap fails (Lukas Czerner) [1140978 1091055]
- [powerpc] sched: stop updating inside arch_update_cpu_topology() when nothing to be update (Gustavo Duarte) [1140300 1098372]
- [powerpc] 64bit sendfile is capped at 2GB (Gustavo Duarte) [1139126 1107774]
- [s390] fix restore of invalid floating-point-control (Hendrik Brueckner) [1138733 1121965]
- [kernel] sched/fair: Rework sched_fair time accounting (Rik van Riel) [1134717 1123731]
- [kernel] math64: Add mul_u64_u32_shr() (Rik van Riel) [1134717 1123731]
- [kernel] workqueue: zero cpumask of wq_numa_possible_cpumask on init (Motohiro Kosaki) [1134715 1117184]
- [cpufreq] acpi-cpufreq: skip loading acpi_cpufreq after intel_pstate (Motohiro Kosaki) [1134716 1123250]
- [security] selinux: Increase ebitmap_node size for 64-bit configuration (Paul Moore) [1132076 922752]
- [security] selinux: Reduce overhead of mls_level_isvalid() function call (Paul Moore) [1132076 922752]
- [ethernet] cxgb4: allow large buffer size to have page size (Gustavo Duarte) [1130548 1078977]
- [kernel] sched/autogroup: Fix race with task_groups list (Gustavo Duarte) [1129990 1081406]
- [net] sctp: inherit auth_capable on INIT collisions (Daniel Borkmann) [1124337 1123763] {CVE-2014-5077}
- [sound] alsa/control: Don't access controls outside of protected regions (Radomir Vrbovsky) [1117330 1117331] {CVE-2014-4653}Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0827 -- tomcat security update (moderate)Oracle Linux 7tomcat[0:7.0.42-6]
- Resolves: CVE-2014-0099 Fix possible overflow when parsing
- long values from byte array
- Resolves: CVE-2014-0096 Information discloser process XSLT
- files not subject to same constraint running under
- java security manager
- Resolves: CVE-2014-0075 Avoid overflow in ChunkedInputFilter.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1091 -- mod_wsgi security update (important)Oracle Linux 7mod_wsgi[3.4-12]
- fix possible privilege escalation in setuid() (CVE-2014-0240)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1008 -- samba security and bug fix update (important)Oracle Linux 7samba[4.1.1-37]
- resolves: #1126013 - CVE-2014-3560: remote code execution in nmbd.
[4.1.1-36]
- resolves: #1115490 - Fix potential Samba file corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1073 -- nss, nss-util, nss-softokn security, bug fix, and enhancement update (low)Oracle Linux 7nssnss-softoknnss-utilnss
[3.16.2-2.0.1.el7_0]
- Added nss-vendor.patch to change vendorSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0704 -- qemu-kvm security and bug fix update (moderate)Oracle Linux 7qemu-kvm[1.5.3-60.el7_0.2]
- kvm-pc-add-hot_add_cpu-callback-to-all-machine-types.patch [bz#1094820]
- Resolves: bz#1094820
(Hot plug CPU not working with RHEL6 machine types running on RHEL7 host.)
[1.5.3-60.el7_0.1]
- kvm-iscsi-fix-indentation.patch [bz#1090978]
- kvm-iscsi-correctly-propagate-errors-in-iscsi_open.patch [bz#1090978]
- kvm-block-iscsi-query-for-supported-VPD-pages.patch [bz#1090978]
- kvm-block-iscsi-fix-segfault-if-writesame-fails.patch [bz#1090978]
- kvm-iscsi-recognize-invalid-field-ASCQ-from-WRITE-SAME-c.patch [bz#1090978]
- kvm-iscsi-ignore-flushes-on-scsi-generic-devices.patch [bz#1090978]
- kvm-iscsi-always-query-max-WRITE-SAME-length.patch [bz#1090978]
- kvm-iscsi-Don-t-set-error-if-already-set-in-iscsi_do_inq.patch [bz#1090978]
- kvm-iscsi-Remember-to-set-ret-for-iscsi_open-in-error-ca.patch [bz#1090978]
- kvm-qemu_loadvm_state-shadow-SeaBIOS-for-VM-incoming-fro.patch [1091322]
- kvm-uhci-UNfix-irq-routing-for-RHEL-6-machtypes-RHEL-onl.patch [bz#1090981]
- kvm-ide-Correct-improper-smart-self-test-counter-reset-i.patch [bz#1093612]
- Resolves: bz#1091322
(fail to reboot guest after migration from RHEL6.5 host to RHEL7.0 host)
- Resolves: bz#1090981
(Guest hits call trace migrate from RHEL6.5 to RHEL7.0 host with -M 6.1 & balloon & uhci device)
- Resolves: bz#1090978
(qemu-kvm: iSCSI: Failure. SENSE KEY:ILLEGAL_REQUEST(5) ASCQ:INVALID_FIELD_IN_CDB(0x2400))
- Resolves: bz#1093612
(CVE-2014-2894 qemu-kvm: QEMU: out of bounds buffer accesses, guest triggerable via IDE SMART [rhel-7.0.z])Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0867 -- samba security update (moderate)Oracle Linux 7samba[4.1.1-35]
- resolves: #1105504 - CVE-2014-0244: DoS in nmbd.
- resolves: #1108844 - CVE-2014-3493: DoS in smbd with unicode path names.
- resolves: #1105573 - CVE-2014-0178: Uninitialized memory exposure.
[4.1.1-33]
- related: #717484 - Add missing configure line to enable profiling data support.
[4.1.1-32]
- related: #1082653 - Reuse IPv6 address during the AD domain join.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1052 -- openssl security update (moderate)Oracle Linux 6Oracle Linux 7openssl[1.0.1e-34.4]
- fix CVE-2014-3505 - doublefree in DTLS packet processing
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS
- fix CVE-2014-3507 - avoid memory leak in DTLS
- fix CVE-2014-3508 - fix OID handling to avoid information leak
- fix CVE-2014-3509 - fix race condition when parsing server hello
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
- fix CVE-2014-3511 - disallow protocol downgrade via fragmentationSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0914 -- libvirt security and bug fix update (moderate)Oracle Linux 7libvirt[1.1.1-29.0.1.el7_0.1]
- Replace docs/et.png in tarball with blank image
[1.1.1-29.el7_0.1]
- LSN-2014-0003: Don't expand entities when parsing XML (CVE-2014-0179)
- virNetClientSetTLSSession: Restore original signal mask (rhbz#1112689)
- Don't use AI_ADDRCONFIG when binding to wildcard addresses (rhbz#1112692)
- qemu: Unlock the NWFilter update lock by leaving via the cleanup label (rhbz#1112690)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1034 -- tomcat security update (low)Oracle Linux 7tomcat[0:7.0.42-8]
- Resolves: CVE-2013-4590
- Resolves: CVE-2014-0119Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1327 -- php security update (moderate)Oracle Linux 7php[5.4.16-23.1]
- gd: fix NULL pointer dereference in gdImageCreateFromXpm().
CVE-2014-2497
- gd: fix NUL byte injection in file names. CVE-2014-5120
- fileinfo: fix extensive backtracking in regular expression
(incomplete fix for CVE-2013-7345). CVE-2014-3538
- fileinfo: fix mconvert incorrect handling of truncated
pascal string size. CVE-2014-3478
- fileinfo: fix cdf_read_property_info
(incomplete fix for CVE-2012-1571). CVE-2014-3587
- spl: fix use-after-free in ArrayIterator due to object
change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670
- network: fix segfault in dns_get_record
(incomplete fix for CVE-2014-4049). CVE-2014-3597Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1011 -- resteasy-base security update (moderate)Oracle Linux 7resteasy-base[2.3.5-3]
- Resolves: rhbz1121917 - CVE-2014-3490: XXE via parameter entitiesSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0678 -- kernel security update (important)Oracle Linux 7kernel[3.10.0-123.1.2]
- Oracle Linux certificates (Alexey Petrenko)
[3.10.0-123.1.2]
- [tty] n_tty: Fix n_tty_write crash when echoing in raw mode (Aristeu Rozanski) [1094241 1094242] {CVE-2014-0196}Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0927 -- qemu-kvm security and bug fix update (moderate)Oracle Linux 7qemu-kvm[1.5.3-60.el7_0.5]
- kvm-Allow-mismatched-virtio-config-len.patch [bz#1095782]
- Resolves: bz#1095782
(CVE-2014-0182 qemu-kvm: qemu: virtio: out-of-bounds buffer write on state load with invalid config_len [rhel-7.0.z])Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0686 -- tomcat security update (important)Oracle Linux 7tomcat[0:7.0.42-5]
- Related: CVE-2013-4286
- Related: CVE-2013-4322
- Related: CVE-2014-0050
- revisit patches for above.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0889 -- java-1.7.0-openjdk security update (critical)Oracle Linux 6Oracle Linux 7java-1.7.0-openjdk[1.7.0.65-2.5.1.2.0.1.el6_5]
- Update DISTRO_NAME in specfile
[1.7.0.65-2.5.1.2]
- added and applied fix for samrtcard io patch405, pr1864_smartcardIO.patch
- Resolves: rhbz#1115874
[1.7.0.65-2.5.1.1.el6]
- updated to security patched icedtea7-forest 2.5.1
- Resolves: rhbz#1115874
[1.7.0.60-2.5.0.1.el6]
- update to icedtea7-forest 2.5.0
- Resolves: rhbz#1115874Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1635 -- firefox security updateOracle Linux 5Oracle Linux 6Oracle Linux 7firefoxxulrunnerxulrunner-develfirefox
[31.2.0-3.0.1.el7_0]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one
[31.2.0-3]
- Update to 31.2.0 ESR
- Fix for mozbz#1042889
[31.1.0-7]
- Enable WebM on all arches
xulrunner
[31.2.0-1.0.1]
- Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js
- Removed XULRUNNER_VERSION from SOURCE21
[31.2.0-1]
- Update to 31.2.0
[31.1.0-3]
- move /sdk/bin to xulrunner libdir
[31.1.0-2]
- Sync preferences with Firefox package
[31.1.0-1]
- Update to 31.1.0 ESR
[31.0-2]
- Fix header wrapper for aarch64
[31.0-1]
- Update to 31.0 ESRSergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0679 -- openssl security update (important)Oracle Linux 7openssl[1.0.1e-34.3]
- fix CVE-2010-5298 - possible use of memory after free
- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
- fix CVE-2014-0198 - possible NULL pointer dereference
- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
- fix CVE-2014-3470 - client-side DoS when using anonymous ECDHSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1306 -- bash security update (Important)Oracle Linux 7Oracle Linux 6Oracle Linux 5bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
It was found that the fix for CVE-2014-6271 was incomplete, and Bash still
allowed certain characters to be injected into other environments via
specially crafted environment variables. An attacker could potentially use
this flaw to override or bypass environment restrictions to execute shell
commands. Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit this
issue. (CVE-2014-7169)
Applications which directly create bash functions as environment variables
need to be made aware of changes to the way names are handled by this
update. Note that certain services, screen sessions, and tmux sessions may
need to be restarted, and affected interactive users may need to re-login.
Installing these updated packages without restarting services will address
the vulnerability, but functionality may be impacted until affected
services are restarted. For more information see the Knowledgebase article
at <A HREF="https://access.redhat.com/articles/1200223">https://access.redhat.com/articles/1200223</A>
Note: Docker users are advised to use "yum update" within their containers,
and to commit the resulting changes.
For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the
aforementioned Knowledgebase article.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1655 -- libxml2 security updateOracle Linux 7libxml2libxml2-devellibxml2-pythonlibxml2-static[2.9.1-5.0.1.el7_0.1]
- Update doc/redhat.gif in tarball
- Add libxml2-oracle-enterprise.patch and update logos in tarball
[2.9.1-5.1]
- CVE-2014-3660 denial of service via recursive entity expansion (rhbz#1149087)Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0687 -- libtasn1 security update (moderate)Oracle Linux 7libtasn1[3.3-5]
- Added missing check for null pointer (#1102338)
[3.3-4]
- Fix multiple decoding issues (#1102338)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1652 -- openssl security updateOracle Linux 6Oracle Linux 7opensslopenssl-developenssl-perlopenssl-staticopenssl-libs[1.0.1e-30.2]
- fix CVE-2014-3567 - memory leak when handling session tickets
- fix CVE-2014-3513 - memory leak in srtp support
- add support for fallback SCSV to partially mitigate CVE-2014-3566
(padding attack on SSL3)
[1.0.1e-30]
- add ECC TLS extensions to DTLS (#1119800)
[1.0.1e-29]
- fix CVE-2014-3505 - doublefree in DTLS packet processing
- fix CVE-2014-3506 - avoid memory exhaustion in DTLS
- fix CVE-2014-3507 - avoid memory leak in DTLS
- fix CVE-2014-3508 - fix OID handling to avoid information leak
- fix CVE-2014-3509 - fix race condition when parsing server hello
- fix CVE-2014-3510 - fix DoS in anonymous (EC)DH handling in DTLS
- fix CVE-2014-3511 - disallow protocol downgrade via fragmentation
[1.0.1e-28]
- fix CVE-2014-0224 fix that broke EAP-FAST session resumption support
[1.0.1e-26]
- drop EXPORT, RC2, and DES from the default cipher list (#1057520)
- print ephemeral key size negotiated in TLS handshake (#1057715)
- do not include ECC ciphersuites in SSLv2 client hello (#1090952)
- properly detect encryption failure in BIO (#1100819)
- fail on hmac integrity check if the .hmac file is empty (#1105567)
- FIPS mode: make the limitations on DSA, DH, and RSA keygen
length enforced only if OPENSSL_ENFORCE_MODULUS_BITS environment
variable is set
[1.0.1e-25]
- fix CVE-2010-5298 - possible use of memory after free
- fix CVE-2014-0195 - buffer overflow via invalid DTLS fragment
- fix CVE-2014-0198 - possible NULL pointer dereference
- fix CVE-2014-0221 - DoS from invalid DTLS handshake packet
- fix CVE-2014-0224 - SSL/TLS MITM vulnerability
- fix CVE-2014-3470 - client-side DoS when using anonymous ECDH
[1.0.1e-24]
- add back support for secp521r1 EC curve
[1.0.1e-23]
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
[1.0.1e-22]
- use 2048 bit RSA key in FIPS selftests
[1.0.1e-21]
- add DH_compute_key_padded needed for FIPS CAVS testing
- make 3des strength to be 128 bits instead of 168 (#1056616)
- FIPS mode: do not generate DSA keys and DH parameters < 2048 bits
- FIPS mode: use approved RSA keygen (allows only 2048 and 3072 bit keys)
- FIPS mode: add DH selftest
- FIPS mode: reseed DRBG properly on RAND_add()
- FIPS mode: add RSA encrypt/decrypt selftest
- FIPS mode: add hard limit for 2^32 GCM block encryptions with the same key
- use the key length from configuration file if req -newkey rsa is invoked
[1.0.1e-20]
- fix CVE-2013-4353 - Invalid TLS handshake crash
[1.0.1e-19]
- fix CVE-2013-6450 - possible MiTM attack on DTLS1
[1.0.1e-18]
- fix CVE-2013-6449 - crash when version in SSL structure is incorrect
[1.0.1e-17]
- add back some no-op symbols that were inadvertently droppedSergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0680 -- openssl098e security update (important)Oracle Linux 7openssl098e[0.9.8e-29.2]
- fix for CVE-2014-0224 - SSL/TLS MITM vulnerabilitySergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1307 -- nss security update (Important)Oracle Linux 7Oracle Linux 5Oracle Linux 6nssNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One)
input from certain RSA signatures. A remote attacker could use this flaw to
forge RSA certificates by providing a specially crafted signature to an
application using NSS. (CVE-2014-1568)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security
Incident Response Team as the original reporters.
All NSS users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, applications using NSS must be restarted for this update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1166 -- jakarta-commons-httpclient security update (Important)Oracle Linux 7Oracle Linux 6Oracle Linux 5jakarta-commons-httpclientJakarta Commons HTTPClient implements the client side of HTTP standards.
It was discovered that the HTTPClient incorrectly extracted host name from
an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)
For additional information on this flaw, refer to the Knowledgebase
article in the References section.
All jakarta-commons-httpclient users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-0685 -- java-1.6.0-openjdk security update (important)Oracle Linux 7java-1.6.0-openjdk[1:1.6.0.1-6.1.13.3]
- updated to icedtea 1.13.3
- updated to openjdk-6-src-b31-15_apr_2014
- renmoved upstreamed patch7, 1.13_fixes.patch
- renmoved upstreamed patch9, 1051245.patch
- Resolves: rhbz#1099563Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1669 -- qemu-kvm security and bug fix update (low)Oracle Linux 7qemu-kvm[1.5.3-60.el7_0.10]
- kvm-block-add-helper-function-to-determine-if-a-BDS-is-i.patch [bz#1122925]
- kvm-block-extend-block-commit-to-accept-a-string-for-the.patch [bz#1122925]
- kvm-block-add-backing-file-option-to-block-stream.patch [bz#1122925]
- kvm-block-add-__com.redhat_change-backing-file-qmp-comma.patch [bz#1122925]
- Resolves: bz#1122925
(Maintain relative path to backing file image during live merge (block-commit))Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1144 -- firefox security update (Critical)Oracle Linux 6Oracle Linux 7Oracle Linux 5firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1562, CVE-2014-1567)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Jan de Mooij as the original reporter of
CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.8.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.8.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1359 -- polkit-qt security updateOracle Linux 7polkit-qt[0.103.0-10]
- Resolves: #1147368 (CVE-2014-5033)Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1023 -- kernel security and bug fix update (important)Oracle Linux 7kernel[3.10.0-123.6.3]
- [net] l2tp_ppp: fail when socket option level is not SOL_PPPOL2TP (Petr Matousek) [1119465 1119466] {CVE-2014-4943}Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1397 -- rsyslog security updateOracle Linux 7rsyslogrsyslog-cryptorsyslog-docrsyslog-elasticsearchrsyslog-gnutlsrsyslog-gssapirsyslog-libdbirsyslog-mmauditrsyslog-mmjsonparsersyslog-mmnormalizersyslog-mmsnmptrapdrsyslog-mysqlrsyslog-pgsqlrsyslog-relprsyslog-snmprsyslog-udpspoof[7.4.7-7.0.1]
- use setsid() to get a controlling session and process group [Orabug: 17346261] (Todd Vierling)
[7.4.7-7]
- fix CVE-2014-3634
resolves: #1149152Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1764 -- wget security update (moderate)Oracle Linux 6Oracle Linux 7wget[1.14-10.1]
- Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access (#1156135)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1293 -- bash security update (Critical)Oracle Linux 6Oracle Linux 7Oracle Linux 5bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)
For additional information on the CVE-2014-6271 flaw, refer to the
Knowledgebase article at <A HREF="https://access.redhat.com/articles/1200223">https://access.redhat.com/articles/1200223</A>
Red Hat would like to thank Stephane Chazelas for reporting this issue.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1281 -- kernel security and bug fix update (Moderate)Oracle Linux 7kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* An out-of-bounds memory access flaw was found in the Linux kernel's
system call auditing implementation. On a system with existing audit rules
defined, a local, unprivileged user could use this flaw to leak kernel
memory to user space or, potentially, crash the system. (CVE-2014-3917,
Moderate)
This update also fixes the following bugs:
* A bug in the mtip32xx driver could prevent the Micron P420m PCIe SSD
devices with unaligned I/O access from completing the submitted I/O
requests. This resulted in a livelock situation and rendered the Micron
P420m PCIe SSD devices unusable. To fix this problem, mtip32xx now checks
whether an I/O access is unaligned and if so, it uses the correct
semaphore. (BZ#1125776)
* A series of patches has been backported to improve the functionality of
a touch pad on the latest Lenovo laptops in Red Hat Enterprise Linux 7.
(BZ#1122559)
* Due to a bug in the bnx2x driver, a network adapter could be unable to
recover from EEH error injection. The network adapter had to be taken
offline and rebooted in order to function properly again. With this update,
the bnx2x driver has been corrected and network adapters now recover from
EEH errors as expected. (BZ#1107722)
* Previously, if an hrtimer interrupt was delayed, all future pending
hrtimer events that were queued on the same processor were also delayed
until the initial hrtimer event was handled. This could cause all hrtimer
processing to stop for a significant period of time. To prevent this
problem, the kernel has been modified to handle all expired hrtimer events
when handling the initially delayed hrtimer event. (BZ#1113175)
* A previous change to the nouveau driver introduced a bit shift error,
which resulted in a wrong display resolution being set with some models
of NVIDIA controllers. With this update, the erroneous code has been
corrected, and the affected NVIDIA controllers can now set the correct
display resolution. (BZ#1114869)
* Due to a NULL pointer dereference bug in the be2net driver, the system
could experience a kernel oops and reboot when disabling a network adapter
after a permanent failure. This problem has been fixed by introducing a
flag to keep track of the setup state. The failing adapter can now be
disabled successfully without a kernel crash. (BZ#1122558)
* Previously, the Huge Translation Lookaside Buffer (HugeTLB) allowed
access to huge pages access by default. However, huge pages may be
unsupported in some environments, such as a KVM guest on a PowerPC
architecture, and an attempt to access a huge page in memory would result
in a kernel oops. This update ensures that HugeTLB denies access to huge
pages if the huge pages are not supported on the system. (BZ#1122115)
* If an NVMe device becomes ready but fails to create I/O queues, the nvme
driver creates a character device handle to manage such a device.
Previously, a character device could be created before a device reference
counter was initialized, which resulted in a kernel oops. This problem has
been fixed by calling the relevant initialization function earlier in the
code. (BZ#1119720)
* On some firmware versions of the BladeEngine 3 (BE3) controller,
interrupts remain disabled after a hardware reset. This was a problem for
all Emulex-based network adapters using such a BE3 controller because
these adapters would fail to recover from an EEH error if it occurred. To
resolve this problem, the be2net driver has been modified to enable the
interrupts in the eeh_resume handler explicitly. (BZ#1121712)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1767 -- php security update (important)Oracle Linux 6Oracle Linux 7php[5.4.16-23.3]
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710
[5.4.16-23.2]
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1352 -- libvirt security and bug fix updateOracle Linux 7libvirt[1.1.1-29.0.1.el7_0.3]
- Replace docs/et.png in tarball with blank image
[1.1.1-29.el7_0.3]
- domain_conf: fix domain deadlock (CVE-2014-3657)
[1.1.1-29.el7_0.2]
- qemu: split out cpuset.mems setting (rhbz#1135871)
- qemu: leave restricting cpuset.mems after initialization (rhbz#1135871)
- qemu: blkiotune: Use correct definition when looking up disk (CVE-2014-3633)Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-3072 -- Unbreakable Enterprise kernel security update (Important)Oracle Linux 7Oracle Linux 6kernel-uekkernel-uek
[3.8.13-44.1.1.el7uek]
- auditsc: audit_krule mask accesses need bounds checking (Andy
Lutomirski) [Orabug: 19590596] {CVE-2014-3917}Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1172 -- procmail security update (Important)Oracle Linux 7Oracle Linux 6Oracle Linux 5procmailThe procmail program is used for local mail delivery. In addition to just
delivering mail, procmail can be used for automatic filtering, presorting,
and other mail handling jobs.
A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
All procmail users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1013 -- php security update (moderate)Oracle Linux 7php[5.4.16-23]
- fileinfo: cdf_unpack_summary_info() excessive looping
DoS. CVE-2014-0237
- fileinfo: CDF property info parsing nelements infinite
loop. CVE-2014-0238
- fileinfo: cdf_check_stream_offset insufficient boundary
check. CVE-2014-3479
- fileinfo: cdf_count_chain insufficient boundary check
CVE-2014-3480
- fileinfo: cdf_read_short_sector insufficient boundary
check. CVE-2014-0207
- fileinfo: cdf_read_property_info insufficient boundary
check. CVE-2014-3487
- fileinfo: fix extensive backtracking CVE-2013-7345
- core: type confusion issue in phpinfo(). CVE-2014-4721
- core: fix heap-based buffer overflow in DNS TXT record
parsing. CVE-2014-4049
- core: unserialize() SPL ArrayObject / SPLObjectStorage
type confusion flaw. CVE-2014-3515Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1620 -- java-1.7.0-openjdk security and bug fix updateOracle Linux 6Oracle Linux 7java-1.7.0-openjdk[1:1.7.0.65-2.5.3.1.0.1.el7_0]
- Update DISTRO_NAME in specfile
[1:1.7.0.65-2.5.3.1]
- Bump to 2.5.3 for latest security fixes.
- Remove obsolete patches.
- Add hsbootstrap option to pre-build HotSpot when required.
- Resolves: rhbz#1148893Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1147 -- squid security update (Important)Oracle Linux 7squidSquid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.
A flaw was found in the way Squid handled malformed HTTP Range headers.
A remote attacker able to send HTTP requests to the Squid proxy could use
this flaw to crash Squid. (CVE-2014-3609)
Red Hat would like to thank the Squid project for reporting this issue.
Upstream acknowledges Matthew Daley as the original reporter.
All Squid users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, the squid service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-3076 -- bash security update (Critical)Oracle Linux 7bash[4.2.45-5.2.0.1]
- Preliminary fix for CVE-2014-7169Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0861 -- lzo security update (moderate)Oracle Linux 6Oracle Linux 7lzo[2.03-3.1.1]
- Fixed integer overflow in decompressor
Resolves: CVE-2014-4607Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1319 -- xerces-j2 security update (Moderate)Oracle Linux 7xerces-j2Apache Xerces for Java (Xerces-J) is a high performance, standards
compliant, validating XML parser written in Java. The xerces-j2 packages
provide Xerces-J version 2.
A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a specially
crafted declaration using a long pseudo-attribute name that, when parsed by
an application using Xerces-J, would cause that application to use an
excessive amount of CPU. (CVE-2013-4002)
All xerces-j2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using the
Xerces-J must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-0790 -- dovecot security update (moderate)Oracle Linux 6Oracle Linux 7dovecot[1:2.0.9-7.1]
- fix CVE-2014-3430: denial of service through maxxing out SSL connections (#1108001)Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1292 -- haproxy security update (Moderate)Oracle Linux 7haproxyHAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.
A buffer overflow flaw was discovered in the way HAProxy handled, under
very specific conditions, data uploaded from a client. A remote attacker
could possibly use this flaw to crash HAProxy. (CVE-2014-6269)
All haproxy users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-3049 -- unbreakable enterprise kernel security update (important)Oracle Linux 7dtrace-moduleskernel-uekkernel-uek-debugkernel-uek-debug-develkernel-uek-develkernel-uek-dockernel-uek-firmwarekernel-uek
[3.8.13-35.3.2.el7uek]
- l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229497] {CVE-2014-4943} {CVE-2014-4943}
- ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230689] {CVE-2014-4699}
- net: flow_dissector: fail on evil iph->ihl (Jason Wang) [Orabug: 19231234] {CVE-2013-4348}Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014-1146 -- httpcomponents-client security update (Important)Oracle Linux 7httpcomponents-clientHttpClient is an HTTP/1.1 compliant HTTP agent implementation based on
httpcomponents HttpCore.
It was discovered that the HttpClient incorrectly extracted host name from
an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)
For additional information on this flaw, refer to the Knowledgebase
article in the References section.
All httpcomponents-client users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1031 -- 389-ds-base security update (important)Oracle Linux 6Oracle Linux 7389-ds-base[1.2.11.15-34]
- Release 1.2.11.15-34
- Resolves: #1123861
EMBARGOED CVE-2014-3562 unauthenticated information disclosure [rhel-6.5.z] (DS 616, BZ 1123477)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1795 -- cups-filters security update (moderate)Oracle Linux 7cups-filters[1.0.35-15:.1]
- Applied upstream patch to fix BrowseAllow parsing issue
(CVE-2014-4338, bug #1091568).
- Applied upstream patch for cups-browsed DoS via
process_browse_data() out-of-bounds read (CVE-2014-4337,
bug #1111510).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDELSA-2014-1634 -- java-1.6.0-openjdk security and bug fix updateOracle Linux 5Oracle Linux 6Oracle Linux 7java-1.6.0-openjdk[1:1.6.0.33-1.13.5.0]
- Update to IcedTea 1.13.5
- Remove upstreamed patches.
- Regenerate add-final-location-rpaths patch against new release.
- Change versioning to match java-1.7.0-openjdk so revisions work.
- Use xz for tarballs to reduce file size.
- No need to explicitly disable system LCMS any more (bug fixed upstream).
- Add icedteasnapshot to setup lines so they work with pre-release tarballs.
- Resolves: rhbz#1148901Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDOracle Linux 7.xOracle Linux 7The operating system installed on the system is Oracle Linux 7.xMaria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDOracle Linux 6.xOracle Linux 6The operating system installed on the system is Oracle Linux 6.xDragos PrisacaDRAFTINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDOracle Linux 5.xOracle Linux 5The operating system installed on the system is Oracle Linux 5.xDanny HaynesDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDopensslqemu-kvm-toolsqemu-kvmqemu-imgrpm-buildrpm-apidocsrpm-develrpm-libsrpm-signrpmrpm-pythonrpm-build-libsrpm-cronxorg-x11-serverxorg-x11-server-Xvfbxorg-x11-server-commonxorg-x11-server-Xephyrxorg-x11-server-Xorgxorg-x11-server-sourcexorg-x11-server-develxorg-x11-server-Xnestxorg-x11-server-Xdmxbind-lite-develbind-sdb-chrootbind-libbind-develbind-libs-litebind-utilsbind-libscaching-nameserverbind-develbind-sdbbind-licensebind-chrootbindjasper-develjasper-utilsjasper-libsjasperlibXfontlibXfont-develwpa_supplicantdtrace-modules-3.8.13-55.el6uekdtrace-modules-3.8.13-55.el7uekmailxlibvncserver-devellibvncserverdtrace-modules-3.8.13-55.1.1.el6uekdtrace-modules-3.8.13-55.1.1.el7ueksntpntpdatentp-perlntpntp-docrubygem-bigdecimalrubygem-rakeruby-tcltkrubygemsrubygem-psychruby-docrubygem-io-consolerubygem-jsonrubyrubygem-rdocruby-develrubygem-minitestruby-libsrubygems-develruby-irbdtrace-modules-3.8.13-44.1.5.el7uekdtrace-modules-3.8.13-44.1.5.el6uekkdenetwork-kopete-develkdenetwork-krdckdenetwork-fileshare-sambakdenetwork-krdc-develkdenetwork-kdnssdkdenetwork-kopete-libskdenetwork-commonkdenetwork-develkdenetwork-kopetekdenetwork-krfb-libskdenetwork-krfbkdenetworkkdenetwork-kgetkdenetwork-krdc-libskdenetwork-kget-libsglibc-utilsglibc-develglibcglibc-staticnscdglibc-headersglibc-commondtrace-modules-3.8.13-55.1.2.el7uekdtrace-modules-3.8.13-55.1.2.el6uekmokutilshimshim-unsignedshim-signeddockerdocker-pkg-develdocker-develhttpd-toolsmod_ldaphttpd-develmod_sessionmod_sslmod_proxy_htmlhttpdhttpd-manualmariadb-libsmariadb-benchmariadb-servermariadb-develmariadb-testmariadb-embedded-develmariadb-embeddedmariadbwiresharkwireshark-gnomewireshark-develjson-c-develjson-cjson-c-docgnutlsgnutls-c++gnutls-develgnutls-danegnutls-utilsmod_wsgisamba-vfs-glusterfssamba-winbind-modulessamba-pidlsamba-test-develsamba-winbindsamba-dc-libslibsmbclient-develsamba-develsamba-commonsamba-testsamba-winbind-krb5-locatorsamba-clientsamba-dcsamba-libssamba-pythonlibwbclientsamba-winbind-clientslibsmbclientlibwbclient-develsambalibvirt-daemon-driver-networklibvirt-daemon-driver-secretlibvirt-daemon-driver-qemulibvirt-devellibvirt-daemon-driver-nodedevlibvirt-daemon-config-nwfilterlibvirt-docslibvirt-clientlibvirt-daemon-driver-interfacelibvirt-daemon-config-networklibvirt-lock-sanlocklibvirt-daemon-kvmlibvirt-daemonlibvirt-daemon-lxclibvirt-daemon-driver-lxclibvirt-login-shelllibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-storagelibvirt-pythonresteasy-base-jaxrsresteasy-base-jaxb-providerresteasy-base-jaxrs-allresteasy-base-providers-pomresteasy-base-jettison-providerresteasy-base-jaxrs-apiresteasy-base-jackson-providerresteasy-base-tjwsresteasy-baseresteasy-base-atom-providerresteasy-base-javadoctomcat-servlet-3.0-apitomcat-jsp-2.2-apitomcat-admin-webappstomcat-webappstomcat-docs-webapptomcat-javadoctomcat-el-2.2-apitomcat-jsvctomcattomcat-libjava-1.7.0-openjdk-accessibilityjava-1.7.0-openjdkjava-1.7.0-openjdk-develjava-1.7.0-openjdk-demojava-1.7.0-openjdk-srcjava-1.7.0-openjdk-headlessjava-1.7.0-openjdk-javadocxulrunner-developenssl-staticopenssl-perlopenssl-libsopenssl-devellibxml2-devellibxml2-pythonlibxml2libxml2-staticlibtasn1libtasn1-toolslibtasn1-developenssl-libsopenssl-perlopensslopenssl-developenssl-staticopenssl098enss-softokn-develnssnss-softokn-freebl-develnss-pkcs11-develnss-softokn-freeblnss-utilnss-softoknnss-util-develnss-toolsnss-sysinitnss-develjakarta-commons-httpclient-demojakarta-commons-httpclient-javadocjakarta-commons-httpclient-manualjakarta-commons-httpclientjava-1.6.0-openjdk-demojava-1.6.0-openjdk-srcjava-1.6.0-openjdk-develjava-1.6.0-openjdk-javadocjava-1.6.0-openjdkqemu-kvm-commonqemu-guest-agentqemu-kvm-toolsqemu-kvmlibcacardlibcacard-devellibcacard-toolsqemu-imgxulrunnerxulrunner-develfirefoxpolkit-qtpolkit-qt-docpolkit-qt-develrsyslog-udpspoofrsyslog-gnutlsrsyslog-cryptorsyslog-elasticsearchrsyslog-mmauditrsyslog-relprsyslog-snmprsyslog-mysqlrsyslog-docrsyslog-gssapirsyslog-mmsnmptrapdrsyslog-libdbirsyslog-mmnormalizersyslogrsyslog-pgsqlrsyslog-mmjsonparsewgetkernel-abi-whitelistsperfkernel-dockernel-toolskernel-develkernel-debug-develkernel-tools-libskernel-headerskernel-debugkernelkernel-tools-libs-develpython-perfphp-tidyphp-ztsphp-imaplibvirt-daemon-config-nwfilterlibvirt-daemon-driver-nodedevlibvirt-daemon-driver-networklibvirt-lock-sanlocklibvirt-devellibvirt-docslibvirt-daemonlibvirt-pythonlibvirt-daemon-driver-interfacelibvirt-daemon-driver-lxclibvirt-daemon-kvmlibvirt-daemon-driver-secretlibvirt-clientlibvirt-daemon-config-networklibvirt-daemon-lxclibvirt-daemon-driver-qemulibvirt-daemon-driver-storagelibvirt-login-shelllibvirtlibvirt-daemon-driver-nwfilterkernel-uek-develdtrace-modules-3.8.13-44.1.1.el6uekkernel-uek-debugdtrace-modules-3.8.13-44.1.1.el7uekkernel-uek-dockernel-uek-firmwarekernel-uekkernel-uek-debug-develprocmailphp-soapphp-pdophp-mbstringphp-recodephp-embeddedphp-enchantphp-xmlrpcphp-mysqlndphpphp-odbcphp-mysqlphp-intlphp-processphp-pgsqlphp-snmpphp-fpmphp-dbaphp-cliphp-ldapphp-gdphp-xmlphp-pspellphp-bcmathphp-develphp-commonjava-1.7.0-openjdk-accessibilityjava-1.7.0-openjdk-headlessjava-1.7.0-openjdk-javadocjava-1.7.0-openjdkjava-1.7.0-openjdk-demojava-1.7.0-openjdk-develjava-1.7.0-openjdk-srcsquidsquid-sysvinitbashbash-doclzo-minilzolzolzo-develxerces-j2xerces-j2-demoxerces-j2-javadocdovecot-mysqldovecot-develdovecot-pgsqldovecot-pigeonholedovecothaproxykernel-uek-debugdtrace-modules-3.8.13-35.3.2.el7uekkernel-uekkernel-uek-dockernel-uek-debug-develkernel-uek-firmwarekernel-uek-develhttpcomponents-clienthttpcomponents-client-javadoc389-ds-base-devel389-ds-base-libs389-ds-basecups-filters-develcups-filterscups-filters-libsoraclelinux-releasejava-1.6.0-openjdk-demojava-1.6.0-openjdk-javadocjava-1.6.0-openjdk-develjava-1.6.0-openjdk-srcjava-1.6.0-openjdki6861:1.0.1e-42.el7_1.8x86_641:1.0.1e-42.el7_1.8i68610:1.5.3-86.el7_1.2x86_6410:1.5.3-86.el7_1.20:2.12-1.149.el6_6.50:2.17-55.0.4.el7_0.50:4.11.1-18.el7_00:1.15.0-7.0.1.el7_0.30:1.15.0-25.el6_632:9.8.2-0.30.rc1.el6_6.132:9.9.4-14.0.1.el7_0.130:9.3.6-25.P1.el5_11.20:1.900.1-16.el6_6.20:1.900.1-26.el7_0.20:3.10.0-123.13.1.el70:1.4.5-4.el6_60:1.4.7-2.el7_01:2.0-13.el7_00:0.4.3-4.el60:3.8.13-55.el7uek0:0.4.3-4.el70:3.8.13-55.el6uek0:12.5-12.el7_00:12.4-8.el6_60:0.9.7-7.el6_6.10:0.9.9-9.el7_0.10:3.10.0-123.13.2.el70:0.4.3-4.el60:0.4.3-4.el70:3.8.13-55.1.1.el6uek0:3.8.13-55.1.1.el7uek0:4.2.6p5-19.el7_00:4.2.6p5-2.el6_60:1.2.0-22.el7_00:0.9.6-22.el7_00:2.0.0-22.el7_00:0.4.2-22.el7_00:1.7.7-22.el7_00:4.0.0-22.el7_00:4.3.2-22.el7_00:2.0.14-22.el7_00:2.0.0.353-22.el7_00:4.2.45-5.el7_0.4.0.10:0.4.3-4.el70:3.8.13-44.1.5.el7uek0:3.8.13-44.1.5.el6uek0:0.4.3-4.el67:4.10.5-8.el7_00:3.1.18-10.el7_00:31.3.0-4.0.1.el5_110:31.3.0-3.0.1.el6_60:31.3.0-3.0.1.el7_00:2.17-55.0.4.el7_0.30:0.4.3-4.el70:0.4.3-4.el60:3.8.13-55.1.2.el7uek0:3.8.13-55.1.2.el6uek0:0.7-8.0.1.el7_00:3.16.2.3-1.el5_110:3.16.2.3-3.0.1.el6_60:3.16.2.3-2.0.1.el7_00:3.16.2.3-2.el6_60:3.16.2.3-1.el7_00:1.3.2-1.0.1.el70:1.3.2-1.0.1.el61:5.5.40-1.el7_01:2.4.6-18.0.1.el7_01:1.6.0.0-6.1.13.4.el7_01:1.6.0.0-6.1.13.4.0.1.el5_101:1.6.0.0-6.1.13.4.el6_51:5.5.37-1.el7_01:1.7.0.55-2.4.7.2.0.1.el7_00:3.10.0-123.4.2.el70:1.10.3-12.0.1.el7_00:1.8.10-8.0.1.el6_60:3.10.0-123.4.4.el70:0.11-4.el7_00:3.1.18-9.el7_00:3.10.0-123.9.2.el70:7.0.42-6.el7_00:3.4-12.el7_00:4.1.1-37.el7_00:3.16.2-2.0.1.el7_00:3.16.2-1.el7_010:1.5.3-60.el7_0.20:4.1.1-35.el7_01:1.0.1e-34.el7_0.40:1.0.1e-16.el6_5.150:1.1.1-29.0.1.el7_0.10:7.0.42-8.el7_00:5.4.16-23.el7_0.10:2.3.5-3.el7_00:3.10.0-123.1.2.el710:1.5.3-60.el7_0.50:7.0.42-5.el7_01:1.7.0.65-2.5.1.2.0.1.el7_01:1.7.0.65-2.5.1.2.0.1.el6_50:31.2.0-3.0.1.el5_110:31.2.0-3.0.1.el7_00:31.2.0-1.0.1.el7_00:31.2.0-3.0.1.el6_61:1.0.1e-34.el7_0.30:4.1.2-15.el6_5.20:3.2-33.el5_11.40:4.2.45-5.el7_0.40:2.9.1-5.0.1.el7_0.10:3.3-5.el7_01:1.0.1e-34.el7_0.60:1.0.1e-30.el6_6.20:0.9.8e-29.el7_0.20:3.14.3-12.el6_50:3.16.2-2.el7_00:3.16.1-2.el6_50:3.16.1-4.el5_110:3.16.1-7.0.1.el6_50:3.16.2-7.0.1.el7_01:3.1-16.el7_01:3.0-7jpp.4.el5_101:3.1-0.9.el6_51:1.6.0.0-6.1.13.3.el7_010:1.5.3-60.el7_0.100:24.8.0-1.0.1.el7_00:24.8.0-2.0.1.el5_100:24.8.0-1.0.1.el6_50:0.103.0-10.el7_00:3.10.0-123.6.3.el70:7.4.7-7.0.1.el7_00:1.14-10.el7_0.10:1.12-5.el6_6.10:3.2-33.el5.10:4.1.2-15.el6_5.10:4.2.45-5.el7_0.20:3.10.0-123.8.1.el70:5.4.16-23.el7_0.30:5.3.3-40.el6_60:1.1.1-29.0.1.el7_0.30:0.4.3-4.el60:0.4.3-4.el70:3.8.13-44.1.1.el6uek0:3.8.13-44.1.1.el7uek0:3.22-17.1.2.0.10:3.22-25.1.el6_5.10:3.22-34.el7_0.10:5.4.16-23.el7_01:1.7.0.71-2.5.3.1.0.1.el7_01:1.7.0.71-2.5.3.1.0.1.el67:3.3.8-12.el7_00:4.2.45-5.el7_0.2.0.10:2.06-6.el7_0.20:2.03-3.1.el6_5.10:2.11.0-17.el7_01:2.2.10-4.el7_0.11:2.0.9-7.el6_5.10:1.5.2-3.el7_00:0.4.3-4.el70:3.8.13-35.3.2.el7uek0:4.2.5-5.el7_00:1.2.11.15-34.el6_50:1.3.1.6-26.el7_00:1.0.35-15.el7_0.1^7.*$^6.*$^5.*$unix1:1.6.0.33-1.13.5.0.el7_01:1.6.0.33-1.13.5.0.0.1.el5_111:1.6.0.33-1.13.5.0.el6_6