The OVAL Repository5.32015-09-03T06:08:46.233-04:00RHSA-2015:0808 -- java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6CentOS Linux 5java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0809 -- java-1.8.0-openjdk security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6java-1.8.0-openjdkThe java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.
An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:2010 -- kernel security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel handled GS segment register
base switching when recovering from a #SS (stack segment) fault on an
erroneous return to user space. A local, unprivileged user could use this
flaw to escalate their privileges on the system. (CVE-2014-9322, Important)
Red Hat would like to thank Andy Lutomirski for reporting this issue.
All kernel users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1983 -- xorg-x11-server security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6xorg-x11-serverX.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.
Multiple integer overflow flaws and out-of-bounds write flaws were found in
the way the X.Org server calculated memory requirements for certain X11
core protocol and GLX extension requests. A malicious, authenticated client
could use either of these flaws to crash the X.Org server or, potentially,
execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093,
CVE-2014-8098)
It was found that the X.Org server did not properly handle SUN-DES-1
(Secure RPC) authentication credentials. A malicious, unauthenticated
client could use this flaw to crash the X.Org server by submitting a
specially crafted authentication request. (CVE-2014-8091)
Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server, or leak memory contents to the client. (CVE-2014-8097)
An integer overflow flaw was found in the way the X.Org server calculated
memory requirements for certain DRI2 extension requests. A malicious,
authenticated client could use this flaw to crash the X.Org server.
(CVE-2014-8094)
Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100,
CVE-2014-8101, CVE-2014-8102, CVE-2014-8103)
All xorg-x11-server users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0806 -- java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1984 -- bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7CentOS Linux 5bindThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
A denial of service flaw was found in the way BIND followed DNS
delegations. A remote attacker could use a specially crafted zone
containing a large number of referrals which, when looked up and processed,
would cause named to use excessive amounts of memory or crash.
(CVE-2014-8500)
All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.Sergey ArtykhovDRAFTINTERIMMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:2021 -- jasper security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7jasperJasPer is an implementation of Part 1 of the JPEG 2000 image compression
standard.
Multiple off-by-one flaws, leading to heap-based buffer overflows, were
found in the way JasPer decoded JPEG 2000 image files. A specially crafted
file could cause an application using JasPer to crash or, possibly, execute
arbitrary code. (CVE-2014-9029)
A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG
2000 image files. A specially crafted file could cause an application using
JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138)
A double free flaw was found in the way JasPer parsed ICC color profiles in
JPEG 2000 image files. A specially crafted file could cause an application
using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137)
Red Hat would like to thank oCERT for reporting these issues. oCERT
acknowledges Jose Duart of the Google Security Team as the original
reporter.
All JasPer users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All applications using
the JasPer libraries must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:2024 -- ntp security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6ntpThe Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.
Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(),
ctl_putdata(), and configure() functions. A remote attacker could use
either of these flaws to send a specially crafted request packet that could
crash ntpd or, potentially, execute arbitrary code with the privileges of
the ntp user. Note: the crypto_recv() flaw requires non-default
configurations to be active, while the ctl_putdata() flaw, by default, can
only be exploited via local attackers, and the configure() flaw requires
additional authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its internal
use if no ntpdc request authentication key was specified in the ntp.conf
configuration file. A remote attacker able to match the configured IP
restrictions could guess the generated key, and possibly use it to send
ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5 keys.
This could possibly allow an attacker to guess generated MD5 keys that
could then be used to spoof an NTP client or server. Note: it is
recommended to regenerate any MD5 keys that had explicitly been generated
with ntp-keygen; the default installation does not contain such keys).
(CVE-2014-9294)
A missing return statement in the receive() function could potentially
allow a remote attacker to bypass NTP's authentication mechanism.
(CVE-2014-9296)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing the
update, the ntpd daemon will restart automatically.Sergey ArtykhovDRAFTINTERIMMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2015:1115-01 -- Redhat opensslRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6opensslOpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. An out-of-bounds read flaw was found in the X509_cmp_time function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List could possibly cause a TLS/SSL server or client using OpenSSL to crash. A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. A flaw was found in the way OpenSSL handled Cryptographic Message Syntax messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Bock as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Kasper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:2023 -- glibc security and bug fix update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7glibcThe glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name
Server Caching Daemon (nscd) used by multiple programs on the system.
Without these libraries, the Linux system cannot function correctly.
It was found that the wordexp() function would perform command substitution
even when the WRDE_NOCMD flag was specified. An attacker able to provide
specially crafted input to an application using the wordexp() function, and
not sanitizing the input correctly, could potentially use this flaw to
execute arbitrary commands with the credentials of the user running that
application. (CVE-2014-7817)
This issue was discovered by Tim Waugh of the Red Hat Developer Experience
Team.
This update also fixes the following bug:
* Prior to this update, if a file stream that was opened in append mode and
its underlying file descriptor were used at the same time and the file was
truncated using the ftruncate() function on the file descriptor, a
subsequent ftell() call on the stream incorrectly modified the file offset
by seeking to the new end of the file. This update ensures that ftell()
modifies the state of the file stream only when it is in append mode and
its buffer is not empty. As a result, the described incorrect changes to
the file offset no longer occur. (BZ#1170187)
All glibc users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0092 -- glibc security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7glibcThe glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name
Server Caching Daemon (nscd) used by multiple programs on the system.
Without these libraries, the Linux system cannot function correctly.
A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname()
and gethostbyname2() glibc function calls. A remote attacker able to make
an application call either of these functions could use this flaw to
execute arbitrary code with the permissions of the user running the
application. (CVE-2015-0235)
Red Hat would like to thank Qualys for reporting this issue.
All glibc users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1976 -- rpm security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7rpmThe RPM Package Manager (RPM) is a powerful command line driven package
management system capable of installing, uninstalling, verifying, querying,
and updating software packages. Each software package consists of an
archive of files along with information about the package such as its
version, description, and other information.
It was found that RPM wrote file contents to the target installation
directory under a temporary name, and verified its cryptographic signature
only after the temporary file has been written completely. Under certain
conditions, the system interprets the unverified temporary file contents
and extracts commands from it. This could allow an attacker to modify
signed RPM files in such a way that they would execute code chosen by the
attacker during package installation. (CVE-2013-6435)
It was found that RPM could encounter an integer overflow, leading to a
stack-based buffer overflow, while parsing a crafted CPIO header in the
payload section of an RPM file. This could allow an attacker to modify
signed RPM files in such a way that they would execute code chosen by the
attacker during package installation. (CVE-2014-8118)
These issues were discovered by Florian Weimer of Red Hat Product Security.
All rpm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running
applications linked against the RPM library must be restarted for this
update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1870 -- libXfont security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7libXfontThe libXfont packages provide the X.Org libXfont runtime library. X.Org is
an open source implementation of the X Window System.
A use-after-free flaw was found in the way libXfont processed certain font
files when attempting to add a new directory to the font path. A malicious,
local user could exploit this issue to potentially execute arbitrary code
with the privileges of the X.Org server. (CVE-2014-0209)
Multiple out-of-bounds write flaws were found in the way libXfont parsed
replies received from an X.org font server. A malicious X.org server could
cause an X client to crash or, possibly, execute arbitrary code with the
privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)
Red Hat would like to thank the X.org project for reporting these issues.
Upstream acknowledges Ilja van Sprundel as the original reporter.
Users of libXfont should upgrade to these updated packages, which contain a
backported patch to resolve this issue. All running X.Org server instances
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1971 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 7CentOS Linux 7kernelSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1999 -- mailx security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7mailxThe mailx packages contain a mail user agent that is used to manage mail
using scripts.
A flaw was found in the way mailx handled the parsing of email addresses.
A syntactically valid email address could allow a local attacker to cause
mailx to execute arbitrary shell commands through shell meta-characters and
the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844)
Note: Applications using mailx to send email to addresses obtained from
untrusted sources will still remain vulnerable to other attacks if they
accept email addresses which start with "-" (so that they can be confused
with mailx options). To counteract this issue, this update also introduces
the "--" option, which will treat the remaining command line arguments as
email addresses.
All mailx users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1795 -- cups-filters security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7cups-filtersThe cups-filters package contains backends, filters, and other software
that was once part of the core CUPS distribution but is now maintained
independently.
An out-of-bounds read flaw was found in the way the process_browse_data()
function of cups-browsed handled certain browse packets. A remote attacker
could send a specially crafted browse packet that, when processed by
cups-browsed, would crash the cups-browsed daemon. (CVE-2014-4337)
A flaw was found in the way the cups-browsed daemon interpreted the
"BrowseAllow" directive in the cups-browsed.conf file. An attacker able to
add a malformed "BrowseAllow" directive to the cups-browsed.conf file could
use this flaw to bypass intended access restrictions. (CVE-2014-4338)
All cups-filters users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
this update, the cups-browsed daemon will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1764 -- wget security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6wgetThe wget package provides the GNU Wget file retrieval utility for HTTP,
HTTPS, and FTP protocols.
A flaw was found in the way Wget handled symbolic links. A malicious FTP
server could allow Wget running in the mirror mode (using the '-m' command
line option) to write an arbitrary file to a location writable to by the
user running Wget, possibly leading to code execution. (CVE-2014-4877)
Note: This update changes the default value of the --retr-symlinks option.
The file symbolic links are now traversed by default and pointed-to files
are retrieved rather than creating a symbolic link locally.
Red Hat would like to thank the GNU Wget project for reporting this issue.
Upstream acknowledges HD Moore of Rapid7, Inc as the original reporter.
All users of wget are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1826 -- libvncserver security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7libvncserverLibVNCServer is a library that allows for easy creation of VNC server or
client functionality.
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way screen sizes were handled by LibVNCServer. A malicious VNC
server could use this flaw to cause a client to crash or, potentially,
execute arbitrary code in the client. (CVE-2014-6051)
A NULL pointer dereference flaw was found in LibVNCServer's framebuffer
setup. A malicious VNC server could use this flaw to cause a VNC client to
crash. (CVE-2014-6052)
A NULL pointer dereference flaw was found in the way LibVNCServer handled
certain ClientCutText message. A remote attacker could use this flaw to
crash the VNC server by sending a specially crafted ClientCutText message
from a VNC client. (CVE-2014-6053)
A divide-by-zero flaw was found in the way LibVNCServer handled the scaling
factor when it was set to "0". A remote attacker could use this flaw to
crash the VNC server using a malicious VNC client. (CVE-2014-6054)
Two stack-based buffer overflow flaws were found in the way LibVNCServer
handled file transfers. A remote attacker could use this flaw to crash the
VNC server using a malicious VNC client. (CVE-2014-6055)
Red Hat would like to thank oCERT for reporting these issues. oCERT
acknowledges Nicolas Ruff as the original reporter.
All libvncserver users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications linked against libvncserver must be restarted for this update
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7nssNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0999-01 -- Redhat qemu-kvm, libcacardRed Hat Enterprise Linux 7qemu-kvmlibcacardKVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host"s QEMU process corresponding to the guest. Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1724 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 7CentOS Linux 7kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security fixes:
* A race condition flaw was found in the way the Linux kernel's KVM
subsystem handled PIT (Programmable Interval Timer) emulation. A guest user
who has access to the PIT I/O ports could use this flaw to crash the host.
(CVE-2014-3611, Important)
* A NULL pointer dereference flaw was found in the way the Linux kernel's
Stream Control Transmission Protocol (SCTP) implementation handled
simultaneous connections between the same hosts. A remote attacker could
use this flaw to crash the system. (CVE-2014-5077, Important)
* It was found that the Linux kernel's KVM subsystem did not handle the VM
exits gracefully for the invept (Invalidate Translations Derived from EPT)
and invvpid (Invalidate Translations Based on VPID) instructions. On hosts
with an Intel processor and invept/invppid VM exit support, an unprivileged
guest user could use these instructions to crash the guest. (CVE-2014-3645,
CVE-2014-3646, Moderate)
* A use-after-free flaw was found in the way the Linux kernel's Advanced
Linux Sound Architecture (ALSA) implementation handled user controls. A
local, privileged user could use this flaw to crash the system.
(CVE-2014-4653, Moderate)
Red Hat would like to thank Lars Bull of Google for reporting
CVE-2014-3611, and the Advanced Threat Research team at Intel Security for
reporting CVE-2014-3645 and CVE-2014-3646.
Bug fixes:
* A known issue that could prevent Chelsio adapters using the cxgb4 driver
from being initialized on IBM POWER8 systems has been fixed. These
adapters can now be used on IBM POWER8 systems as expected. (BZ#1130548)
* When bringing a hot-added CPU online, the kernel did not initialize a
CPU mask properly, which could result in a kernel panic. This update
corrects the bug by ensuring that the CPU mask is properly initialized and
the correct NUMA node selected. (BZ#1134715)
* The kernel could fail to bring a CPU online if the hardware supported
both, the acpi-cpufreq and intel_pstate modules. This update ensures that
the acpi-cpufreq module is not loaded in the intel_pstate module is
loaded. (BZ#1134716)
* Due to a bug in the time accounting of the kernel scheduler, a divide
error could occur when hot adding a CPU. To fix this problem, the kernel
scheduler time accounting has been reworked. (BZ#1134717)
* The kernel did not handle exceptions caused by an invalid floating point
control (FPC) register, resulting in a kernel oops. This problem has been
fixed by placing the label to handle these exceptions to the correct place
in the code. (BZ#1138733)
* A previous change to the kernel for the PowerPC architecture changed
implementation of the compat_sys_sendfile() function. Consequently, the
64-bit sendfile() system call stopped working for files larger than 2 GB
on PowerPC. This update restores previous behavior of sendfile() on
PowerPC, and it again process files bigger than 2 GB as expected.
(BZ#1139126)
* Previously, the kernel scheduler could schedule a CPU topology update
even though the topology did not change. This could negatively affect the
CPU load balancing, cause degradation of the system performance, and
eventually result in a kernel oops. This problem has been fixed by
skipping the CPU topology update if the topology has not actually changed.
(BZ#1140300)
* Previously, recovery of a double-degraded RAID6 array could, under
certain circumstances, result in data corruption. This could happen
because the md driver was using an optimization that is safe to use only
for single-degraded arrays. This update ensures that this optimization is
skipped during the recovery of double-degraded RAID6 arrays. (BZ#1143850)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1827 -- kdenetwork security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7kdenetworkThe kdenetwork packages contain networking applications for the K Desktop
Environment (KDE). Krfb Desktop Sharing, which is a part of the kdenetwork
package, is a server application that allows session sharing between users.
Krfb uses the LibVNCServer library.
A NULL pointer dereference flaw was found in the way LibVNCServer handled
certain ClientCutText message. A remote attacker could use this flaw to
crash the VNC server by sending a specially crafted ClientCutText message
from a VNC client. (CVE-2014-6053)
A divide-by-zero flaw was found in the way LibVNCServer handled the scaling
factor when it was set to "0". A remote attacker could use this flaw to
crash the VNC server using a malicious VNC client. (CVE-2014-6054)
Two stack-based buffer overflow flaws were found in the way LibVNCServer
handled file transfers. A remote attacker could use this flaw to crash the
VNC server using a malicious VNC client. (CVE-2014-6055)
Red Hat would like to thank oCERT for reporting these issues. oCERT
acknowledges Nicolas Ruff as the original reporter.
Note: Prior to this update, the kdenetwork packages used an embedded copy
of the LibVNCServer library. With this update, the kdenetwork packages have
been modified to use the system LibVNCServer packages. Therefore, the
update provided by RHSA-2014:1826 must be installed to fully address the
issues in krfb described above.
All kdenetwork users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. All running
instances of the krfb server must be restarted for this update to take
effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1767 -- php security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A buffer overflow flaw was found in the Exif extension. A specially crafted
JPEG or TIFF file could cause a PHP application using the exif_thumbnail()
function to crash or, possibly, execute arbitrary code with the privileges
of the user running that PHP application. (CVE-2014-3670)
An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)
An out-of-bounds read flaw was found in the way the File Information
(fileinfo) extension parsed Executable and Linkable Format (ELF) files.
A remote attacker could use this flaw to crash a PHP application using
fileinfo via a specially crafted ELF file. (CVE-2014-3710)
An out of bounds read flaw was found in the way the xmlrpc extension parsed
dates in the ISO 8601 format. A specially crafted XML-RPC request or
response could possibly cause a PHP application to crash. (CVE-2014-3668)
The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat
Product Security.
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1919 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593)
A flaw was found in the Alarm API, which could allow applications to
schedule actions to be run in the future. A malicious web application could
use this flaw to bypass the same-origin policy. (CVE-2014-1594)
This update disables SSL 3.0 support by default in Firefox. Details on how
to re-enable SSL 3.0 support are available at:
<A HREF="https://access.redhat.com/articles/1283153">https://access.redhat.com/articles/1283153</A>
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse
Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya,
and Boris Zbarsky as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 31.3.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 31.3.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1912 -- ruby security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7rubyRuby is an extensible, interpreted, object-oriented, scripting language.
It has features to process text files and to perform system management
tasks.
Multiple denial of service flaws were found in the way the Ruby REXML XML
parser performed expansion of parameter entities. A specially crafted XML
document could cause REXML to use an excessive amount of CPU and memory.
(CVE-2014-8080, CVE-2014-8090)
A stack-based buffer overflow was found in the implementation of the Ruby
Array pack() method. When performing base64 encoding, a single byte could
be written past the end of the buffer, possibly causing Ruby to crash.
(CVE-2014-4975)
The CVE-2014-8090 issue was discovered by Red Hat Product Security.
All ruby users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running instances
of Ruby need to be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1846 -- gnutls security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7gnutlsThe GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS). The gnutls packages also
include the libtasn1 library, which provides Abstract Syntax Notation One
(ASN.1) parsing and structures management, and Distinguished Encoding Rules
(DER) encoding and decoding functions.
An out-of-bounds memory write flaw was found in the way GnuTLS parsed
certain ECC (Elliptic Curve Cryptography) certificates or certificate
signing requests (CSR). A malicious user could create a specially crafted
ECC certificate or a certificate signing request that, when processed by an
application compiled against GnuTLS (for example, certtool), could cause
that application to crash or execute arbitrary code with the permissions of
the user running the application. (CVE-2014-8564)
Red Hat would like to thank GnuTLS upstream for reporting this issue.
Upstream acknowledges Sean Burford as the original reporter.
All gnutls users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all applications linked to the GnuTLS or libtasn1 library must
be restarted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1801 -- shim security update (Moderate)Red Hat Enterprise Linux 7shimshim-signedShim is the initial UEFI bootloader that handles chaining to a trusted full
bootloader under secure boot environments.
A heap-based buffer overflow flaw was found the way shim parsed certain
IPv6 addresses. If IPv6 network booting was enabled, a malicious server
could supply a crafted IPv6 address that would cause shim to crash or,
potentially, execute arbitrary code. (CVE-2014-3676)
An out-of-bounds memory write flaw was found in the way shim processed
certain Machine Owner Keys (MOKs). A local attacker could potentially use
this flaw to execute arbitrary code on the system. (CVE-2014-3677)
An out-of-bounds memory read flaw was found in the way shim parsed certain
IPv6 packets. A specially crafted DHCPv6 packet could possibly cause shim
to crash, preventing the system from booting if IPv6 booting was enabled.
(CVE-2014-3675)
Red Hat would like to thank the SUSE Security Team for reporting these
issues.
All shim users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1861 -- mariadb security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7mariadbMariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.
This update fixes several vulnerabilities in the MariaDB database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2014-2494,
CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,
CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,
CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,
CVE-2014-6555, CVE-2014-6559)
These updated packages upgrade MariaDB to version 5.5.40. Refer to the
MariaDB Release Notes listed in the References section for a complete list
of changes.
All MariaDB users should upgrade to these updated packages, which correct
these issues. After installing this update, the MariaDB server daemon
(mysqld) will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1956 -- wpa_supplicant security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7wpa_supplicantThe wpa_supplicant package contains an 802.1X Supplicant with support for
WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication
methods. It implements key negotiation with a WPA Authenticator for client
stations and controls the roaming and IEEE 802.11 authentication and
association of the WLAN driver.
A command injection flaw was found in the way the wpa_cli utility executed
action scripts. If wpa_cli was run in daemon mode to execute an action
script (specified using the -a command line option), and wpa_supplicant was
configured to connect to a P2P group, malicious P2P group parameters could
cause wpa_cli to execute arbitrary code. (CVE-2014-3686)
Red Hat would like to thank Jouni Malinen for reporting this issue.
All wpa_supplicant users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1319: xerces-j2 security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7xerces-j2Apache Xerces for Java (Xerces-J) is a high performance, standards
compliant, validating XML parser written in Java. The xerces-j2 packages
provide Xerces-J version 2.
A resource consumption issue was found in the way Xerces-J handled XML
declarations. A remote attacker could use an XML document with a specially
crafted declaration using a long pseudo-attribute name that, when parsed by
an application using Xerces-J, would cause that application to use an
excessive amount of CPU. (CVE-2013-4002)
All xerces-j2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using the
Xerces-J must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1327: php security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. PHP's fileinfo module provides functions used to identify a
particular file according to the type of data contained by the file.
A buffer overflow flaw was found in the way the File Information (fileinfo)
extension processed certain Pascal strings. A remote attacker able to make
a PHP application using fileinfo convert a specially crafted Pascal string
provided by an image file could cause that application to crash.
(CVE-2014-3478)
Multiple flaws were found in the File Information (fileinfo) extension
regular expression rules for detecting various files. A remote attacker
could use either of these flaws to cause a PHP application using fileinfo
to consume an excessive amount of CPU. (CVE-2014-3538)
It was found that the fix for CVE-2012-1571 was incomplete; the File
Information (fileinfo) extension did not correctly parse certain Composite
Document Format (CDF) files. A remote attacker could use this flaw to crash
a PHP application using fileinfo via a specially crafted CDF file.
(CVE-2014-3587)
It was found that PHP's gd extension did not properly handle file names
with a null character. A remote attacker could possibly use this flaw to
make a PHP application access unexpected files and bypass intended file
system access restrictions. (CVE-2014-5120)
A NULL pointer dereference flaw was found in the gdImageCreateFromXpm()
function of PHP's gd extension. A remote attacker could use this flaw to
crash a PHP application using gd via a specially crafted X PixMap (XPM)
file. (CVE-2014-2497)
Multiple buffer over-read flaws were found in the php_parserr() function of
PHP. A malicious DNS server or a man-in-the-middle attacker could possibly
use this flaw to execute arbitrary code as the PHP interpreter if a PHP
application used the dns_get_record() function to perform a DNS query.
(CVE-2014-3597)
Two use-after-free flaws were found in the way PHP handled certain Standard
PHP Library (SPL) Iterators and ArrayIterators. A malicious script author
could possibly use either of these flaws to disclose certain portions of
server memory. (CVE-2014-4670, CVE-2014-4698)
The CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat
Product Security, the CVE-2014-3538 issue was discovered by Jan KaluЕѕa of
the Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by
David KutГЎlek of the Red Hat BaseOS QE.
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1397: rsyslog security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7rsyslogThe rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine grained
output format control.
A flaw was found in the way rsyslog handled invalid log message priority
values. In certain configurations, a local attacker, or a remote attacker
able to connect to the rsyslog port, could use this flaw to crash the
rsyslog daemon or, potentially, execute arbitrary code as the user running
the rsyslog daemon. (CVE-2014-3634)
Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.
All rsyslog users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the rsyslog service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
Multiple flaws were discovered in the Libraries, 2D, and Hotspot components
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531,
CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK
performed expansion of external parameter entities even when external
entity substitution was disabled. A remote attacker could use this flaw to
perform XML eXternal Entity (XXE) attack against applications using the
StAX parser to parse untrusted XML documents. (CVE-2014-6517)
It was discovered that the DatagramSocket implementation in OpenJDK failed
to perform source address checks for packets received on a connected
socket. A remote attacker could use this flaw to have their packets
processed as if they were received from the expected source.
(CVE-2014-6512)
It was discovered that the TLS/SSL implementation in the JSSE component in
OpenJDK failed to properly verify the server identity during the
renegotiation following session resumption, making it possible for
malicious TLS/SSL servers to perform a Triple Handshake attack against
clients using JSSE and client certificate authentication. (CVE-2014-6457)
It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could possibly
allow an attacker to affect the integrity of an encrypted stream handled by
this class. (CVE-2014-6558)
The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product
Security.
This update also fixes the following bug:
* The TLS/SSL implementation in OpenJDK previously failed to handle
Diffie-Hellman (DH) keys with more than 1024 bits. This caused client
applications using JSSE to fail to establish TLS/SSL connections to servers
using larger DH keys during the connection handshake. This update adds
support for DH keys with size up to 2048 bits. (BZ#1148309)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1620: java-1.7.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
Multiple flaws were discovered in the Libraries, 2D, and Hotspot components
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531,
CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK
performed expansion of external parameter entities even when external
entity substitution was disabled. A remote attacker could use this flaw to
perform XML eXternal Entity (XXE) attack against applications using the
StAX parser to parse untrusted XML documents. (CVE-2014-6517)
It was discovered that the DatagramSocket implementation in OpenJDK failed
to perform source address checks for packets received on a connected
socket. A remote attacker could use this flaw to have their packets
processed as if they were received from the expected source.
(CVE-2014-6512)
It was discovered that the TLS/SSL implementation in the JSSE component in
OpenJDK failed to properly verify the server identity during the
renegotiation following session resumption, making it possible for
malicious TLS/SSL servers to perform a Triple Handshake attack against
clients using JSSE and client certificate authentication. (CVE-2014-6457)
It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could possibly
allow an attacker to affect the integrity of an encrypted stream handled by
this class. (CVE-2014-6558)
The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product
Security.
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
This update also fixes the following bug:
* The TLS/SSL implementation in OpenJDK previously failed to handle
Diffie-Hellman (DH) keys with more than 1024 bits. This caused client
applications using JSSE to fail to establish TLS/SSL connections to servers
using larger DH keys during the connection handshake. This update adds
support for DH keys with size up to 2048 bits. (BZ#1148309)
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1655: libxml2 security update (Moderate)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6CentOS Linux 7CentOS Linux 6libxml2The libxml2 library is a development toolbox providing the implementation
of various XML standards.
A denial of service flaw was found in libxml2, a library providing support
to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an application
using libxml2, would lead to excessive CPU consumption (denial of service)
based on excessive entity substitutions, even if entity substitution was
disabled, which is the parser default behavior. (CVE-2014-3660)
All libxml2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The desktop must be
restarted (log out, then log back in) for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1352: libvirt security and bug fix update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7libvirtThe libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems.
In addition, libvirt provides tools for remote management of
virtualized systems.
An out-of-bounds read flaw was found in the way libvirt's
qemuDomainGetBlockIoTune() function looked up the disk index in a
non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd or,
potentially, leak memory from the libvirtd process. (CVE-2014-3633)
A denial of service flaw was found in the way libvirt's
virConnectListAllDomains() function computed the number of used domains.
A remote attacker able to establish a read-only connection to libvirtd
could use this flaw to make any domain operations within libvirt
unresponsive. (CVE-2014-3657)
The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat.
This update also fixes the following bug:
* Prior to this update, libvirt was setting the cpuset.mems parameter for
domains with numatune/memory[nodeset] prior to starting them. As a
consequence, domains with such a nodeset, which excluded the NUMA node with
DMA and DMA32 zones (found in /proc/zoneinfo), could not be started due to
failed KVM initialization. With this update, libvirt sets the cpuset.mems
parameter after the initialization, and domains with any nodeset (in
/numatune/memory) can be started without an error. (BZ#1135871)
All libvirt users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, libvirtd will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1658: java-1.6.0-sun security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5Red Hat Enterprise Linux 7java-1.6.0-sunOracle Java SE version 6 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493,
CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511,
CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532,
CVE-2014-6558)
The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 85 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1669 -- qemu-kvm security and bug fix update (Low)Red Hat Enterprise Linux 7CentOS Linux 7qemu-kvmKVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.
An information leak flaw was found in the way QEMU's VGA emulator accessed
frame buffer memory for high resolution displays. A privileged guest user
could use this flaw to leak memory contents of the host to the guest by
setting the display to use a high resolution in the guest. (CVE-2014-3615)
This issue was discovered by Laszlo Ersek of Red Hat.
This update also fixes the following bug:
* This update fixes a regression in the scsi_block_new_request() function,
which caused all read requests to through SG_IO if the host cache was not
used. (BZ#1141189)
All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1359: polkit-qt security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7polkit-qtPolkit-qt is a library that lets developers use the PolicyKit API through a
Qt-styled API. The polkit-qt library is used by the KDE Authentication
Agent (KAuth), which is a part of kdelibs.
It was found that polkit-qt handled authorization requests with PolicyKit
via a D-Bus API that is vulnerable to a race condition. A local user could
use this flaw to bypass intended PolicyKit authorizations. This update
modifies polkit-qt to communicate with PolicyKit via a different API that
is not vulnerable to the race condition. (CVE-2014-5033)
All polkit-qt users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1657: java-1.7.0-oracle security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5Red Hat Enterprise Linux 7java-1.7.0-oracleOracle Java SE version 7 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476,
CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504,
CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517,
CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558)
The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 72 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1635: firefox security update (Critical)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1576,
CVE-2014-1577)
A flaw was found in the Alarm API, which allows applications to schedule
actions to be run in the future. A malicious web application could use this
flaw to bypass cross-origin restrictions. (CVE-2014-1583)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron
Campen Jon Coppeard, Atte Kettunen, Holger Fuhrmannek, Abhishek Arya,
regenrecht, and Boris Zbarsky as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 31.2.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 31.2.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1676 -- wireshark security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6wiresharkWireshark is a network protocol analyzer. It is used to capture and browse
the traffic running on a computer network.
Multiple flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash or,
possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)
Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,
CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428)
All wireshark users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running instances
of Wireshark must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1652: openssl security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.
For additional information about this flaw, see the Knowledgebase article
at https://access.redhat.com/articles/1232123
A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure
Real-time Transport Protocol (SRTP) extension data. A remote attacker could
send multiple specially crafted handshake messages to exhaust all available
memory of an SSL/TLS or DTLS server. (CVE-2014-3513)
A memory leak flaw was found in the way an OpenSSL handled failed session
ticket integrity checks. A remote attacker could exhaust all available
memory of an SSL/TLS or DTLS server by sending a large number of invalid
session tickets to that server. (CVE-2014-3567)
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to mitigate the CVE-2014-3566 issue and correct
the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect,
all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1281: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* An out-of-bounds memory access flaw was found in the Linux kernel's
system call auditing implementation. On a system with existing audit rules
defined, a local, unprivileged user could use this flaw to leak kernel
memory to user space or, potentially, crash the system. (CVE-2014-3917,
Moderate)
This update also fixes the following bugs:
* A bug in the mtip32xx driver could prevent the Micron P420m PCIe SSD
devices with unaligned I/O access from completing the submitted I/O
requests. This resulted in a livelock situation and rendered the Micron
P420m PCIe SSD devices unusable. To fix this problem, mtip32xx now checks
whether an I/O access is unaligned and if so, it uses the correct
semaphore. (BZ#1125776)
* A series of patches has been backported to improve the functionality of
a touch pad on the latest Lenovo laptops in Red Hat Enterprise Linux 7.
(BZ#1122559)
* Due to a bug in the bnx2x driver, a network adapter could be unable to
recover from EEH error injection. The network adapter had to be taken
offline and rebooted in order to function properly again. With this update,
the bnx2x driver has been corrected and network adapters now recover from
EEH errors as expected. (BZ#1107722)
* Previously, if an hrtimer interrupt was delayed, all future pending
hrtimer events that were queued on the same processor were also delayed
until the initial hrtimer event was handled. This could cause all hrtimer
processing to stop for a significant period of time. To prevent this
problem, the kernel has been modified to handle all expired hrtimer events
when handling the initially delayed hrtimer event. (BZ#1113175)
* A previous change to the nouveau driver introduced a bit shift error,
which resulted in a wrong display resolution being set with some models
of NVIDIA controllers. With this update, the erroneous code has been
corrected, and the affected NVIDIA controllers can now set the correct
display resolution. (BZ#1114869)
* Due to a NULL pointer dereference bug in the be2net driver, the system
could experience a kernel oops and reboot when disabling a network adapter
after a permanent failure. This problem has been fixed by introducing a
flag to keep track of the setup state. The failing adapter can now be
disabled successfully without a kernel crash. (BZ#1122558)
* Previously, the Huge Translation Lookaside Buffer (HugeTLB) allowed
access to huge pages access by default. However, huge pages may be
unsupported in some environments, such as a KVM guest on a PowerPC
architecture, and an attempt to access a huge page in memory would result
in a kernel oops. This update ensures that HugeTLB denies access to huge
pages if the huge pages are not supported on the system. (BZ#1122115)
* If an NVMe device becomes ready but fails to create I/O queues, the nvme
driver creates a character device handle to manage such a device.
Previously, a character device could be created before a device reference
counter was initialized, which resulted in a kernel oops. This problem has
been fixed by calling the relevant initialization function earlier in the
code. (BZ#1119720)
* On some firmware versions of the BladeEngine 3 (BE3) controller,
interrupts remain disabled after a hardware reset. This was a problem for
all Emulex-based network adapters using such a BE3 controller because
these adapters would fail to recover from an EEH error if it occurred. To
resolve this problem, the be2net driver has been modified to enable the
interrupts in the eeh_resume handler explicitly. (BZ#1121712)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1147: squid security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7squidSquid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1307: nss security update (Important)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 7CentOS Linux 6CentOS Linux 5Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One)
input from certain RSA signatures. A remote attacker could use this flaw to
forge RSA certificates by providing a specially crafted signature to an
application using NSS. (CVE-2014-1568)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security
Incident Response Team as the original reporters.
All NSS users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, applications using NSS must be restarted for this update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1292: haproxy security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7haproxyHAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.
A buffer overflow flaw was discovered in the way HAProxy handled, under
very specific conditions, data uploaded from a client. A remote attacker
could possibly use this flaw to crash HAProxy. (CVE-2014-6269)
All haproxy users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1306: bash security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
It was found that the fix for CVE-2014-6271 was incomplete, and Bash still
allowed certain characters to be injected into other environments via
specially crafted environment variables. An attacker could potentially use
this flaw to override or bypass environment restrictions to execute shell
commands. Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit this
issue. (CVE-2014-7169)
Applications which directly create bash functions as environment variables
need to be made aware of changes to the way names are handled by this
update. For more information see the Knowledgebase article at
https://access.redhat.com/articles/1200223
Note: Docker users are advised to use "yum update" within their containers,
and to commit the resulting changes.
For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the
aforementioned Knowledgebase article.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1144: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1293: bash security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)
For additional information on the CVE-2014-6271 flaw, refer to the
Knowledgebase article at https://access.redhat.com/articles/1200223
Red Hat would like to thank Stephane Chazelas for reporting this issue.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1166: jakarta-commons-httpclient security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7jakarta-commons-httpclientJakarta Commons HTTPClient implements the client side of HTTP standards.
It was discovered that the HTTPClient incorrectly extracted host name from
an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)
For additional information on this flaw, refer to the Knowledgebase
article in the References section.
All jakarta-commons-httpclient users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1172: procmail security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7procmailThe procmail program is used for local mail delivery. In addition to just
delivering mail, procmail can be used for automatic filtering, presorting,
and other mail handling jobs.
A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
All procmail users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1091: mod_wsgi security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7mod_wsgiThe mod_wsgi adapter is an Apache module that provides a WSGI-compliant
interface for hosting Python-based web applications within Apache.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1052: openssl security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
A race condition was found in the way OpenSSL handled ServerHello messages
with an included Supported EC Point Format extension. A malicious server
could possibly use this flaw to cause a multi-threaded TLS/SSL client using
OpenSSL to write into freed memory, causing the client to crash or execute
arbitrary code. (CVE-2014-3509)
It was discovered that the OBJ_obj2txt() function could fail to properly
NUL-terminate its output. This could possibly cause an application using
OpenSSL functions to format fields of X.509 certificates to disclose
portions of its memory. (CVE-2014-3508)
A flaw was found in the way OpenSSL handled fragmented handshake packets.
A man-in-the-middle attacker could use this flaw to force a TLS/SSL server
using OpenSSL to use TLS 1.0, even if both the client and the server
supported newer protocol versions. (CVE-2014-3511)
Multiple flaws were discovered in the way OpenSSL handled DTLS packets.
A remote attacker could use these flaws to cause a DTLS server or client
using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505,
CVE-2014-3506, CVE-2014-3507)
A NULL pointer dereference flaw was found in the way OpenSSL performed a
handshake when using the anonymous Diffie-Hellman (DH) key exchange. A
malicious server could cause a DTLS client using OpenSSL to crash if that
client had anonymous DH cipher suites enabled. (CVE-2014-3510)
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1011: resteasy-base security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7resteasy-baseRESTEasy contains a JBoss project that provides frameworks to help build
RESTful Web Services and RESTful Java applications. It is a fully certified
and portable implementation of the JAX-RS specification.
It was found that the fix for CVE-2012-0818 was incomplete: external
parameter entities were not disabled when the
resteasy.document.expand.entity.references parameter was set to false.
A remote attacker able to send XML requests to a RESTEasy endpoint could
use this flaw to read files accessible to the user running the application
server, and potentially perform other more advanced XXE attacks.
(CVE-2014-3490)
This issue was discovered by David Jorm of Red Hat Product Security.
All resteasy-base users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1013: php security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. PHP's fileinfo module provides functions used to identify a
particular file according to the type of data contained by the file.
A denial of service flaw was found in the File Information (fileinfo)
extension rules for detecting AWK files. A remote attacker could use this
flaw to cause a PHP application using fileinfo to consume an excessive
amount of CPU. (CVE-2013-7345)
Multiple denial of service flaws were found in the way the File Information
(fileinfo) extension parsed certain Composite Document Format (CDF) files.
A remote attacker could use either of these flaws to crash a PHP
application using fileinfo via a specially crafted CDF file.
(CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480,
CVE-2014-3487)
A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT
records. A malicious DNS server or a man-in-the-middle attacker could
possibly use this flaw to execute arbitrary code as the PHP interpreter if
a PHP application used the dns_get_record() function to perform a DNS
query. (CVE-2014-4049)
A type confusion issue was found in PHP's phpinfo() function. A malicious
script author could possibly use this flaw to disclose certain portions of
server memory. (CVE-2014-4721)
A type confusion issue was found in the SPL ArrayObject and
SPLObjectStorage classes' unserialize() method. A remote attacker able to
submit specially crafted input to a PHP application, which would then
unserialize this input using one of the aforementioned methods, could use
this flaw to execute arbitrary code with the privileges of the user running
that PHP application. (CVE-2014-3515)
The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479,
CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso
of Red Hat Product Security.
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1031: 389-ds-base security update (Important)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6CentOS Linux 6CentOS Linux 7389-ds-baseThe 389 Directory Server is an LDAPv3 compliant server. The base packages
include the Lightweight Directory Access Protocol (LDAP) server and
command-line utilities for server administration.
It was found that when replication was enabled for each attribute in 389
Directory Server, which is the default configuration, the server returned
replicated metadata when the directory was searched while debugging was
enabled. A remote attacker could use this flaw to disclose potentially
sensitive information. (CVE-2014-3562)
This issue was discovered by Ludwig Krispenz of Red Hat.
All 389-ds-base users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
this update, the 389 server service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1110: glibc security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7glibcThe glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system cannot
function properly.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1023: kernel security and bug fix update (Important)Red Hat Enterprise Linux 7CentOS Linux 7kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* It was found that Linux kernel's ptrace subsystem did not properly
sanitize the address-space-control bits when the program-status word (PSW)
was being set. On IBM S/390 systems, a local, unprivileged user could use
this flaw to set address-space-control bits to the kernel space, and thus
gain read and write access to kernel memory. (CVE-2014-3534, Important)
* It was found that the permission checks performed by the Linux kernel
when a netlink message was received were not sufficient. A local,
unprivileged user could potentially bypass these restrictions by passing a
netlink socket as stdout or stderr to a more privileged process and
altering the output of this process. (CVE-2014-0181, Moderate)
* It was found that a remote attacker could use a race condition flaw in
the ath_tx_aggr_sleep() function to crash the system by creating large
network traffic on the system's Atheros 9k wireless network adapter.
(CVE-2014-2672, Moderate)
* A flaw was found in the way the Linux kernel performed forking inside of
a transaction. A local, unprivileged user on a PowerPC system that supports
transactional memory could use this flaw to crash the system.
(CVE-2014-2673, Moderate)
* A race condition flaw was found in the way the Linux kernel's mac80211
subsystem implementation handled synchronization between TX and STA wake-up
code paths. A remote attacker could use this flaw to crash the system.
(CVE-2014-2706, Moderate)
* An integer underflow flaw was found in the way the Linux kernel's Stream
Control Transmission Protocol (SCTP) implementation processed certain
COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote
attacker could use this flaw to prevent legitimate connections to a
particular SCTP server socket to be made. (CVE-2014-4667, Moderate)
Red Hat would like to thank Martin Schwidefsky of IBM for reporting
CVE-2014-3534, Andy Lutomirski for reporting CVE-2014-0181, and Gopal Reddy
Kodudula of Nokia Siemens Networks for reporting CVE-2014-4667.
This update also fixes the following bugs:
* Due to a NULL pointer dereference bug in the IPIP and SIT tunneling code,
a kernel panic could be triggered when using IPIP or SIT tunnels with
IPsec. This update restructures the related code to avoid a NULL pointer
dereference and the kernel no longer panics when using IPIP or SIT tunnels
with IPsec. (BZ#1114957)
* Previously, an IBM POWER8 system could terminate unexpectedly when the
kernel received an IRQ while handling a transactional memory re-checkpoint
critical section. This update ensures that IRQs are disabled in this
situation and the problem no longer occurs. (BZ#1113150)
* A missing read memory barrier, rmb(), in the bnx2x driver caused the
kernel to crash under various circumstances. This problem has been fixed
by adding an rmb() call to the relevant place in the bnx2x code.
(BZ#1107721)
* The hpwdt driver previously emitted a panic message that was misleading
on certain HP systems. This update ensures that upon a kernel panic, hpwdt
displays information valid on all HP systems. (BZ#1096961)
* The qla2xxx driver has been upgraded to version 8.06.00.08.07.0-k3,
which provides a number of bug fixes over the previous version in order to
correct various timeout problems with the mailbox commands. (BZ#1112389)
* The SCSI mid-layer could retry an I/O operation indefinitely if a storage
array repeatedly returned a CHECK CONDITION status to that I/O operation
but the sense data was invalid. This update fixes the problem by limiting
a time for which is such an I/O operation retried. (BZ#1114468)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1034: tomcat security update (Low)Red Hat Enterprise Linux 7CentOS Linux 7tomcatApache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was found that, in certain circumstances, it was possible for a
malicious web application to replace the XML parsers used by Apache Tomcat
to process XSLTs for the default servlet, JSP documents, tag library
descriptors (TLDs), and tag plug-in configuration files. The injected XML
parser(s) could then bypass the limits imposed on XML external entities
and/or gain access to the XML files processed for other web applications
deployed on the same Apache Tomcat instance. (CVE-2014-0119)
All Tomcat users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Tomcat must be restarted
for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1073: nss, nss-util, nss-softokn security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 7CentOS Linux 7nssnss-softoknnss-utilNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Applications built with NSS can support SSLv3, TLS, and other
security standards.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1146: httpcomponents-client security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7httpcomponents-clientHttpClient is an HTTP/1.1 compliant HTTP agent implementation based on
httpcomponents HttpCore.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1008: samba security and bug fix update (Important)Red Hat Enterprise Linux 7CentOS Linux 7sambaSamba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
A heap-based buffer overflow flaw was found in Samba's NetBIOS message
block daemon (nmbd). An attacker on the local network could use this flaw
to send specially crafted packets that, when processed by nmbd, could
possibly lead to arbitrary code execution with root privileges.
(CVE-2014-3560)
This update also fixes the following bug:
* Prior to this update, Samba incorrectly used the O_TRUNC flag when using
the open(2) system call to access the contents of a file that was already
opened by a different process, causing the file's previous contents to be
removed. With this update, the O_TRUNC flag is no longer used in the above
scenario, and file corruption no longer occurs. (BZ#1115490)
All Samba users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0914: libvirt security and bug fix update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7libvirtThe libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems.
In addition, libvirt provides tools for remote management of
virtualized systems.
It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML
documents using the libxml2 library, in which case all XML entities in the
parsed documents are expanded. A user able to force libvirtd to parse an
XML document with an entity pointing to a file could use this flaw to read
the contents of that file; parsing an XML document with an entity pointing
to a special file that blocks on read access could cause libvirtd to hang
indefinitely, resulting in a denial of service on the system.
(CVE-2014-0179)
Red Hat would like to thank the upstream Libvirt project for reporting this
issue. Upstream acknowledges Daniel P. Berrange and Richard Jones as the
original reporters.
This update also fixes the following bugs:
* A previous update of the libvirt package introduced an error; a
SIG_SETMASK argument was incorrectly replaced by a SIG_BLOCK argument after
the poll() system call. Consequently, the SIGCHLD signal could be
permanently blocked, which caused signal masks to not return to their
original values and defunct processes to be generated. With this update,
the original signal masks are restored and defunct processes are no longer
generated. (BZ#1112689)
* An attempt to start a domain that did not exist caused network filters to
be locked for read-only access. As a consequence, when trying to gain
read-write access, a deadlock occurred. This update applies a patch to fix
this bug and an attempt to start a non-existent domain no longer causes a
deadlock in the described scenario. (BZ#1112690)
* Previously, the libvirtd daemon was binding only to addresses that were
configured on certain network interfaces. When libvirtd started before the
IPv4 addresses had been configured, libvirtd listened only on the IPv6
addresses. The daemon has been modified to not require an address to be
configured when binding to a wildcard address, such as "0.0.0.0" or "::".
As a result, libvirtd binds to both IPv4 and IPv6 addresses as expected.
(BZ#1112692)
Users of libvirt are advised to upgrade to these updated packages, which
fix these bugs. After installing the updated packages, libvirtd will be
restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: RHSA-2014:0861: lzo security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7lzoLZO is a portable lossless data compression library written in ANSI C.
An integer overflow flaw was found in the way the lzo library decompressed
certain archives compressed with the LZO algorithm. An attacker could
create a specially crafted LZO-compressed input that, when decompressed by
an application using the lzo library, would cause that application to crash
or, potentially, execute arbitrary code. (CVE-2014-4607)
Red Hat would like to thank Don A. Bailey from Lab Mouse Security for
reporting this issue.
All lzo users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the lzo library must be restarted or the
system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDRHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
this flaw to bypass Java sandbox restrictions. (CVE-2014-4262)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
This update also fixes the following bug:
* Prior to this update, an application accessing an unsynchronized HashMap
could potentially enter an infinite loop and consume an excessive amount of
CPU resources. This update resolves this issue. (BZ#1115580)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0916: nss and nspr security update (Critical)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 7nsprnssNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A race condition was found in the way NSS verified certain certificates.
A remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application. (CVE-2014-1544)
Red Hat would like to thank the Mozilla project for reporting
CVE-2014-1544. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber
as the original reporters.
Users of NSS and NSPR are advised to upgrade to these updated packages,
which correct this issue. After installing this update, applications using
NSS or NSPR must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0703: json-c security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7json-cJSON-C implements a reference counting object model that allows you to
easily construct JSON objects in C, output them as JSON-formatted strings,
and parse JSON-formatted strings back into the C representation of
JSON objects.
Multiple buffer overflow flaws were found in the way the json-c library
handled long strings in JSON documents. An attacker able to make an
application using json-c parse excessively large JSON input could cause the
application to crash. (CVE-2013-6370)
A denial of service flaw was found in the implementation of hash arrays in
json-c. An attacker could use this flaw to make an application using json-c
consume an excessive amount of CPU time by providing a specially crafted
JSON document that triggers multiple hash function collisions. To mitigate
this issue, json-c now uses a different hash function and randomization to
reduce the chance of an attacker successfully causing intentional
collisions. (CVE-2013-6371)
These issues were discovered by Florian Weimer of the Red Hat Product
Security Team.
All json-c users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0919: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro
Beekman, Patrick Cozzi, and Mozilla community member John as the original
reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.7.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.7.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0786: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 7CentOS Linux 7kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel's futex subsystem handled
the requeuing of certain Priority Inheritance (PI) futexes. A local,
unprivileged user could use this flaw to escalate their privileges on the
system. (CVE-2014-3153, Important)
* A use-after-free flaw was found in the way the ping_init_sock() function
of the Linux kernel handled the group_info reference counter. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2014-2851, Important)
* Use-after-free and information leak flaws were found in the way the
Linux kernel's floppy driver processed the FDRAWCMD IOCTL command. A local
user with write access to /dev/fdX could use these flaws to escalate their
privileges on the system. (CVE-2014-1737, CVE-2014-1738, Important)
* It was found that the aio_read_events_ring() function of the Linux
kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize the AIO
ring head received from user space. A local, unprivileged user could use
this flaw to disclose random parts of the (physical) memory belonging to
the kernel and/or other processes. (CVE-2014-0206, Moderate)
* An out-of-bounds memory access flaw was found in the Netlink Attribute
extension of the Berkeley Packet Filter (BPF) interpreter functionality in
the Linux kernel's networking implementation. A local, unprivileged user
could use this flaw to crash the system or leak kernel memory to user space
via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145,
Moderate)
* An information leak flaw was found in the way the skb_zerocopy() function
copied socket buffers (skb) that are backed by user-space buffers (for
example vhost-net and Xen netback), potentially allowing an attacker to
read data from those buffers. (CVE-2014-2568, Low)
Red Hat would like to thank Kees Cook of Google for reporting
CVE-2014-3153 and Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter of
CVE-2014-3153. The CVE-2014-0206 issue was discovered by Mateusz Guzik of
Red Hat.
This update also fixes the following bugs:
* Due to incorrect calculation of Tx statistics in the qlcninc driver,
running the "ethtool -S ethX" command could trigger memory corruption.
As a consequence, running the sosreport tool, that uses this command,
resulted in a kernel panic. The problem has been fixed by correcting the
said statistics calculation. (BZ#1104972)
* When an attempt to create a file on the GFS2 file system failed due to a
file system quota violation, the relevant VFS inode was not completely
uninitialized. This could result in a list corruption error. This update
resolves this problem by correctly uninitializing the VFS inode in this
situation. (BZ#1097407)
* Due to a race condition in the kernel, the getcwd() system call could
return "/" instead of the correct full path name when querying a path name
of a file or directory. Paths returned in the "/proc" file system could
also be incorrect. This problem was causing instability of various
applications. The aforementioned race condition has been fixed and getcwd()
now always returns the correct paths. (BZ#1099048)
In addition, this update adds the following enhancements:
* The kernel mutex code has been improved. The changes include improved
queuing of the MCS spin locks, the MCS code optimization, introduction of
the cancellable MCS spin locks, and improved handling of mutexes without
wait locks. (BZ#1103631, BZ#1103629)
* The handling of the Virtual Memory Area (VMA) cache and huge page faults
has been improved. (BZ#1103630)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. The system must be rebooted for this update to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0687: libtasn1 security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7libtasn1The libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing
and structures management, and Distinguished Encoding Rules (DER) encoding
and decoding functions.
It was discovered that the asn1_get_bit_der() function of the libtasn1
library incorrectly reported the length of ASN.1-encoded data. Specially
crafted ASN.1 input could cause an application using libtasn1 to perform
an out-of-bounds access operation, causing the application to crash or,
possibly, execute arbitrary code. (CVE-2014-3468)
Multiple incorrect buffer boundary check issues were discovered in
libtasn1. Specially crafted ASN.1 input could cause an application using
libtasn1 to crash. (CVE-2014-3467)
Multiple NULL pointer dereference flaws were found in libtasn1's
asn1_read_value() function. Specially crafted ASN.1 input could cause an
application using libtasn1 to crash, if the application used the
aforementioned function in a certain way. (CVE-2014-3469)
Red Hat would like to thank GnuTLS upstream for reporting these issues.
All libtasn1 users are advised to upgrade to these updated packages, which
correct these issues. For the update to take effect, all applications
linked to the libtasn1 library must be restarted.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0678: kernel security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A race condition flaw, leading to heap-based buffer overflows, was found
in the way the Linux kernel's N_TTY line discipline (LDISC) implementation
handled concurrent processing of echo output and TTY write operations
originating from user space when the underlying TTY driver was PTY.
An unprivileged, local user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-0196,
Important)
All kernel users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0921: httpd security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7httpdThe httpd packages provide the Apache HTTP Server, a powerful, efficient,
and extensible web server.
A race condition flaw, leading to heap-based buffer overflows, was found in
the mod_status httpd module. A remote attacker able to access a status page
served by mod_status on a server using a threaded Multi-Processing Module
(MPM) could send a specially crafted request that would cause the httpd
child process to crash or, possibly, allow the attacker to execute
arbitrary code with the privileges of the "apache" user. (CVE-2014-0226)
A NULL pointer dereference flaw was found in the mod_cache httpd module.
A malicious HTTP server could cause the httpd child process to crash when
the Apache HTTP Server was used as a forward proxy with caching.
(CVE-2013-4352)
A denial of service flaw was found in the mod_proxy httpd module. A remote
attacker could send a specially crafted request to a server configured as a
reverse proxy using a threaded Multi-Processing Modules (MPM) that would
cause the httpd child process to crash. (CVE-2014-0117)
A denial of service flaw was found in the way httpd's mod_deflate module
handled request body decompression (configured via the "DEFLATE" input
filter). A remote attacker able to send a request whose body would be
decompressed could use this flaw to consume an excessive amount of system
memory and CPU on the target system. (CVE-2014-0118)
A denial of service flaw was found in the way httpd's mod_cgid module
executed CGI scripts that did not read data from the standard input.
A remote attacker could submit a specially crafted request that would cause
the httpd child process to hang indefinitely. (CVE-2014-0231)
All httpd users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0861: lzo security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7lzoLZO is a portable lossless data compression library written in ANSI C.
An integer overflow flaw was found in the way the lzo library decompressed
certain archives compressed with the LZO algorithm. An attacker could
create a specially crafted LZO-compressed input that, when decompressed by
an application using the lzo library, would cause that application to crash
or, potentially, execute arbitrary code. (CVE-2014-4607)
Red Hat would like to thank Don A. Bailey from Lab Mouse Security for
reporting this issue.
All lzo users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the lzo library must be restarted or the
system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0685: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,
CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)
Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0867: samba security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7sambaSamba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
A denial of service flaw was found in the way the sys_recvfile() function
of nmbd, the NetBIOS message block daemon, processed non-blocking sockets.
An attacker could send a specially crafted packet that, when processed,
would cause nmbd to enter an infinite loop and consume an excessive amount
of CPU time. (CVE-2014-0244)
A flaw was found in the way Samba created responses for certain
authenticated client requests when a shadow-copy VFS module was enabled.
An attacker able to send an authenticated request could use this flaw to
disclose limited portions of memory per each request. (CVE-2014-0178)
It was discovered that smbd, the Samba file server daemon, did not properly
handle certain files that were stored on the disk and used a valid Unicode
character in the file name. An attacker able to send an authenticated
non-Unicode request that attempted to read such a file could cause smbd to
crash. (CVE-2014-3493)
Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for
reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-0178
and CVE-2014-3493. The Samba project acknowledges Christof Schmitt as the
original reporter of CVE-2014-0178, and Simon Arlott as the original
reporter of CVE-2014-3493.
All Samba users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0790: dovecot security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7dovecotDovecot is an IMAP server, written with security primarily in mind, for
Linux and other UNIX-like systems. It also contains a small POP3 server.
It supports mail in both the maildir or mbox format. The SQL drivers and
authentication plug-ins are provided as subpackages.
It was discovered that Dovecot did not properly discard connections trapped
in the SSL/TLS handshake phase. A remote attacker could use this flaw to
cause a denial of service on an IMAP/POP3 server by exhausting the pool of
available connections and preventing further, legitimate connections to the
IMAP/POP3 server to be made. (CVE-2014-3430)
All dovecot users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the dovecot service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDRHSA-2014:0927: qemu-kvm security and bug fix update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7qemu-kvmKVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the
user-space component for running virtual machines using KVM.
Two integer overflow flaws were found in the QEMU block driver for QCOW
version 1 disk images. A user able to alter the QEMU disk image files
loaded by a guest could use either of these flaws to corrupt QEMU process
memory on the host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2014-0222, CVE-2014-0223)
Multiple buffer overflow, input validation, and out-of-bounds write flaws
were found in the way virtio, virtio-net, virtio-scsi, usb, and hpet
drivers of QEMU handled state loading after migration. A user able to alter
the savevm data (either on the disk or over the wire during migration)
could use either of these flaws to corrupt QEMU process memory on the
(destination) host, which could potentially result in arbitrary code
execution on the host with the privileges of the QEMU process.
(CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527,
CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542,
CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)
These issues were discovered by Michael S. Tsirkin, Anthony Liguori and
Michael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149, CVE-2013-4150,
CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536,
CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and
CVE-2014-3461.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0702: mariadb security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7mariadbMariaDB is a multi-user, multi-threaded SQL database server that is binary
compatible with MySQL.
This update fixes several vulnerabilities in the MariaDB database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2014-2436,
CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431,
CVE-2014-2432, CVE-2014-2438)
These updated packages upgrade MariaDB to version 5.5.37. Refer to the
MariaDB Release Notes listed in the References section for a complete list
of changes.
All MariaDB users should upgrade to these updated packages, which correct
these issues. After installing this update, the MariaDB server daemon
(mysqld) will be restarted automatically.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0704: qemu-kvm security and bug fix update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7qemu-kvmKVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide a
user-space component to run virtual machines using KVM.
An out-of-bounds memory access flaw was found in the way QEMU's IDE device
driver handled the execution of SMART EXECUTE OFFLINE commands.
A privileged guest user could use this flaw to corrupt QEMU process memory
on the host, which could potentially result in arbitrary code execution on
the host with the privileges of the QEMU process. (CVE-2014-2894)
This update also fixes the following bugs:
* Prior to this update, a bug in the migration code caused the following
error on specific machine types: after a Red Hat Enterprise Linux 6.5 guest
was migrated from a Red Hat Enterprise Linux 6.5 host to a Red Hat
Enterprise Linux 7.0 host and then restarted, the boot failed and the guest
automatically restarted. Thus, the guest entered an endless loop. With this
update, the migration code has been fixed and the Red Hat Enterprise Linux
6.5 guests migrated in the aforementioned scenario now boot properly.
(BZ#1091322)
* Due to a regression bug in the iSCSI driver, the qemu-kvm process
terminated unexpectedly with a segmentation fault when the "write same"
command was executed in guest mode under the iSCSI protocol. This update
fixes the regression and the "write same" command now functions in guest
mode under iSCSI as intended. (BZ#1090978)
* Due to a mismatch in interrupt request (IRQ) routing, migration of a Red
Hat Enterprise Linux 6.5 guest from a Red Hat Enterprise Linux 6.5 host to
a Red Hat Enterprise Linux 7.0 host could produce a call trace.
This happened if memory ballooning and a Universal Host Control Interface
(UHCI) device were used at the same time on certain machine types.
With this patch, the IRQ routing mismatch has been amended and the
described migration now proceeds as expected. (BZ#1090981)
* Previously, an internal error prevented KVM from executing a CPU hot plug
on a Red Hat Enterprise Linux 7 guest running on a Red Hat Enterprise Linux
7 host. This update addresses the internal error and CPU hot plugging in
the described scenario now functions correctly. (BZ#1094820)
All qemu-kvm users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0686: tomcat security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7tomcatApache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was found that a fix for a previous security flaw introduced a
regression that could cause a denial of service in Tomcat 7. A remote
attacker could use this flaw to consume an excessive amount of CPU on the
Tomcat server by sending a specially crafted request to that server.
(CVE-2014-0186)
It was found that when Tomcat 7 processed a series of HTTP requests in
which at least one request contained either multiple content-length
headers, or one content-length header with a chunked transfer-encoding
header, Tomcat would incorrectly handle the request. A remote attacker
could use this flaw to poison a web cache, perform cross-site scripting
(XSS) attacks, or obtain sensitive information from other requests.
(CVE-2013-4286)
It was discovered that the fix for CVE-2012-3544 did not properly resolve a
denial of service flaw in the way Tomcat 7 processed chunk extensions and
trailing headers in chunked requests. A remote attacker could use this flaw
to send an excessively long request that, when processed by Tomcat, could
consume network bandwidth, CPU, and memory on the Tomcat server. Note that
chunked transfer encoding is enabled by default. (CVE-2013-4322)
All Tomcat 7 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0679: openssl security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS
packet fragments. A remote attacker could possibly use this flaw to execute
arbitrary code on a DTLS client or server. (CVE-2014-0195)
Multiple flaws were found in the way OpenSSL handled read and write buffers
when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or
server using OpenSSL could crash or unexpectedly drop connections when
processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198)
A denial of service flaw was found in the way OpenSSL handled certain DTLS
ServerHello requests. A specially crafted DTLS handshake packet could cause
a DTLS client using OpenSSL to crash. (CVE-2014-0221)
A NULL pointer dereference flaw was found in the way OpenSSL performed
anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially
crafted handshake packet could cause a TLS/SSL client that has the
anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470)
Red Hat would like to thank the OpenSSL project for reporting these issues.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of CVE-2014-0224, JГјri Aedla as the original reporter of CVE-2014-0195,
Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix
Gröbert and Ivan Fratrić of Google as the original reporters of
CVE-2014-3470.
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0680: openssl098e security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7openssl098eOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of this issue.
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDELSA-2014:0741: firefox security update (Critical)Red Hat Enterprise Linux 7Oracle Linux 6Oracle Linux 5firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes
Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,
Abhishek Arya, and Nils as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.6.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.6.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Prashant KumarDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDOracle Linux 6.xOracle Linux 6The operating system installed on the system is Oracle Linux 6.xDragos PrisacaDRAFTINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDOracle Linux 5.xOracle Linux 5The operating system installed on the system is Oracle Linux 5.xDanny HaynesDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDChandan M CINTERIMACCEPTEDACCEPTEDDEPRECATED: RHSA-2014:0867: samba security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7sambaSamba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
A denial of service flaw was found in the way the sys_recvfile() function
of nmbd, the NetBIOS message block daemon, processed non-blocking sockets.
An attacker could send a specially crafted packet that, when processed,
would cause nmbd to enter an infinite loop and consume an excessive amount
of CPU time. (CVE-2014-0244)
A flaw was found in the way Samba created responses for certain
authenticated client requests when a shadow-copy VFS module was enabled.
An attacker able to send an authenticated request could use this flaw to
disclose limited portions of memory per each request. (CVE-2014-0178)
It was discovered that smbd, the Samba file server daemon, did not properly
handle certain files that were stored on the disk and used a valid Unicode
character in the file name. An attacker able to send an authenticated
non-Unicode request that attempted to read such a file could cause smbd to
crash. (CVE-2014-3493)
Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for
reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-0178
and CVE-2014-3493. The Samba project acknowledges Christof Schmitt as the
original reporter of CVE-2014-0178, and Simon Arlott as the original
reporter of CVE-2014-3493.
All Samba users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDRHSA-2014:0675: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 7CentOS Linux 7java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0455, CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,
CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,
CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)
Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDRHSA-2014:0923: kernel security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* It was found that the Linux kernel's ptrace subsystem allowed a traced
process' instruction pointer to be set to a non-canonical memory address
without forcing the non-sysret code path when returning to user space.
A local, unprivileged user could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2014-4699,
Important)
Note: The CVE-2014-4699 issue only affected systems using an Intel CPU.
* A flaw was found in the way the pppol2tp_setsockopt() and
pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP
implementation handled requests with a non-SOL_PPPOL2TP socket option
level. A local, unprivileged user could use this flaw to escalate their
privileges on the system. (CVE-2014-4943, Important)
Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699,
and Sasha Levin for reporting CVE-2014-4943.
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0889: java-1.7.0-openjdk security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
Note: If the web browser plug-in provided by the icedtea-web package was
installed, the issues exposed via Java applets could have been exploited
without user interaction if a user visited a malicious website.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0827: tomcat security update (Moderate)Red Hat Enterprise Linux 7CentOS Linux 7tomcatApache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
It was discovered that Apache Tomcat did not limit the length of chunk
sizes when using chunked transfer encoding. A remote attacker could use
this flaw to perform a denial of service attack against Tomcat by streaming
an unlimited quantity of data, leading to excessive consumption of server
resources. (CVE-2014-0075)
It was found that Apache Tomcat did not check for overflowing values when
parsing request content length headers. A remote attacker could use this
flaw to perform an HTTP request smuggling attack on a Tomcat server located
behind a reverse proxy that processed the content length header correctly.
(CVE-2014-0099)
It was found that the org.apache.catalina.servlets.DefaultServlet
implementation in Apache Tomcat allowed the definition of XML External
Entities (XXEs) in provided XSLTs. A malicious application could use this
to circumvent intended security restrictions to disclose sensitive
information. (CVE-2014-0096)
The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product
Security.
All Tomcat 7 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0684: gnutls security update (Important)Red Hat Enterprise Linux 7CentOS Linux 7gnutlsThe GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).
A flaw was found in the way GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious server could use this flaw
to send an excessively long session ID value, which would trigger a buffer
overflow in a connecting TLS/SSL client application using GnuTLS, causing
the client application to crash or, possibly, execute arbitrary code.
(CVE-2014-3466)
A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509
certificates. A specially crafted certificate could cause a server or
client application using GnuTLS to crash. (CVE-2014-3465)
Red Hat would like to thank GnuTLS upstream for reporting these issues.
Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original
reporter of CVE-2014-3466.
Users of GnuTLS are advised to upgrade to these updated packages, which
correct these issues. For the update to take effect, all applications
linked to the GnuTLS library must be restarted.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0741: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes
Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,
Abhishek Arya, and Nils as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.6.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.6.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 7Red Hat Enterprise Linux 7The operating system installed on the system is Red Hat Enterprise Linux 7.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 7.xCentOS Linux 7The operating system installed on the system is CentOS Linux 7.xMaria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 6Red Hat Enterprise Linux 6The operating system installed on the system is Red Hat Enterprise Linux 6.Maria KedovskayaDRAFTMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 6.xCentOS Linux 6The operating system installed on the system is CentOS Linux 6.xDragos PrisacaDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 5.xCentOS Linux 5The operating system installed on the system is CentOS Linux 5.xDanny HaynesDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 5Red Hat Enterprise Linux 5The operating system installed on the system is Red Hat Enterprise Linux 5.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDjava-1.6.0-openjdk-debuginfojava-1.8.0-openjdk-debuginfojava-1.8.0-openjdk-accessibilityjava-1.8.0-openjdk-srcjava-1.8.0-openjdk-javadocjava-1.8.0-openjdk-demojava-1.8.0-openjdkjava-1.8.0-openjdk-headlessjava-1.8.0-openjdk-develxorg-x11-server-commonxorg-x11-server-debuginfoxorg-x11-server-Xnestxorg-x11-server-Xvfbxorg-x11-server-develxorg-x11-server-Xdmxxorg-x11-server-Xorgxorg-x11-server-sourcexorg-x11-server-Xephyrjava-1.7.0-openjdk-debuginfobind-debuginfobind-sdb-chrootbind-libs-litebind-libbind-develbind-sdbbind-licensebind-libsbind-utilsbind-lite-develbindbind-develcaching-nameserverbind-chrootjasper-debuginfojasper-libsjasperjasper-utilsjasper-develsntpntp-docntp-debuginfontpdatentp-perlntpopenssl-libsopenssl-debuginfoopenssl-developensslglibc-debuginfoglibc-debuginfo-commonrpm-signrpm-develrpm-debuginforpm-libsrpm-build-libsrpm-buildrpm-apidocsrpm-pythonrpmrpm-cronlibXfontlibXfont-devellibXfont-debuginfomailx-debuginfomailxcups-filterscups-filters-debuginfocups-filters-develcups-filters-libswgetwget-debuginfolibvncserver-devellibvncserver-debuginfolibvncserverqemu-kvm-toolskdenetwork-krfbkdenetworkkdenetwork-develkdenetwork-kgetkdenetwork-krdckdenetwork-kopete-libskdenetwork-kdnssdkdenetwork-commonkdenetwork-debuginfokdenetwork-kget-libskdenetwork-krdc-libskdenetwork-krdc-develkdenetwork-krfb-libskdenetwork-kopete-develkdenetwork-fileshare-sambakdenetwork-kopetephp-tidyphp-ztsphp-imapphp-debuginfofirefox-debuginforuby-docrubygem-bigdecimalrubygem-jsonrubygemsrubygem-io-consolerubygems-develrubyrubygem-psychruby-irbruby-tcltkruby-libsrubygem-minitestruby-develruby-debuginforubygem-rdocrubygem-rakegnutls-debuginfoshim-unsignedshimmokutilshim-debuginfomariadb-debuginfowpa_supplicant-debuginfowpa_supplicantxerces-j2-javadoc-otherxerces-j2-javadoc-implxerces-j2-scriptsxerces-j2-javadoc-apisxerces-j2-javadocxerces-j2-javadoc-xnixerces-j2-demoxerces-j2rsyslog-pgsqlrsyslog-cryptorsyslog-mmjsonparsersyslog-udpspoofrsyslog-mmauditrsyslog-mmnormalizersyslog-relprsyslog-mmsnmptrapdrsyslog-mysqlrsyslog-elasticsearchrsyslog-libdbirsyslog-snmprsyslog-gssapirsyslogrsyslog-gnutlsrsyslog-docjava-1.6.0-openjdkjava-1.6.0-openjdk-javadoclibxml2-debuginfolibxml2libxml2-staticlibxml2-pythonlibxml2-devellibvirt-develjava-1.6.0-sun-srcjava-1.6.0-sun-demojava-1.6.0-sun-develjava-1.6.0-sun-pluginjava-1.6.0-sun-jdbcjava-1.6.0-sunqemu-imgqemu-kvmpolkit-qt-develpolkit-qtpolkit-qt-docjava-1.7.0-oracle-jdbcjava-1.7.0-oracle-javafxjava-1.7.0-oracle-develjava-1.7.0-oracle-srcjava-1.7.0-oracle-pluginjava-1.7.0-oraclewireshark-debuginfowireshark-develwiresharkwireshark-gnomesquid-sysvinitsquidnss-softokn-debuginfonss-util-debuginfonss-debuginfohaproxybashbash-docjakarta-commons-httpclient-manualjakarta-commons-httpclient-demojakarta-commons-httpclientjakarta-commons-httpclient-javadocprocmailmod_wsgiopenssl-perlresteasy-baseresteasy-base-jettison-providerresteasy-base-providers-pomresteasy-base-jaxrs-allresteasy-base-jaxb-providerresteasy-base-javadocresteasy-base-jaxrs-apiresteasy-base-jackson-providerresteasy-base-jaxrsresteasy-base-tjwsresteasy-base-atom-providerphp-soapphp-xmlrpcphp-pspellphp-commonphp-xmlphp-intlphp-dbaphp-mysqlndphp-cliphp-mysqlphp-enchantphp-ldapphp-gdphp-pdophp-recodephp-embeddedphp-pgsqlphp-processphp-odbcphp-fpmphp-develphp-mbstringphpphp-bcmathphp-snmp389-ds-base389-ds-base-devel389-ds-base-libsglibc-develnscdglibcglibc-utilsglibc-headersglibc-staticglibc-commonkernel-kdumpkernel-headerskernel-abi-whitelistskernel-bootwrappernss-softokn-freebl-develnss-sysinitnssnss-softoknnss-softokn-freeblnss-softokn-develnss-util-develnss-utilhttpcomponents-clienthttpcomponents-client-javadoclibsmbclientsamba-winbind-clientssamba-commonlibvirt-devellibvirt-daemon-driver-qemulibvirt-daemon-driver-lxclibvirt-daemon-config-nwfilterlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-secretlibvirt-daemon-driver-nodedevlibvirt-daemon-driver-networklibvirt-lock-sanlocklibvirtlibvirt-login-shelllibvirt-docslibvirt-daemonlibvirt-daemon-kvmlibvirt-daemon-driver-interfacelibvirt-daemon-config-networklibvirt-clientlibvirt-daemon-driver-storagelibvirt-daemon-lxclibvirt-pythonlzolzo-minilzolzo-develnss-sysinitnss-develnspr-develnssnsprnss-toolsnss-pkcs11-develjson-c-develjson-c-docjson-clibtasn1libtasn1-toolslibtasn1-develkernel-kdumpkernel-bootwrapperkernel-kdump-develhttpd-manualhttpdmod_sessionmod_proxy_htmlmod_ldaphttpd-develhttpd-toolsmod_ssllzolzo-devellzo-minilzojava-1.6.0-openjdk-develjava-1.6.0-openjdk-javadocjava-1.6.0-openjdk-srcjava-1.6.0-openjdk-demojava-1.6.0-openjdklibwbclient-develsamba-winbind-modulessamba-develsamba-vfs-glusterfssamba-dcsamba-dc-libssamba-pidlsamba-pythonsamba-test-develsamba-testlibwbclientsamba-libsdovecot-develdovecotdovecot-pigeonholedovecot-pgsqldovecot-mysqlqemu-kvm-debuginfomariadb-embeddedmariadb-servermariadb-embedded-develmariadb-develmariadb-libsmariadbmariadb-benchmariadb-testlibcacardqemu-kvmqemu-kvm-toolslibcacard-toolsqemu-guest-agentqemu-imgqemu-kvm-commonlibcacard-developensslopenssl-staticopenssl-developenssl-perlopenssl-libsopenssl098exulrunner-develxulrunnerfirefoxsamba-commonsamba-winbind-clientslibsmbclientsamba-test-develsamba-clientsamba-winbind-moduleslibwbclient-develsamba-develsambasamba-winbindsamba-testsamba-pythonlibwbclientlibsmbclient-develsamba-dcsamba-pidlsamba-dc-libssamba-winbind-krb5-locatorsamba-libssamba-vfs-glusterfsjava-1.7.0-openjdk-headlessjava-1.7.0-openjdk-accessibilitykernel-debuginfo-common-x86_64kernel-tools-debuginfokernel-debug-debuginfopython-perf-debuginfoperf-debuginfokernel-debuginfokernel-tools-libs-develkernel-tools-libskernel-debugkernelkernel-headerskernel-toolskernel-develperfpython-perfkernel-debug-develkernel-abi-whitelistskernel-docjava-1.7.0-openjdk-demojava-1.7.0-openjdk-javadocjava-1.7.0-openjdk-srcjava-1.7.0-openjdk-headlessjava-1.7.0-openjdk-accessibilityjava-1.7.0-openjdk-develjava-1.7.0-openjdktomcat-jsp-2.2-apitomcat-servlet-3.0-apitomcat-docs-webapptomcat-javadoctomcattomcat-jsvctomcat-el-2.2-apitomcat-webappstomcat-libtomcat-admin-webappsgnutls-c++gnutlsgnutls-develgnutls-danegnutls-utils^redhat-release-.*$oraclelinux-releasecentos-releaseredhat-releasexulrunnerxulrunner-develfirefox1:1.6.0.35-1.13.7.1.el7_11:1.6.0.35-1.13.7.1.el6_61:1.6.0.35-1.13.7.1.el5_111:1.8.0.45-30.b13.el7_11:1.8.0.45-28.b13.el6_60:3.10.0-123.13.2.el70:1.15.0-25.el6_60:1.15.0-7.el7_0.30:1.15.0-25.el6.centos1:1.7.0.79-2.5.5.1.el7_11:1.7.0.79-2.5.5.1.el6_632:9.9.4-14.el7_0.130:9.3.6-25.P1.el5_11.232:9.8.2-0.30.rc1.el6_6.10:1.900.1-16.el6_6.20:1.900.1-26.el7_0.20:4.2.6p5-2.el6.centos0:4.2.6p5-19.el7.centos0:4.2.6p5-2.el6_60:4.2.6p5-19.el7_01:1.0.1e-42.el7_1.80:1.0.1e-30.el6_6.110:2.17-55.el7_0.30:2.17-55.el7_0.50:2.12-1.149.el6_6.50:4.11.1-18.el7_00:1.4.5-4.el6_60:1.4.7-2.el7_00:3.10.0-123.13.1.el70:12.4-8.el6_60:12.5-12.el7_00:1.0.35-15.el7_0.10:1.12-5.el6_6.10:1.14-10.el7_0.10:0.9.7-7.el6_6.10:0.9.9-9.el7_0.10:3.16.2.3-1.el7_00:3.16.2.3-1.el5_110:3.16.2.3-2.el7_00:3.16.2.3-3.el6_60:3.16.2.3-2.el6_610:1.5.3-86.el7_1.20:3.10.0-123.9.2.el77:4.10.5-8.el7_00:5.3.3-40.el6_60:5.4.16-23.el7_0.30:31.3.0-3.el7.centos0:31.3.0-4.el5_110:31.3.0-4.el5.centos0:31.3.0-3.el6.centos0:31.3.0-3.el6_60:31.3.0-3.el7_00:1.2.0-22.el7_00:1.7.7-22.el7_00:0.4.2-22.el7_00:2.0.14-22.el7_00:2.0.0-22.el7_00:4.3.2-22.el7_00:2.0.0.353-22.el7_00:4.0.0-22.el7_00:0.9.6-22.el7_00:3.1.18-10.el7_00:0.7-8.el7_01:5.5.40-1.el7_01:2.0-13.el7_00:2.11.0-17.el7_00:2.7.1-12.7.el6_50:5.4.16-23.el7_0.10:7.4.7-7.el7_01:1.6.0.33-1.13.5.0.el6_61:1.6.0.33-1.13.5.0.el7_01:1.6.0.33-1.13.5.0.el5_111:1.7.0.71-2.5.3.1.el61:1.7.0.71-2.5.3.1.el7_00:2.7.6-17.el6_6.10:2.9.1-5.el7_0.10:2.9.1-5.el7_0.10:2.7.6-17.el6_6.10:1.1.1-29.el7_0.31:1.6.0.85-1jpp.3.el5_111:1.6.0.85-1jpp.2.el71:1.6.0.85-1jpp.2.el610:1.5.3-60.el7_0.100:0.103.0-10.el7_01:1.7.0.72-1jpp.2.el71:1.7.0.72-1jpp.4.el5_111:1.7.0.72-1jpp.2.el60:31.2.0-3.el5_110:31.2.0-3.el6_60:31.2.0-1.el7_00:31.2.0-3.el7_00:31.2.0-1.el7.centos0:31.2.0-3.el5.centos0:31.2.0-3.el7.centos0:1.8.10-8.el6_60:1.10.3-12.el7_01:1.0.1e-34.el7_0.60:1.0.1e-30.el6_6.20:3.10.0-123.8.1.el77:3.3.8-12.el7_00:3.16.1-4.el5_110:3.16.2-2.el7_00:3.14.3-12.el6_50:3.16.1-7.el6_50:3.16.1-2.el6_50:3.16.2-7.el7_00:3.16.1-2.el6_50:3.14.3-12.el6_50:3.16.2-7.el7_00:3.16.1-7.el6_50:3.16.2-2.el7_00:3.16.1-4.el5_110:1.5.2-3.el7_00:3.2-33.el5_10.40:4.2.45-5.el7_0.40:4.1.2-15.el6_5.20:3.2-33.el5_11.40:24.8.0-1.el6.centos0:24.8.0-2.el5.centos0:24.8.0-1.el7_00:24.8.0-1.el7.centos0:24.8.0-1.el6_50:24.8.0-2.el5_100:3.2-33.el5.10:4.2.45-5.el7_0.20:4.1.2-15.el6_5.11:3.0-7jpp.4.el5_101:3.1-16.el7_01:3.1-0.9.el6_50:3.22-17.1.2.el5_100:3.22-25.1.el6_5.10:3.22-34.el7_0.10:3.22-17.1.20:3.4-12.el7_00:1.0.1e-16.el6_5.151:1.0.1e-34.el7_0.40:2.3.5-3.el7_00:5.4.16-23.el7_00:1.2.11.15-34.el6_50:1.3.1.6-26.el7_00:2.17-55.el7_0.10:2.12-1.132.el6_5.40:2.5-118.el5_10.30:3.10.0-123.6.3.el70:7.0.42-8.el7_00:3.16.2-1.el7_00:3.16.2-2.el7_00:4.2.5-5.el7_00:4.1.1-37.el7_00:1.1.1-29.el7_0.10:2.03-3.1.el6_5.10:2.06-6.el7_0.21:1.6.0.0-6.1.13.4.el6_51:1.6.0.0-6.1.13.4.el5_101:1.6.0.0-6.1.13.4.el7_00:4.10.6-1.el7_00:3.15.4-7.el7_00:4.10.6-1.el5_100:3.15.3-7.el5_100:0.11-4.el7_00:24.7.0-1.el6.centos0:24.7.0-1.el5.centos0:24.7.0-1.el6_50:24.7.0-1.el5_100:24.7.0-1.el7.centos0:24.7.0-1.el7_00:3.10.0-123.4.2.el70:3.3-5.el7_00:3.10.0-123.1.2.el71:2.4.6-18.el7_00:2.4.6-18.el7.centos0:2.4.6-18.el7_01:2.4.6-18.el7.centos0:2.06-6.el7_0.20:2.03-3.1.el6_5.11:1.6.0.0-6.1.13.3.el7_00:4.1.1-35.el7_01:2.2.10-4.el7_0.11:2.0.9-7.el6_5.110:1.5.3-60.el7_0.510:1.5.3-60.el7_0.51:5.5.37-1.el7_010:1.5.3-60.el7_0.20:7.0.42-5.el7_01:1.0.1e-34.el7_0.30:0.9.8e-29.el7_0.20:24.6.0-1.el5_100:24.6.0-1.el7_00:24.6.0-1.el6_50:4.1.1-35.el7_01:1.7.0.55-2.4.7.2.el7_01:1.7.0.65-2.5.1.2.el6_51:1.7.0.65-2.5.1.2.el7_00:3.10.0-123.4.4.el70:3.10.0-123.4.4.el71:1.7.0.65-2.5.1.2.el7_01:1.7.0.65-2.5.1.2.el6_50:7.0.42-6.el7_00:3.1.18-9.el7_0^7.*$^7.*$^7.*$^6.*$^6.*$^5.*$unix^5\D.+$0:24.6.0-1.el7.centos0:24.6.0-1.el5_100:24.6.0-1.el5.centos0:24.6.0-1.el7_00:24.6.0-1.el6_50:24.6.0-1.el6.centos