The OVAL Repository5.82015-09-03T09:53:38.955-04:00RHSA-2009:1039 -- ntp security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5ntpAn updated ntp package that fixes two security issues is now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0473 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1095 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838,
CVE-2009-1841)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0411 -- device-mapper-multipath security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5device-mapper-multipathUpdated device-mapper-multipath packages that fix a security issue are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The device-mapper multipath packages provide tools to manage multipath
devices by issuing instructions to the device-mapper multipath kernel
module, and by managing the creation and removal of partitions for
device-mapper devices.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1619 -- dstat security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5dstatAn updated dstat package that fixes one security issue is now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Dstat is a versatile replacement for the vmstat, iostat, and netstat tools.
Dstat can be used for performance tuning tests, benchmarks, and
troubleshooting.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0315 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerAn updated firefox package that fixes various security issues is now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774,
CVE-2009-0775)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0457 -- libwmf security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5libwmfUpdated libwmf packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
libwmf is a library for reading and converting Windows Metafile Format
(WMF) vector graphics. libwmf is used by applications such as GIMP and
ImageMagick.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1427 -- fetchmail security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5fetchmailAn updated fetchmail package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0010 -- squirrelmail security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5squirrelmailAn updated squirrelmail package that resolves various security issues is
now available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
SquirrelMail is an easy-to-configure, standards-based, webmail package
written in PHP. It includes built-in PHP support for the IMAP and SMTP
protocols, and pure HTML 4.0 page-rendering (with no JavaScript required)
for maximum browser-compatibility, strong MIME support, address books, and
folder manipulation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0344 -- libsoup security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4evolution28-libsouplibsoupUpdated libsoup and evolution28-libsoup packages that fix a security issue
are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
libsoup is an HTTP client/library implementation for GNOME written in C. It
was originally part of a SOAP (Simple Object Access Protocol)
implementation called Soup, but the SOAP and non-SOAP parts have now been
split into separate packages.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1321 -- nfs-utils security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5nfs-utilsAn updated nfs-utils package that fixes a security issue and several bugs
is now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
The nfs-utils package provides a daemon for the kernel NFS server and
related tools.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0261 -- vnc security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3vncUpdated vnc packages to correct a security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1601 -- kdelibs security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5kdelibsUpdated kdelibs packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
The kdelibs packages provide libraries for the K Desktop Environment (KDE).
A buffer overflow flaw was found in the kdelibs string to floating point
conversion routines. A web page containing malicious JavaScript could crash
Konqueror or, potentially, execute arbitrary code with the privileges of the
user running Konqueror. (CVE-2009-0689)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1238 -- dnsmasq security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5dnsmasqAn updated dnsmasq package that fixes two security issues is now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP
server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1307 -- ecryptfs-utils security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5ecryptfs-utilsUpdated ecryptfs-utils packages that fix a security issue, various bugs,
and add enhancements are now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
eCryptfs is a stacked, cryptographic file system. It is transparent to the
underlying file system and provides per-file granularity.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:1017 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1287 -- openssh security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5opensshUpdated openssh packages that fix a security issue, a bug, and add
enhancements are now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1625 -- expat security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5expatUpdated expat packages that fix two security issues are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Expat is a C library written by James Clark for parsing XML documents.
Two buffer over-read flaws were found in the way Expat handled malformed
UTF-8 sequences when processing XML files. A specially-crafted XML file
could cause applications using Expat to crash while parsing the file.
(CVE-2009-3560, CVE-2009-3720)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0338 -- php security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5phpUpdated php packages that fix several security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0225 -- Red Hat Enterprise Linux 5.3 kernel security and bug fix update (Important)Red Hat Enterprise Linux 5kernelUpdated kernel packages that fix three security issues, address several
hundred bugs and add numerous enhancements are now available as part of the
ongoing support and maintenance of Red Hat Enterprise Linux version 5. This
is the third regular update.
This update has been rated as having important security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1674 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1472 -- xen security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5xenUpdated xen packages that fix a security issue and multiple bugs are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Xen is an open source virtualization framework. Virtualization allows users
to run guest operating systems in virtual machines on top of a host
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1066 -- squirrelmail security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5squirrelmailAn updated squirrelmail package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
SquirrelMail is a standards-based webmail package written in PHP.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1430 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxnsprxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox. nspr provides the Netscape
Portable Runtime (NSPR).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1451 -- freeradius security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5freeradiusUpdated freeradius packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1428 -- xmlsec1 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5xmlsec1Updated xmlsec1 packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The XML Security Library is a C library based on libxml2 and OpenSSL. It
implements the XML Signature Syntax and Processing and XML Encryption
Syntax and Processing standards. HMAC is used for message authentication
using cryptographic hash functions. The HMAC algorithm allows the hash
output to be truncated (as documented in RFC 2104).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0352 -- gstreamer-plugins-base security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gstreamer-plugins-baseUpdated gstreamer-plugins-base packages that fix a security issue are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
GStreamer is a streaming media framework based on graphs of filters which
operate on media data. GStreamer Base Plug-ins is a collection of
well-maintained base plug-ins.
An integer overflow flaw which caused a heap-based buffer overflow was
discovered in the Vorbis comment tags reader. An attacker could create a
carefully-crafted Vorbis file that would cause an application using
GStreamer to crash or, potentially, execute arbitrary code if opened by a
victim. (CVE-2009-0586)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1579 -- httpd security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3CentOS Linux 3CentOS Linux 5httpdUpdated httpd packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The Apache HTTP Server is a popular Web server.
A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure
Sockets Layer) protocols handle session renegotiation. A man-in-the-middle
attacker could use this flaw to prefix arbitrary plain text to a client's
session (for example, an HTTPS connection to a website). This could force
the server to process an attacker's request as if authenticated using the
victim's credentials. This update partially mitigates this flaw for SSL
sessions to HTTP servers using mod_ssl by rejecting client-requested
renegotiation. (CVE-2009-3555)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0205 -- dovecot security and bug fix update (Low)Red Hat Enterprise Linux 5dovecotAn updated dovecot package that corrects two security flaws and various bugs
is now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Dovecot is an IMAP server for Linux and UNIX-like systems, primarily
written with security in mind.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1123 -- gstreamer-plugins-good security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gstreamer-plugins-goodUpdated gstreamer-plugins-good packages that fix multiple security issues
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. GStreamer Good Plug-ins is a collection of
well-supported, good quality GStreamer plug-ins.
Multiple integer overflow flaws, that could lead to a buffer overflow, were
found in the GStreamer Good Plug-ins PNG decoding handler. An attacker
could create a specially-crafted PNG file that would cause an application
using the GStreamer Good Plug-ins library to crash or, potentially, execute
arbitrary code as the user running the application when parsed.
(CVE-2009-1932)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1513 -- cups security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5cupsUpdated cups packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:1001 -- tog-pegasus security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5tog-pegasusUpdated tog-pegasus packages that fix security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The tog-pegasus packages provide OpenPegasus Web-Based Enterprise
Management (WBEM) services. WBEM is a platform and resource independent
Distributed Management Task Force (DMTF) standard that defines a common
information model and communication protocol for monitoring and controlling
resources.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0988 -- libxml2 security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3CentOS Linux 2libxml2Updated libxml2 packages that fix security issues are now available for
Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
libxml2 is a library for parsing and manipulating XML files. It includes
support for reading, modifying, and writing XML and HTML files.
An integer overflow flaw causing a heap-based buffer overflow was found in
the libxml2 XML parser. If an application linked against libxml2 processed
untrusted, malformed XML content, it could cause the application to crash
or, possibly, execute arbitrary code. (CVE-2008-4226)
A denial of service flaw was discovered in the libxml2 XML parser. If an
application linked against libxml2 processed untrusted, malformed XML
content, it could cause the application to enter an infinite loop.
(CVE-2008-4225)
Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting these issues.
Users of libxml2 are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1127 -- kdelibs security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5kdelibsUpdated kdelibs packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
The kdelibs packages provide libraries for the K Desktop Environment (KDE).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0011 -- lcms security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5lcmsUpdated lcms packages that resolve several security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1107 -- apr-util security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5apr-utilUpdated apr-util packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
apr-util is a utility library used with the Apache Portable Runtime (APR).
It aims to provide a free library of C data structures and routines. This
library contains additional utility interfaces for APR; including support
for XML, LDAP, database interfaces, URI parsing, and more.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1176 -- python security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pythonUpdated python packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Python is an interpreted, interactive, object-oriented programming
language.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0967 -- httpd security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3httpdUpdated httpd packages that resolve several security issues and fix a bug
are now available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The Apache HTTP Server is a popular Web server.
A flaw was found in the mod_proxy Apache module. An attacker in control of
a Web server to which requests were being proxied could have caused a
limited denial of service due to CPU consumption and stack exhaustion.
(CVE-2008-2364)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0008 -- dbus security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5dbusUpdated dbus packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
D-Bus is a system for sending messages between applications. It is used for
the system-wide message bus service and as a per-user-login-session
messaging facility.
A denial-of-service flaw was discovered in the system for sending messages
between applications. A local user could send a message with a malformed
signature to the bus causing the bus (and, consequently, any process using
libdbus to receive messages) to abort. (CVE-2008-3834)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0444 -- giflib security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5giflibUpdated giflib packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The giflib packages contain a shared library of functions for loading and
saving GIF image files. This library is API and ABI compatible with
libungif, the library that supported uncompressed GIF image files while the
Unisys LZW patent was in effect.
Several flaws were discovered in the way giflib decodes GIF images. An
attacker could create a carefully crafted GIF image that could cause an
application using giflib to crash or, possibly, execute arbitrary code when
opened by a victim. (CVE-2005-2974, CVE-2005-3350)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1646 -- libtool security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libtoolUpdated libtool packages that fix one security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1232 -- gnutls security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4gnutlsUpdated gnutls packages that fix a security issue are now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0377 -- java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUpdated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications written
using the Java programming language.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0421 -- ghostscript security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5ghostscriptUpdated ghostscript packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ghostscript is a set of software that provides a PostScript interpreter, a
set of C procedures (the Ghostscript library, which implements the graphics
capabilities in the PostScript language) and an interpreter for Portable
Document Format (PDF) files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1549 -- wget security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5wgetAn updated wget package that fixes a security issue is now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP.
Daniel Stenberg reported that Wget is affected by the previously published
null prefix attack, caused by incorrect handling of NULL characters in
X.509 certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker could
use the certificate during a man-in-the-middle attack and potentially
confuse Wget into accepting it by mistake. (CVE-2009-3490)
Wget users should upgrade to this updated package, which contains a
backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1470 -- openssh security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5opensshUpdated openssh packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1452 -- neon security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5neonUpdated neon packages that fix two security issues are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
neon is an HTTP and WebDAV client library, with a C interface. It provides
a high-level interface to HTTP and WebDAV methods along with a low-level
interface for HTTP request handling. neon supports persistent connections,
proxy servers, basic, digest and Kerberos authentication, and has complete
SSL support.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1548 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0436 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1648 -- ntp security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5ntpAn updated ntp package that fixes a security issue is now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0957 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that resolve several security issues and fix
various bugs are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The original packages distributed with this errata had a bug which
prevented the Xen kernel booting on older hardware. We have updated the
packages to correct this bug.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1529 -- samba security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5sambaUpdated samba packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Samba is a suite of programs used by machines to share files, printers, and
other information.
A denial of service flaw was found in the Samba smbd daemon. An
authenticated, remote user could send a specially-crafted response that
would cause an smbd child process to enter an infinite loop. An
authenticated, remote user could use this flaw to exhaust system resources
by opening multiple CIFS sessions. (CVE-2009-2906)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1642 -- acpid security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5acpidAn updated acpid package that fixes one security issue is now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0361 -- NetworkManager security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5NetworkManagerUpdated NetworkManager packages that fix two security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
NetworkManager is a network link manager that attempts to keep a wired or
wireless network connection active at all times.
An information disclosure flaw was found in NetworkManager's D-Bus
interface. A local attacker could leverage this flaw to discover sensitive
information, such as network connection passwords and pre-shared keys.
(CVE-2009-0365)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0013 -- avahi security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5avahiUpdated avahi packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Avahi is an implementation of the DNS Service Discovery and Multicast DNS
specifications for Zeroconf Networking. It facilitates service discovery on
a local network. Avahi and Avahi-aware applications allow you to plug your
computer into a network and, with no configuration, view other people to
chat with, see printers to print to, and find shared files on other computers.
Hugo Dias discovered a denial of service flaw in avahi-daemon. A remote
attacker on the same local area network (LAN) could send a
specially-crafted mDNS (Multicast DNS) packet that would cause avahi-daemon
to exit unexpectedly due to a failed assertion check. (CVE-2008-5081)
All users are advised to upgrade to these updated packages, which contain a
backported patch which resolves this issue. After installing the update,
avahi-daemon will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1364 -- gdm security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5gdmUpdated gdm packages that fix a security issue and several bugs are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
The GNOME Display Manager (GDM) is a configurable re-implementation of XDM,
the X Display Manager. GDM allows you to log in to your system with the X
Window System running, and supports running several different X sessions on
your local machine at the same time.
A flaw was found in the way the gdm package was built. The gdm package was
missing TCP wrappers support, which could result in an administrator
believing they had access restrictions enabled when they did not.
(CVE-2009-2697)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1140 -- ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5rubyUpdated ruby packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0581 -- bluez-libs and bluez-utils security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5bluez-libsbluez-utilsUpdated bluez-libs and bluez-utils packages that fix a security flaw are
now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The bluez-libs package contains libraries for use in Bluetooth
applications. The bluez-utils package contains Bluetooth daemons and utilities.
An input validation flaw was found in the Bluetooth Session Description
Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A
Bluetooth device with an already-established trust relationship, or a local
user registering a service record via a UNIX reg; socket or D-Bus interface,
could cause a crash, or possibly execute arbitrary code with privileges of
the hcid daemon. (CVE-2008-2374)
Users of bluez-libs and bluez-utils are advised to upgrade to these updated
packages, which contains a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1102 -- cscope security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5cscopeAn updated cscope package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
cscope is a mature, ncurses-based, C source-code tree browsing tool.
Multiple buffer overflow flaws were found in cscope. An attacker could
create a specially crafted source code file that could cause cscope to
crash or, possibly, execute arbitrary code when browsed with cscope.
(CVE-2004-2541, CVE-2009-0148)
All users of cscope are advised to upgrade to this updated package, which
contains backported patches to fix these issues. All running instances of
cscope must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0012 -- netpbm security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4netpbmUpdated netpbm packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The netpbm package contains a library of functions for editing and
converting between various graphics file formats, including .pbm (portable
bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable
pixmaps), and others.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0836 -- libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 2CentOS Linux 5libxml2Updated libxml2 packages that fix a security issue are now available.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The original fix used in this errata caused some applications using
the libxml2 library in an unexpected way to crash when used with updated
libxml2 packages. We have updated the packages for Red Hat Enterprise Linux
3, 4 and 5 to use a different fix that does not break affected
applications.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0978 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxnssdevhelpxulrunneryelpAll firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0339 -- lcms security update (Moderate)Red Hat Enterprise Linux 5lcmsUpdated lcms packages that resolve several security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Little Color Management System (LittleCMS) is a
small-footprint, speed-optimized open source color management engine.
Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in LittleCMS. An attacker could use these flaws to create a
specially-crafted image file which could cause an application using
LittleCMS to crash, or, possibly, execute arbitrary code when opened by a
victim. (CVE-2009-0723, CVE-2009-0733)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0575 -- rdesktop security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5rdesktopAn updated rdesktop package that fixes a security issue is now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
rdesktop is an open source client for Microsoft Windows NT Terminal Server
and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively
using the Remote Desktop Protocol (RDP) to present the user's NT desktop.
No additional server extensions are required.
An integer underflow and integer signedness issue were discovered in the
rdesktop. If an attacker could convince a victim to connect to a malicious
RDP server, the attacker could cause the victim's rdesktop to crash or,
possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803)
Users of rdesktop should upgrade to these updated packages, which contain a
backported patches to resolve these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0580 -- vim security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5vimUpdated vim packages that fix security issues are now available for Red Hat
Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat
Security Response Team.
Vim (Visual editor IMproved) is an updated and improved version of the vi
editor.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1530 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4firefoxnsprxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox. nspr provides the Netscape
Portable Runtime (NSPR).
A flaw was found in the way Firefox handles form history. A malicious web
page could steal saved form data by synthesizing input events, causing the
browser to auto-fill form fields (which could then be read by an attacker).
(CVE-2009-3370)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1218 -- pidgin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3pidginUpdated pidgin packages that fix a security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.
Federico Muttis of Core Security Technologies discovered a flaw in Pidgin's
MSN protocol handler. If a user received a malicious MSN message, it was
possible to execute arbitrary code with the permissions of the user running
Pidgin. (CVE-2009-2694)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1219 -- libvorbis security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3libvorbisUpdated libvorbis packages that fix one security issue are now available
for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:1036 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxnsprnssxulrunnerNote: after the errata packages are installed, Firefox must be restarted
for the update to take effect.
All firefox users should upgrade to these updated packages, which contain
backported patches that correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0057 -- squirrelmail security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5squirrelmailAn updated squirrelmail package that fixes a security issue is now
available for Red Hat Enterprise Linux 3, 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
SquirrelMail is an easy-to-configure, standards-based, webmail package
written in PHP. It includes built-in PHP support for the IMAP and SMTP
protocols, and pure HTML 4.0 page-rendering (with no JavaScript required)
for maximum browser-compatibility, strong MIME support, address books, and
folder manipulation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:1023 -- pidgin security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated Pidgin packages that fix several security issues and bugs are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Pidgin is a multi-protocol Internet Messaging client.
A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a
remote user was able to send, and the Pidgin user accepted, a
carefully-crafted file request, it could result in Pidgin crashing.
(CVE-2008-2955)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1082 -- cups security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5cupsUpdated cups packages that fix one security issue are now available for Red
Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Common UNIX reg; Printing System (CUPS) provides a portable printing layer
for UNIX operating systems. The Internet Printing Protocol (IPP) allows
users to print and manage printing-related tasks over a network.
A NULL pointer dereference flaw was found in the CUPS IPP routine, used for
processing incoming IPP requests for the CUPS scheduler. An attacker could
use this flaw to send specially-crafted IPP requests that would crash the
cupsd daemon. (CVE-2009-0949)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1201 -- java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUpdated java-1.6.0-openjdk packages that fix several security issues and a
bug are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications written
using the Java programming language.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0002 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdUpdated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511,
CVE-2008-5512, CVE-2008-5513)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0946 -- ed security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 2CentOS Linux 5edAn updated ed package that fixes one security issue is now available for
Red Hat Enterprise Linux 2.1, 3, 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
ed is a line-oriented text editor, used to create, display, and modify
text files (both interactively and via shell scripts).
A heap-based buffer overflow was discovered in the way ed, the GNU line
editor, processed long file names. An attacker could create a file with a
specially-crafted name that could possibly execute an arbitrary code when
opened in the ed editor. (CVE-2008-3916)
Users of ed should upgrade to this updated package, which contains
a backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0971 -- net-snmp security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 3net-snmpUpdated net-snmp packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Simple Network Management Protocol (SNMP) is a protocol used for
network management.
A denial-of-service flaw was found in the way Net-SNMP processes SNMP
GETBULK requests. A remote attacker who issued a specially-crafted request
could cause the snmpd server to crash. (CVE-2008-4309)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0333 -- libpng security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 2libpnglibpng10Updated libpng and libpng10 packages that fix a couple of security issues
are now available for Red Hat Enterprise Linux 2.1, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A flaw was discovered in libpng that could result in libpng trying to
freerandom memory if certain, unlikely error conditions occurred. If a
carefully-crafted PNG file was loaded by an application linked against
libpng, it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2009-0040)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0296 -- icu security update (Moderate)Red Hat Enterprise Linux 5icuUpdated icu packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The International Components for Unicode (ICU) library provides robust and
full-featured Unicode services.
A flaw was found in the way ICU processed certain, invalid, encoded data.
If an application used ICU to decode malformed, multibyte, character data,
it may have been possible to bypass certain content protection mechanisms,
or display information in a manner misleading to the user. (CVE-2008-1036)
All users of icu should upgrade to these updated packages, which contain
backported patches to resolve these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0431 -- kdegraphics security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5kdegraphicsUpdated kdegraphics packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kdegraphics packages contain applications for the K Desktop
Environment, including KPDF, a viewer for Portable Document Format (PDF)
files.
Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An
attacker could create a malicious PDF file that would cause KPDF to crash
or, potentially, execute arbitrary code when opened. (CVE-2009-0147,
CVE-2009-1179)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0855 -- openssh security update (Critical)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5opensshUpdated openssh packages are now available for Red Hat Enterprise Linux 4,
Red Hat Enterprise Linux 5, and Red Hat Enterprise Linux 4.5 Extended
Update Support.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1490 -- squirrelmail security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3squirrelmailAn updated squirrelmail package that fixes several security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1162 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0937 -- cups security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5cupsUpdated cups packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Common UNIX Printing System (CUPS) provides a portable printing layer
for UNIX(R) operating systems.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1126 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdAn updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833,
CVE-2009-1838)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1164 -- tomcat security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5tomcat5Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0397 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix two security issues are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
A memory corruption flaw was discovered in the way Firefox handles XML
files containing an XSLT transform. A remote attacker could use this flaw
to crash Firefox or, potentially, execute arbitrary code as the user
running Firefox. (CVE-2009-1169)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0345 -- ghostscript security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3ghostscriptUpdated ghostscript packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ghostscript is a set of software that provides a PostScript(TM)
interpreter, a set of C procedures (the Ghostscript library, which
implements the graphics capabilities in the PostScript language) and
an interpreter for Portable Document Format (PDF) files.
Multiple integer overflow flaws which could lead to heap-based buffer
overflows, as well as multiple insufficient input validation flaws, were
found in Ghostscript's International Color Consortium Format library
(icclib). Using specially-crafted ICC profiles, an attacker could create a
malicious PostScript or PDF file with embedded images which could cause
Ghostscript to crash, or, potentially, execute arbitrary code when opened
by the victim. (CVE-2009-0583, CVE-2009-0584)
All users of ghostscript are advised to upgrade to these updated packages,
which contain a backported patch to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1561 -- libvorbis security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libvorbisUpdated libvorbis packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The libvorbis packages contain runtime libraries for use in programs that
support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and
royalty-free, general-purpose compressed audio format.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1186 -- nspr and nss security, bug fix, and enhancement update (Critical)Red Hat Enterprise Linux 5nsprnssUpdated nspr and nss packages that fix security issues, bugs, and add an
enhancement are now available for Red Hat Enterprise Linux 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0789 -- dnsmasq security update (Moderate)Red Hat Enterprise Linux 5dnsmasqAn updated dnsmasq package that implements UDP source-port randomization
is now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to
provide DNS and, optionally, DHCP, to a small network.
The dnsmasq DNS resolver used a fixed source UDP port. This could have made
DNS spoofing attacks easier. dnsmasq has been updated to use random UDP
source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447)
All dnsmasq users are advised to upgrade to this updated package, that
upgrades dnsmasq to version 2.45, which resolves this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0258 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdAn updated thunderbird package that fixes several security issues is now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774,
CVE-2009-0775)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1203 -- subversion security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5subversionUpdated subversion packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0835 -- openoffice.org security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5openoffice.orgUpdated openoffice.org packages that fix a security issue are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenOffice.org is an office productivity suite that includes desktop
applications, such as a word processor, spreadsheet, presentation manager,
formula editor, and a drawing program.
A numeric truncation error was found in the OpenOffice.org memory
allocator. If a carefully crafted file was opened by a victim, an attacker
could use this flaw to crash OpenOffice.org or, possibly, execute arbitrary
code. (CVE-2008-3282)
All users of openoffice.org are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1193 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1243 -- Red Hat Enterprise Linux 5.4 kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix security issues, address several hundred
bugs and add numerous enhancements are now available as part of the ongoing
support and maintenance of Red Hat Enterprise Linux version 5. This is the
fourth regular update.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0544 -- php security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3CentOS Linux 3CentOS Linux 5phpUpdated PHP packages that fix several security issues are now available for
Red Hat Enterprise Linux 3 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Web server.
It was discovered that the PHP escapeshellcmdfunction did not properly
escape multi-byte characters which are not valid in the locale used by the
script. This could allow an attacker to bypass quoting restrictions imposed
by escapeshellcmdand execute arbitrary commands if the PHP script was
using certain locales. Scripts using the default UTF-8 locale are not
affected by this issue. (CVE-2008-2051)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0584 -- pidgin security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5pidginUpdated Pidgin packages that fix a security issue and address a bug are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Pidgin is a multi-protocol Internet Messaging client.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0018 -- xterm security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5xtermAn updated xterm package to correct a security issue is now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The xterm program is a terminal emulator for the X Window System.
A flaw was found in the xterm handling of Device Control Request Status
String (DECRQSS) escape sequences. An attacker could create a malicious
text file (or log entry, if unfiltered) that could run arbitrary commands
if read by a victim inside an xterm window. (CVE-2008-2383)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0808 -- java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 7CentOS Linux 6CentOS Linux 5java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:1029 -- cups security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5cupsUpdated cups packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1209 -- curl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5curlUpdated curl packages that fix security issues are now available for Red
Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols. cURL is designed to work
without user interaction or any kind of interactivity.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0818 -- hplip security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5hplipUpdated hplip packages that fix various security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The hplip (Hewlett-Packard Linux Imaging and Printing) packages provide
drivers for Hewlett-Packard printers and multifunction peripherals.
A flaw was discovered in the hplip alert-mailing functionality. A local
attacker could elevate their privileges by using specially-crafted packets
to trigger alert mails, which are sent by the root account. (CVE-2008-2940)
A flaw was discovered in the hpssd message parser. By sending
specially-crafted packets, a local attacker could cause a denial of
service, stopping the hpssd process. (CVE-2008-2941)
Users of hplip should upgrade to these updated packages, which contain
backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0885 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1130 -- kdegraphics security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5kdegraphicsUpdated kdegraphics packages that fix two security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
The kdegraphics packages contain applications for the K Desktop Environment
(KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe
vector images. KSVG is a framework aimed at implementing the latest W3C SVG
specifications.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0976 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdUpdated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018,
CVE-2008-5021)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1426 -- openoffice.org security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3openoffice.orgopenoffice.org2Updated openoffice.org packages that correct security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenOffice.org is an office productivity suite that includes desktop
applications, such as a word processor, spreadsheet, presentation manager,
formula editor, and a drawing program.
An integer underflow flaw and a boundary error flaw, both possibly leading
to a heap-based buffer overflow, were found in the way OpenOffice.org
parses certain records in Microsoft Word documents. An attacker could
create a specially-crafted Microsoft Word document, which once opened by an
unsuspecting user, could cause OpenOffice.org to crash or, potentially,
execute arbitrary code with the permissions of the user running
OpenOffice.org. (CVE-2009-0200, CVE-2009-0201)
All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported patches to correct these issues. All
running instances of OpenOffice.org applications must be restarted for
this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1060 -- pidgin security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated pidgin packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously.
A buffer overflow flaw was found in the way Pidgin initiates file transfers
when using the Extensible Messaging and Presence Protocol (XMPP). If a
Pidgin client initiates a file transfer, and the remote target sends a
malformed response, it could cause Pidgin to crash or, potentially, execute
arbitrary code with the permissions of the user running Pidgin. This flaw
only affects accounts using XMPP, such as Jabber and Google Talk.
(CVE-2009-1373)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1620 -- bind security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5bindUpdated bind packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1138 -- openswan security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5openswanUpdated openswan packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. Everything passing through
the untrusted network is encrypted by the IPsec gateway machine, and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network (VPN).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1139 -- pidgin security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated pidgin packages that fix one security issue and one bug are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. The AOL
Open System for CommunicAtion in Realtime (OSCAR) protocol is used by the
AOL ICQ and AIM instant messaging systems.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0267 -- sudo security update (Moderate)Red Hat Enterprise Linux 5sudoAn updated sudo package to fix a security issue is now available for Red
Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root with logging.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1061 -- freetype security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5freetypeUpdated freetype packages that fix various security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide the FreeType 2 font engine.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0907 -- pam_krb5 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pam_krb5An updated pam_krb5 package that fixes a security issue is now available
for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware
applications to use Kerberos to verify user identities by obtaining user
credentials at log in time.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0313 -- wireshark security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3wiresharkUpdated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network or opened a malformed dump file, it could
crash or, possibly, execute arbitrary code as the user running Wireshark.
(CVE-2008-4683, CVE-2009-0599)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0807 -- java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
An off-by-one flaw, leading to a buffer overflow, was found in the font
parsing code in the 2D component in OpenJDK. A specially crafted font file
could possibly cause the Java Virtual Machine to execute arbitrary code,
allowing an untrusted Java application or applet to bypass Java sandbox
restrictions. (CVE-2015-0469)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0479 -- perl-DBD-Pg security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5perl-DBD-PgAn updated perl-DBD-Pg package that fixes two security issues is now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Perl DBI is a database access Application Programming Interface (API) for
the Perl language. perl-DBD-Pg allows Perl applications to access
PostgreSQL database servers.
A heap-based buffer overflow flaw was discovered in the pg_getline function
implementation. If the pg_getline or getline functions read large,
untrusted records from a database, it could cause an application using
these functions to crash or, possibly, execute arbitrary code.
(CVE-2009-0663)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1204 -- apr and apr-util security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5aprapr-utilUpdated apr and apr-util packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It aims to provide a free library
of C data structures and routines.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0939 -- openoffice.org security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5openoffice.orgopenoffice.org2Updated openoffice.org packages that correct security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0336 -- glib2 security update (Moderate)Red Hat Enterprise Linux 5glib2Updated glib2 packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
GLib is the low-level core library that forms the basis for projects such
as GTK+ and GNOME. It provides data structure handling for C, portability
wrappers, and interfaces for such runtime functionality as an event loop,
threads, dynamic loading, and an object system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0597 -- firefox security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5devhelpfirefoxnspluginwrapperxulrunneryelpUpdated firefox packages that fix various security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
The nspluginwrapper package has been added to this advisory to satisfy a
missing package dependency issue.
Mozilla Firefox is an open source Web browser.
An integer overflow flaw was found in the way Firefox displayed certain web
content. A malicious web site could cause Firefox to crash, or execute
arbitrary code with the permissions of the user running Firefox.
(CVE-2008-2785)
A flaw was found in the way Firefox handled certain command line URLs. If
another application passed Firefox a malformed URL, it could result in
Firefox executing local malicious content with chrome privileges.
(CVE-2008-2933)
All firefox users should upgrade to these updated packages, which contain
Firefox 3.0.1 that corrects these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1341 -- cman security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5cmanUpdated cman packages that fix several security issues, various bugs, and
add enhancements are now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
The Cluster Manager (cman) utility provides services for managing a Linux
cluster.
Multiple insecure temporary file use flaws were found in fence_apc_snmp and
ccs_tool. A local attacker could use these flaws to overwrite an arbitrary
file writable by a victim running those utilities (typically root) with
the output of the utilities via a symbolic link attack. (CVE-2008-4579,
CVE-2008-6552)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1615 -- xerces-j2 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5xerces-j2Updated xerces-j2 packages that fix a security issue are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The xerces-j2 packages provide the Apache Xerces2 Java Parser, a
high-performance XML parser. A Document Type Definition (DTD) defines the
legal syntax (and also which elements can be used) for certain types of
files, such as XML files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1536 -- pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated pidgin packages that fix a security issue are now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. The AOL
Open System for Communication in Realtime (OSCAR) protocol is used by the
AOL ICQ and AIM instant messaging systems.
An invalid pointer dereference bug was found in the way the Pidgin OSCAR
protocol implementation processed lists of contacts. A remote attacker
could send a specially-crafted contact list to a user running Pidgin,
causing Pidgin to crash. (CVE-2009-3615)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0256 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxnssxulrunnerAll Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.6, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0849 -- ipsec-tools security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5ipsec-toolsAn updated ipsec-tools package that fixes two security issues is now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1463 -- newt security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5newtUpdated newt packages that fix one security issue are now available for Red
Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Newt is a programming library for color text mode, widget-based user
interfaces. Newt can be used to add stacked windows, entry widgets,
checkboxes, radio buttons, labels, plain text fields, scrollbars, and so
on, to text mode user interfaces.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0893 -- bzip2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5CentOS Linux 2bzip2Updated bzip2 packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Bzip2 is a freely available, high-quality data compressor. It provides both
stand-alone compression and decompression utilities, as well as a shared
library for use with other programs.
A buffer over-read flaw was discovered in the bzip2 decompression routine.
This issue could cause an application linked against the libbz2 library to
crash when decompressing malformed archives. (CVE-2008-1372)
Users of bzip2 should upgrade to these updated packages, which contain a
backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0583 -- openldap security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5openldapUpdated openldap packages that fix a security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenLDAP is an open source suite of Lightweight Directory Access Protocol
(LDAP) applications and development tools. LDAP is a set of protocols for
accessing directory services.
A denial of service flaw was found in the way the OpenLDAP slapd daemon
processed certain network messages. An unauthenticated remote attacker
could send a specially crafted request that would crash the slapd daemon.
(CVE-2008-2952)
Users of openldap should upgrade to these updated packages, which contain a
backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0884 -- libxml2 security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libxml2Updated libxml2 packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The libxml2 packages provide a library that allows you to manipulate XML
files. It includes support to read, modify, and write XML and HTML files.
A heap-based buffer overflow flaw was found in the way libxml2 handled long
XML entity names. If an application linked against libxml2 processed
untrusted malformed XML content, it could cause the application to crash
or, possibly, execute arbitrary code. (CVE-2008-3529)
All users of libxml2 are advised to upgrade to these updated packages,
which contain a backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0649 -- libxslt security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5libxsltUpdated libxslt packages that fix a security issue are now available for
Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
libxslt is a library for transforming XML files into other XML files using
the standard XSLT stylesheet transformation mechanism.
A heap buffer overflow flaw was discovered in the RC4 libxslt library
extension. An attacker could create a malicious XSL file that would cause a
crash, or, possibly, execute arbitrary code with the privileges of the
application using the libxslt library to perform XSL transformations on
untrusted XSL style sheets. (CVE-2008-2935)
Red Hat would like to thank Chris Evans for reporting this vulnerability.
All libxslt users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0569 -- firefox security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5devhelpfirefoxxulrunneryelpUpdated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
Multiple flaws were found in the processing of malformed JavaScript
content. A web page containing such malicious content could cause Firefox
to crash or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1116 -- cyrus-imapd security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5cyrus-imapdUpdated cyrus-imapd packages that fix a security issue are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The cyrus-imapd packages contain a high-performance mail server with IMAP,
POP3, NNTP, and SIEVE support.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0982 -- gnutls security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gnutlsUpdated gnutls packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS).
Martin von Gagern discovered a flaw in the way GnuTLS verified certificate
chains provided by a server. A malicious server could use this flaw to
spoof its identity by tricking client applications using the GnuTLS library
to trust invalid certificates. (CVE-2008-4989)
Users of GnuTLS are advised to upgrade to these updated packages, which
contain a backported patch that corrects this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0890 -- wireshark security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5wiresharkUpdated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
Multiple buffer overflow flaws were found in Wireshark. If Wireshark read
a malformed packet off a network, it could crash or, possibly, execute
arbitrary code as the user running Wireshark. (CVE-2008-3146)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0879 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxdevhelpnssxulrunneryelpAll firefox users should upgrade to this updated package, which contains
backported patches that correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0020 -- bind security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 2CentOS Linux 3bindUpdated Bind packages to correct a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.
A flaw was discovered in the way BIND checked the return value of the
OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone
could present a malformed DSA certificate and bypass proper certificate
validation, allowing spoofing attacks. (CVE-2009-0025)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0612 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0561 -- ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5rubyUpdated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ruby is an interpreted scripting language for quick and easy
object-oriented programming.
Multiple integer overflows leading to a heap overflow were discovered in
the array- and string-handling code used by Ruby. An attacker could use
these flaws to crash a Ruby application or, possibly, execute arbitrary
code with the privileges of the Ruby application using untrusted inputs in
array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663,
CVE-2008-2725, CVE-2008-2726)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0341 -- curl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 2curlUpdated curl packages that fix a security issue are now available for Red
Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict
servers, using any of the supported protocols. cURL is designed to work
without user interaction or any kind of interactivity.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:1016 -- enscript security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5enscriptAn updated enscript packages that fixes several security issues is now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
GNU enscript converts ASCII files to PostScript(R) language files and
spools the generated output to a specified printer or saves it to a file.
Enscript can be extended to handle different output media and includes
options for customizing printouts.
Two buffer overflow flaws were found in GNU enscript. An attacker could
craft an ASCII file in such a way that it could execute arbitrary commands
if the file was opened with enscript with the special escapes option (-e
or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0847 -- libtiff security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5libtiffUpdated libtiff packages that fix a security issue and a bug are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.
Multiple uses of uninitialized values were discovered in libtiff's
Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could
create a carefully crafted LZW-encoded TIFF file that would cause an
application linked with libtiff to crash or, possibly, execute arbitrary
code. (CVE-2008-2327)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0264 -- kernel security update (Important)Red Hat Enterprise Linux 5kernelUpdated kernel packages that resolve several security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1122 -- icu security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5icuUpdated icu packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The International Components for Unicode (ICU) library provides robust and
full-featured Unicode services.
A flaw was found in the way ICU processed certain, invalid byte sequences
during Unicode conversion. If an application used ICU to decode malformed,
multibyte character data, it may have been possible to bypass certain
content protection mechanisms, or display information in a manner
misleading to the user. (CVE-2009-0153)
All users of icu should upgrade to these updated packages, which contain
backported patches to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0965 -- lynx security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 3CentOS Linux 2lynxAn updated lynx package that corrects two security issues is now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Lynx is a text-based Web browser.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1206 -- libxml and libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libxmllibxml2Updated libxml and libxml2 packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
libxml is a library for parsing and manipulating XML files. A Document Type
Definition (DTD) defines the legal syntax (and also which elements can be
used) for certain types of files, such as XML files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0373 -- systemtap security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5systemtapUpdated systemtap packages that fix a security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
SystemTap is an instrumentation infrastructure for systems running version
2.6 of the Linux kernel. SystemTap scripts can collect system operations
data, greatly simplifying information gathering. Collected data can then
assist in performance measuring, functional testing, and performance and
function problem diagnosis.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1337 -- gfs2-utils security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5gfs2-utilsAn updated gfs2-utils package that fixes multiple security issues and
various bugs is now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
The gfs2-utils package provides the user-space tools necessary to mount,
create, maintain, and test GFS2 file systems.
Multiple insecure temporary file use flaws were discovered in GFS2 user
level utilities. A local attacker could use these flaws to overwrite an
arbitrary file writable by a victim running those utilities (typically
root) with the output of the utilities via a symbolic link attack.
(CVE-2008-6552)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0476 -- pango security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5pangoevolution28-pangoUpdated pango and evolution28-pango packages that fix an integer overflow
flaw are now available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Pango is a library used for the layout and rendering of internationalized
text.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1484 -- postgresql security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5postgresqlUpdated postgresql packages that fix two security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
PostgreSQL is an advanced object-relational database management system
(DBMS).
It was discovered that the upstream patch for CVE-2007-6600 included in the
Red Hat Security Advisory RHSA-2008:0038 did not include protection against
misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An
authenticated user could use this flaw to install malicious code that would
later execute with superuser privileges. (CVE-2009-3230)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0402 -- openswan security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5openswanUpdated openswan packages that fix various security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. Everything passing through
the untrusted network is encrypted by the IPsec gateway machine, and
decrypted by the gateway at the other end of the tunnel. The resulting
tunnel is a virtual private network (VPN).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0892 -- xen security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5xenUpdated xen packages that resolve a couple of security issues and fix a bug
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The xen packages contain tools for managing the virtual machine monitor in
Red Hat Virtualization.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1278 -- lftp security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5lftpAn updated lftp package that fixes one security issue and various bugs is
now available for Red Hat Enterprise Linux 5.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
LFTP is a sophisticated file transfer program for the FTP and HTTP
protocols. Like bash, it has job control and uses the readline library for
input. It has bookmarks, built-in mirroring, and can transfer several files
in parallel. It is designed with reliability in mind.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1471 -- elinks security update (Important)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5elinksAn updated elinks package that fixes two security issues is now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
ELinks is a text-based Web browser. ELinks does not display any images, but
it does support frames, tables, and most other HTML tags.
An off-by-one buffer overflow flaw was discovered in the way ELinks handled
its internal cache of string representations for HTML special entities. A
remote attacker could use this flaw to create a specially-crafted HTML file
that would cause ELinks to crash or, possibly, execute arbitrary code when
rendered. (CVE-2008-7224)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0046 -- ntp security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5ntpUpdated ntp packages to correct a security issue are now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.
A flaw was discovered in the way the ntpd daemon checked the return value
of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4
authentication, this could lead to an incorrect verification of
cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1504 -- poppler security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5popplerUpdated poppler packages that fix multiple security issues and a bug are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1584 -- java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUpdated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE)
contains the software and tools that users need to run applications written
using the Java programming language.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1502 -- kdegraphics security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kdegraphicsUpdated kdegraphics packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kdegraphics packages contain applications for the K Desktop
Environment, including KPDF, a viewer for Portable Document Format (PDF)
files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0271 -- gstreamer-plugins-good security update (Important)Red Hat Enterprise Linux 5gstreamer-plugins-goodUpdated gstreamer-plugins-good packages that fix several security issues
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. GStreamer Good Plug-ins is a collection of
well-supported, GStreamer plug-ins of good quality released under the LGPL
license.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1100 -- wireshark security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5wiresharkUpdated wireshark packages that fix several security issues are now
available for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Wireshark is a program for monitoring network traffic. Wireshark was
previously known as Ethereal.
A format string flaw was found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash or,
possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-1210)
Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2009-1268, CVE-2009-1269, CVE-2009-1829)
Users of wireshark should upgrade to these updated packages, which contain
Wireshark version 1.0.8, and resolve these issues. All running instances of
Wireshark must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1289 -- mysql security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5mysqlUpdated mysql packages that fix various security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0486 -- nfs-utils security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5nfs-utilsAn updated nfs-utils package that fixes a security issue is now available
for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The nfs-utils package provides a daemon for the kernel NFS server and
related tools.
A flaw was found in the nfs-utils package build. The nfs-utils package was
missing TCP wrappers support, which could result in an administrator
believing they had access restrictions enabled when they did not.
(CVE-2008-1376)
Users of nfs-utils are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1159 -- libtiff security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5libtiffUpdated libtiff packages that fix several security issues are now available
for Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The libtiff packages contain a library of functions for manipulating Tagged
Image File Format (TIFF) files.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0480 -- poppler security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5popplerUpdated poppler packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Poppler is a Portable Document Format (PDF) rendering library, used by
applications such as Evince.
Multiple integer overflow flaws were found in poppler. An attacker could
create a malicious PDF file that would cause applications that use poppler
(such as Evince) to crash or, potentially, execute arbitrary code when
opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1670 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0259 -- mod_auth_mysql security update (Moderate)Red Hat Enterprise Linux 5mod_auth_mysqlAn updated mod_auth_mysql package to correct a security issue is now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The mod_auth_mysql package includes an extension module for the Apache HTTP
Server which can be used to implement web user authentication against a
MySQL database.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0815 -- yum-rhn-plugin security update (Moderate)Red Hat Enterprise Linux 5yum-rhn-pluginUpdated yum-rhn-plugin packages that fix a security issue are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The yum-rhn-plugin provides support for yum to securely access a Red Hat
Network (RHN) server for software updates.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0474 -- acpid security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5acpidAn updated acpid package that fixes one security issue is now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
acpid is a daemon that dispatches ACPI (Advanced Configuration and Power
Interface) events to user-space programs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1075 -- httpd security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5httpdUpdated httpd packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The Apache HTTP Server is a popular and freely-available Web server.
A flaw was found in the handling of compression structures between mod_ssl
and OpenSSL. If too many connections were opened in a short period of time,
all system memory and swap space would be consumed by httpd, negatively
impacting other processes, or causing a system crash. (CVE-2008-1678)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0326 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0533 -- bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 5CentOS Linux 2CentOS Linux 3bindselinux-policy-targetedselinux-policyUpdated bind packages that help mitigate DNS spoofing attacks are now
available.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
We have updated the Enterprise Linux 5 packages in this advisory. The
default and sample caching-nameserver configuration files have been updated
so that they do not specify a fixed query-source port. Administrators
wishing to take advantage of randomized UDP source ports should check their
configuration file to ensure they have not specified fixed query-source ports.
ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS
(Domain Name System) protocols.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0003 -- xen security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5xenUpdated xen packages that resolve several security issues and a bug are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
The xen packages contain the Xen tools and management daemons needed to
manage virtual machines running on Red Hat Enterprise Linux.
Xen was found to allow unprivileged DomU domains to overwrite xenstore
values which should only be changeable by the privileged Dom0 domain. An
attacker controlling a DomU domain could, potentially, use this flaw to
kill arbitrary processes in Dom0 or trick a Dom0 user into accessing the
text console of a different domain running on the same host. This update
makes certain parts of the xenstore tree read-only to the unprivileged DomU
domains. (CVE-2008-4405)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1453 -- pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5pidginUpdated pidgin packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Pidgin is an instant messaging program which can log in to multiple
accounts on multiple instant messaging networks simultaneously. Info/Query
(IQ) is an Extensible Messaging and Presence Protocol (XMPP) specific
request-response mechanism.
A NULL pointer dereference flaw was found in the way the Pidgin XMPP
protocol plug-in processes IQ error responses when trying to fetch a custom
smiley. A remote client could send a specially-crafted IQ error response
that would crash Pidgin. (CVE-2009-3085)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1459 -- cyrus-imapd security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5cyrus-imapdUpdated cyrus-imapd packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The cyrus-imapd packages contain a high-performance mail server with IMAP,
POP3, NNTP, and Sieve support.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1335 -- openssl security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5opensslUpdated openssl packages that fix several security issues, various bugs,
and add enhancements are now available for Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a full-strength
general purpose cryptography library. Datagram TLS (DTLS) is a protocol
based on TLS that is capable of securing datagram transport (for example,
UDP).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0354 -- evolution-data-server security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4evolution28-evolution-data-serverevolution-data-serverUpdated evolution-data-server and evolution28-evolution-data-server
packages that fix multiple security issues are now available for Red Hat
Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Evolution Data Server provides a unified back-end for applications which
interact with contacts, task, and calendar information. Evolution Data
Server was originally developed as a back-end for Evolution, but is now
used by multiple other applications.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0449 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5firefoxxulrunnerUpdated firefox packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
A flaw was found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1313)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0616 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdUpdated thunderbird packages that fix a security issue are now available
for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Multiple flaws were found in the processing of malformed JavaScript
content. An HTML mail containing such malicious content could cause
Thunderbird to crash or, potentially, execute arbitrary code as the user
running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0004 -- openssl security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4CentOS Linux 3CentOS Linux 5CentOS Linux 2opensslopenssl095aopenssl096openssl096bopenssl097aUpdated OpenSSL packages that correct a security issue are now available
for Red Hat Enterprise Linux 2.1, 3, 4, and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1) protocols as well as a full-strength,
general purpose, cryptography library.
The Google security team discovered a flaw in the way OpenSSL checked the
verification of certificates. An attacker in control of a malicious server,
or able to effect a man in the middle attack, could present a malformed
SSL/TLS signature from a certificate chain to a vulnerable client and
bypass validation. (CVE-2008-5077)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0427 -- udev security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5udevUpdated udev packages that fix one security issue are now available for Red
Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
udev provides a user-space API and implements a dynamic device directory,
providing only the devices present on the system. udev replaces devfs in
order to provide greater hot plug functionality. Netlink is a datagram
oriented service, used to transfer information between kernel modules and
user-space processes.
It was discovered that udev did not properly check the origin of Netlink
messages. A local attacker could use this flaw to gain root privileges via
a crafted Netlink message sent to udev, causing it to create a
world-writable block device file for an existing system block device (for
example, the root file system). (CVE-2009-1185)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0908 -- thunderbird security update (Moderate)Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdUpdated thunderbird packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Mozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed HTML mail content.
An HTML mail message containing malicious content could cause Thunderbird
to crash or, potentially, execute arbitrary code as the user running
Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060,
CVE-2008-4061, CVE-2008-4062)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0981 -- ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5rubyUpdated ruby packages that fix a security issue are now available for Red
Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ruby is an extensible, interpreted, object-oriented, scripting language. It
has features to process text files and to do system management tasks.
Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897
did not properly address a denial of service flaw in the WEBrick (Ruby
HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a
remote attacker to send a specially-crafted HTTP request to a WEBrick
server that would cause the server to use excessive CPU time. This
update properly addresses this flaw. (CVE-2008-4310)
All Ruby users should upgrade to these updated packages, which contain a
correct patch that resolves this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1974 -- rpm security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 6CentOS Linux 5rpmThe RPM Package Manager (RPM) is a powerful command line driven package
management system capable of installing, uninstalling, verifying, querying,
and updating software packages. Each software package consists of an
archive of files along with information about the package such as its
version, description, and other information.
It was found that RPM wrote file contents to the target installation
directory under a temporary name, and verified its cryptographic signature
only after the temporary file has been written completely. Under certain
conditions, the system interprets the unverified temporary file contents
and extracts commands from it. This could allow an attacker to modify
signed RPM files in such a way that they would execute code chosen by the
attacker during package installation. (CVE-2013-6435)
This issue was discovered by Florian Weimer of Red Hat Product Security.
All rpm users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
linked against the RPM library must be restarted for this update to take
effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1982 -- xorg-x11-server security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5xorg-x11-serverX.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.
Multiple integer overflow flaws and out-of-bounds write flaws were found in
the way the X.Org server calculated memory requirements for certain X11
core protocol and GLX extension requests. A malicious, authenticated client
could use either of these flaws to crash the X.Org server or, potentially,
execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093,
CVE-2014-8098)
It was found that the X.Org server did not properly handle SUN-DES-1
(Secure RPC) authentication credentials. A malicious, unauthenticated
client could use this flaw to crash the X.Org server by submitting a
specially crafted authentication request. (CVE-2014-8091)
Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server, or leak memory contents to the client. (CVE-2014-8097)
Multiple out-of-bounds access flaws were found in the way the X.Org server
calculated memory requirements for certain requests. A malicious,
authenticated client could use either of these flaws to crash the X.Org
server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100,
CVE-2014-8101, CVE-2014-8102)
All xorg-x11-server users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1179 -- bind security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bindUpdated bind packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
[Updated 29th July 2009]
The packages in this erratum have been updated to also correct this issue
in the bind-sdb package.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1222 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix two security issues and a bug are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1106 -- kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUpdated kernel packages that fix several security issues and several bugs
are now available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0429 -- cups security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5cupsUpdated cups packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1984 -- bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 6CentOS Linux 7CentOS Linux 5bindThe Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
A denial of service flaw was found in the way BIND followed DNS
delegations. A remote attacker could use a specially crafted zone
containing a large number of referrals which, when looked up and processed,
would cause named to use excessive amounts of memory or crash.
(CVE-2014-8500)
All bind users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.Sergey ArtykhovDRAFTINTERIMMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2015:1002-01 -- Redhat xenRed Hat Enterprise Linux 5xenThe xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU"s virtual Floppy Disk Controller handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host"s QEMU process corresponding to the guest. Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0800 -- openssl security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was discovered that OpenSSL would accept ephemeral RSA keys when using
non-export RSA cipher suites. A malicious server could make a TLS/SSL
client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1985 -- bind97 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bind97The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
A denial of service flaw was found in the way BIND followed DNS
delegations. A remote attacker could use a specially crafted zone
containing a large number of referrals which, when looked up and processed,
would cause named to use excessive amounts of memory or crash.
(CVE-2014-8500)
All bind97 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, the BIND daemon (named) will be restarted automatically.Sergey ArtykhovDRAFTINTERIMMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2009:1036 -- ipsec-tools security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5ipsec-toolsAn updated ipsec-tools package that fixes multiple security issues is now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The ipsec-tools package is used in conjunction with the IPsec functionality
in the Linux kernel and includes racoon, an IKEv1 keying daemon.
A denial of service flaw was found in the ipsec-tools racoon daemon. An
unauthenticated, remote attacker could trigger a NULL pointer dereference
that could cause the racoon daemon to crash. (CVE-2009-1574)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:2025 -- ntp security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5ntpThe Network Time Protocol (NTP) is used to synchronize a computer's time
with a referenced time source.
Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(),
ctl_putdata(), and configure() functions. A remote attacker could use
either of these flaws to send a specially crafted request packet that could
crash ntpd or, potentially, execute arbitrary code with the privileges of
the ntp user. Note: the crypto_recv() flaw requires non-default
configurations to be active, while the ctl_putdata() flaw, by default, can
only be exploited via local attackers, and the configure() flaw requires
additional authentication to exploit. (CVE-2014-9295)
It was found that ntpd automatically generated weak keys for its internal
use if no ntpdc request authentication key was specified in the ntp.conf
configuration file. A remote attacker able to match the configured IP
restrictions could guess the generated key, and possibly use it to send
ntpdc query or configuration requests. (CVE-2014-9293)
It was found that ntp-keygen used a weak method for generating MD5 keys.
This could possibly allow an attacker to guess generated MD5 keys that
could then be used to spoof an NTP client or server. Note: it is
recommended to regenerate any MD5 keys that had explicitly been generated
with ntp-keygen; the default installation does not contain such keys).
(CVE-2014-9294)
All ntp users are advised to upgrade to this updated package, which
contains backported patches to resolve these issues. After installing the
update, the ntpd daemon will restart automatically.Sergey ArtykhovDRAFTINTERIMMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1924 -- thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593)
A flaw was found in the Alarm API, which could allow applications to
schedule actions to be run in the future. A malicious web application could
use this flaw to bypass the same-origin policy. (CVE-2014-1594)
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
This update disables SSL 3.0 support by default in Thunderbird. Details on
how to re-enable SSL 3.0 support are available at:
<A HREF="https://access.redhat.com/articles/1284233">https://access.redhat.com/articles/1284233</A>
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse
Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya,
and Boris Zbarsky as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 31.3.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 31.3.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:2008 -- kernel security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel handled GS segment register
base switching when recovering from a #SS (stack segment) fault on an
erroneous return to user space. A local, unprivileged user could use this
flaw to escalate their privileges on the system. (CVE-2014-9322, Important)
Red Hat would like to thank Andy Lutomirski for reporting this issue.
All kernel users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:0408 -- krb5 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5krb5Updated krb5 packages that fix various security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third party, the Key Distribution Center (KDC). The Generic
Security Service Application Program Interface (GSS-API) definition
provides security services to callers (protocols) in a generic fashion. The
Simple and Protected GSS-API Negotiation (SPNEGO) mechanism is used by
GSS-API peers to choose from a common set of security mechanisms.
An input validation flaw was found in the ASN.1 (Abstract Syntax Notation
One) decoder used by MIT Kerberos. A remote attacker could use this flaw to
crash a network service using the MIT Kerberos library, such as kadmind or
krb5kdc, by causing it to dereference or free an uninitialized pointer.
(CVE-2009-0846)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0648 -- tomcat security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5tomcat5Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendErrormethod. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2009:1148 -- httpd security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5httpdUpdated httpd packages that fix two security issues are now available for
Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
The Apache HTTP Server is a popular Web server.
A denial of service flaw was found in the Apache mod_proxy module when it
was used as a reverse proxy. A remote attacker could use this flaw to force
a proxy process to consume large amounts of CPU time. (CVE-2009-1890)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1859 -- mysql55-mysql security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5mysql55-mysqlMySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.
This update fixes several vulnerabilities in the MySQL database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2014-2494,
CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,
CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,
CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,
CVE-2014-6555, CVE-2014-6559)
These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL
Release Notes listed in the References section for a complete list of
changes.
All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2015:0090 -- glibc security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5glibcThe glibc packages provide the standard C libraries (libc), POSIX thread
libraries (libpthread), standard math libraries (libm), and the Name
Server Caching Daemon (nscd) used by multiple programs on the system.
Without these libraries, the Linux system cannot function correctly.
A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the gethostbyname()
and gethostbyname2() glibc function calls. A remote attacker able to make
an application call either of these functions could use this flaw to
execute arbitrary code with the permissions of the user running the
application. (CVE-2015-0235)
Red Hat would like to thank Qualys for reporting this issue.
All glibc users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1768 -- php53 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5php53PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A buffer overflow flaw was found in the Exif extension. A specially crafted
JPEG or TIFF file could cause a PHP application using the exif_thumbnail()
function to crash or, possibly, execute arbitrary code with the privileges
of the user running that PHP application. (CVE-2014-3670)
An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)
An out-of-bounds read flaw was found in the way the File Information
(fileinfo) extension parsed Executable and Linkable Format (ELF) files.
A remote attacker could use this flaw to crash a PHP application using
fileinfo via a specially crafted ELF file. (CVE-2014-3710)
An out of bounds read flaw was found in the way the xmlrpc extension parsed
dates in the ISO 8601 format. A specially crafted XML-RPC request or
response could possibly cause a PHP application to crash. (CVE-2014-3668)
The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat
Product Security.
All php53 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1959 -- kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* It was found that the permission checks performed by the Linux kernel
when a netlink message was received were not sufficient. A local,
unprivileged user could potentially bypass these restrictions by passing a
netlink socket as stdout or stderr to a more privileged process and
altering the output of this process. (CVE-2014-0181, Moderate)
Red Hat would like to thank Andy Lutomirski for reporting this issue.
This update also fixes the following bugs:
* Previously, the kernel did not successfully deliver multicast packets
when the multicast querier was disabled. Consequently, the corosync utility
terminated unexpectedly and the affected storage node did not join its
intended cluster. With this update, multicast packets are delivered
properly when the multicast querier is disabled, and corosync handles the
node as expected. (BZ#902454)
* Previously, the kernel wrote the metadata contained in all system
information blocks on a single page of the /proc/sysinfo file. However,
when the machine configuration was very extensive and the data did not fit
on a single page, the system overwrote random memory regions, which in turn
caused data corruption when reading the /proc/sysconf file. With this
update, /proc/sysinfo automatically allocates a larger buffer if the data
output does not fit the current buffer, which prevents the data corruption.
(BZ#1131283)
* Prior to this update, the it_real_fn() function did not, in certain
cases, successfully acquire the SIGLOCK signal when the do_setitimer()
function used the ITIMER_REAL timer. As a consequence, the current process
entered an endless loop and became unresponsive. This update fixes the bug
and it_real_fn() no longer causes the kernel to become unresponsive.
(BZ#1134654)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2008:0839 -- postfix security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 4Red Hat Enterprise Linux 5CentOS Linux 3CentOS Linux 5postfixUpdated postfix packages that fix a security issue are now available for
Red Hat Enterprise Linux 3, 4, and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.
A flaw was found in the way Postfix dereferences symbolic links. If a local
user has write access to a mail spool directory with no root mailbox, it
may be possible for them to append arbitrary data to files that root has
write permission to. (CVE-2008-2936)
Red Hat would like to thank Sebastian Krahmer for responsibly disclosing
this issue.
All users of postfix should upgrade to these updated packages, which
contain a backported patch that resolves this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 3Red Hat Enterprise Linux 3The operating system installed on the system is Red Hat Enterprise Linux 3.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDRHSA-2008:0897 -- ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 4CentOS Linux 5rubyUpdated ruby packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
Ruby is an interpreted scripting language for quick and easy
object-oriented programming.
The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs
and a fixed source port when sending DNS requests. A remote attacker could
use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905)Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 4Red Hat Enterprise Linux 4The operating system installed on the system is Red Hat Enterprise Linux 4.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDRHSA-2014:1824 -- php security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A buffer overflow flaw was found in the Exif extension. A specially crafted
JPEG or TIFF file could cause a PHP application using the exif_thumbnail()
function to crash or, possibly, execute arbitrary code with the privileges
of the user running that PHP application. (CVE-2014-3670)
A stack-based buffer overflow flaw was found in the way the xmlrpc
extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC
request or response could possibly cause a PHP application to crash.
(CVE-2014-8626)
An integer overflow flaw was found in the way custom objects were
unserialized. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash. (CVE-2014-3669)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1948 -- nss, nss-util, and nss-softokn security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7nssNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1919 -- firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593)
A flaw was found in the Alarm API, which could allow applications to
schedule actions to be run in the future. A malicious web application could
use this flaw to bypass the same-origin policy. (CVE-2014-1594)
This update disables SSL 3.0 support by default in Firefox. Details on how
to re-enable SSL 3.0 support are available at:
<A HREF="https://access.redhat.com/articles/1283153">https://access.redhat.com/articles/1283153</A>
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse
Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya,
and Boris Zbarsky as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 31.3.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 31.3.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1893 -- libXfont security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5libXfontThe libXfont packages provide the X.Org libXfont runtime library. X.Org is
an open source implementation of the X Window System.
A use-after-free flaw was found in the way libXfont processed certain font
files when attempting to add a new directory to the font path. A malicious,
local user could exploit this issue to potentially execute arbitrary code
with the privileges of the X.Org server. (CVE-2014-0209)
Multiple out-of-bounds write flaws were found in the way libXfont parsed
replies received from an X.org font server. A malicious X.org server could
cause an X client to crash or, possibly, execute arbitrary code with the
privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211)
Red Hat would like to thank the X.org project for reporting these issues.
Upstream acknowledges Ilja van Sprundel as the original reporter.
Users of libXfont should upgrade to these updated packages, which contain a
backported patch to resolve this issue. All running X.Org server instances
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1885 -- libxml2 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5libxml2The libxml2 library is a development toolbox providing the implementation
of various XML standards.
A denial of service flaw was found in libxml2, a library providing support
to read, modify and write XML and HTML files. A remote attacker could
provide a specially crafted XML file that, when processed by an application
using libxml2, would lead to excessive CPU consumption (denial of service)
based on excessive entity substitutions, even if entity substitution was
disabled, which is the parser default behavior. (CVE-2014-3660)
All libxml2 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. The desktop must be
restarted (log out, then log back in) for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1353 -- sudo security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5sudoSergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0304 -- vixie-cron security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5vixie-cronSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1310 -- samba3x security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5samba3xSamba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
It was discovered that the Samba Web Administration Tool (SWAT) did not
protect against being opened in a web page frame. A remote attacker could
possibly use this flaw to conduct a clickjacking attack against SWAT users
or users with an active SWAT session. (CVE-2013-0213)
A flaw was found in the Cross-Site Request Forgery (CSRF) protection
mechanism implemented in SWAT. An attacker with the knowledge of a victim's
password could use this flaw to bypass CSRF protections and conduct a CSRF
attack against the victim SWAT user. (CVE-2013-0214)
An integer overflow flaw was found in the way Samba handled an Extended
Attribute (EA) list provided by a client. A malicious client could send a
specially crafted EA list that triggered an overflow, causing the server to
loop and reprocess the list using an excessive amount of memory.
(CVE-2013-4124)
Note: This issue did not affect the default configuration of the Samba
server.
Red Hat would like to thank the Samba project for reporting CVE-2013-0213
and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter
of CVE-2013-0213 and CVE-2013-0214.
These updated samba3x packages also include numerous bug fixes. Space
precludes documenting all of these changes in this advisory. Users are
directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in
the References, for information on the most significant of these changes.
All samba3x users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1348 -- Red Hat Enterprise Linux 5 kernel update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issue:
* It was found that a deadlock could occur in the Out of Memory (OOM)
killer. A process could trigger this deadlock by consuming a large amount
of memory, and then causing request_module() to be called. A local,
unprivileged user could use this flaw to cause a denial of service
(excessive memory consumption). (CVE-2012-4398, Moderate)
Red Hat would like to thank Tetsuo Handa for reporting this issue.
This update also fixes numerous bugs and adds various enhancements. Refer
to the Red Hat Enterprise Linux 5.10 Release Notes for information on the
most significant of these changes, and the Technical Notes for further
information, both linked to in the References.
All Red Hat Enterprise Linux 5 users are advised to install these updated
packages, which correct this issue, and fix the bugs and add the
enhancements noted in the Red Hat Enterprise Linux 5.10 Release Notes and
Technical Notes. The system must be rebooted for this update to take
effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1326: php53 and php security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6php53phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. PHP's fileinfo module provides functions used to identify a
particular file according to the type of data contained by the file.
It was found that the fix for CVE-2012-1571 was incomplete; the File
Information (fileinfo) extension did not correctly parse certain Composite
Document Format (CDF) files. A remote attacker could use this flaw to crash
a PHP application using fileinfo via a specially crafted CDF file.
(CVE-2014-3587)
A NULL pointer dereference flaw was found in the gdImageCreateFromXpm()
function of PHP's gd extension. A remote attacker could use this flaw to
crash a PHP application using gd via a specially crafted X PixMap (XPM)
file. (CVE-2014-2497)
Multiple buffer over-read flaws were found in the php_parserr() function of
PHP. A malicious DNS server or a man-in-the-middle attacker could possibly
use this flaw to execute arbitrary code as the PHP interpreter if a PHP
application used the dns_get_record() function to perform a DNS query.
(CVE-2014-3597)
Two use-after-free flaws were found in the way PHP handled certain Standard
PHP Library (SPL) Iterators and ArrayIterators. A malicious script author
could possibly use either of these flaws to disclose certain portions of
server memory. (CVE-2014-4670, CVE-2014-4698)
The CVE-2014-3597 issue was discovered by David KutГЎlek of the Red Hat
BaseOS QE.
All php53 and php users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, the httpd daemon must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
Multiple flaws were discovered in the Libraries, 2D, and Hotspot components
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531,
CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK
performed expansion of external parameter entities even when external
entity substitution was disabled. A remote attacker could use this flaw to
perform XML eXternal Entity (XXE) attack against applications using the
StAX parser to parse untrusted XML documents. (CVE-2014-6517)
It was discovered that the DatagramSocket implementation in OpenJDK failed
to perform source address checks for packets received on a connected
socket. A remote attacker could use this flaw to have their packets
processed as if they were received from the expected source.
(CVE-2014-6512)
It was discovered that the TLS/SSL implementation in the JSSE component in
OpenJDK failed to properly verify the server identity during the
renegotiation following session resumption, making it possible for
malicious TLS/SSL servers to perform a Triple Handshake attack against
clients using JSSE and client certificate authentication. (CVE-2014-6457)
It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could possibly
allow an attacker to affect the integrity of an encrypted stream handled by
this class. (CVE-2014-6558)
The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product
Security.
This update also fixes the following bug:
* The TLS/SSL implementation in OpenJDK previously failed to handle
Diffie-Hellman (DH) keys with more than 1024 bits. This caused client
applications using JSSE to fail to establish TLS/SSL connections to servers
using larger DH keys during the connection handshake. This update adds
support for DH keys with size up to 2048 bits. (BZ#1148309)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1633: java-1.7.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
Multiple flaws were discovered in the Libraries, 2D, and Hotspot components
in OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531,
CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519)
It was discovered that the StAX XML parser in the JAXP component in OpenJDK
performed expansion of external parameter entities even when external
entity substitution was disabled. A remote attacker could use this flaw to
perform XML eXternal Entity (XXE) attack against applications using the
StAX parser to parse untrusted XML documents. (CVE-2014-6517)
It was discovered that the DatagramSocket implementation in OpenJDK failed
to perform source address checks for packets received on a connected
socket. A remote attacker could use this flaw to have their packets
processed as if they were received from the expected source.
(CVE-2014-6512)
It was discovered that the TLS/SSL implementation in the JSSE component in
OpenJDK failed to properly verify the server identity during the
renegotiation following session resumption, making it possible for
malicious TLS/SSL servers to perform a Triple Handshake attack against
clients using JSSE and client certificate authentication. (CVE-2014-6457)
It was discovered that the CipherInputStream class implementation in
OpenJDK did not properly handle certain exceptions. This could possibly
allow an attacker to affect the integrity of an encrypted stream handled by
this class. (CVE-2014-6558)
The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product
Security.
This update also fixes the following bug:
* The TLS/SSL implementation in OpenJDK previously failed to handle
Diffie-Hellman (DH) keys with more than 1024 bits. This caused client
applications using JSSE to fail to establish TLS/SSL connections to servers
using larger DH keys during the connection handshake. This update adds
support for DH keys with size up to 2048 bits. (BZ#1148309)
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1647: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1577)
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron
Campen Jon Coppeard, Holger Fuhrmannek, Abhishek Arya, and regenrecht as
the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 31.2.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 31.2.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1323 -- ccid security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5ccidChip/Smart Card Interface Devices (CCID) is a USB smart card reader
standard followed by most modern smart card readers. The ccid package
provides a Generic, USB-based CCID driver for readers, which follow this
standard.
An integer overflow, leading to an array index error, was found in the way
the CCID driver processed a smart card's serial number. A local attacker
could use this flaw to execute arbitrary code with the privileges of the
user running the PC/SC Lite pcscd daemon (root, by default), by inserting a
specially-crafted smart card. (CVE-2010-4530)
This update also fixes the following bug:
* The pcscd service failed to read from the SafeNet Smart Card 650 v1 when
it was inserted into a smart card reader. The operation failed with a
"IFDHPowerICC() PowerUp failed" error message. This was due to the card
taking a long time to respond with a full Answer To Reset (ATR) request,
which lead to a timeout, causing the card to fail to power up. This update
increases the timeout value so that the aforementioned request is processed
properly, and the card is powered on as expected. (BZ#907821)
All ccid users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1658: java-1.6.0-sun security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5Red Hat Enterprise Linux 7java-1.6.0-sunOracle Java SE version 6 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493,
CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511,
CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532,
CVE-2014-6558)
The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 85 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0255 -- subversion security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6subversionSubversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes. The
mod_dav_svn module is used with the Apache HTTP Server to allow access to
Subversion repositories via HTTP.
A flaw was found in the way the mod_dav_svn module handled OPTIONS
requests. A remote attacker with read access to an SVN repository served
via HTTP could use this flaw to cause the httpd process that handled such a
request to crash. (CVE-2014-0032)
A flaw was found in the way Subversion handled file names with newline
characters when the FSFS repository format was used. An attacker with
commit access to an SVN repository could corrupt a revision by committing a
specially crafted file. (CVE-2013-1968)
A flaw was found in the way the svnserve tool of Subversion handled remote
client network connections. An attacker with read access to an SVN
repository served via svnserve could use this flaw to cause the svnserve
daemon to exit, leading to a denial of service. (CVE-2013-2112)
All subversion users should upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, for the update to take effect, you must restart the httpd
daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are
serving Subversion repositories via the svn:// protocol.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0305 -- boost security and bug fix update (Low)Red Hat Enterprise Linux 5boostThe boost packages provide free, peer-reviewed, portable C++ source
libraries with emphasis on libraries which work well with the C++ Standard
Library.
Invalid pointer dereference flaws were found in the way the Boost regular
expression library processed certain, invalid expressions. An attacker able
to make an application using the Boost library process a specially-crafted
regular expression could cause that application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2008-0171)
NULL pointer dereference flaws were found in the way the Boost regular
expression library processed certain, invalid expressions. An attacker able
to make an application using the Boost library process a specially-crafted
regular expression could cause that application to crash. (CVE-2008-0172)
Red Hat would like to thank Will Drewry for reporting these issues.
This update also fixes the following bugs:
* Prior to this update, the construction of a regular expression object
could fail when several regular expression objects were created
simultaneously, such as in a multi-threaded program. With this update, the
object variables have been moved from the shared memory to the stack. Now,
the constructing function is thread safe. (BZ#472384)
* Prior to this update, header files in several Boost libraries contained
preprocessor directives that the GNU Compiler Collection (GCC) 4.4 could
not handle. This update instead uses equivalent constructs that are
standard C. (BZ#567722)
All users of boost are advised to upgrade to these updated packages, which
fix these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1653: openssl security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
This update adds support for the TLS Fallback Signaling Cipher Suite Value
(TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade
attacks against applications which re-connect using a lower SSL/TLS
protocol version when the initial connection indicating the highest
supported protocol version fails.
This can prevent a forceful downgrade of the communication to SSL 3.0.
The SSL 3.0 protocol was found to be vulnerable to the padding oracle
attack when using block cipher suites in cipher block chaining (CBC) mode.
This issue is identified as CVE-2014-3566, and also known under the alias
POODLE. This SSL 3.0 protocol flaw will not be addressed in a future
update; it is recommended that users configure their applications to
require at least TLS protocol version 1.0 for secure communication.
For additional information about this flaw, see the Knowledgebase article
at https://access.redhat.com/articles/1232123
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to mitigate the CVE-2014-3566 issue. For the
update to take effect, all services linked to the OpenSSL library (such as
httpd and other SSL-enabled services) must be restarted or the system
rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDACCEPTEDRHSA-2013:1319 -- sssd security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5sssdSSSD (System Security Services Daemon) provides a set of daemons to manage
access to remote directories and authentication mechanisms. It provides NSS
(Name Service Switch) and PAM (Pluggable Authentication Modules) interfaces
toward the system and a pluggable back end system to connect to multiple
different account sources.
A race condition was found in the way SSSD copied and removed user home
directories. A local attacker who is able to write into the home directory
of a different user who is being removed could use this flaw to perform
symbolic link attacks, possibly allowing them to modify and delete
arbitrary files with the privileges of the root user. (CVE-2013-0219)
The CVE-2013-0219 issue war discovered by Florian Weimer of the Red Hat
Product Security Team.
This update also fixes the following bugs:
* After a paging control was used, memory in the sssd_be process was never
freed which led to the growth of the sssd_be process memory usage over
time. To fix this bug, the paging control was deallocated after use, and
thus the memory usage of the sssd_be process no longer grows. (BZ#820908)
* If the sssd_be process was terminated and recreated while there were
authentication requests pending, the sssd_pam process did not recover
correctly and did not reconnect to the new sssd_be process. Consequently,
the sssd_pam process was seemingly blocked and did not accept any new
authentication requests. The sssd_pam process has been fixes so that it
reconnects to the new instance of the sssd_be process after the original
one terminated unexpectedly. Even after a crash and reconnect, the sssd_pam
process now accepts new authentication requests. (BZ#882414)
* When the sssd_be process hung for a while, it was terminated and a new
instance was created. If the old instance did not respond to the TERM
signal and continued running, SSSD terminated unexpectedly. As a
consequence, the user could not log in. SSSD now keeps track of sssd_be
subprocesses more effectively, making the restarts of sssd_be more reliable
in such scenarios. Users can now log in whenever the sssd_be is restarted
and becomes unresponsive. (BZ#886165)
* In case the processing of an LDAP request took longer than the client
timeout upon completing the request (60 seconds by default), the PAM client
could have accessed memory that was previously freed due to the client
timeout being reached. As a result, the sssd_pam process terminated
unexpectedly with a segmentation fault. SSSD now ignores an LDAP request
result when it detects that the set timeout of this request has been
reached. The sssd_pam process no longer crashes in the aforementioned
scenario. (BZ#923813)
* When there was a heavy load of users and groups to be saved in cache,
SSSD experienced a timeout. Consequently, NSS did not start the backup
process properly and it was impossible to log in. A patch has been provided
to fix this bug. The SSSD daemon now remains responsive and the login
continues as expected. (BZ#805729)
* SSSD kept the file descriptors to the log files open. Consequently, on
occasions like moving the actual log file and restarting the back end, SSSD
still kept the file descriptors open. SSSD now closes the file descriptor
after the child process execution; after a successful back end start, the
file descriptor to log files is closed. (BZ#961680)
* While performing access control in the Identity Management back end, SSSD
erroneously downloaded the "member" attribute from the server and then
attempted to use it in the cache verbatim. Consequently, the cache
attempted to use the "member" attribute values as if they were pointing to
the local cache which was CPU intensive. The member attribute when
processing host groups is no longer downloaded and processed. Moreover, the
login process is reasonably fast even with large host groups. (BZ#979047)
All sssd users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0303 -- xorg-x11-server security and bug fix update (Low)Red Hat Enterprise Linux 5xorg-x11-serverX.Org is an open source implementation of the X Window System. It provides
the basic low-level functionality that full-fledged graphical user
interfaces are designed upon.
A flaw was found in the way the X.Org server handled lock files. A local
user with access to the system console could use this flaw to determine the
existence of a file in a directory not accessible to the user, via a
symbolic link attack. (CVE-2011-4028)
Red Hat would like to thank the researcher with the nickname vladz for
reporting this issue.
This update also fixes the following bugs:
* In rare cases, if the front and back buffer of the miDbePositionWindow()
function were not both allocated in video memory, or were both allocated in
system memory, the X Window System sometimes terminated unexpectedly. A
patch has been provided to address this issue and X no longer crashes in
the described scenario. (BZ#596899)
* Previously, when the miSetShape() function called the miRegionDestroy()
function with a NULL region, X terminated unexpectedly if the backing store
was enabled. Now, X no longer crashes in the described scenario.
(BZ#676270)
* On certain workstations running in 32-bit mode, the X11 mouse cursor
occasionally became stuck near the left edge of the X11 screen. A patch has
been provided to address this issue and the mouse cursor no longer becomes
stuck in the described scenario. (BZ#529717)
* On certain workstations with a dual-head graphics adapter using the r500
driver in Zaphod mode, the mouse pointer was confined to one monitor screen
and could not move to the other screen. A patch has been provided to
address this issue and the mouse cursor works properly across both screens.
(BZ#559964)
* Due to a double free operation, Xvfb (X virtual framebuffer) terminated
unexpectedly with a segmentation fault randomly when the last client
disconnected, that is when the server reset. This bug has been fixed in the
miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741)
* Starting the Xephyr server on an AMD64 or Intel 64 architecture with an
integrated graphics adapter caused the server to terminate unexpectedly.
This bug has been fixed in the code and Xephyr no longer crashes in the
described scenario. (BZ#454409)
* Previously, when a client made a request bigger than 1/4th of the limit
advertised in the BigRequestsEnable reply, the X server closed the
connection unexpectedly. With this update, the maxBigRequestSize variable
has been added to the code to check the size of client requests, thus
fixing this bug. (BZ#555000)
* When an X client running on a big-endian system called the
XineramaQueryScreens() function, the X server terminated unexpectedly. This
bug has been fixed in the xf86Xinerama module and the X server no longer
crashes in the described scenario. (BZ#588346)
* When installing Red Hat Enterprise Linux 5 on an IBM eServer System p
blade server, the installer did not set the correct mode on the built-in
KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a
very long time to appear and then was displayed incorrectly. A patch has
been provided to address this issue and the graphical installer now works
as expected in the described scenario. Note that this fix requires the
Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497)
* Lines longer than 46,340 pixels can be drawn with one of the coordinates
being negative. However, for dashed lines, the miPolyBuildPoly() function
overflowed the "int" type when setting up edges for a section of a dashed
line. Consequently, dashed segments were not drawn at all. An upstream
patch has been applied to address this issue and dashed lines are now drawn
correctly. (BZ#649810)
All users of xorg-x11-server are advised to upgrade to these updated
packages, which correct these issues. All running X.Org server instances
must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1657: java-1.7.0-oracle security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5Red Hat Enterprise Linux 7java-1.7.0-oracleOracle Java SE version 7 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476,
CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504,
CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517,
CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558)
The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 72 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1635: firefox security update (Critical)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1576,
CVE-2014-1577)
A flaw was found in the Alarm API, which allows applications to schedule
actions to be run in the future. A malicious web application could use this
flaw to bypass cross-origin restrictions. (CVE-2014-1583)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron
Campen Jon Coppeard, Atte Kettunen, Holger Fuhrmannek, Abhishek Arya,
regenrecht, and Boris Zbarsky as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 31.2.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 31.2.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1194: conga security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5congaThe Conga project is a management system for remote workstations.
It consists of luci, which is a secure web-based front end, and ricci,
which is a secure daemon that dispatches incoming messages to underlying
management modules.
It was discovered that Plone, included as a part of luci, did not properly
protect the administrator interface (control panel). A remote attacker
could use this flaw to inject a specially crafted Python statement or
script into Plone's restricted Python sandbox that, when the administrator
interface was accessed, would be executed with the privileges of that
administrator user. (CVE-2012-5485)
It was discovered that Plone, included as a part of luci, did not properly
sanitize HTTP headers provided within certain URL requests. A remote
attacker could use a specially crafted URL that, when processed, would
cause the injected HTTP headers to be returned as a part of the Plone HTTP
response, potentially allowing the attacker to perform other more advanced
attacks. (CVE-2012-5486)
Multiple information leak flaws were found in the way conga processed luci
site extension-related URL requests. A remote, unauthenticated attacker
could issue a specially crafted HTTP request that, when processed, would
result in unauthorized information disclosure. (CVE-2013-6496)
It was discovered that various components in the luci site
extension-related URLs were not properly restricted to administrative
users. A remote, authenticated attacker could escalate their privileges to
perform certain actions that should be restricted to administrative users,
such as adding users and systems, and viewing log data. (CVE-2014-3521)
It was discovered that Plone, included as a part of luci, did not properly
protect the privilege of running RestrictedPython scripts. A remote
attacker could use a specially crafted URL that, when processed, would
allow the attacker to submit and perform expensive computations or, in
conjunction with other attacks, be able to access or alter privileged
information. (CVE-2012-5488)
It was discovered that Plone, included as a part of luci, did not properly
enforce permissions checks on the membership database. A remote attacker
could use a specially crafted URL that, when processed, could allow the
attacker to enumerate user account names. (CVE-2012-5497)
It was discovered that Plone, included as a part of luci, did not properly
handle the processing of requests for certain collections. A remote
attacker could use a specially crafted URL that, when processed, would lead
to excessive I/O and/or cache resource consumption. (CVE-2012-5498)
It was discovered that Plone, included as a part of luci, did not properly
handle the processing of very large values passed to an internal utility
function. A remote attacker could use a specially crafted URL that, when
processed, would lead to excessive memory consumption. (CVE-2012-5499)
It was discovered that Plone, included as a part of luci, allowed a remote
anonymous user to change titles of content items due to improper
permissions checks. (CVE-2012-5500)
The CVE-2014-3521 issue was discovered by Radek Steiger of Red Hat, and the
CVE-2013-6496 issue was discovered by Jan Pokorny of Red Hat.
In addition, these updated conga packages include several bug fixes.
Space precludes documenting all of these changes in this advisory.
Users are directed to the Red Hat Enterprise Linux 5.11 Technical Notes,
linked to in the References section, for information on the most
significant of these changes
All conga users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the luci and ricci services will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1193: axis security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6axisApache Axis is an implementation of SOAP (Simple Object Access Protocol).
It can be used to build both web service clients and servers.
It was discovered that Axis incorrectly extracted the host name from an
X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3596)
For additional information on this flaw, refer to the Knowledgebase article
in the References section.
This issue was discovered by David Jorm and Arun Neelicattu of Red Hat
Product Security.
All axis users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. Applications using Apache
Axis must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1671 -- rsyslog5 and rsyslog security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6rsyslogrsyslog5The rsyslog packages provide an enhanced, multi-threaded syslog daemon
that supports writing to relational databases, syslog/TCP, RFC 3195,
permitted sender lists, filtering on any message part, and fine grained
output format control.
A flaw was found in the way rsyslog handled invalid log message priority
values. In certain configurations, a local attacker, or a remote attacker
able to connect to the rsyslog port, could use this flaw to crash the
rsyslog daemon. (CVE-2014-3634)
Red Hat would like to thank Rainer Gerhards of rsyslog upstream for
reporting this issue.
All rsyslog5 and rsyslog users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing the update, the rsyslog service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1245: krb5 security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5krb5Kerberos is an authentication system which allows clients and services to
authenticate to each other with the help of a trusted third party, a
Kerberos Key Distribution Center (KDC).
It was found that if a KDC served multiple realms, certain requests could
cause the setup_server_realm() function to dereference a NULL pointer.
A remote, unauthenticated attacker could use this flaw to crash the KDC
using a specially crafted request. (CVE-2013-1418, CVE-2013-6800)
A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO
acceptor for continuation tokens. A remote, unauthenticated attacker could
use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344)
A buffer over-read flaw was found in the way MIT Kerberos handled certain
requests. A man-in-the-middle attacker with a valid Kerberos ticket who is
able to inject packets into a client or server application's GSSAPI session
could use this flaw to crash the application. (CVE-2014-4341)
This update also fixes the following bugs:
* Prior to this update, the libkrb5 library occasionally attempted to free
already freed memory when encrypting credentials. As a consequence, the
calling process terminated unexpectedly with a segmentation fault.
With this update, libkrb5 frees memory correctly, which allows the
credentials to be encrypted appropriately and thus prevents the mentioned
crash. (BZ#1004632)
* Previously, when the krb5 client library was waiting for a response from
a server, the timeout variable in certain cases became a negative number.
Consequently, the client could enter a loop while checking for responses.
With this update, the client logic has been modified and the described
error no longer occurs. (BZ#1089732)
All krb5 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the krb5kdc daemon will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1307: nss security update (Important)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 7CentOS Linux 6CentOS Linux 5Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One)
input from certain RSA signatures. A remote attacker could use this flaw to
forge RSA certificates by providing a specially crafted signature to an
application using NSS. (CVE-2014-1568)
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security
Incident Response Team as the original reporters.
All NSS users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing this
update, applications using NSS must be restarted for this update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1255: krb5 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5krb5Kerberos is an authentication system which allows clients and services to
authenticate to each other with the help of a trusted third party, a
Kerberos Key Distribution Center (KDC).
A buffer overflow was found in the KADM5 administration server (kadmind)
when it was used with an LDAP back end for the KDC database. A remote,
authenticated attacker could potentially use this flaw to execute arbitrary
code on the system running kadmind. (CVE-2014-4345)
All krb5 users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, the krb5kdc and kadmind daemons will be restarted
automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1047: nss nad nspr bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 5Network Security Services (NSS) is a set of libraries designed to support the
cross-platform development of security-enabled client and server applications.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1148: squid security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6squidSquid is a high-performance proxy caching server for web clients,
supporting FTP, Gopher, and HTTP data objects.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1173: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-21,
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551,
CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556,
CVE-2014-0557, CVE-2014-0559)
A flaw in flash-plugin could allow an attacker to bypass the same-origin
policy. (CVE-2014-0548)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.406.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1243: automake security update (Low)Red Hat Enterprise Linux 5CentOS Linux 5automakeAutomake is a tool for automatically generating Makefile.in files compliant
with the GNU Coding Standards.
It was found that the distcheck rule in Automake-generated Makefiles made a
directory world-writable when preparing source archives. If a malicious,
local user could access this directory, they could execute arbitrary code
with the privileges of the user running "make distcheck". (CVE-2012-3386)
Red Hat would like to thank Jim Meyering for reporting this issue. Upstream
acknowledges Stefano Lattarini as the original reporter.
All automake users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1143: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1306: bash security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
It was found that the fix for CVE-2014-6271 was incomplete, and Bash still
allowed certain characters to be injected into other environments via
specially crafted environment variables. An attacker could potentially use
this flaw to override or bypass environment restrictions to execute shell
commands. Certain services and applications allow remote unauthenticated
attackers to provide environment variables, allowing them to exploit this
issue. (CVE-2014-7169)
Applications which directly create bash functions as environment variables
need to be made aware of changes to the way names are handled by this
update. For more information see the Knowledgebase article at
https://access.redhat.com/articles/1200223
Note: Docker users are advised to use "yum update" within their containers,
and to commit the resulting changes.
For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the
aforementioned Knowledgebase article.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1144: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1145: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1293: bash security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7bashThe GNU Bourne Again shell (Bash) is a shell and command language
interpreter compatible with the Bourne shell (sh). Bash is the default
shell for Red Hat Enterprise Linux.
A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue.
(CVE-2014-6271)
For additional information on the CVE-2014-6271 flaw, refer to the
Knowledgebase article at https://access.redhat.com/articles/1200223
Red Hat would like to thank Stephane Chazelas for reporting this issue.
All bash users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1166: jakarta-commons-httpclient security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7jakarta-commons-httpclientJakarta Commons HTTPClient implements the client side of HTTP standards.
It was discovered that the HTTPClient incorrectly extracted host name from
an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle
attacker could use this flaw to spoof an SSL server using a specially
crafted X.509 certificate. (CVE-2014-3577)
For additional information on this flaw, refer to the Knowledgebase
article in the References section.
All jakarta-commons-httpclient users are advised to upgrade to these
updated packages, which contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1172: procmail security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7procmailThe procmail program is used for local mail delivery. In addition to just
delivering mail, procmail can be used for automatic filtering, presorting,
and other mail handling jobs.
A heap-based buffer overflow flaw was found in procmail's formail utility.
A remote attacker could send an email with specially crafted headers that,
when processed by formail, could cause procmail to crash or, possibly,
execute arbitrary code as the user running formail. (CVE-2014-3618)
All procmail users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1246: nss and nspr security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5nssNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.
A flaw was found in the way TLS False Start was implemented in NSS.
An attacker could use this flaw to potentially return unencrypted
information from the server. (CVE-2013-1740)
A race condition was found in the way NSS implemented session ticket
handling as specified by RFC 5077. An attacker could use this flaw to crash
an application using NSS or, in rare cases, execute arbitrary code with the
privileges of the user running that application. (CVE-2014-1490)
It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE)
parameters. This could possibly lead to weak encryption being used in
communication between the client and the server. (CVE-2014-1491)
An out-of-bounds write flaw was found in NSPR. A remote attacker could
potentially use this flaw to crash an application using NSPR or, possibly,
execute arbitrary code with the privileges of the user running that
application. This NSPR flaw was not exposed to web content in any shipped
version of Firefox. (CVE-2014-1545)
It was found that the implementation of Internationalizing Domain Names in
Applications (IDNA) hostname matching in NSS did not follow the RFC 6125
recommendations. This could lead to certain invalid certificates with
international characters to be accepted as valid. (CVE-2014-1492)
Red Hat would like to thank the Mozilla project for reporting the
CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream
acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine
Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of
CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545.
The nss and nspr packages have been upgraded to upstream version 3.16.1 and
4.10.6 respectively, which provide a number of bug fixes and enhancements
over the previous versions. (BZ#1110857, BZ#1110860)
This update also fixes the following bugs:
* Previously, when the output.log file was not present on the system, the
shell in the Network Security Services (NSS) specification handled test
failures incorrectly as false positive test results. Consequently, certain
utilities, such as "grep", could not handle failures properly. This update
improves error detection in the specification file, and "grep" and other
utilities now handle missing files or crashes as intended. (BZ#1035281)
* Prior to this update, a subordinate Certificate Authority (CA) of the
ANSSI agency incorrectly issued an intermediate certificate installed on a
network monitoring device. As a consequence, the monitoring device was
enabled to act as an MITM (Man in the Middle) proxy performing traffic
management of domain names or IP addresses that the certificate holder did
not own or control. The trust in the intermediate certificate to issue the
certificate for an MITM device has been revoked, and such a device can no
longer be used for MITM attacks. (BZ#1042684)
* Due to a regression, MD5 certificates were rejected by default because
Network Security Services (NSS) did not trust MD5 certificates. With this
update, MD5 certificates are supported in Red Hat Enterprise Linux 5.
(BZ#11015864)
Users of nss and nspr are advised to upgrade to these updated packages,
which correct these issues and add these enhancements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1677 -- wireshark security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5wiresharkWireshark is a network protocol analyzer. It is used to capture and browse
the traffic running on a computer network.
Multiple flaws were found in Wireshark. If Wireshark read a malformed
packet off a network or opened a malicious dump file, it could crash or,
possibly, execute arbitrary code as the user running Wireshark.
(CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432)
Several denial of service flaws were found in Wireshark. Wireshark could
crash or stop responding if it read a malformed packet off a network, or
opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423,
CVE-2014-6425, CVE-2014-6428)
All wireshark users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. All running instances
of Wireshark must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1033: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.6.0-ibmIBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-4209, CVE-2014-4218,
CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262,
CVE-2014-4263, CVE-2014-4265)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 6 SR16-FP1 release. All running
instances of IBM Java must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1110: glibc security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7glibcThe glibc packages contain the standard C libraries used by multiple
programs on the system. These packages contain the standard C and the
standard math libraries. Without these two libraries, a Linux system cannot
function properly.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1051: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18,
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542,
CVE-2014-0543, CVE-2014-0544, CVE-2014-0545)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.400.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1036: java-1.5.0-ibm security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.5.0-ibmIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-4209, CVE-2014-4218,
CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM J2SE 5.0 SR16-FP7 release. All running
instances of IBM Java must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1053: openssl security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
It was discovered that the OBJ_obj2txt() function could fail to properly
NUL-terminate its output. This could possibly cause an application using
OpenSSL functions to format fields of X.509 certificates to disclose
portions of its memory. (CVE-2014-3508)
Multiple flaws were discovered in the way OpenSSL handled DTLS packets.
A remote attacker could use these flaws to cause a DTLS server or client
using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221,
CVE-2014-3505, CVE-2014-3506)
A NULL pointer dereference flaw was found in the way OpenSSL performed a
handshake when using the anonymous Diffie-Hellman (DH) key exchange. A
malicious server could cause a DTLS client using OpenSSL to crash if that
client had anonymous DH cipher suites enabled. (CVE-2014-3510)
Red Hat would like to thank the OpenSSL project for reporting
CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original
reporter of this issue.
All OpenSSL users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1012: php53 and php security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6php53phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. PHP's fileinfo module provides functions used to identify a
particular file according to the type of data contained by the file.
Multiple denial of service flaws were found in the way the File Information
(fileinfo) extension parsed certain Composite Document Format (CDF) files.
A remote attacker could use either of these flaws to crash a PHP
application using fileinfo via a specially crafted CDF file.
(CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571)
Two denial of service flaws were found in the way the File Information
(fileinfo) extension handled indirect and search rules. A remote attacker
could use either of these flaws to cause a PHP application using fileinfo
to crash or consume an excessive amount of CPU. (CVE-2014-1943,
CVE-2014-2270)
A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT
records. A malicious DNS server or a man-in-the-middle attacker could
possibly use this flaw to execute arbitrary code as the PHP interpreter if
a PHP application used the dns_get_record() function to perform a DNS
query. (CVE-2014-4049)
A type confusion issue was found in PHP's phpinfo() function. A malicious
script author could possibly use this flaw to disclose certain portions of
server memory. (CVE-2014-4721)
A buffer over-read flaw was found in the way the DateInterval class parsed
interval specifications. An attacker able to make a PHP application parse a
specially crafted specification using DateInterval could possibly cause the
PHP interpreter to crash. (CVE-2013-6712)
A type confusion issue was found in the SPL ArrayObject and
SPLObjectStorage classes' unserialize() method. A remote attacker able to
submit specially crafted input to a PHP application, which would then
unserialize this input using one of the aforementioned methods, could use
this flaw to execute arbitrary code with the privileges of the user running
that PHP application. (CVE-2014-3515)
The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues
were discovered by Francisco Alonso of Red Hat Product Security.
All php53 and php users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1004: yum-updatesd security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5yum-updatesdThe yum-updatesd package provides a daemon which checks for available
updates and can notify you when they are available via email, syslog,
or dbus.
It was discovered that yum-updatesd did not properly perform RPM package
signature checks. When yum-updatesd was configured to automatically install
updates, a remote attacker could use this flaw to install a malicious
update on the target system using an unsigned RPM or an RPM signed with an
untrusted key. (CVE-2014-0022)
All yum-updatesd users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue. After installing
this update, the yum-updatesd service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:1041: java-1.7.0-ibm security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.7.0-ibmIBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-4208, CVE-2014-4209,
CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4227,
CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265,
CVE-2014-4266)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.7.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7 SR7-FP1 release. All running
instances of IBM Java must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:1244: bind97 security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5bind97The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. It contains a DNS server (named), a resolver
library with routines for applications to use when interfacing with DNS,
and tools for verifying that the DNS server is operating correctly.
These packages contain version 9.7 of the BIND suite.
A denial of service flaw was found in the way BIND handled queries for
NSEC3-signed zones. A remote attacker could use this flaw against an
authoritative name server that served NCES3-signed zones by sending a
specially crafted query, which, when processed, would cause named to crash.
(CVE-2014-0591)
Note: The CVE-2014-0591 issue does not directly affect the version of
bind97 shipped in Red Hat Enterprise Linux 5. This issue is being addressed
however to assure it is not introduced in future builds of bind97 (possibly
built with a different compiler or C library optimization).Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0908: java-1.6.0-sun security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.6.0-sunOracle Java SE version 6 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch page, listed in the References section. (CVE-2014-4219,
CVE-2014-4216, CVE-2014-4262, CVE-2014-4209, CVE-2014-4218,
CVE-2014-4252, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227,
CVE-2014-4265)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
Note: The way in which the Oracle Java SE packages are delivered has
changed. They now reside in a separate channel/repository that requires
action from the user to perform prior to getting updated packages.
For information on subscribing to the new channel/repository please refer
to: https://access.redhat.com/solutions/732883
All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 81 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0920: httpd security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6httpdThe httpd packages provide the Apache HTTP Server, a powerful, efficient,
and extensible web server.
A race condition flaw, leading to heap-based buffer overflows, was found in
the mod_status httpd module. A remote attacker able to access a status page
served by mod_status on a server using a threaded Multi-Processing Module
(MPM) could send a specially crafted request that would cause the httpd
child process to crash or, possibly, allow the attacker to execute
arbitrary code with the privileges of the "apache" user. (CVE-2014-0226)
A denial of service flaw was found in the way httpd's mod_deflate module
handled request body decompression (configured via the "DEFLATE" input
filter). A remote attacker able to send a request whose body would be
decompressed could use this flaw to consume an excessive amount of system
memory and CPU on the target system. (CVE-2014-0118)
A denial of service flaw was found in the way httpd's mod_cgid module
executed CGI scripts that did not read data from the standard input.
A remote attacker could submit a specially crafted request that would cause
the httpd child process to hang indefinitely. (CVE-2014-0231)
All httpd users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
An improper permission check issue was discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
this flaw to bypass Java sandbox restrictions. (CVE-2014-4262)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
This update also fixes the following bug:
* Prior to this update, an application accessing an unsynchronized HashMap
could potentially enter an infinite loop and consume an excessive amount of
CPU resources. This update resolves this issue. (BZ#1115580)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0916: nss and nspr security update (Critical)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 7nsprnssNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
A race condition was found in the way NSS verified certain certificates.
A remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application. (CVE-2014-1544)
Red Hat would like to thank the Mozilla project for reporting
CVE-2014-1544. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber
as the original reporters.
Users of NSS and NSPR are advised to upgrade to these updated packages,
which correct this issue. After installing this update, applications using
NSS or NSPR must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0902: java-1.7.0-oracle security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.7.0-oracleOracle Java SE version 7 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262,
CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266,
CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265,
CVE-2014-4220, CVE-2014-4208, CVE-2014-4264)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
Note: The way in which the Oracle Java SE packages are delivered has
changed. They now reside in a separate channel/repository that requires
action from the user to perform prior to getting updated packages.
For information on subscribing to the new channel/repository please refer
to: https://access.redhat.com/solutions/732883
All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 65 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0866: samba and samba3x security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6samba3xsambaSamba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
A denial of service flaw was found in the way the sys_recvfile() function
of nmbd, the NetBIOS message block daemon, processed non-blocking sockets.
An attacker could send a specially crafted packet that, when processed,
would cause nmbd to enter an infinite loop and consume an excessive amount
of CPU time. (CVE-2014-0244)
It was discovered that smbd, the Samba file server daemon, did not properly
handle certain files that were stored on the disk and used a valid Unicode
character in the file name. An attacker able to send an authenticated
non-Unicode request that attempted to read such a file could cause smbd to
crash. (CVE-2014-3493)
Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for
reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-3493.
The Samba project acknowledges Simon Arlott as the original reporter of
CVE-2014-3493.
All Samba users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0919: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro
Beekman, Patrick Cozzi, and Mozilla community member John as the original
reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.7.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.7.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0926: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A NULL pointer dereference flaw was found in the rds_iw_laddr_check()
function in the Linux kernel's implementation of Reliable Datagram Sockets
(RDS). A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-2678, Moderate)
* It was found that the Xen hypervisor implementation did not properly
clean memory pages previously allocated by the hypervisor. A privileged
guest user could potentially use this flaw to read data relating to other
guests or the hypervisor itself. (CVE-2014-4021, Moderate)
Red Hat would like to thank the Xen project for reporting CVE-2014-4021.
Upstream acknowledges Jan Beulich as the original reporter.
This update also fixes the following bugs:
* A bug in the journaling block device (jbd and jbd2) code could, under
certain circumstances, trigger a BUG_ON() assertion and result in a kernel
oops. This happened when an application performed an extensive number of
commits to the journal of the ext3 file system and there was no currently
active transaction while synchronizing the file's in-core state. This
problem has been resolved by correcting respective test conditions in the
jbd and jbd2 code. (BZ#1097528)
* After a statically defined gateway became unreachable and its
corresponding neighbor entry entered a FAILED state, the gateway stayed in
the FAILED state even after it became reachable again. As a consequence,
traffic was not routed through that gateway. This update allows probing
such a gateway automatically so that the traffic can be routed through
this gateway again once it becomes reachable. (BZ#1106354)
* Due to an incorrect condition check in the IPv6 code, the ipv6 driver
was unable to correctly assemble incoming packet fragments, which resulted
in a high IPv6 packet loss rate. This update fixes the said check for a
fragment overlap and ensures that incoming IPv6 packet fragments are now
processed as expected. (BZ#1107932)
* Recent changes in the d_splice_alias() function introduced a bug that
allowed d_splice_alias() to return a dentry from a different directory
than the directory being looked up. As a consequence in cluster
environment, a kernel panic could be triggered when a directory was being
removed while a concurrent cross-directory operation was performed on this
directory on another cluster node. This update avoids the kernel panic in
this situation by correcting the search logic in the d_splice_alias()
function so that the function can no longer return a dentry from an
incorrect directory. (BZ#1109720)
* The NFSv4 server did not handle multiple OPEN operations to the same file
separately, which could cause the NFSv4 client to repeatedly send CLOSE
requests with the same state ID, even though the NFS server rejected the
request with an NFS4ERR_OLD_STATEID (10024) error code. This update
ensures that the NFSv4 client no longer re-sends the same CLOSE request
after receiving NFS4ERR_OLD_STATEID. (BZ#1113468)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0890: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0860: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-17,
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0537, CVE-2014-0539)
This update also fixes a flaw that would lead to Cross-Site Request Forgery
(CSRF) attacks. (CVE-2014-4671)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.394.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: RHSA-2014:0866: samba and samba3x security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6samba3xsambaSamba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
A denial of service flaw was found in the way the sys_recvfile() function
of nmbd, the NetBIOS message block daemon, processed non-blocking sockets.
An attacker could send a specially crafted packet that, when processed,
would cause nmbd to enter an infinite loop and consume an excessive amount
of CPU time. (CVE-2014-0244)
It was discovered that smbd, the Samba file server daemon, did not properly
handle certain files that were stored on the disk and used a valid Unicode
character in the file name. An attacker able to send an authenticated
non-Unicode request that attempted to read such a file could cause smbd to
crash. (CVE-2014-3493)
Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for
reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-3493.
The Samba project acknowledges Simon Arlott as the original reporter of
CVE-2014-3493.
All Samba users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDDEPRECATED: RHSA-2014:0890: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
It was discovered that the Hotspot component in OpenJDK did not properly
verify bytecode from the class files. An untrusted Java application or
applet could possibly use these flaws to bypass Java sandbox restrictions.
(CVE-2014-4216, CVE-2014-4219)
A format string flaw was discovered in the Hotspot component event logger
in OpenJDK. An untrusted Java application or applet could use this flaw to
crash the Java Virtual Machine or, potentially, execute arbitrary code with
the privileges of the Java Virtual Machine. (CVE-2014-2490)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-4223,
CVE-2014-4262, CVE-2014-2483)
Multiple flaws were discovered in the JMX, Libraries, Security, and
Serviceability components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java sandbox restrictions.
(CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266)
It was discovered that the RSA algorithm in the Security component in
OpenJDK did not sufficiently perform blinding while performing operations
that were using private keys. An attacker able to measure timing
differences of those operations could possibly leak information about the
used keys. (CVE-2014-4244)
The Diffie-Hellman (DH) key exchange algorithm implementation in the
Security component in OpenJDK failed to validate public DH parameters
properly. This could cause OpenJDK to accept and use weak parameters,
allowing an attacker to recover the negotiated key. (CVE-2014-4263)
The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat
Product Security.
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoDEPRECATEDDEPRECATEDRHSA-2014:0448: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxMozilla Firefox is an open source web browser.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)
A use-after-free flaw was found in the way Firefox resolved hosts in
certain circumstances. An attacker could use this flaw to crash Firefox or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1532)
An out-of-bounds read flaw was found in the way Firefox decoded JPEG
images. Loading a web page containing a specially crafted JPEG image could
cause Firefox to crash. (CVE-2014-1523)
A flaw was found in the way Firefox handled browser navigations through
history. An attacker could possibly use this flaw to cause the address bar
of the browser to display a web page name while loading content from an
entirely different web page, which could allow for cross-site scripting
(XSS) attacks. (CVE-2014-1530)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary
Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,
Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse
Schwartzentrube as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to this updated package, which contains
Firefox version 24.5.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0745: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-16,
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0534, CVE-2014-0535, CVE-2014-0536)
Multiple flaws in flash-plugin could allow an attacker to conduct
cross-site scripting (XSS) attacks if a victim were tricked into visiting a
specially crafted web page. (CVE-2014-0531, CVE-2014-0532, CVE-2014-0533)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.378.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0449: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)
A use-after-free flaw was found in the way Thunderbird resolved hosts in
certain circumstances. An attacker could use this flaw to crash Thunderbird
or, potentially, execute arbitrary code with the privileges of the user
running Thunderbird. (CVE-2014-1532)
An out-of-bounds read flaw was found in the way Thunderbird decoded JPEG
images. Loading an email or a web page containing a specially crafted JPEG
image could cause Thunderbird to crash. (CVE-2014-1523)
A flaw was found in the way Thunderbird handled browser navigations through
history. An attacker could possibly use this flaw to cause the address bar
of the browser to display a web page name while loading content from an
entirely different web page, which could allow for cross-site scripting
(XSS) attacks. (CVE-2014-1530)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary
Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,
Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse
Schwartzentrube as the original reporters of these issues.
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 24.5.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.5.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0918: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro
Beekman, Patrick Cozzi, and Mozilla community member John as the original
reporters of these issues.
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 24.7.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.7.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0509: java-1.5.0-ibm security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.5.0-ibmIBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-0457, CVE-2014-2421,
CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-2427, CVE-2014-2412,
CVE-2014-0460, CVE-2013-6629, CVE-2014-2401, CVE-2014-0453, CVE-2014-2398,
CVE-2014-1876)
All users of java-1.5.0-ibm are advised to upgrade to these updated
packages, containing the IBM J2SE 5.0 SR16-FP6 release. All running
instances of IBM Java must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0496: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-14,
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2014-0510, CVE-2014-0517, CVE-2014-0518, CVE-2014-0519,
CVE-2014-0520)
A flaw in flash-plugin could allow an attacker to bypass the same-origin
policy. (CVE-2014-0516)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.359.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0624: openssl security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5opensslOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of this issue.
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0474: struts security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5strutsApache Struts is a framework for building web applications with Java.
It was found that the Struts 1 ActionForm object allowed access to the
'class' parameter, which is directly mapped to the getClass() method. A
remote attacker could use this flaw to manipulate the ClassLoader used by
an application server running Struts 1. This could lead to remote code
execution under certain conditions. (CVE-2014-0114)
All struts users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
using struts must be restarted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0594: gnutls security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5gnutlsThe GnuTLS library provides support for cryptographic algorithms and for
protocols such as Transport Layer Security (TLS). The gnutls packages also
include the libtasn1 library, which provides Abstract Syntax Notation One
(ASN.1) parsing and structures management, and Distinguished Encoding Rules
(DER) encoding and decoding functions.
A flaw was found in the way GnuTLS parsed session IDs from ServerHello
messages of the TLS/SSL handshake. A malicious server could use this flaw
to send an excessively long session ID value, which would trigger a buffer
overflow in a connecting TLS/SSL client application using GnuTLS, causing
the client application to crash or, possibly, execute arbitrary code.
(CVE-2014-3466)
It was discovered that the asn1_get_bit_der() function of the libtasn1
library incorrectly reported the length of ASN.1-encoded data. Specially
crafted ASN.1 input could cause an application using libtasn1 to perform
an out-of-bounds access operation, causing the application to crash or,
possibly, execute arbitrary code. (CVE-2014-3468)
Multiple incorrect buffer boundary check issues were discovered in
libtasn1. Specially crafted ASN.1 input could cause an application using
libtasn1 to crash. (CVE-2014-3467)
Multiple NULL pointer dereference flaws were found in libtasn1's
asn1_read_value() function. Specially crafted ASN.1 input could cause an
application using libtasn1 to crash, if the application used the
aforementioned function in a certain way. (CVE-2014-3469)
Red Hat would like to thank GnuTLS upstream for reporting these issues.
Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original
reporter of CVE-2014-3466.
Users of GnuTLS are advised to upgrade to these updated packages, which
correct these issues. For the update to take effect, all applications
linked to the GnuTLS or libtasn1 library must be restarted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0413: java-1.7.0-oracle security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.7.0-oracleOracle Java SE version 7 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446,
CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453,
CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,
CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397,
CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409,
CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421,
CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)
All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 55 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0742: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes
Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,
Abhishek Arya, and Nils as the original reporters of these issues.
Note: All of the above issues cannot be exploited by a specially crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 24.6.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.6.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0447: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes one vulnerability in Adobe Flash Player. This
vulnerability is detailed in the Adobe Security Bulletin APSB14-13, listed
in the References section.
A flaw was found in the way flash-plugin displayed certain SWF content. An
attacker could use this flaw to create a specially crafted SWF file that
would cause flash-plugin to crash or, potentially, execute arbitrary code
when the victim loaded a page containing the malicious SWF content.
(CVE-2014-0515)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.356.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0407: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkThe java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime
Environment and the OpenJDK 7 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0455, CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to bypass
certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451,
CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402,
CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459)
Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0433: kernel security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel's TCP/IP protocol suite
implementation handled TCP packets with both the SYN and FIN flags set.
A remote attacker could use this flaw to consume an excessive amount of
resources on the target system, potentially resulting in a denial of
service. (CVE-2012-6638, Moderate)
* A flaw was found in the way the Linux kernel handled HID (Human Interface
Device) reports with an out-of-bounds Report ID. An attacker with physical
access to the system could use this flaw to crash the system or,
potentially, escalate their privileges on the system. (CVE-2013-2888,
Moderate)
This update also fixes the following bugs:
* A previous change to the sunrpc code introduced a race condition between
the rpc_wake_up_task() and rpc_wake_up_status() functions. A race between
threads operating on these functions could result in a deadlock situation,
subsequently triggering a "soft lockup" event and rendering the system
unresponsive. This problem has been fixed by re-ordering tasks in the RPC
wait queue. (BZ#1073731)
* Running a process in the background on a GFS2 file system could
sometimes trigger a glock recursion error that resulted in a kernel panic.
This happened when a readpage operation attempted to take a glock that had
already been held by another function. To prevent this error, GFS2 now
verifies whether the glock is already held when performing the readpage
operation. (BZ#1073953)
* A previous patch backport to the IUCV (Inter User Communication Vehicle)
code was incomplete. Consequently, when establishing an IUCV connection,
the kernel could, under certain circumstances, dereference a NULL pointer,
resulting in a kernel panic. A patch has been applied to correct this
problem by calling the proper function when removing IUCV paths.
(BZ#1077045)
In addition, this update adds the following enhancement:
* The lpfc driver had a fixed timeout of 60 seconds for SCSI task
management commands. With this update, the lpfc driver enables the user to
set this timeout within the range from 5 to 180 seconds. The timeout can
be changed by modifying the "lpfc_task_mgmt_tmo" parameter for the lpfc
driver. (BZ#1073123)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0414: java-1.6.0-sun security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-sunOracle Java SE version 6 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory pages, listed in the References section.
(CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437,
CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446,
CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452,
CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457,
CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465,
CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,
CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002,
CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780,
CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789,
CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803,
CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817,
CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824,
CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832,
CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849,
CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887,
CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899,
CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910,
CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375,
CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411,
CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422,
CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446,
CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456,
CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876,
CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412,
CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427,
CVE-2014-2428)
All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 75 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0369: httpd security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5httpdThe log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0412: java-1.7.0-oracle security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.7.0-oracleOracle Java SE version 7 includes the Oracle Java Runtime Environment and
the Oracle Java Software Development Kit.
This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE Critical
Patch Update Advisory page, listed in the References section.
(CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446,
CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453,
CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458,
CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397,
CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409,
CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421,
CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428)
All users of java-1.7.0-oracle are advised to upgrade to these updated
packages, which provide Oracle Java 7 Update 55 and resolve these issues.
All running instances of Oracle Java must be restarted for the update to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0508: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.6.0-ibmIBM Java SE version 6 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-0457, CVE-2014-2421,
CVE-2014-0429, CVE-2014-0461, CVE-2014-2428, CVE-2014-0446, CVE-2014-0452,
CVE-2014-0451, CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414,
CVE-2014-2412, CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629,
CVE-2014-2401, CVE-2014-0449, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876,
CVE-2014-2420)
All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 6 SR16 release. All running instances
of IBM Java must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkThe java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.
An input validation flaw was discovered in the medialib library in the 2D
component. A specially crafted image could trigger Java Virtual Machine
memory corruption when processed. A remote attacker, or an untrusted Java
application or applet, could possibly use this flaw to execute arbitrary
code with the privileges of the user running the Java Virtual Machine.
(CVE-2014-0429)
Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK.
An untrusted Java application or applet could use these flaws to trigger
Java Virtual Machine memory corruption and possibly bypass Java sandbox
restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421)
Multiple improper permission check issues were discovered in the Libraries
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2014-0457,
CVE-2014-0461)
Multiple improper permission check issues were discovered in the AWT,
JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java
application or applet could use these flaws to bypass certain Java sandbox
restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423,
CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427)
Multiple flaws were identified in the Java Naming and Directory Interface
(JNDI) DNS client. These flaws could make it easier for a remote attacker
to perform DNS spoofing attacks. (CVE-2014-0460)
It was discovered that the JAXP component did not properly prevent access
to arbitrary files when a SecurityManager was present. This flaw could
cause a Java application using JAXP to leak sensitive information, or
affect application availability. (CVE-2014-2403)
It was discovered that the Security component in OpenJDK could leak some
timing information when performing PKCS#1 unpadding. This could possibly
lead to the disclosure of some information that was meant to be protected
by encryption. (CVE-2014-0453)
It was discovered that the fix for CVE-2013-5797 did not properly resolve
input sanitization flaws in javadoc. When javadoc documentation was
generated from an untrusted Java source code and hosted on a domain not
controlled by the code author, these issues could make it easier to perform
cross-site scripting (XSS) attacks. (CVE-2014-2398)
An insecure temporary file use flaw was found in the way the unpack200
utility created log files. A local attacker could possibly use this flaw to
perform a symbolic link attack and overwrite arbitrary files with the
privileges of the user running unpack200. (CVE-2014-1876)
This update also fixes the following bug:
* The OpenJDK update to IcedTea version 1.13 introduced a regression
related to the handling of the jdk_version_info variable. This variable was
not properly zeroed out before being passed to the Java Virtual Machine,
resulting in a memory leak in the java.lang.ref.Finalizer class.
This update fixes this issue, and memory leaks no longer occur.
(BZ#1085373)
All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0380: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginThe flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB14-09,
listed in the References section.
Two flaws were found in the way flash-plugin displayed certain SWF content.
An attacker could use these flaws to create a specially crafted SWF file
that would cause flash-plugin to crash or, potentially, execute arbitrary
code when the victim loaded a page containing the malicious SWF content.
(CVE-2014-0506, CVE-2014-0507)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially crafted web
page. (CVE-2014-0508)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a specially
crafted web page. (CVE-2014-0509)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.350.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0536: mysql55-mysql security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5mysql55-mysqlMySQL is a multi-user, multi-threaded SQL database server. It consists of
the MySQL server daemon (mysqld) and many client programs and libraries.
This update fixes several vulnerabilities in the MySQL database server.
Information about these flaws can be found on the Oracle Critical Patch
Update Advisory page, listed in the References section. (CVE-2014-2436,
CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431,
CVE-2014-2432, CVE-2014-2438)
These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL
Release Notes listed in the References section for a complete list of
changes.
All MySQL users should upgrade to these updated packages, which correct
these issues. After installing this update, the MySQL server daemon
(mysqld) will be restarted automatically.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0341: wireshark security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5wiresharkBuffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0348: xalan-j2 security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6xalan-j2** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0206: openldap security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5openldapThe rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0310: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,
CVE-2014-1513, CVE-2014-1514)
Several information disclosure flaws were found in the way Firefox
processed malformed web content. An attacker could use these flaws to gain
access to sensitive information such as cross-domain content or protected
memory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,
CVE-2014-1508, CVE-2014-1505)
A memory corruption flaw was found in the way Firefox rendered certain PDF
files. An attacker able to trick a user into installing a malicious
extension could use this flaw to crash Firefox or, potentially, execute
arbitrary code with the privileges of the user running Firefox.
(CVE-2014-1509)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,
Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,
Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,
Jüri Aedla, George Hotz, and the security research firm VUPEN as the
original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.4.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0741: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7CentOS Linux 5CentOS Linux 6CentOS Linux 7firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes
Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey,
Abhishek Arya, and Nils as the original reporters of these issues.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.6.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.6.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 7Red Hat Enterprise Linux 7The operating system installed on the system is Red Hat Enterprise Linux 7.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 7.xCentOS Linux 7The operating system installed on the system is CentOS Linux 7.xMaria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0330: samba and samba3x security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6samba3xsambaSamba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0285: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A buffer overflow flaw was found in the way the qeth_snmp_command()
function in the Linux kernel's QETH network device driver implementation
handled SNMP IOCTL requests with an out-of-bounds length. A local,
unprivileged user could use this flaw to crash the system or, potentially,
escalate their privileges on the system. (CVE-2013-6381, Important)
* A flaw was found in the way the ipc_rcu_putref() function in the Linux
kernel's IPC implementation handled reference counter decrementing.
A local, unprivileged user could use this flaw to trigger an Out of Memory
(OOM) condition and, potentially, crash the system. (CVE-2013-4483,
Moderate)
* It was found that the Xen hypervisor implementation did not correctly
check privileges of hypercall attempts made by HVM guests, allowing
hypercalls to be invoked from protection rings 1 and 2 in addition to ring
0. A local attacker in an HVM guest able to execute code on privilege
levels 1 and 2 could potentially use this flaw to further escalate their
privileges in that guest. Note: Xen HVM guests running unmodified versions
of Red Hat Enterprise Linux and Microsoft Windows are not affected by this
issue because they are known to only use protection rings 0 (kernel) and 3
(userspace). (CVE-2013-4554, Moderate)
* A flaw was found in the way the Linux kernel's Adaptec RAID controller
(aacraid) checked permissions of compat IOCTLs. A local attacker could use
this flaw to bypass intended security restrictions. (CVE-2013-6383,
Moderate)
* It was found that, under specific circumstances, a combination of write
operations to write-combined memory and locked CPU instructions may cause a
core hang on certain AMD CPUs (for more information, refer to AMD CPU
erratum 793 linked in the References section). A privileged user in a guest
running under the Xen hypervisor could use this flaw to cause a denial of
service on the host system. This update adds a workaround to the Xen
hypervisor implementation, which mitigates the AMD CPU issue. Note: this
issue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs
are not vulnerable. (CVE-2013-6885, Moderate)
* It was found that certain protocol handlers in the Linux kernel's
networking implementation could set the addr_len value without initializing
the associated data structure. A local, unprivileged user could use this
flaw to leak kernel stack memory to user space using the recvmsg, recvfrom,
and recvmmsg system calls. (CVE-2013-7263, Low)
* A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)
Red Hat would like to thank Vladimir Davydov of Parallels for reporting
CVE-2013-4483 and the Xen project for reporting CVE-2013-4554 and
CVE-2013-6885. Upstream acknowledges Jan Beulich as the original reporter
of CVE-2013-4554 and CVE-2013-6885.
This update also fixes several bugs and adds one enhancement.
Documentation for these changes will be available shortly from the
Technical Notes document linked to in the References section.
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement. The system must be rebooted for this update to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0266: sudo security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5sudoThe sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.
A flaw was found in the way sudo handled its blacklist of environment
variables. When the "env_reset" option was disabled, a user permitted to
run certain commands via sudo could use this flaw to run such a command
with one of the blacklisted environment variables set, allowing them to run
an arbitrary command with the target user's privileges. (CVE-2014-0106)
Note: This issue does not affect the default configuration of the sudo
package as shipped with Red Hat Enterprise Linux 5.
Red Hat would like to thank Todd C. Miller for reporting this issue.
Upstream acknowledges Sebastien Macke as the original reporter.
All sudo users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0249: postgresql security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5postgresqlPostgreSQL is an advanced object-relational database management system
(DBMS).
Multiple stack-based buffer overflow flaws were found in the date/time
implementation of PostgreSQL. An authenticated database user could provide
a specially crafted date/time value that, when processed, could cause
PostgreSQL to crash or, potentially, execute arbitrary code with the
permissions of the user running PostgreSQL. (CVE-2014-0063)
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in various type input functions in PostgreSQL. An authenticated
database user could possibly use these flaws to crash PostgreSQL or,
potentially, execute arbitrary code with the permissions of the user
running PostgreSQL. (CVE-2014-0064)
Multiple potential buffer overflow flaws were found in PostgreSQL.
An authenticated database user could possibly use these flaws to crash
PostgreSQL or, potentially, execute arbitrary code with the permissions of
the user running PostgreSQL. (CVE-2014-0065)
It was found that granting an SQL role to a database user in a PostgreSQL
database without specifying the "ADMIN" option allowed the grantee to
remove other users from their granted role. An authenticated database user
could use this flaw to remove a user from an SQL role which they were
granted access to. (CVE-2014-0060)
A flaw was found in the validator functions provided by PostgreSQL's
procedural languages (PLs). An authenticated database user could possibly
use this flaw to escalate their privileges. (CVE-2014-0061)
A race condition was found in the way the CREATE INDEX command performed
multiple independent lookups of a table that had to be indexed. An
authenticated database user could possibly use this flaw to escalate their
privileges. (CVE-2014-0062)
It was found that the chkpass extension of PostgreSQL did not check the
return value of the crypt() function. An authenticated database user could
possibly use this flaw to crash PostgreSQL via a null pointer dereference.
(CVE-2014-0066)
Red Hat would like to thank the PostgreSQL project for reporting these
issues. Upstream acknowledges Noah Misch as the original reporter of
CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the
original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as
the original reporters of CVE-2014-0065, Andres Freund as the original
reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original
reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the
original reporters of CVE-2014-0066.
These updated packages upgrade PostgreSQL to version 8.4.20, which fixes
these issues as well as several non-security issues. Refer to the
PostgreSQL Release Notes for a full list of changes:
http://www.postgresql.org/docs/8.4/static/release-8-4-19.html
http://www.postgresql.org/docs/8.4/static/release-8-4-20.html
All PostgreSQL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. If the postgresql
service is running, it will be automatically restarted after installing
this update.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0740: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe kernel packages contain the Linux kernel, the core of any Linux
operating system.
* A flaw was found in the way the Linux kernel's floppy driver handled user
space provided data in certain error code paths while processing FDRAWCMD
IOCTL commands. A local user with write access to /dev/fdX could use this
flaw to free (using the kfree() function) arbitrary kernel memory.
(CVE-2014-1737, Important)
* It was found that the Linux kernel's floppy driver leaked internal kernel
memory addresses to user space during the processing of the FDRAWCMD IOCTL
command. A local user with write access to /dev/fdX could use this flaw to
obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)
Note: A local user with write access to /dev/fdX could use these two flaws
(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their
privileges on the system.
* A NULL pointer dereference flaw was found in the rds_ib_laddr_check()
function in the Linux kernel's implementation of Reliable Datagram Sockets
(RDS). A local, unprivileged user could use this flaw to crash the system.
(CVE-2013-7339, Moderate)
Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and
CVE-2014-1738.
This update also fixes the following bugs:
* A bug in the futex system call could result in an overflow when passing
a very large positive timeout. As a consequence, the FUTEX_WAIT operation
did not work as intended and the system call was timing out immediately.
A backported patch fixes this bug by limiting very large positive timeouts
to the maximal supported value. (BZ#1091832)
* A new Linux Security Module (LSM) functionality related to the setrlimit
hooks should produce a warning message when used by a third party module
that could not cope with it. However, due to a programming error, the
kernel could print this warning message when a process was setting rlimits
for a different process, or if rlimits were modified by another than the
main thread even though there was no incompatible third party module. This
update fixes the relevant code and ensures that the kernel handles this
warning message correctly. (BZ#1092869)
* Previously, the kernel was unable to detect KVM on system boot if the
Hyper-V emulation was enabled. A patch has been applied to ensure that
both KVM and Hyper-V hypervisors are now correctly detected during system
boot. (BZ#1094152)
* A function in the RPC code responsible for verifying whether cached
credentials match the current process did not perform the check correctly.
The code checked only whether the groups in the current process
credentials appear in the same order as in the cached credentials but did
not ensure that no other groups are present in the cached credentials. As
a consequence, when accessing files in NFS mounts, a process with the same
UID and GID as the original process but with a non-matching group list
could have been granted an unauthorized access to a file, or under certain
circumstances, the process could have been wrongly prevented from
accessing the file. The incorrect test condition has been fixed and the
problem can no longer occur. (BZ#1095062)
* When being under heavy load, some Fibre Channel storage devices, such as
Hitachi and HP Open-V series, can send a logout (LOGO) message to the
host system. However, due to a bug in the lpfc driver, this could result
in a loss of active paths to the storage and the paths could not be
recovered without manual intervention. This update corrects the lpfc
driver to ensure automatic recovery of the lost paths to the storage in
this scenario. (BZ#1096061)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0223: libtiff security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5libtiffThe LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0186: mysql55-mysql security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5mysql55-mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0196: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginDouble free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2014.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0185: openswan security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6openswanOpenswan 2.6.39 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0211: postgresql84 and postgresql security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6postgresql84postgresqlPostgreSQL is an advanced object-relational database management system
(DBMS).
Multiple stack-based buffer overflow flaws were found in the date/time
implementation of PostgreSQL. An authenticated database user could provide
a specially crafted date/time value that, when processed, could cause
PostgreSQL to crash or, potentially, execute arbitrary code with the
permissions of the user running PostgreSQL. (CVE-2014-0063)
Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in various type input functions in PostgreSQL. An authenticated
database user could possibly use these flaws to crash PostgreSQL or,
potentially, execute arbitrary code with the permissions of the user
running PostgreSQL. (CVE-2014-0064)
Multiple potential buffer overflow flaws were found in PostgreSQL.
An authenticated database user could possibly use these flaws to crash
PostgreSQL or, potentially, execute arbitrary code with the permissions of
the user running PostgreSQL. (CVE-2014-0065)
It was found that granting an SQL role to a database user in a PostgreSQL
database without specifying the "ADMIN" option allowed the grantee to
remove other users from their granted role. An authenticated database user
could use this flaw to remove a user from an SQL role which they were
granted access to. (CVE-2014-0060)
A flaw was found in the validator functions provided by PostgreSQL's
procedural languages (PLs). An authenticated database user could possibly
use this flaw to escalate their privileges. (CVE-2014-0061)
A race condition was found in the way the CREATE INDEX command performed
multiple independent lookups of a table that had to be indexed. An
authenticated database user could possibly use this flaw to escalate their
privileges. (CVE-2014-0062)
It was found that the chkpass extension of PostgreSQL did not check the
return value of the crypt() function. An authenticated database user could
possibly use this flaw to crash PostgreSQL via a null pointer dereference.
(CVE-2014-0066)
Red Hat would like to thank the PostgreSQL project for reporting these
issues. Upstream acknowledges Noah Misch as the original reporter of
CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the
original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as
the original reporters of CVE-2014-0065, Andres Freund as the original
reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original
reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the
original reporters of CVE-2014-0066.
These updated packages upgrade PostgreSQL to version 8.4.20, which fixes
these issues as well as several non-security issues. Refer to the
PostgreSQL Release Notes for a full list of changes:
http://www.postgresql.org/docs/8.4/static/release-8-4-19.html
http://www.postgresql.org/docs/8.4/static/release-8-4-20.html
All PostgreSQL users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. If the postgresql
service is running, it will be automatically restarted after installing
this update.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0311: php security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5phpPHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server.
A buffer overflow flaw was found in the way PHP parsed floating point
numbers from their text representation. If a PHP application converted
untrusted input strings to numbers, an attacker able to provide such input
could cause the application to crash or, possibly, execute arbitrary code
with the privileges of the application. (CVE-2009-0689)
It was found that PHP did not properly handle file names with a NULL
character. A remote attacker could possibly use this flaw to make a PHP
script access unexpected files and bypass intended file system access
restrictions. (CVE-2006-7243)
All php users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, the httpd daemon must be restarted for the update to
take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0626: openssl097a and openssl098e security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6openssl097aopenssl098eOpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols, as well as a
full-strength, general purpose cryptography library.
It was found that OpenSSL clients and servers could be forced, via a
specially crafted handshake packet, to use weak keying material for
communication. A man-in-the-middle attacker could use this flaw to decrypt
and modify traffic between a client and a server. (CVE-2014-0224)
Note: In order to exploit this flaw, both the server and the client must be
using a vulnerable version of OpenSSL; the server must be using OpenSSL
version 1.0.1 and above, and the client must be using any version of
OpenSSL. For more information about this flaw, refer to:
https://access.redhat.com/site/articles/904433
Red Hat would like to thank the OpenSSL project for reporting this issue.
Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter
of this issue.
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. For the update to take
effect, all services linked to the OpenSSL library (such as httpd and other
SSL-enabled services) must be restarted or the system rebooted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0316: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512,
CVE-2014-1513, CVE-2014-1514)
Several information disclosure flaws were found in the way Thunderbird
processed malformed web content. An attacker could use these flaws to gain
access to sensitive information such as cross-domain content or protected
memory addresses or, potentially, cause Thunderbird to crash.
(CVE-2014-1497, CVE-2014-1508, CVE-2014-1505)
A memory corruption flaw was found in the way Thunderbird rendered certain
PDF files. An attacker able to trick a user into installing a malicious
extension could use this flaw to crash Thunderbird or, potentially, execute
arbitrary code with the privileges of the user running Thunderbird.
(CVE-2014-1509)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij,
Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith,
Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski,
Jüri Aedla, George Hotz, and the security research firm VUPEN as the
original reporters of these issues.
Note: All of the above issues cannot be exploited by a specially-crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
For technical details regarding these flaws, refer to the Mozilla security
advisories for Thunderbird 24.4.0. You can find a link to the Mozilla
advisories in the References section of this erratum.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 24.4.0, which corrects these issues.
After installing the update, Thunderbird must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0289: flash-plugin security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0247: gnutls security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5gnutlslib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does not properly handle unspecified errors when verifying X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.Sergey ArtykhovDRAFTINTERIMMaria MikhnoACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0322: net-snmp security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5net-snmp** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0486: java-1.7.0-ibm security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.7.0-ibmIBM Java SE version 7 includes the IBM Java Runtime Environment and the IBM
Java Software Development Kit.
This update fixes several vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Detailed
vulnerability descriptions are linked from the IBM Security alerts
page, listed in the References section. (CVE-2014-0457, CVE-2014-2421,
CVE-2014-0429, CVE-2014-0461, CVE-2014-0455, CVE-2014-2428, CVE-2014-0448,
CVE-2014-0454, CVE-2014-0446, CVE-2014-0452, CVE-2014-0451, CVE-2014-2402,
CVE-2014-2423, CVE-2014-2427, CVE-2014-0458, CVE-2014-2414, CVE-2014-2412,
CVE-2014-2409, CVE-2014-0460, CVE-2013-6954, CVE-2013-6629, CVE-2014-2401,
CVE-2014-0449, CVE-2014-0459, CVE-2014-0453, CVE-2014-2398, CVE-2014-1876,
CVE-2014-2420)
All users of java-1.7.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 7 SR7 release. All running instances
of IBM Java must be restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0305: samba security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5sambaSamba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible
machines to share files, printers, and other information.
It was discovered that the Samba Web Administration Tool (SWAT) did not
protect against being opened in a web page frame. A remote attacker could
possibly use this flaw to conduct a clickjacking attack against SWAT users
or users with an active SWAT session. (CVE-2013-0213)
A flaw was found in the Cross-Site Request Forgery (CSRF) protection
mechanism implemented in SWAT. An attacker with the knowledge of a victim's
password could use this flaw to bypass CSRF protections and conduct a CSRF
attack against the victim SWAT user. (CVE-2013-0214)
An integer overflow flaw was found in the way Samba handled an Extended
Attribute (EA) list provided by a client. A malicious client could send a
specially crafted EA list that triggered an overflow, causing the server to
loop and reprocess the list using an excessive amount of memory.
(CVE-2013-4124)
Note: This issue did not affect the default configuration of the Samba
server.
Red Hat would like to thank the Samba project for reporting CVE-2013-0213
and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter
of CVE-2013-0213 and CVE-2013-0214.
All users of Samba are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the smb service will be restarted automatically.Sergey ArtykhovDRAFTMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0135: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0132: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6firefoxThe Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0028: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to defeat the ASLR protection mechanism by leveraging an "address leak."Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0108: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelXen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0174: piranha security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5piranhaThe Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0163: kvm security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kvmThe KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2014:0137: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginInteger underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0534: libpng security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5libpnglibpng10Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0542: openldap security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5openldapOpenLDAP 2.4.22 allows remote attackers to cause a denial of service (crash) via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0737: freetype security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5freetypeInteger overflow in base/ftstream.c in libXft (aka the X FreeType library) in FreeType before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Compact Font Format (CFF) font file that triggers a heap-based buffer overflow, related to an "input stream position error" issue, a different vulnerability than CVE-2010-1797.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0623: flash-plugin security update (Critical)Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0809: xulrunner security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5xulrunnerMozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0782: firefox security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5firefoxnssxulrunnerThe LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0753: kdegraphics security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kdegraphicsThe FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0898: kvm security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kvmThe KVM implementation in the Linux kernel before 2.6.36 does not properly reload the FS and GS segment registers, which allows host OS users to cause a denial of service (host OS crash) via a KVM_RUN ioctl call in conjunction with a modified Local Descriptor Table (LDT).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0807: java-1.5.0-ibm security update (Critical)Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0458: perl security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5perlThe Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0574: java-1.4.2-ibm security update (Critical)Red Hat Enterprise Linux 5java-1.4.2-ibmUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0812: thunderbird security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdMozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0681: firefox security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5firefoxnsprnssxulrunnerMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0636: acroread security update (Critical)Red Hat Enterprise Linux 5acroreadInteger overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3, allows remote attackers to execute arbitrary code via a TrueType font with a large maxCompositePoints value in a Maximum Profile (maxp) table.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0556: firefox security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5firefoxxulrunnerlayout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, related to the DATA and SRC attributes of an OBJECT element. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-1214.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0950: apr-util security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6apr-utilMemory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0528: avahi security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5avahiThe AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0547: firefox security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5firefoxxulrunnerdom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0825: mysql security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5mysqlThe Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0743: acroread security update (Critical)Red Hat Enterprise Linux 5acroreadAdobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0505: perl-Archive-Tar security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5perl-Archive-TarDirectory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbitrary files via a TAR archive that contains a file whose name is an absolute path or has ".." sequences.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0829: flash-plugin security update (Critical)Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0780: thunderbird security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdA certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0987: java-1.6.0-ibm security and bug fix update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.6.0-ibmUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0749: poppler security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5popplerThe FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0490: cups security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5cupsThe cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0704: kernel security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0603: gnupg2 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gnupg2Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc operation when importing the certificate or verifying its signature.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0785: quagga security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5quaggaStack-based buffer overflow in the bgp_route_refresh_receive function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a malformed Outbound Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0976: bind security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bindISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0134: java-1.7.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.7.0-ibmUnspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0632: qspice-client security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5qspice-clientRace condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0935: java-1.4.2-ibm security update (Moderate)Red Hat Enterprise Linux 5java-1.4.2-ibmUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0889: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeBuffer overflow in the ft_var_readpackedpoints function in truetype/ttgxvar.c in FreeType 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TrueType GX font.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0723: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelInteger overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0788: pidgin security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pidginlibpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via a crafted message, related to the plugins for MSN, MySpaceIM, XMPP, and Yahoo! and the NTLM authentication support.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0934: acroread security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6acroreadThe EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0549: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0533: pcsc-lite security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pcsc-liteMultiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0400: tetex security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5tetexMultiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0926: krb5 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5krb5MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0489: java-1.5.0-ibm security update (Critical)Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0503: acroread security update (Critical)Red Hat Enterprise Linux 5acroreadBuffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0545: thunderbird security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirddom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0567: lvm2-cluster security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5lvm2-clusterThe cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and other products, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service (daemon exit or logical-volume change) or possibly have unspecified other impact via crafted control commands.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0361: sudo security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5sudoThe command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0742: postgresql and postgresql84 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5postgresqlpostgresql84The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before 9.0.1 do not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, as demonstrated by (1) redefining standard functions or (2) redefining operators, a different vulnerability than CVE-2010-1168, CVE-2010-1169, CVE-2010-1170, and CVE-2010-1447.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0811: cups security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5cupsipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0697: samba security and bug fix update (Critical)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5sambaStack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0578: freetype security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5freetypeBuffer overflow in ftmulti.c in the ftmulti demo program in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0998: kvm security and bug fix update (Low)Red Hat Enterprise Linux 5kvmarch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0652: ImageMagick security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5ImageMagickInteger overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0382: xorg-x11-server security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5xorg-x11-serverThe fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0139: pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6pidginThe IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0787: glibc security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5glibcelf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) through 2.11.2, and 2.12.x through 2.12.1, does not properly handle a value of $ORIGIN for the LD_AUDIT environment variable, which allows local users to gain privileges via a crafted dynamic shared object (DSO) located in an arbitrary directory.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1479: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0221: squid security and bug fix update (Low)Red Hat Enterprise Linux 5squidlib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0162: openssl security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5opensslThe kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1268: firefox security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
The RHSA-2011:1242 Firefox update rendered HTTPS certificates signed by a
certain Certificate Authority (CA) as untrusted, but made an exception for
a select few. This update removes that exception, rendering every HTTPS
certificate signed by that CA as untrusted. (BZ#735483)
All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.22. After installing the update, Firefox must be
restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1341: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attacks via crafted header values.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0097: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0181: brltty security and bug fix update (Low)Red Hat Enterprise Linux 5brlttyUntrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0130: java-1.5.0-ibm security update (Moderate)Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0348: kdebase security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kdebaseRace condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0019: kernel security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kerneldrivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0044: pidgin security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5pidginDirectory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0273: curl security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 5curlcontent_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0088: kvm security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kvmThe pit_ioport_read function in the Programmable Interval Timer (PIT) emulation in i8254.c in KVM 83 does not properly use the pit_state data structure, which allows guest OS users to cause a denial of service (host OS crash or hang) by attempting to read the /dev/port file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0819: pam security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pamThe check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1109: foomatic security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5foomaticfoomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 allows remote attackers to execute arbitrary code via a crafted *FoomaticRIPCommandLine field in a .ppd file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0839: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0141: tar security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5tarHeap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1845: tomcat5 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5tomcat5DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1324: qt4 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5qt4Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1159: java-1.4.2-ibm security update (Critical)Red Hat Enterprise Linux 5java-1.4.2-ibmThe class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than CVE-2011-0311.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1851: krb5 security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5krb5Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0112: firefox security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5firefoxxulrunnerMozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0332: firefox security update (Critical)Red Hat Enterprise Linux 5firefoxxulrunnerMozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0519: libtiff security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5libtiffInteger overflow in the ReadDirectory function in tiffdump.c in tiffdump in LibTIFF before 3.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF file containing a directory data structure with many directory entries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0430: postgresql84 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5postgresql84PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0518: scsi-target-utils security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5scsi-target-utilsMultiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target Subsystem for Linux (aka SCST or iscsi-scst) 1.0.1.1 and earlier allow remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via (a) a long iSCSI Name string in an SCN message or (b) an invalid PDU.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0475: sudo security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5sudoThe secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1815: icu security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6icuStack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0114: acroread security and bug fix update (Critical)Red Hat Enterprise Linux 5acroreadUnspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0442: mysql security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5mysqlBuffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1434: acroread security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6acroreadInteger overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0362: scsi-target-utils security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5scsi-target-utilsMultiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0659: httpd security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5httpdmod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1087: java-1.5.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0770: java-1.6.0-sun security update (Critical)Red Hat Enterprise Linux 5java-1.6.0-sunUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1392: httpd security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5httpdThe mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0061: gzip security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5gzipInteger underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0615: libvirt security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5libvirtRed Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0122: sudo security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5sudosudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1478: java-1.5.0-ibm security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.5.0-ibmUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0126: kvm security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kvmThe x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1458: bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6bindquery.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0291: gfs-kmod security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 5gfs-kmodThe gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1242: firefox security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
It was found that a Certificate Authority (CA) issued a fraudulent HTTPS
certificate. This update renders any HTTPS certificates signed by that
CA as untrusted, except for a select few. The now untrusted certificates
that were issued before July 1, 2011 can be manually re-enabled and used
again at your own risk in Firefox; however, affected certificates issued
after this date cannot be re-enabled or used. (BZ#734316)
All Firefox users should upgrade to these updated packages, which contain
a backported patch. After installing the update, Firefox must be restarted
for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0580: tomcat5 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5tomcat5Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0338: java-1.5.0-sun security update (Critical)Red Hat Enterprise Linux 5java-1.5.0-sunUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0488: samba and samba3x security update (Critical)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5sambasamba3xBuffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1132: dbus security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6dbusThe _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus (aka DBus) 1.2.x before 1.2.28, 1.4.x before 1.4.12, and 1.5.x before 1.5.4 does not properly handle a non-native byte order, which allows local users to cause a denial of service (connection loss), obtain potentially sensitive information, or conduct unspecified state-modification attacks via crafted messages.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0136: java-1.5.0-ibm security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0610: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0003: gd security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gdThe _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly verify a certain colorsTotal structure member, which might allow remote attackers to conduct buffer overflow or buffer over-read attacks via a crafted GD file, a different vulnerability than CVE-2009-3293. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0337: java-1.6.0-sun security update (Critical)Red Hat Enterprise Linux 5java-1.6.0-sunUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0108: NetworkManager security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5NetworkManagernm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0720: mikmod security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5mikmodHeap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0661: kernel security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1508: cyrus-imapd security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6cyrus-imapdThe index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0585: lftp security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5lftpThe get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1243: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
It was found that a Certificate Authority (CA) issued a fraudulent HTTPS
certificate. This update renders any HTTPS certificates signed by that
CA as untrusted, except for a select few. The now untrusted certificates
that were issued before July 1, 2011 can be manually re-enabled and used
again at your own risk in Thunderbird; however, affected certificates
issued after this date cannot be re-enabled or used. (BZ#734316)
All Thunderbird users should upgrade to this updated package, which
resolves this issue. All running instances of Thunderbird must be
restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0349: acroread security update (Critical)Red Hat Enterprise Linux 5acroreadHeap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1154: libXfont security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libXfontThe LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0970: exim security update (Critical)Red Hat Enterprise Linux 5eximHeap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0237: sendmail security and bug fix update (Low)Red Hat Enterprise Linux 5sendmailsendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0464: flash-plugin security update (Critical)Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0894: systemtap security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6systemtapThe staprun runtime tool in SystemTap 1.3 does not verify that a module to unload was previously loaded by SystemTap, which allows local users to cause a denial of service (unloading of arbitrary kernel modules).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0027: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkUnspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the January 2014 CPU. Oracle has not commented on third-party claims that the issue is related to "insufficient security checks in IIOP streams," which allows attackers to escape the sandbox.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0633: qspice security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5qspicelibspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0703: bzip2 security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5bzip2Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1282: nss and nspr security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6nsprnssnss-toolsNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.
Netscape Portable Runtime (NSPR) provides platform independence for non-GUI
operating system facilities.
It was found that a Certificate Authority (CA) issued fraudulent HTTPS
certificates. This update renders any HTTPS certificates signed by that CA
as untrusted. This covers all uses of the certificates, including SSL,
S/MIME, and code signing. (BZ#734316)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.
These updated packages upgrade NSS to version 3.12.10 on Red Hat Enterprise
Linux 4 and 5. As well, they upgrade NSPR to version 4.8.8 on Red Hat
Enterprise Linux 4 and 5, as required by the NSS update. The packages for
Red Hat Enterprise Linux 6 include a backported patch.
All NSS and NSPR users should upgrade to these updated packages, which
correct this issue. After installing the update, applications using NSS and
NSPR must be restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1333: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0978: openssl security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5opensslOpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0343: krb5 security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5krb5Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0271: kvm security, bug fix and enhancement update (Important)Red Hat Enterprise Linux 5kvmThe virtio_net_bad_features function in hw/virtio-net.c in the virtio-net driver in the Linux kernel before 2.6.26, when used on a guest OS in conjunction with qemu-kvm 0.11.0 or KVM 83, allows remote attackers to cause a denial of service (guest OS crash, and an associated qemu-kvm process exit) by sending a large amount of network traffic to a TCP port on the guest OS, related to a virtio-net whitelist that includes an improper implementation of TCP Segment Offloading (TSO).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1005: sysstat security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5sysstatThe init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0129: cups security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5cupsUse-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0887: thunderbird security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdCRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0919: php security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5phpThe utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0625: wireshark security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5wiresharkThe SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0565: w3m security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5w3mistream.c in w3m 0.5.2 and possibly other versions, when ssl_verify_server is enabled, does not properly handle a '\0' character in a domain name in the (1) subject's Common Name or (2) Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1089: systemtap security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5systemtapThe insert_module function in runtime/staprun/staprun_funcs.c in the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module initialization.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1317: cyrus-imapd security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6cyrus-imapdStack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1343: thunderbird security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdMozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1438: thunderbird security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdCross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1455: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeFreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0321: automake security update (Low)Red Hat Enterprise Linux 5automakeautomake14automake15automake16automake17The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the build tree, which introduces a race condition that allows local users to modify the contents of package files, introduce Trojan horse programs, or conduct other attacks before the build is complete.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1384: java-1.6.0-sun security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-sunUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0792: kernel security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0926: bind security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5bind97bindUnspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1245: httpd security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6httpdThe byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0679: rpm security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5rpmlib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0793: glibc security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5glibcld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0698: samba3x security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5samba3xStack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1160: dhcp security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6dhcpThe server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1144: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginAdobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0706: flash-plugin security update (Critical)Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0938: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.6.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0999: rsync security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5rsyncUnspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1187: dovecot security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6dovecotlib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1811: netpbm security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5netpbmThe jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer 1.900.1 uses an incorrect data type during a certain size calculation, which allows remote attackers to trigger a heap-based buffer overflow and execute arbitrary code, or cause a denial of service (heap memory corruption), via a crafted component registration (CRG) marker segment in a JPEG2000 file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0504: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0833: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe get_free_port function in Xen allows local authenticated DomU users to cause a denial of service or possibly gain privileges via unspecified vectors involving a new event channel port.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0347: nss_db security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5nss_dbThe Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1267: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
The RHSA-2011:1243 Thunderbird update rendered HTTPS certificates signed by
a certain Certificate Authority (CA) as untrusted, but made an exception
for a select few. This update removes that exception, rendering every HTTPS
certificate signed by that CA as untrusted. (BZ#735483)
All Thunderbird users should upgrade to this updated package, which
resolves this issue. All running instances of Thunderbird must be
restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0436: avahi security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5avahiavahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1401: xen security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5xenBuffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before 0.15.2, as used by Xen, might allow local guest users with permission to access the CD-ROM to cause a denial of service (guest crash) via a crafted SAI READ CAPACITY SCSI command. NOTE: this is only a vulnerability when root has manually modified certain permissions or ACLs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1073: bash security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5bashbash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1104: libpng security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5libpngThe png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1402: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeFreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0002: PyXML security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5PyXMLThe updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0966: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6firefoxxulrunnerUnspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1459: bind97 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bind97query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial of service (assertion failure and named exit) via unknown vectors related to recursive DNS queries, error logging, and the caching of an invalid record by the resolver.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0039: gcc and gcc4 security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5gccgcc4ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0339: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1359: xorg-x11-server security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xorg-x11-serverThe ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "input sanitization flaw."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0844: apr security update (Low)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6aprThe fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0372: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginUnspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1065: Red Hat Enterprise Linux 5.7 kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel before 3.0-rc1 does not ensure that the size of a chunk allocation is a multiple of the block size, which allows local users to cause a denial of service (BUG and system crash) by arranging for all resource groups to have too little free space.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0459: openoffice.org security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5openoffice.orgopenoffice.org2OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0281: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations."Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1444: nss security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6Network Security Services (NSS) is a set of libraries designed to support
the development of security-enabled client and server applications.
It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate
Certificate Authority (CA) issued HTTPS certificates with weak keys. This
update renders any HTTPS certificates signed by that CA as untrusted. This
covers all uses of the certificates, including SSL, S/MIME, and code
signing. Note: Digicert Sdn. Bhd. is not the same company as found at
digicert.com. (BZ#751366)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.
This update also fixes the following bug on Red Hat Enterprise Linux 5:
* When using mod_nss with the Apache HTTP Server, a bug in NSS on Red Hat
Enterprise Linux 5 resulted in file descriptors leaking each time the
Apache HTTP Server was restarted with the "service httpd reload" command.
This could have prevented the Apache HTTP Server from functioning properly
if all available file descriptors were consumed. (BZ#743508)
For Red Hat Enterprise Linux 6, these updated packages upgrade NSS to
version 3.12.10. As well, they upgrade NSPR (Netscape Portable Runtime) to
version 4.8.8 and nss-util to version 3.12.10 on Red Hat
Enterprise Linux 6, as required by the NSS update. (BZ#735972, BZ#736272,
BZ#735973)
All NSS users should upgrade to these updated packages, which correct this
issue. After installing the update, applications using NSS must be
restarted for the changes to take effect. In addition, on Red Hat
Enterprise Linux 6, applications using NSPR and nss-util must also be
restarted.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0496: xen security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5xenMultiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0975: sssd security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5sssdThe pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0492: python security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pythonThe urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x before 3.2.1 process Location headers that specify redirection to file: URLs, which makes it easier for remote attackers to obtain sensitive information or cause a denial of service (resource consumption) via a crafted URL, as demonstrated by the file:///etc/passwd and file:///dev/zero URLs.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0027: python security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5pythonThe audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0506: rdesktop security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5rdesktopDirectory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a .. (dot dot) in a pathname.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0101: openoffice.org security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5openoffice.orgopenoffice.org2filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0025: gcc security and bug fix update (Low)Red Hat Enterprise Linux 5gccAbsolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0478: libvirt security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5libvirtlibvirtd in libvirt before 0.9.0 does not use thread-safe error reporting, which allows remote attackers to cause a denial of service (crash) by causing multiple threads to report errors at the same time.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0257: subversion security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5subversionMultiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 allow remote authenticated users to cause a denial of service (memory consumption and daemon crash) via the -g option to the blame command.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0918: curl security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5curlThe Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0062: bind security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5bindISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0511: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6flash-pluginInteger overflow in Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code via ActionScript that improperly handles a long array object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0292: java-1.4.2-ibm security update (Moderate)Red Hat Enterprise Linux 5java-1.4.2-ibmThe Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0376: dbus security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6dbusStack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 allows local users to cause a denial of service (daemon crash) via a message containing many nested variants.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0018: libXfont security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libXfontStack-based buffer overflow in the bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont 1.1 through 1.4.6 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string in a character name in a BDF font file.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0392: libtiff security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libtiffHeap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0169: java-1.5.0-ibm security and bug fix update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.5.0-ibmUnspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the color profile parser that allows remote attackers to execute arbitrary code via a crafted Tag structure in a color profile.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0843: postfix security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5postfixThe SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x before 2.7.4, and 2.8.x before 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote attackers to cause a denial of service (heap memory corruption and daemon crash) or possibly execute arbitrary code via an invalid AUTH command with one method followed by an AUTH command with a different method.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0305: samba security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5sambaSamba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0927: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0102: flash-plugin security update (Important)Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 allow remote attackers to cause a denial of service (application crash) via a modified SWF file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1019: libvirt security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5libvirtInteger overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0115: pidgin security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pidgingtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1386: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelA certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1164: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0164: openssl097a security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5openssl097aThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1220: samba3x security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5samba3xThe check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denial of service (mtab corruption) via a crafted string. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-0547.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0412: glibc security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5glibcInteger overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0346: openldap security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5openldapchain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a master-slave configuration with a chain overlay and ppolicy_forward_updates (aka authentication-failure forwarding) is used, allows remote authenticated users to bypass external-program authentication by sending an invalid password to a slave server.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0147: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0282: java-1.6.0-sun security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.6.0-sunThe Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0206: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, and CVE-2011-0607.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0337: vsftpd security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5vsftpdThe vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0170: libuser security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6libuserlibuser before 0.57 uses a cleartext password value of (1) !! or (2) x for new LDAP user accounts, which makes it easier for remote attackers to obtain access by specifying one of these values.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1241: ecryptfs-utils security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6ecryptfs-utils** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0627: kvm security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kvmThe subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0166: gnutls security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gnutlsThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0198: postgresql84 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5postgresql84Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0303: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe socket implementation in net/core/sock.c in the Linux kernel before 2.6.35 does not properly manage a backlog of received packets, which allows remote attackers to cause a denial of service by sending a large amount of network traffic, related to the sk_add_backlog function and the sk_rmem_alloc socket field. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4251.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0324: logwatch security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5logwatchlogwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0312: thunderbird security update (Moderate)Red Hat Enterprise Linux 5thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0018: dbus security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5dbusThe _dbus_validate_signature_with_reason function (dbus-marshal-validate.c) in D-Bus (aka DBus) before 1.2.14 uses incorrect logic to validate a basic type, which allows remote attackers to spoof a signature via a crafted key. NOTE: this is due to an incorrect fix for CVE-2008-3834.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0199: krb5 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5krb5The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0154: hplip security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5hpliphplip3Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0291: java-1.5.0-ibm security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.5.0-ibmThe Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0398: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Pointer ULE.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0786: java-1.4.2-ibm security update (Critical)Red Hat Enterprise Linux 5java-1.4.2-ibmUnspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0198: openldap security and bug fix update (Moderate)Red Hat Enterprise Linux 5openldaplibraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0054: openssl security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5opensslMemory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1377: postgresql security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6postgresqlcrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1378: postgresql84 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5postgresql84crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0651: spice-xpi security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5spice-xpiThe SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0046: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelA certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and trigger a routing "emergency" in which a hash chain is too long. NOTE: this is related to an issue in the Linux kernel before 2.6.31, when the kernel routing cache is disabled, involving an uninitialized pointer and a panic.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1385: kdelibs and kdelibs3 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6kdelibskdelibs3The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0429: postgresql security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5postgresqlPostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1371: pidgin security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pidginThe g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0370: wireshark security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5wiresharkepan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark before 1.4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted .pcap file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1437: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1423: php53 and php security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6php53phpcrypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0471: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5firefoxxulrunnerThe xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0029: krb5 security update (Critical)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5krb5Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0176: java-1.6.0-openjdk security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkThe JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0163: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelRace condition in the sctp_icmp_proto_unreachable function in net/sctp/input.c in Linux kernel 2.6.11-rc2 through 2.6.33 allows remote attackers to cause a denial of service (panic) via an ICMP unreachable message to a socket that is already locked by a user, which causes the socket to be freed and triggers list corruption, related to the sctp_wait_for_connect function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0860: java-1.6.0-sun security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.6.0-sunUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, and 5.0 Update 29 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0968: thunderbird security update (Moderate)Red Hat Enterprise Linux 5thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0845: bind security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5bind97bindOff-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0153: exim security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5eximExim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1000: rgmanager security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5rgmanagerThe (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents (aka resource-agents or cluster-agents) 1.0.3 in Linux-HA place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0301: acroread security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6acroreadStack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1797: perl security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5perlEval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1165: thunderbird security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdMozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0214: java-1.6.0-openjdk security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkThe Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0428: dhcp security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5dhcpdhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0838: gimp security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gimpMultiple integer overflows in the load_image function in file-pcx.c in the Personal Computer Exchange (PCX) plugin in GIMP 2.6.x and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PCX image that triggers a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0133: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdThe Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0196: php53 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5php53strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU registers, as demonstrated using 2.2250738585072011e-308.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0451: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginAdobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0356: java-1.6.0-sun security update (Critical)Red Hat Enterprise Linux 5java-1.6.0-sunUnspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business JDK and JRE 6 Update 18 and 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0427: spice-xpi security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5spice-xpiThe SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0490: java-1.4.2-ibm security update (Critical)Red Hat Enterprise Linux 5java-1.4.2-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0501: firefox security, bug fix, and enhancement update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5devhelpescfirefoxgnome-python2-extrastotemxulrunneryelpThe JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0472: nss security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5nssnss-utilNetwork Security Services (NSS) is a set of libraries designed to support
the development of security-enabled client and server applications.
This erratum blacklists a small number of HTTPS certificates by adding
them, flagged as untrusted, to the NSS Builtin Object Token (the
libnssckbi.so library) certificate store. (BZ#689430)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not blacklist the certificates for applications that use the
NSS library, but do not use the NSS Builtin Object Token (such as curl).
All NSS users should upgrade to these updated packages, which correct this
issue. After installing the update, applications using NSS must be
restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0004: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelRace condition in the __exit_signal function in kernel/exit.c in the Linux kernel before 2.6.37-rc2 allows local users to cause a denial of service via vectors related to multithreaded exec, the use of a thread group leader in kernel/posix-cpu-timers.c, and the selection of a new thread group leader in the de_thread function in fs/exec.c.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0028: kvm security and bug fix update (Low)Red Hat Enterprise Linux 5kvmLinux kernel 2.6.33 and 2.6.34.y does not initialize the kvm_vcpu_events->interrupt.pad structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1512: libxml2 security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libxml2Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0307: mailman security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5mailmanMultiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) username field in a confirmation message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1431: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginBuffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, and CVE-2012-5277.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1349: rpm security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6rpmRPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0124: systemtap security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5systemtapMultiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1196: system-config-printer security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5system-config-printerpysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the (1) NetBIOS or (2) workgroup name, which are not properly handled when searching for network printers.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0394: conga security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5congaUnspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0909: ruby security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5rubyThe safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1445: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginAdobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2445, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, and CVE-2011-2459.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1483: thunderbird security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1326: pango security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pangoHeap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0318: libtiff security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5libtiffBuffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0357: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0616: dbus-glib security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5NetworkManagerdbus-glibDBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0859: cyrus-imapd security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5cyrus-imapdThe STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1465: java-1.5.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1256: ghostscript security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6ghostscriptMultiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PostScript or (2) PDF file with embedded images, which triggers a heap-based buffer overflow. NOTE: this issue is also described as an array index error.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1043: libwpd security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5libwpdThe WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1445: kernel security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 3.2.2, on the x86 platform and unspecified other platforms, allows user-assisted remote attackers to trigger inconsistent filesystem-groups data and possibly cause a denial of service via a malformed ext4 filesystem containing a super block with a large FLEX_BG group size (aka s_log_groups_per_flex value). NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4307.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1346: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginUnspecified vulnerability in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and attack vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0422: postfix security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5postfixThe STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0165: nss security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5nsprnssThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1288: libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libxml2Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1037: postgresql and postgresql84 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6postgresql84postgresqlPostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1174: kernel security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1820: pidgin security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pidginThe silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1090: nss and nspr security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5nsprnssThe ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1380: java-1.6.0-openjdk security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1130: xen security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5xenThe PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0423: krb5 security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5krb5The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1264: postgresql security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5postgresqlThe libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1362: thunderbird security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1422: openswan security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6openswanUse-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1350: firefox security and bug fix update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerHeap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1265: libxslt security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6libxsltDouble free vulnerability in libxslt, as used in Google Chrome before 22.0.1229.79, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XSL transforms.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0486: xmlsec1 security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5xmlsec1xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1054: libtiff security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libtiffMultiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0017: Red Hat Enterprise Linux 5.6 kernel security and bug fix update (Important)Red Hat Enterprise Linux 5kerneldrivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not initialize a certain port data structure, which allows local users to cause a denial of service (system crash) via read operations on an fc_host statistics file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0178: Red Hat Enterprise Linux 5.5 kernel security and bug fix update (Important)Red Hat Enterprise Linux 5kernelUse-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is in a listening (TCP_LISTEN) state, which is not properly handled and causes the skb structure to be freed.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1088: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0306: samba3x security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5samba3xSamba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1097: glibc security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5glibcThe vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than CVE-2012-3404 and CVE-2012-3405.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1267: bind security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bindISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1569: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0507: apr security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6aprStack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0152: java-1.4.2-ibm security update (Moderate)Red Hat Enterprise Linux 5java-1.4.2-ibmUnspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that HttpURLConnection does not properly check for the allowHttpTrace permission, which allows untrusted code to perform HTTP TRACE requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0850: flash-plugin security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1123: bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6bindISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0841: systemtap security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5systemtapSystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) via a crafted ELF program with DWARF expressions that are not properly handled by a stap script that performs context variable access.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0607: freetype security update (Important)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5freetypeMultiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0153: thunderbird security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdMozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0144: cpio security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5cpioHeap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:1219: samba security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5samba** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0180: pango security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5evolution28-pangopangoHeap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file, related to the glyph box for an FT_Bitmap object.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0411: openoffice.org security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5openoffice.orgRedland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0677: postgresql security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5postgresqlCRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1235: kvm security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kvmQemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0467: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeFreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0676: kvm security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kvmThe KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0682: thunderbird security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1238: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0885: firefox security and bug fix update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5firefoxxulrunnerCRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1210: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6firefoxxulrunnerThe web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1122: bind97 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bind97ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0710: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerHeap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0373: firefox security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5xulrunnerMozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
This erratum blacklists a small number of HTTPS certificates. (BZ#689430)
All Firefox users should upgrade to these updated packages, which contain
a backported patch. After installing the update, Firefox must be restarted
for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1385: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0336: tomcat5 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5tomcat5The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0109: mysql security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5mysqlMySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0715: thunderbird security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdHeap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0547: php53 security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5php53sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0383: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in the Java 2D component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow in a decoding routine used by the JPEGImageDecoderImpl interface, which allows code execution via a crafted JPEG image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0307: util-linux security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5util-linuxmount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0474: tomcat5 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5tomcat5Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0136: libvorbis security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6libvorbisMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0434: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginThe NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228 on Windows, Mac OS X, and Linux; Flash Player before 10.3.183.18 and 11.x before 11.2.202.223 on Solaris; Flash Player before 11.1.111.8 on Android 2.x and 3.x; and AIR before 3.2.0.2070 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0514: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1047: php53 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5php53Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0675: sudo security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5sudoSudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0508: java-1.5.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0466: samba3x security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5samba3xThe RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0690: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0546: php security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6phpsapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0388: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdUse-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0040: php security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3CentOS Linux 5phpThe htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0699: openssl security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6opensslInteger underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0449: rhn-client-tools security update (Moderate)Red Hat Enterprise Linux 5rhn-client-toolsyum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0182: openoffice.org security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5openoffice.orgHeap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1036: postgresql security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5postgresqlThe crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0722: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2010:0037: acroread security and bug fix update (Critical)Red Hat Enterprise Linux 5acroreadUse-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1590: libtiff security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libtiffStack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DOTRANGE tag in a TIFF image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1222: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerability than CVE-2012-3136. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "XMLDecoder security issue via ClassFinder."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0107: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0518: openssl security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6opensslopenssl097aopenssl098eThe asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL before 0.9.8v, 1.0.0 before 1.0.0i, and 1.0.1 before 1.0.1a does not properly interpret integer data, which allows remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0126: glibc security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5glibcThe svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0006: java-1.4.2-ibm security update (Critical)Red Hat Enterprise Linux 5java-1.4.2-ibmUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0060: openssl security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5opensslThe Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1140: dhcp security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5dhcpISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1263: postgresql and postgresql84 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6postgresql84postgresqlThe xml_parse function in the libxml2 support in the core server component in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 allows remote authenticated users to determine the existence of arbitrary files or URLs, and possibly obtain file or URL content that triggers a parsing error, via an XML value that refers to (1) a DTD or (2) an entity, related to an XML External Entity (aka XXE) issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0397: glibc security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5glibcInteger overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0317: libpng security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libpnglibpng10Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1136: openoffice.org security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5openoffice.orgMultiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0721: kernel security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelXen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0033: php security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5phpPHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0465: samba security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6sambaThe RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0150: Red Hat Enterprise Linux 5.8 kernel update (Moderate)Red Hat Enterprise Linux 5kernelThe epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1361: xulrunner security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xulrunnerMozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0678: postgresql and postgresql84 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6postgresql84postgresqlCRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0019: php53 and php security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6php53phpPHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1245: java-1.5.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0515: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0070: ruby security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5rubyRuby (aka CRuby) before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1258: quagga security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5quaggaBuffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1201: tetex security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5tetexOff-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0705: openoffice.org security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6openoffice.orgInteger overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0302: cups security and bug fix update (Low)Red Hat Enterprise Linux 5cupsThe LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1116: perl-DBD-Pg security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6perl-DBD-PgMultiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0093: php security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6phpThe php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0869: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginAdobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1351: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdHeap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0153: sos security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5sosThe sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1363: bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6bindISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0862: subversion security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5subversionThe mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1327: freeradius2 security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5freeradius2Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1323: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelUse-after-free vulnerability in the xacct_add_tsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive information from kernel memory or cause a denial of service (system crash) via a taskstats TASKSTATS_CMD_ATTR_PID command.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0311: ibutils security and bug fix update (Low)Red Hat Enterprise Linux 5ibutils** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0717: bind97 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bind97ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0103: squirrelmail security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5squirrelmailMultiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0745: python security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5pythonPython before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0327: subversion security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5subversionThe mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1823: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdThe nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1089: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1449: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and earlier, when using FS: or GS: segment override, uses an uninitialized variable as a segment base, which allows local 64-bit PV guests to obtain sensitive information (hypervisor stack content) via unspecified vectors related to stale data in a segment register.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0716: bind security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6bindISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0426: openssl security and bug fix update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6opensslThe mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message, a different vulnerability than CVE-2006-7250.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1457: libgcrypt security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libgcryptGnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0374: thunderbird security and bug fix update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
This erratum blacklists a small number of HTTPS certificates. (BZ#689430)
This update also fixes the following bug:
* The RHSA-2011:0312 and RHSA-2011:0311 updates introduced a regression,
preventing some Java content and plug-ins written in Java from loading.
With this update, the Java content and plug-ins work as expected.
(BZ#683076)
All Thunderbird users should upgrade to this updated package, which
resolves these issues. All running instances of Thunderbird must be
restarted for the update to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0290: java-1.6.0-ibm security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmThe Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1045: php security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5phpsapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0370: xen security and bug fix update (Important)Red Hat Enterprise Linux 5xenHeap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1211: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdThe web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1149: sudo security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5sudoA certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0468: libtiff security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libtiffMultiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1778: gimp security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6gimpHeap-based buffer overflow in the read_xwd_cols function in file-xwd.c in the X Window Dump (XWD) plug-in in GIMP 2.6.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X Window System (XWD) image dump with more colors than color map entries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0013: wireshark security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5wiresharkBuffer overflow in the sect_enttec_dmx_da function in epan/dissectors/packet-enttec.c in Wireshark 1.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ENTTEC DMX packet with Run Length Encoding (RLE) compression.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0155: java-1.4.2-ibm security and bug fix update (Moderate)Red Hat Enterprise Linux 5java-1.4.2-ibmThe TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0360: wireshark security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 3CentOS Linux 5wiresharkMultiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allow remote attackers to cause a denial of service (crash) via a malformed packet, as demonstrated using a stack-based buffer overflow to the dissect_getaddrsbyname_request function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2014:0016: gnupg security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gnupgGnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0428: gnutls security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5gnutlsgnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1061: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0855: java-1.5.0-ibm security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1508: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1081: sudo security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6sudosudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0258: pam_krb5 security and bug fix update (Low)Red Hat Enterprise Linux 5pam_krb5pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1213: gdm security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5gdminitscriptsGNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1540: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe XENMEM_exchange handler in Xen 4.2 and earlier does not properly check the memory address, which allows local PV guest OS administrators to cause a denial of service (crash) or possibly gain privileges via unspecified vectors that overwrite memory in the hypervisor reserved range.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1364: bind97 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bind97ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0085: thunderbird security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1452: vino security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6vinoThe vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0168: httpd security and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5httpdThe ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0958: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0516: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1059: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0883: gnutls security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6gnutlsThe _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0310: firefox security and bug fix update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5firefoxxulrunnerMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1292: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to cause a denial of service (BUG and system crash) via a crafted application that uses the UDP_CORK option in a setsockopt system call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1806: samba and samba3x security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6samba3xsambaSamba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS).Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1156: httpd security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6httpdmod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2010:0140: pango security update (Moderate)Red Hat Enterprise Linux 3Red Hat Enterprise Linux 5CentOS Linux 5pangoevolution28-pangoArray index error in the hb_ot_layout_build_glyph_classes function in pango/opentype/hb-ot-layout.cc in Pango before 1.27.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted font file, related to building a synthetic Glyph Definition (aka GDEF) table by using this font's charmap and the Unicode property database.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0825: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, and CVE-2013-3334.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:1212: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelOff-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1505: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1034: kernel security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5kernelnet/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1081: java-1.5.0-ibm security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0983: curl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6curlHeap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1207: glibc security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5glibcMultiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, (4) strtod_l, and other unspecified "related functions" in stdlib in GNU C Library (aka glibc or libc6) 2.16 allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0323: httpd security update (Moderate)Red Hat Enterprise Linux 5httpdprotocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0143: xulrunner security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xulrunnerInteger overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0807: hypervkvpd security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5hypervkvpdThe main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0697: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdInteger signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1447: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkUnspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0480: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelDouble free vulnerability in the xfrm6_tunnel_rcv function in net/ipv6/xfrm6_tunnel.c in the Linux kernel before 2.6.22, when the xfrm6_tunnel module is enabled, allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0730: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, and 5 update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1090: ruby security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6rubyThe OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1476: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerThe txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0433: xorg-x11-server-utils security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5xorg-x11-server-utilsxrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0017: libxml2 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5libxml2Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1474: qspice security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5qspiceStack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0688: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on Windows, Mac OS X, and Linux; before 11.1.111.9 on Android 2.x and 3.x; and before 11.1.115.8 on Android 4.x allows remote attackers to execute arbitrary code via a crafted file, related to an "object confusion vulnerability," as exploited in the wild in May 2012.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1121: sos security update (Low)Red Hat Enterprise Linux 5CentOS Linux 5sosThe sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1813: php53 and php security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6php53phpThe asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0608: kvm security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kvmBuffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0603: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkThe color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0007: kernel security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelRace condition in the sctp_rcv function in net/sctp/input.c in the Linux kernel before 2.6.29 allows remote attackers to cause a denial of service (system hang) via SCTP packets. NOTE: in some environments, this issue exists because of an incomplete fix for CVE-2011-2482.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1507: java-1.7.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.7.0-ibmUnspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JAXP.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0696: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerInteger signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0272: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1166: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1236: xen security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5xenQemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0683: axis security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5axisApache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal Mass Pay, PayPal Transactional Information SOAP, the Java Message Service implementation in Apache ActiveMQ, and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0942: krb5 security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6krb5schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0580: cups security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6cupsCUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0820: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerUse-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0197: postgresql security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5postgresqlBuffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.20 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via integers with a large number of digits to unspecified functions.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0870: tomcat5 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5tomcat5The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow local users to change the ownership of arbitrary files via a symlink attack on (a) tomcat5-initd.log, (b) tomcat6-initd.log, (c) catalina.out, or (d) tomcat7-initd.log.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1426: xorg-x11-server security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6xorg-x11-serverUse-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0321: cvs security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6cvsHeap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1060: java-1.7.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.7.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect availability via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0376: systemtap security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6systemtapSystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1804: libjpeg security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5libjpegThe get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0250: elinks security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6elinksThe http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials through GSSAPI, which allows remote servers to authenticate as the client via the delegated credentials.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0271: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6devhelpfirefoxxulrunneryelplibproxyMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0474: thunderbird security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0827: openswan security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6openswanBuffer overflow in the atodn function in Openswan before 2.6.39, when Opportunistic Encryption is enabled and an RSA key is being used, allows remote attackers to cause a denial of service (pluto IKE daemon crash) and possibly execute arbitrary code via crafted DNS TXT records. NOTE: this might be the same vulnerability as CVE-2013-2052 and CVE-2013-2054.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0646: pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6pidginupnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0310: nfs-utils security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5nfs-utilsThe nfs_addmntent function in support/nfs/nfs_mntent.c in the mount.nsf tool in nfs-utils before 1.2.4 attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to corrupt this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5php53The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0823: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0624: java-1.5.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.5.0-ibmThe color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1266: bind97 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bind97ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0429: kernel security and bug fix update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe napi_reuse_skb function in net/core/dev.c in the Generic Receive Offload (GRO) implementation in the Linux kernel before 2.6.38 does not reset the values of certain structure members, which might allow remote attackers to cause a denial of service (NULL pointer dereference) via a malformed VLAN frame.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1791: nss and nspr security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5CentOS Linux 5nsprnssInteger overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0599: xen security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5xenBuffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1814: php security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5phpThe asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1475: postgresql and postgresql84 security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6postgresql84postgresqlWebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1790: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelXen 4.3.x and earlier does not properly handle certain errors, which allows local HVM guests to obtain hypervisor stack memory via a (1) port or (2) memory mapped I/O write or (3) other unspecified operations related to addresses without associated memory.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0306: krb5 security and bug fix update (Low)Red Hat Enterprise Linux 5krb5ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.1 and earlier does not check the krb5_setegid return value, which allows remote authenticated users to bypass intended group access restrictions, and create, overwrite, delete, or read files, via standard FTP commands, related to missing autoconf tests in a configure script.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0387: firefox security and bug fix update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerUse-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5nsprnssThe TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1868: xorg-x11-server security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6xorg-x11-serverInteger underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1818: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0587: openssl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6opensslThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0730: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginInteger overflow in Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0625: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmThe color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:1482: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0815: httpd security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6httpdmod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1869: pixman security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6pixmanInteger underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2011:0857: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0568: dbus-glib security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6dbus-glibThe dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0270: jakarta-commons-httpclient security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6jakarta-commons-httpclientApache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0626: java-1.7.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.7.0-ibmThe color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0127: libvirt security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5libvirtlibvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0821: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdUse-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1409: xinetd security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xinetdxinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1050: php53 security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5php53ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0551: acroread security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5acroreadBuffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and 11.x before 11.0.02 allows remote attackers to execute arbitrary code via a crafted PDF document, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0120: quota security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5quotaThe good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0180: mysql security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5mysqlStack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0130: httpd security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5httpdMultiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0545: ImageMagick security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5ImageMagickThe JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0131: gnome-vfs2 security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5gnome-vfs2neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1466: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.6.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "IIOP type reuse management" in ObjectStreamClass.java.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1779: mod_nss security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6mod_nssmod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0149: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginBuffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x before 11.5.502.146 on Windows and Mac OS X, before 10.3.183.50 and 11.x before 11.2.202.261 on Linux, before 11.1.111.31 on Android 2.x and 3.x, and before 11.1.115.36 on Android 4.x; Adobe AIR before 3.5.0.1060; and Adobe AIR SDK before 3.5.0.1060 allows attackers to execute arbitrary code via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1142: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdMozilla Thunderbird is a standalone mail and newsgroup client.
Several flaws were found in the processing of malformed content. Malicious
content could cause Thunderbird to crash or, potentially, execute arbitrary
code with the privileges of the user running Thunderbird. (CVE-2013-1701)
A flaw was found in the way Thunderbird generated Certificate Request
Message Format (CRMF) requests. An attacker could use this flaw to perform
cross-site scripting (XSS) attacks or execute arbitrary code with the
privileges of the user running Thunderbird. (CVE-2013-1710)
A flaw was found in the way Thunderbird handled the interaction between
frames and browser history. An attacker could use this flaw to trick
Thunderbird into treating malicious content as if it came from the browser
history, allowing for XSS attacks. (CVE-2013-1709)
It was found that the same-origin policy could be bypassed due to the way
Uniform Resource Identifiers (URI) were checked in JavaScript. An attacker
could use this flaw to perform XSS attacks, or install malicious add-ons
from third-party pages. (CVE-2013-1713)
It was found that web workers could bypass the same-origin policy. An
attacker could use this flaw to perform XSS attacks. (CVE-2013-1714)
It was found that, in certain circumstances, Thunderbird incorrectly
handled Java applets. If a user launched an untrusted Java applet via
Thunderbird, the applet could use this flaw to obtain read-only access to
files on the user's local system. (CVE-2013-1717)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Jeff Gilbert, Henrik Skupin, moz_bug_r_a4, Cody
Crews, Federico Lanusse, and Georgi Guninski as the original reporters of
these issues.
Note: All of the above issues cannot be exploited by a specially-crafted
HTML mail message as JavaScript is disabled by default for mail messages.
They could be exploited another way in Thunderbird, for example, when
viewing the full remote content of an RSS feed.
All Thunderbird users should upgrade to this updated package, which
contains Thunderbird version 17.0.8 ESR, which corrects these issues. After
installing the update, Thunderbird must be restarted for the changes to
take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDPrashant KumarINTERIMACCEPTEDACCEPTEDRHSA-2013:0614: xulrunner security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6xulrunnerUse-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0668: boost security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6boostInteger overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0122: tcl security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5tclAlgorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service (memory consumption) via a crafted "complex" regular expression with doubly-nested states.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0133: hplip3 security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5hplip3The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP Linux Imaging and Printing (HPLIP) 3.x before 3.11.10 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hpcupsfax.out temporary file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0685: perl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6perlThe rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0189: ipa-client security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5ipa-clientThe client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0247: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0324: libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libxml2libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0469: acroread security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6acroreadThe JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0640: tomcat5 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5tomcat5The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2011:0364: java-1.5.0-ibm security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.5.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Deployment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0313: samba security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5sambaThe default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0128: conga security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5congaLuci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect enforcement of a user timeout.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0127: mysql security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5mysqlUnspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0241: xen security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5xenThe PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1181: gimp security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gimpInteger overflow in the ReadImage function in plug-ins/common/file-gif-load.c in the GIF image format plug-in in GIMP 2.8.x and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted height and len properties in a GIF image file, which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0129: ruby security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5rubyThe rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1035: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginInteger overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0309: sudo security and bug fix update (Low)Red Hat Enterprise Linux 5sudocheck.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0034: java-1.6.0-ibm security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6java-1.6.0-ibmUnspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0451: rpm security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6rpmThe headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0124: net-snmp security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5net-snmpArray index error in the handle_nsExtendOutput2Table function in agent/mibgroup/agent/extend.c in Net-SNMP 5.7.1 allows remote authenticated users to cause a denial of service (out-of-bounds read and snmpd crash) via an SNMP GET request for an entry not in the extension table.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0627: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdUse-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1049: php security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6phpext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0243: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on Windows and Mac OS X, before 10.3.183.51 and 11.x before 11.2.202.262 on Linux, before 11.1.111.32 on Android 2.x and 3.x, and before 11.1.115.37 on Android 4.x allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1256: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0095: ghostscript security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6ghostscript** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0727: kvm security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kvmThe ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0941: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on Windows, before 10.3.183.90 and 11.x before 11.7.700.225 on Mac OS X, before 10.3.183.90 and 11.x before 11.2.202.291 on Linux, before 11.1.111.59 on Android 2.x and 3.x, and before 11.1.115.63 on Android 4.x; Adobe AIR before 3.7.0.2090 on Windows and Android and before 3.7.0.2100 on Mac OS X; and Adobe AIR SDK & Compiler before 3.7.0.2090 on Windows and before 3.7.0.2100 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1269: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0737: subversion security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6subversionThe mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a PROPFIND request for an activity URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0581: libxml2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libxml2libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0125: wireshark security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5wiresharkThe CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0747: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux kernel before 3.5.7 does not properly handle error conditions in dump_one_state function calls, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0594: kernel security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5kernelHeap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0092: php53 security update (Critical)Red Hat Enterprise Linux 5CentOS Linux 5php53The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0011: acroread security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5acroreadUnspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0144: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0690: bind97 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bind97libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1480: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdUse-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize event.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1458: gnupg security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5gnupgThe compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0982: thunderbird security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6thunderbirdThe XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0134: freeradius2 security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5freeradius2modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1413: thunderbird security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0165: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6java-1.7.0-openjdkMultiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0533: samba and samba3x security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6samba3xsambaThe (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1014: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ByteBandedRaster size checks" in 2D.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0643: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginHeap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1861: nss security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6nssnss-utilNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.
It was found that a subordinate Certificate Authority (CA) mis-issued an
intermediate certificate, which could be used to conduct man-in-the-middle
attacks. This update renders that particular intermediate certificate as
untrusted. (BZ#1038894)
Note: This fix only applies to applications using the NSS Builtin Object
Token. It does not render the certificates untrusted for applications that
use the NSS library, but do not use the NSS Builtin Object Token.
All NSS users should upgrade to these updated packages, which correct this
issue. After installing the update, applications using NSS must be
restarted for the changes to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0254: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginUse-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013-0649.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:1402: Adobe Reader - notification of end of updates (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5acroreadAdobe Reader allows users to view and print documents in Portable Document
Format (PDF). Adobe Reader 9 reached the end of its support cycle on June
26, 2013, and will not receive any more security updates. Future versions
of Adobe Acrobat Reader will not be available with Red Hat Enterprise
Linux.
The Adobe Reader packages in the Red Hat Network (RHN) channels will
continue to be available. Red Hat will continue to provide these packages
only as a courtesy to customers. Red Hat will not provide updates to the
Adobe Reader packages.
This update disables the Adobe Reader web browser plug-in, which is
available via the acroread-plugin package, to prevent the exploitation of
security issues without user interaction when a user visits a malicious web
page.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0407: libpng security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libpngInteger signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0216: freetype security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6freetypeThe _bdf_parse_glyphs function in FreeType before 2.4.11 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to BDF fonts and an incorrect calculation that triggers an out-of-bounds read.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1102: pidgin security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6pidginBuffer overflow in markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.5 allows remote attackers to execute arbitrary code via a crafted inline image in a message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0308: busybox security and bug fix update (Low)Red Hat Enterprise Linux 5busyboxThe DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the (1) HOST_NAME, (2) DOMAIN_NAME, (3) NIS_DOMAIN, and (4) TFTP_SERVER_NAME host name options.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0051: kvm security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kvmHeap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0275: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0604: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkThe color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0611: ruby security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5rubylib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows remote attackers to cause a denial of service (memory consumption and crash) via crafted text nodes in an XML document, aka an XML Entity Expansion (XEE) attack.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0769: glibc security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5glibcModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity declaration in conjunction with an entity reference, aka an XML External Entity (XXE) vulnerability.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0588: gnutls security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6gnutlsThe TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1268: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0847: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to cause a denial of service by injecting an interrupt into other guests.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0312: initscripts security and bug fix update (Low)Red Hat Enterprise Linux 5initscriptsThe default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshared key (PSK) hash.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0322: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0898: mesa security update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5mesaMultiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XF86DRIOpenConnection and (2) XF86DRIGetClientDriverName functions.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1812: firefox security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6firefoxThe nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0826: acroread security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5acroreadAdobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0214: nss and nspr security, bug fix, and enhancement update (Important)Red Hat Enterprise Linux 5CentOS Linux 5nsprnssnss-utilNetwork Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications. Netscape Portable Runtime (NSPR) provides platform
independence for non-GUI operating system facilities.
It was found that a Certificate Authority (CA) mis-issued two intermediate
certificates to customers. These certificates could be used to launch
man-in-the-middle attacks. This update renders those certificates as
untrusted. This covers all uses of the certificates, including SSL, S/MIME,
and code signing. (BZ#890605)
In addition, the nss package has been upgraded to upstream version 3.13.6,
and the nspr package has been upgraded to upstream version 4.9.2. These
updates provide a number of bug fixes and enhancements over the previous
versions. (BZ#893371, BZ#893372)
All NSS and NSPR users should upgrade to these updated packages, which
correct these issues and add these enhancements. After installing the
update, applications using NSS and NSPR must be restarted for the changes
to take effect.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0079: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1518: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginAdobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5329.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0752: java-1.7.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.7.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0523: libpng security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6libpngThe png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0332: samba security update (Critical)Red Hat Enterprise Linux 5sambaHeap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0981: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerThe XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1459: gnupg2 security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6gnupg2The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1407: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:1255: libexif security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6libexifInteger underflow in the exif_entry_get_value function in exif-entry.c in the EXIF Tag Parsing Library (aka libexif) 0.6.20 might allow remote attackers to execute arbitrary code via vectors involving a crafted buffer-size parameter during the formatting of an EXIF tag, leading to a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1302: xinetd security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5xinetdbuiltins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1509: java-1.5.0-ibm security update (Important)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.5.0-ibmUnspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to AWT.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0788: subscription-manager security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6subscription-managerrhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1140: firefox security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6firefoxxulrunnerMozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1411: glibc security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5glibc** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0152: kexec-tools security, bug fix, and enhancement update (Moderate)Red Hat Enterprise Linux 5kexec-toolsThe Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0301: ImageMagick security and bug fix update (Low)Red Hat Enterprise Linux 5ImageMagickUntrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0274: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier, 6 Update 39 and earlier, and 5.0 Update 39 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0731: expat security update (Moderate)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5CentOS Linux 5CentOS Linux 6expatMemory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0121: mysql security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5mysqlMySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0770: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to bypassing the Java sandbox using "method handle intrinsic frames."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2012:0359: flash-plugin security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6flash-pluginAdobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0150: acroread security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5acroreadBuffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, and CVE-2013-0621.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0574: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginUnspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2012:0144: flash-plugin security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5flash-pluginCross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0168: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5CentOS Linux 5kernelThe (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and (3) XENMEM_exchange hypercalls in Xen 4.2 and earlier allow local guest administrators to cause a denial of service (long loop and hang) via a crafted extent_order value.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0126: squirrelmail security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5squirrelmailfunctions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1860: kernel security and bug fix update (Moderate)Red Hat Enterprise Linux 5kernelInterpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0123: OpenIPMI security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5OpenIPMIipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0771: curl security update (Moderate)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6curlThe tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:1115: bind97 security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5bind97The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0822: java-1.7.0-ibm security update (Critical)Red Hat Enterprise Linux 6Red Hat Enterprise Linux 5java-1.7.0-ibmUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDRHSA-2013:0132: autofs security, bug fix, and enhancement update (Low)Red Hat Enterprise Linux 5CentOS Linux 5autofsUnspecified vulnerability in autofs, as used in Red Hat Enterprise Linux (RHEL) 5, allows local users to cause a denial of service (autofs crash and delayed mounts) or prevent "mount expiration" via unspecified vectors related to "using an LDAP-based automount map."Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0621: kernel security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5kernelRace condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0145: thunderbird security update (Critical)Red Hat Enterprise Linux 5Red Hat Enterprise Linux 6CentOS Linux 5CentOS Linux 6thunderbirdMultiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 6Red Hat Enterprise Linux 6The operating system installed on the system is Red Hat Enterprise Linux 6.Maria KedovskayaDRAFTMaria KedovskayaINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 6.xCentOS Linux 6The operating system installed on the system is CentOS Linux 6.xDragos PrisacaDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDRHSA-2013:0246: java-1.6.0-openjdk security update (Important)Red Hat Enterprise Linux 5CentOS Linux 5java-1.6.0-openjdkUnspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient validation of raster parameters" in awt_parseImage.c, which triggers memory corruption.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDRHSA-2013:0135: gtk2 security and bug fix update (Low)Red Hat Enterprise Linux 5CentOS Linux 5gtk2Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is CentOS Linux 5.xCentOS Linux 5The operating system installed on the system is CentOS Linux 5.xDanny HaynesDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDThe operating system installed on the system is Red Hat Enterprise Linux 5Red Hat Enterprise Linux 5The operating system installed on the system is Red Hat Enterprise Linux 5.Aharon CherninDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDdevice-mapper-multipathkpartxdstatlibwmf-devellibwmffetchmailevolution28-libsoup-devellibsoup-develevolution28-libsouplibsoupvnc-servervncfreeradius-postgresqlfreeradius-mysqlfreeradiusfreeradius-unixODBCgstreamer-plugins-basegstreamer-plugins-base-develtog-pegasustog-pegasus-develhttpd-suexecgiflibgiflib-develgiflib-utilslibtool-ltdllibtool-libslibtool-ltdl-devellibtoolwgetneon-develneonbluez-libs-develbluez-utils-cupsbluez-utilsbluez-libscscopelcms-develpython-lcmslcmsvim-enhancedvim-X11vim-minimalvim-commonedlibpng10-devellibpng10openssh-askpass-gnomeopensshopenssh-serveropenssh-askpassopenssh-clientsdnsmasqxtermjava-1.7.0-openjdk-debuginfoopenoffice.org2-langpack-svopenoffice.org2-langpack-th_THopenoffice.org2-javafilteropenoffice.org2-langpack-cs_CZopenoffice.org2-langpack-gl_ESopenoffice.org2-langpack-pl_PLopenoffice.org2-langpack-ca_ESopenoffice.org2-langpack-fi_FIopenoffice.org2-coreopenoffice.org2-langpack-lt_LTopenoffice.org2-langpack-bg_BGopenoffice.org2-langpack-pt_PTopenoffice.org2-langpack-deopenoffice.org2-langpack-hr_HRopenoffice.org2-langpack-bnopenoffice.org2-langpack-he_ILopenoffice.org2-langpack-eu_ESopenoffice.org2-xsltfilteropenoffice.org2-langpack-pa_INopenoffice.org2-langpack-gu_INopenoffice.org2-pyunoopenoffice.org2-langpack-nlopenoffice.org2-langpack-tr_TRopenoffice.org2-langpack-et_EEopenoffice.org2-langpack-da_DKopenoffice.org2-langpack-fropenoffice.org2-writeropenoffice.org2-langpack-el_GRopenoffice.org2-langpack-ko_KRopenoffice.org2-impressopenoffice.org2-langpack-itopenoffice.org2-langpack-aropenoffice.org2-langpack-sl_SIopenoffice.org2-langpack-ga_IEopenoffice.org2-langpack-sk_SKopenoffice.org2-langpack-hi_INopenoffice.org2-drawopenoffice.org2-langpack-cy_GBopenoffice.org2-baseopenoffice.org2-langpack-nn_NOopenoffice.org2-langpack-zh_TWopenoffice.org2-langpack-esopenoffice.org2-langpack-ta_INopenoffice.org-kdeopenoffice.org2-langpack-sr_CSopenoffice.org2-langpack-zu_ZAopenoffice.org-libsopenoffice.org2-graphicfilteropenoffice.org2-langpack-ja_JPopenoffice.org2-mathopenoffice.org2-langpack-ms_MYopenoffice.org2-langpack-nb_NOopenoffice.org2-emailmergeopenoffice.org2-langpack-zh_CNopenoffice.org2-langpack-ruopenoffice.org2-testtoolsopenoffice.org2-langpack-hu_HUopenoffice.org-i18nopenoffice.org2-langpack-pt_BRopenoffice.org2-langpack-af_ZAopenoffice.org2-calcglib2glib2-develnspluginwrappercman-develcmanxerces-j2-demoxerces-j2-javadoc-apisxerces-j2-javadoc-implxerces-j2-javadoc-xnixerces-j2-javadoc-otherxerces-j2xerces-j2-scriptsnewtnewt-develenscriptlynxlibxml-devellibxmlgfs2-utilsevolution28-pango-develevolution28-pangopostgresql-jdbcgstreamer-plugins-goodgstreamer-plugins-good-develmod_auth_mysqlyum-rhn-pluginacpidselinux-policy-strictselinux-policy-targeted-sourcesselinux-policyselinux-policy-mlsselinux-policy-develselinux-policy-targetedcyrus-imapd-murdercyrus-imapd-nntpperl-Cyrusevolution28-evolution-data-server-develevolution28-evolution-data-serverevolution-data-server-develevolution-data-server-docevolution-data-serveropenssl096blibvolume_id-devellibvolume_idudevrpm-debuginfobind-debuginfobind-sdb-chrootbind-libs-litebind-licensebind-lite-develxenxen-debuginfoxen-libsopenssl-debuginfobind97-debuginfoipsec-toolsntp-debuginfontpthunderbird-debuginfomysql55-mysql-develmysql55-mysql-debuginfomysql55-mysqlglibc-debuginfo-commonglibc-debuginfophp53-debuginfoirbphp-debuginfolibXfont-debuginfolibxml2-debuginfosudo-debuginfovixie-cronvixie-cron-debuginfosamba3x-debuginfokernel-debuginfokernel-xen-debuginfokernel-PAE-debuginfokernel-debug-debuginfokernel-debuginfo-commonccidccid-debuginfoboost-debuginfolibipa_hbaclibipa_hbac-pythonlibipa_hbac-develsssd-debuginfoxorg-x11-server-debuginfojava-1.7.0-oracle-jdbcjava-1.7.0-oraclersyslog5-pgsqlrsyslog5-debuginforsyslog-debuginforsyslog5-gnutlsrsyslog5-gssapirsyslog5rsyslog-gssapirsyslog-relprsyslog5-snmprsyslog-snmprsyslogrsyslog-mysqlrsyslog-gnutlsrsyslog-pgsqlrsyslog5-mysqlnss-softokn-debuginfonss-util-debuginfonss-softokn-freebl-develnss-softokn-freeblnss-softokn-develnss-softoknkrb5-debuginfobash-docprocmailwireshark-debuginfoglibc-staticyum-updatesdbind97-debuginfonss-sysinitnssjava-1.5.0-ibm-javacommjava-1.5.0-ibm-pluginopenssl-perlstruts-manualstrutsstruts-webapps-tomcat5struts-javadocjava-1.6.0-sunhttpd-develjava-1.7.0-oracle-develjava-1.7.0-oracle-javafxjava-1.7.0-oraclejava-1.7.0-oracle-srcjava-1.7.0-oracle-pluginjava-1.7.0-oracle-jdbcjava-1.6.0-ibm-jdbcjava-1.6.0-ibmjava-1.6.0-ibm-demojava-1.6.0-openjdkjava-1.6.0-openjdk-javadocmysql55-mysql-benchmysql55-mysql-servermysql55-mysql-libsmysql55-mysql-testwireshark-gnomexalan-j2xalan-j2-javadocxalan-j2-demoxalan-j2-manualxalan-j2-xsltcsamba-winbind-clientssamba-dockernel-PAE-develkernel-headerskernel-kdumpmysql55-mysql-develmysql55-mysql-benchmysql55-mysql-testmysql55-mysqlmysql55-mysql-libsmysql55-mysql-serverphp-xmlrpcphp-ncursesphp-pgsqlphp-gdphp-imapflash-pluginnet-snmp-libsjava-1.7.0-ibm-jdbcsamba-commonlibsmbclientlibvirt-clientpiranhakmod-kvmkdegraphicskdegraphics-develapr-util-ldapapr-util-docsapr-util-mysqlapr-util-pgsqlapr-util-odbcapr-util-sqliteapr-util-develapr-utilpoppler-develpopplerpoppler-utilsqspice-clientpcsc-lite-docpcsc-litepcsc-lite-develpcsc-lite-libslvm2-clustersquidbrlapi-develbrlttybrlapikdebase-develkdebasepam-develpamfoomatictarqt4qt4-odbcqt4-mysqlqt4-postgresqlqt4-docqt4-sqliteqt4-develxulrunner-devel-unstablelibicu-devellibicuiculibicu-docscsi-target-utilsgzipkmod-gfsgfs-kmodkmod-gfs-xenkmod-gfs-PAEjava-1.5.0-sun-uninstalljava-1.5.0-sungdgd-develgd-progsmikmod-develmikmodlftpsendmail-develsendmail-docsendmail-cfsendmailsystemtap-grapherbzip2-develbzip2-libsbzip2sysstatw3mw3m-imgautomakeautomake17automake16automake14automake15poptrpm-pythonrpm-apidocsrpmrpm-libsrpm-develrpm-buildlibtdb-devellibtalloc-devellibtalloctdb-toolslibtdbrsyncdovecot-pigeonholedovecot-develdovecotdovecot-mysqldovecot-pgsqlnetpbm-develnetpbm-progsnetpbmnss_dbavahi-compat-libdns_sd-develavahi-compat-howl-develavahiavahi-qt3avahi-glib-develavahi-glibavahi-compat-howlavahi-compat-libdns_sdavahi-toolsavahi-qt3-develavahi-develbashPyXMLnss-utilnss-util-develsssd-toolssssdsssd-clientrdesktop-debuginfordesktopcpplibgcj-devellibgcj-srclibstdc++gcc-objc++gcc-javagcc-gnatlibmudflap-devellibmudflapgcclibobjclibgcclibgfortranlibgcjgcc-objclibgnatgcc-c++gcc-gfortranlibstdc++-develcurl-debuginfodbus-doclibXfont-devellibXfontpostfix-perl-scriptspostfix-debuginfosamba-debuginfovsftpd-debuginfovsftpdlibuser-pythonlibuser-devellibuserecryptfs-utils-pythonecryptfs-utils-guiecryptfs-utils-develecryptfs-utilslogwatchdbusdbus-libsdbus-develdbus-x11hplip-guihplip-libshplip-commonlibsane-hpaiohplip-debuginfohpliphpijsopenldap-serverscompat-openldapopenldap-servers-overlaysopenldap-developenldap-servers-sqlopenldap-clientsopenldapspice-xpikdelibs3-apidocskdelibs-develkdelibs3-develkdelibs-apidocskdelibs3kdelibsbind-debuginfoexim-saeximexim-monrgmanagerjava-1.6.0-openjdk-debuginfodhcp-debuginfolibdhcp4clientlibdhcp4client-devellibvirt-devellibvirt-lock-sanlockjava-1.6.0-sun-pluginjava-1.6.0-sun-demojava-1.6.0-sunjava-1.6.0-sun-develjava-1.6.0-sun-jdbcjava-1.6.0-sun-srcspice-xpignome-python2-gtkhtml2gnome-python2-libeggescgnome-python2-gtkmozembedgnome-python2-gtkspelltotem-develtotem-mozplugintotemgnome-python2-extrasnss-debuginfomailmanpoptrpmrpm-libsrpm-cronrpm-apidocsrpm-develrpm-pythonrpm-buildsystem-config-printer-libssystem-config-printerlibtiff-staticlibtiff-debuginfoNetworkManager-gnomeNetworkManager-glib-develNetworkManager-develNetworkManagerNetworkManager-glibcyrus-imapd-utilscyrus-imapdcyrus-imapd-debuginfocyrus-imapd-perlcyrus-imapd-devellibwpdlibwpd-toolslibwpd-develpostfixpostfix-pflogsummlibxslt-pythonlibxsltlibxslt-develxmlsec1-nssxmlsec1-gnutlsxmlsec1-opensslxmlsec1-develxmlsec1xmlsec1-openssl-develxmlsec1-nss-develxmlsec1-gnutls-develapr-develaprapr-docssystemtap-clientcpiopango-debuginfoutil-linuxlibvorbis-devel-docslibvorbis-devellibvorbisrhn-setuprhn-client-toolsrhn-setup-gnomerhn-checkopenssl097aopenssl098elibdhcp4client-develdhcpdhclientlibdhcp4clientdhcp-develquagga-develquaggaquagga-contribtetex-afmtetex-latextetex-xdvitetex-dvipstetextetex-doctetex-fontsopenoffice.org-brandopenoffice.org-math-coreopenoffice.org-draw-coreopenoffice.org-ogltransautocorr-ltopenoffice.org-langpack-ukbroffice.org-brandopenoffice.org-calc-coreautocorr-gaopenoffice.org-langpack-paopenoffice.org-langpack-dzbroffice.org-baseautocorr-csopenoffice.org-report-builderopenoffice.org-langpack-roautocorr-mnopenoffice.org-presentation-minimizerautocorr-deautocorr-ruopenoffice.org-presenter-screenopenoffice.org-langpack-mr_INbroffice.org-impressopenoffice.org-langpack-ts_ZAautocorr-enautocorr-jaopenoffice.org-impress-coreopenoffice.org-opensymbol-fontsopenoffice.org-developenoffice.org-langpack-ga_IEopenoffice.org-langpack-deopenoffice.org-baseopenoffice.org-langpack-ml_INopenoffice.org-base-coreautocorr-slopenoffice.org-drawopenoffice.org-langpack-te_INopenoffice.org-langpack-zh_TWbroffice.org-mathautocorr-bgopenoffice.org-langpack-xh_ZAautocorr-itautocorr-koautocorr-skautocorr-tropenoffice.org-langpack-sr_CSopenoffice.org-coreopenoffice.orgopenoffice.org-langpack-mai_INopenoffice.org-langpack-st_ZAopenoffice.org-langpack-nb_NOopenoffice.org-langpack-bnopenoffice.org-langpack-sropenoffice.org-pdfimportopenoffice.org-mathopenoffice.org-langpack-da_DKautocorr-fropenoffice.org-langpack-he_ILbroffice.org-drawopenoffice.org-langpack-hi_INopenoffice.org-langpack-eu_ESautocorr-viautocorr-huopenoffice.org-langpack-fi_FIopenoffice.org-pyunoopenoffice.org-headlessopenoffice.org-langpack-pl_PLopenoffice.org-langpack-svopenoffice.org-langpack-tr_TRopenoffice.org-xsltfilteropenoffice.org-langpack-ta_INopenoffice.org-langpack-nso_ZAautocorr-faopenoffice.org-writeropenoffice.org-langpack-as_INautocorr-nlautocorr-plopenoffice.org-langpack-cy_GBopenoffice.org-langpack-or_INautocorr-lbautocorr-euopenoffice.org-langpack-ve_ZAautocorr-ptopenoffice.org-langpack-pt_PTopenoffice.org-langpack-esopenoffice.org-langpack-hu_HUbroffice.org-calcopenoffice.org-langpack-itopenoffice.org-wiki-publisheropenoffice.org-langpack-enopenoffice.org-impressopenoffice.org-langpack-zu_ZAopenoffice.org-langpack-nlopenoffice.org-langpack-ca_ESopenoffice.org-langpack-sk_SKbroffice.org-writeropenoffice.org-langpack-uropenoffice.org-bshautocorr-svopenoffice.org-langpack-zh_CNopenoffice.org-langpack-ko_KRopenoffice.org-langpack-fropenoffice.org-langpack-el_GRopenoffice.org-langpack-kn_INopenoffice.org-langpack-gu_INopenoffice.org-langpack-gl_ESopenoffice.org-langpack-af_ZAopenoffice.org-testtoolsopenoffice.org-langpack-bg_BGopenoffice.org-langpack-ja_JPopenoffice.org-rhinoopenoffice.org-langpack-nn_NOopenoffice.org-sdk-docopenoffice.org-langpack-sl_SIopenoffice.org-langpack-tn_ZAopenoffice.org-ureautocorr-esopenoffice.org-langpack-cs_CZopenoffice.org-calcopenoffice.org-langpack-lt_LTopenoffice.org-langpack-hr_HRopenoffice.org-javafilteropenoffice.org-langpack-th_THopenoffice.org-graphicfilterautocorr-fiopenoffice.org-langpack-ss_ZAautocorr-zhautocorr-daopenoffice.org-langpack-nr_ZAopenoffice.org-langpack-ms_MYautocorr-afopenoffice.org-langpack-et_EEopenoffice.org-writer-coreopenoffice.org-langpack-pt_BRopenoffice.org-langpack-pa_INopenoffice.org-sdkopenoffice.org-langpack-ruopenoffice.org-langpack-aropenoffice.org-emailmergeperl-DBD-Pgsubversion-debuginfoibutilsibutils-develibutils-libstkinterpython-libspython-toolspython-develpythonbind-libbind-develbindbind-utilscaching-nameserverbind-chrootbind-libsbind-develbind-sdblibgcrypt-devellibgcryptlibtiff-staticlibtifflibtiff-develgimp-devel-toolsgimp-help-browserwireshark-develjava-1.4.2-ibm-demojava-1.4.2-ibm-develjava-1.4.2-ibm-pluginjava-1.4.2-ibm-srcjava-1.4.2-ibmjava-1.4.2-ibm-jdbcjava-1.4.2-ibm-javacommpam_krb5gdmgdm-docsvinofirefox-debuginfoxulrunner-debuginfopangopango-develhypervkvpdruby-staticxorg-x11-server-utils-debuginfoxorg-x11-server-utilsqspiceqspice-libsqspice-libs-develsosaxis-manualaxisaxis-javadockrb5-pkinit-opensslcups-phpcups-lpdcupscups-develcups-libspostgresql-plpostgresql-debuginfopostgresql-pythonpostgresql-tclcvscvs-inetdsystemtap-testsuitesystemtapsystemtap-runtimesystemtap-initscriptsystemtap-graphersystemtap-sdt-develsystemtap-serverlibjpeglibjpeg-develelinkslibproxy-pythonlibproxy-bindevhelp-devellibproxy-develdevhelplibproxy-kdeyelplibproxy-webkitlibproxy-gnomelibproxy-mozjslibproxyopenswan-docopenswannfs-utilspostgresql84-tclpostgresqlpostgresql-contribpostgresql-testpostgresql-libspostgresql-plpythonpostgresql84-serverpostgresql-docspostgresql84-develpostgresql84-pltclpostgresql-plperlpostgresql84-docspostgresql84-contribpostgresql84-plpythonpostgresql84postgresql84-libspostgresql84-testpostgresql84-pythonpostgresql84-plperlpostgresql-pltclpostgresql-develpostgresql-serverkrb5-develkrb5-libskrb5-workstationkrb5-serverkrb5-server-ldapkrb5xorg-x11-server-Xephyrxorg-x11-server-develxorg-x11-server-sdkxorg-x11-server-commonxorg-x11-server-Xdmxxorg-x11-server-sourcexorg-x11-server-Xvnc-sourcexorg-x11-serverxorg-x11-server-Xvfbxorg-x11-server-Xnestxorg-x11-server-Xorgopenssl-developensslopenssl-staticopenssl-perlhttpd-toolspixman-develpixmandbus-glibdbus-glib-develjakarta-commons-httpclient-demojakarta-commons-httpclient-manualjakarta-commons-httpclient-javadocjakarta-commons-httpclientlibvirt-devellibvirt-pythonlibvirtquotamod_sslhttpd-manualhttpdhttpd-develgnome-vfs2-smbgnome-vfs2-develgnome-vfs2mod_nssboost-systemboost-mpich2boost-pythonboost-testboost-mpich2-pythonboost-openmpi-pythonboost-date-timeboost-program-optionsboost-develboost-mpich2-develboost-serializationboost-openmpi-develboost-graph-openmpiboostboost-graphboost-regexboost-staticboost-graph-mpich2boost-docboost-filesystemboost-iostreamsboost-threadboost-waveboost-mathboost-openmpiboost-signalstcltcl-develtcl-htmlhplip3-commonhpijs3hplip3-libshplip3hplip3-guilibsane-hpaio3perl-CPANperl-Package-Constantsperl-ExtUtils-CBuilderperl-libsperl-Archive-Tarperl-Log-Message-Simpleperl-Module-Load-Conditionalperl-Term-UIperl-CPANPLUSperl-IO-Compress-Bzip2perl-Locale-Maketext-Simpleperl-Parse-CPAN-Metaperl-IPC-Cmdperl-parentperl-ExtUtils-Embedperl-Module-Buildperl-suidperlperl-Archive-Extractperl-Module-Pluggableperl-Module-Loadperl-ExtUtils-ParseXSperl-develperl-Test-Harnessperl-Pod-Simpleperl-Params-Checkperl-Module-CoreListperl-Pod-Escapesperl-Module-Loadedperl-IO-Compress-Zlibperl-Log-Messageperl-Compress-Raw-Zlibperl-Time-Pieceperl-versionperl-ExtUtils-MakeMakerperl-File-Fetchperl-Compress-Raw-Bzip2perlperl-CGIperl-Test-Simpleperl-coreperl-Digest-SHAperl-Compress-Zlibperl-IO-Compress-Baseperl-Object-Accessorperl-Time-HiResperl-IO-Zlibipa-clienttomcat5-servlet-2.4-api-javadoctomcat5-jsp-2.0-apitomcat5-webappstomcat5-servlet-2.4-apitomcat5-common-libtomcat5-admin-webappstomcat5-jaspertomcat5tomcat5-server-libtomcat5-jsp-2.0-api-javadoctomcat5-jasper-javadocluciriccicongaxen-develxen-libsxengimp-libsgimpgimp-develsudojava-1.6.0-ibm-accessibilityjava-1.6.0-ibm-demojava-1.6.0-ibmjava-1.6.0-ibm-srcjava-1.6.0-ibm-jdbcjava-1.6.0-ibm-develjava-1.6.0-ibm-pluginjava-1.6.0-ibm-javacommpoptrpm-cronrpm-pythonrpm-libsrpm-develrpmrpm-apidocsrpm-buildnet-snmp-utilsnet-snmp-libsnet-snmpnet-snmp-perlnet-snmp-develphp-enchantphp-processphp-tidyphp-imapphp-ldapphp-pgsqlphp-snmpphp-bcmathphp-pspellphp-develphp-ncursesphp-xmlrpcphpphp-xmlphp-ztsphp-mbstringphp-intlphp-gdphp-dbaphp-recodephp-soapphp-commonphp-odbcphp-cliphp-fpmphp-mysqlphp-pdophp-embeddedghostscript-develghostscriptghostscript-docghostscript-gtkmod_dav_svnsubversion-perlsubversion-kdesubversion-develsubversion-javahlsubversion-rubysubversion-gnomesubversion-svn2clsubversionlibxml2-devellibxml2-pythonlibxml2libxml2-staticwireshark-gnomewiresharkphp53-imapphp53-ldapphp53-processphp53php53-commonphp53-pspellphp53-bcmathphp53-mbstringphp53-pgsqlphp53-cliphp53-gdphp53-dbaphp53-xmlrpcphp53-snmpphp53-soapphp53-intlphp53-mysqlphp53-pdophp53-develphp53-xmlphp53-odbcgnupgfreeradius2-mysqlfreeradius2-ldapfreeradius2-pythonfreeradius2-postgresqlfreeradius2-utilsfreeradius2-krb5freeradius2freeradius2-perlfreeradius2-unixODBCsamba3x-commonsamba3x-clientsamba3xsamba3x-winbindsamba3x-swatsamba3x-winbind-develsamba-winbind-clientssamba-winbind-krb5-locatorsamba-docsamba-domainjoin-guisamba3x-docsamba3x-domainjoin-guisamba-winbind-develsamba-winbindnss-sysinitfreetype-demosfreetype-develfreetypefinch-develpidgin-perllibpurple-tclpidginpidgin-docslibpurple-devellibpurplepidgin-devellibpurple-perlfinchbusyboxbusybox-anacondakvmkmod-kvmkvm-toolskmod-kvm-debugkvm-qemu-imgruby-rdocruby-libsruby-develruby-docsruby-tcltkrubyruby-riruby-irbruby-modegnutls-guilegnutls-develgnutls-utilsgnutlsinitscriptsmesa-libGLUmesa-libOSMesaglx-utilsmesa-libGL-develmesa-libGLw-develmesa-libGLwmesa-sourcemesa-libGLU-develmesa-libOSMesa-develmesa-libGLmesanspr-develnss-toolsnsprnssnss-pkcs11-develnss-develjava-1.7.0-openjdk-srcjava-1.7.0-openjdkjava-1.7.0-openjdk-develjava-1.7.0-openjdk-javadocjava-1.7.0-openjdk-demolibpnglibpng-staticlibpng-develsamba-commonsamba-clientlibsmbclientsamba-swatlibsmbclient-develsambagnupg2gnupg2-smimelibexif-devellibexifxinetdjava-1.5.0-ibm-develjava-1.5.0-ibm-javacommjava-1.5.0-ibm-demojava-1.5.0-ibm-pluginjava-1.5.0-ibm-accessibilityjava-1.5.0-ibmjava-1.5.0-ibm-srcjava-1.5.0-ibm-jdbcsubscription-manager-guisubscription-manager-firstbootsubscription-managersubscription-manager-migrationxulrunner-develfirefoxxulrunnernscdglibc-commonglibc-utilsglibc-develglibc-headersglibckexec-toolsImageMagick-c++-develImageMagick-c++ImageMagick-develImageMagickImageMagick-perlexpat-develexpatmysql-servermysqlmysql-develmysql-testmysql-benchacroreadacroread-pluginflash-pluginsquirrelmailOpenIPMI-develOpenIPMI-pythonOpenIPMI-toolsOpenIPMI-libsOpenIPMI-perlOpenIPMIOpenIPMI-guilibcurl-develcurlcurl-devellibcurlbind97-chrootbind97-utilsbind97bind97-develbind97-libsjava-1.7.0-ibm-pluginjava-1.7.0-ibmjava-1.7.0-ibm-demojava-1.7.0-ibm-jdbcjava-1.7.0-ibm-srcjava-1.7.0-ibm-develautofskernel-kdumpkernel-debugkernel-xen-develkernel-dockernelkernel-debug-develkernel-develkernel-headerskernel-kdump-develkernel-PAE-develkernel-xenkernel-PAE^redhat-release-.*$oraclelinux-releasethunderbirdjava-1.6.0-openjdk-srcjava-1.6.0-openjdk-javadocjava-1.6.0-openjdkjava-1.6.0-openjdk-demojava-1.6.0-openjdk-develcentos-releaseredhat-releasegtk2gtk2-devel0:4.2.2p1-9.el5.centos.20:4.2.2p1-9.el5_3.20:2.6.18-128.1.10.el50:3.0.11-4.el40:1.9.0.11-3.el50:3.0.11-2.el5.centos0:3.0.11-2.el5_30:1.9.0.11-3.el5_30:0.4.5-31.el4_7.10:0.4.7-23.el5_3.20:0.6.6-3.el5_4.10:3.0.7-1.el40:3.0.7-1.el5.centos0:3.0.7-1.el50:1.9.0.7-1.el50:0.2.8.3-5.80:0.2.8.4-10.20:6.2.0-3.el3.50:6.2.5-6.0.1.el4_8.10:6.3.6-1.1.el5_3.10:1.4.8-5.el5.centos.20:1.4.8-5.el5_2.20:1.4.8-5.el4_7.20:1.4.8-8.el30:2.2.98-2.el5_3.10:2.2.98-5.el4.10:2.2.1-4.el4.11:1.0.9-42.el50:4.1.2-14.el5_3.10:4.0-0.beta4.1.80:4.0-12.el4_7.16:3.5.4-25.el5_4.16:3.5.4-25.el5.centos.16:3.3.1-17.el4_8.10:2.45-1.1.el5_30:75-5.el50:2.6.18-92.1.22.el50:4.3p2-36.el50:1.95.7-4.el4_8.20:1.95.5-6.20:1.95.8-8.3.el5_4.20:5.1.6-23.2.el5_30:2.6.18-128.el50:3.0.16-1.el5_40:1.9.0.16-2.el5_40:3.0.16-4.el40:3.0.16-1.el5.centos0:3.0.3-94.el5_4.10:1.4.8-5.el5.centos.70:1.4.8-5.el5_3.70:1.4.8-13.el30:1.4.8-5.el4_8.50:3.0.14-1.el40:3.0.14-1.el5_40:3.0.14-1.el5.centos0:4.7.5-1.el4_80:1.9.0.14-1.el5_40:4.7.5-1.el5_40:1.1.3-1.5.el5_40:1.2.6-3.10:1.2.9-8.1.10:0.10.20-3.0.1.el5_30:2.2.3-31.el5_4.20:2.2.3-31.el5.centos.20:2.0.46-77.ent0:1.0.7-7.el50:0.10.9-1.el5_3.21:1.3.7-11.el5_4.32:2.7.0-2.el5_2.10:2.6.16-12.60:2.5.10-140:2.6.26-2.1.2.76:3.5.4-22.el5.centos6:3.3.1-14.el46:3.5.4-22.el5_30:1.15-1.2.2.el5_2.20:0.9.4-22.el4_8.10:1.2.7-7.el5_3.10:2.4.3-24.el5_3.60:2.2.3-11.el5_2.40:2.2.3-11.el5.centos.40:2.0.52-41.ent.20:2.0.46-71.ent0:1.0.0-7.el5_2.10:4.1.3-7.1.el5_3.10:1.4.3-70:1.5.22-7.el5_40:1.5.6-5.el4_80:1.0.20-4.el4_8.30:1.4.1-3.el5_3.51:1.6.0.0-0.30.b09.el50:8.15.2-9.4.el5_3.70:1.10.2-0.30E.10:1.10.2-1.el4_8.10:1.11.4-2.el5_4.10:4.3p2-36.el5_4.20:0.24.7-4.el4_8.20:0.25.5-10.el5_4.10:2.6.18-164.6.1.el50:3.0.9-1.el5.centos0:3.0.9-1.el50:3.0.9-1.el40:1.9.0.9-1.el50:4.2.0.a.20040617-8.el4_8.10:4.2.2p1-9.el5_4.10:4.2.2p1-9.el5.centos.2.10:2.6.18-92.1.17.el50:2.6.18-92.1.18.el50:3.0.33-3.15.el5_40:3.0.33-0.18.el4_80:1.0.4-9.el5_4.11:0.7.0-4.el5_30:0.6.16-1.el5_2.11:2.16.0-56.el5.centos1:2.16.0-56.el50:1.8.1-7.el4_8.30:1.8.5-5.el5_3.70:2.10-30:2.10-2.40:3.7-2.20:3.7-1.10:15.5-15.1.el5_3.10:10.25-2.1.el4_7.40:10.35-6.1.el5_3.10:2.6.26-2.1.2.30:2.6.16-12.30:2.5.10-110:2.6.26-2.1.2.40:2.16.0-22.el50:0.12-20.el50:3.0.4-1.el5.centos0:3.12.1.1-3.el50:3.12.1.1-3.el40:3.0.4-1.el50:3.12.1.1-3.el5.centos0:3.0.4-1.el40:1.9.0.4-1.el50:1.18-0.1.beta1.el5_3.20:1.4.1-62:7.0.109-4.el5_2.4z0:3.0.15-3.el5_40:4.7.6-1.el4_80:3.0.15-3.el40:4.7.6-1.el5_40:1.9.0.15-3.el5_40:1.5.1-4.el30:2.5.9-1.el40:2.5.9-1.el51:1.1.2-3.el5_3.31:1.0-11.el31:1.1.0-3.el4_8.20:1.9.0.5-1.el5_20:3.0.5-1.el5.centos0:4.7.3-2.el50:3.0.5-1.el40:3.12.2.0-2.el50:3.12.2.0-1.el40:4.7.3-1.el40:1.9.0.5-1.el50:3.12.2.0-2.el5.centos0:3.0.5-1.el5_20:1.4.8-5.el5.centos.30:1.4.8-9.el30:1.4.8-5.el5_2.30:1.4.8-5.el4_7.30:1.6.4-4.1.1.el5_20:2.5.2-6.el50:2.5.2-6.el41:1.3.7-8.el5_3.61:1.6.0.0-1.2.b09.el50:2.0.0.19-1.el5_20:1.5.0.12-18.el40:2.0.0.19-1.el5.centos0:0.2-33.30E.10:0.2-36.el4_7.10:0.2-39.el5_21:5.1.2-13.el4_7.21:5.0.9-2.30E.251:5.3.1-24.el5_2.22:1.0.16-3.el4_7.32:1.2.7-3.el4_7.22:1.2.10-7.1.el5_3.20:3.6-5.11.27:3.3.1-13.el47:3.5.4-12.el5_30:4.3p2-26.el5_2.10:3.9p1-11.el4_70:1.4.8-5.el5_4.100:1.4.8-5.el4_8.80:1.4.8-16.el30:3.0.12-1.el40:3.0.12-1.el5_30:1.9.0.12-1.el5_30:1.9.0.12-1.el50:3.0.12-1.el5.centos1:1.1.17-13.3.541:1.1.22-0.rc1.9.27.el4_7.11:1.2.4-11.18.el5_2.20:2.0.0.22-2.el5_30:2.0.0.22-2.el5.centos0:5.5.23-0jpp.7.el5_3.20:1.9.0.7-3.el50:3.0.7-3.el40:1.3-32.1.170:7.05-32.1.170:7.07-33.2.el4_7.50:8.15.2-9.4.el5_3.41:1.0-12.el31:1.1.0-3.el4_8.31:1.1.2-3.el5_4.40:4.7.4-1.el5_3.10:3.12.3.99.3-1.el5_3.20:2.45-1.el5_2.10:2.0.0.21-1.el5.centos0:1.5.0.12-19.el40:2.0.0.21-1.el50:1.1.4-3.el4_8.20:1.4.2-4.el5_3.11:2.3.0-6.5.2.el5_20:2.6.18-128.4.1.el50:2.6.18-164.el50:4.3.2-48.ent0:5.1.6-20.el5_2.10:1.5.1-2.el40:1.5.1-2.el30:2.3.1-2.el5_20:179-11.EL30:215-5.el5_2.20:192-8.el4_7.21:1.6.0.35-1.13.7.1.el7_11:1.6.0.35-1.13.7.1.el6_61:1.6.0.35-1.13.7.1.el5_111:1.2.4-11.18.el5_2.30:7.15.5-2.1.el5_3.50:7.12.1-11.1.el4_8.10:7.10.6-10.rhel30:1.6.7-4.1.el5_2.40:2.3.3-2.1.el5_20:2.6.18-92.1.13.el57:3.5.4-13.el5_30:2.0.0.18-1.el50:2.0.0.18-1.el5.centos0:1.5.0.12-17.el41:1.1.2-44.2.0.EL31:1.1.5-10.6.0.7.EL4.11:2.0.4-5.7.0.6.0.11:2.3.0-6.11.el5_4.10:2.5.5-2.el40:2.5.5-3.el530:9.3.6-4.P1.el5_4.10:2.6.14-1.el5_3.30:2.5.8-1.el50:2.5.8-1.el40:1.6.9p17-3.el5_3.10:2.2.1-21.el5_30:2.2.14-1.el5_2.10:1.0.6-EL3.30:1.0.6-2.el5_30:1.0.6-2.el4_71:1.7.0.79-2.5.5.2.el5_110:1.49-2.el5_3.10:0.9.4-22.el4_8.20:1.2.7-7.el5_3.20:0.9.4-24.9.el4_8.20:1.2.7-11.el5_3.11:1.1.5-10.6.0.7.EL41:1.1.2-43.2.0.EL31:2.0.4-5.7.0.6.01:2.3.0-6.5.4.el5_20:2.12.3-4.el5_3.10:3.0.1-1.el50:2.16.0-20.el50:0.9.91.5-22.el50:0.12-18.el50:1.9.0.1-1.el50:2.0.115-1.el50:2.7.1-7jpp.2.el5_4.20:2.6.3-2.el40:2.6.3-2.el50:3.0.6-1.el50:3.12.2.0-4.el50:3.0.6-1.el40:3.12.2.0-3.el40:1.9.0.6-1.el50:0.3.3-7.el4_70:0.6.5-9.el5_2.30:0.2.5-0.7.rhel3.50:0.51.5-2.el30:0.51.6-10.el4_8.10:0.52.2-12.el5_4.10:1.0.2-14.el4_70:1.0.2-12.EL30:2.1.30-8.el4_6.50:2.3.27_2.2.29-8.el5_2.40:2.2.13-8.el4_6.50:2.3.27-8.el5_2.40:2.5.10-130:2.6.26-2.1.2.60:2.6.16-12.50:1.1.17-2.el5_2.20:1.1.11-1.el4_7.20:2.16.0-19.el50:3.0-2.el5.centos0:0.12-17.el50:3.0-2.el50:1.9-1.el50:2.3.7-2.el5_3.20:2.2.12-10.el4_8.10:1.4.1-3.el5_2.10:1.0.3-3.el4_70:1.0.3-EL3.30:1.0.3-4.el5_20:3.0.2-3.el50:3.0.2-3.el5.centos0:0.12-19.el50:2.16.0-21.el50:3.0.2-3.el40:1.9.0.2-5.el50:3.12.1.1-1.el50:3.12.1.1-1.el5.centos.130:9.3.4-6.0.3.P1.el5_230:9.2.4-30.el4_7.130:9.2.4-23.el30:2.6.18-92.1.10.el50:1.8.5-5.el5_2.30:1.8.1-7.el4_6.10:7.15.5-2.1.el5_3.40:7.12.1-11.1.el4_7.10:7.10.6-9.rhel30:1.6.4-4.1.1.el5_20:3.8.2-7.el5_2.20:2.6.18-128.1.1.el50:3.6-5.11.40:2.8.5-28.1.el5_2.10:2.8.5-11.30:2.8.5-18.2.el4_7.10:2.6.16-12.71:1.8.17-9.30:2.6.26-2.1.2.80:2.5.10-150:1.8.17-9.30:0.6.2-2.el4_70:0.7.2-3.el5_30:0.1.62-1.el50:1.14.9-5.el5.centos0:1.2.5-80:1.6.0-14.4_70:1.14.9-11.el4_70:1.14.9-5.el5_30:7.4.26-1.el4_8.10:8.1.18-2.el5_4.10:2.6.14-1.el5_3.20:3.0.3-64.el5_2.30:3.7.11-4.el50:0.9.2-4.el4_8.10:0.11.1-6.el5_4.10:4.2.2p1-9.el5_3.10:4.2.2p1-9.el5.centos.10:4.2.0.a.20040617-8.el4_7.10:0.5.4-4.4.el5_4.111:1.6.0.0-1.7.b09.el57:3.5.4-15.el5_4.20:0.10.9-1.el5_3.10:1.0.8-EL3.10:1.0.8-1.el4_8.10:1.0.8-1.el5_3.10:5.0.77-3.el51:1.0.9-35z.el5_20:3.5.7-33.el30:3.8.2-7.el5_3.40:3.6.1-12.el4_8.40:0.5.4-4.4.el5_3.90:2.6.18-164.9.1.el51:3.0.0-3.2.el5_30:0.5.3-12.el5_2.90:1.0.3-2.el4_7.10:1.0.2-40:1.0.4-7.el5_3.10:2.2.3-22.el5_3.10:2.2.3-22.el5.centos.10:2.6.18-128.1.6.el50:2.4.6-137.1.el50:2.4.6-137.1.el5_230:9.3.4-6.0.1.P1.el5_230:9.3.4-6.0.2.P1.el5_20:1.17.30-2.150.el430:9.2.4-28.0.1.el430:9.2.4-22.el30:3.0.3-64.el5_2.90:2.6.2-2.el40:2.6.2-2.el50:2.3.7-7.el5_4.30:2.2.12-10.el4_8.40:0.9.8e-12.el50:1.8.0-37.el4_7.20:1.12.3-10.el5_3.30:3.0.10-1.el5.centos0:3.0.10-1.el40:3.0.10-1.el50:1.9.0.10-1.el50:2.0.0.16-1.el50:1.5.0.12-14.el40:0.9.6b-22.46.el4_70:0.9.6b-16.490:0.9.8b-10.el5_2.10:0.9.7a-43.17.el4_7.20:0.9.7a-33.250:0.9.7a-9.el5_2.10:095-14.20.el5_30:1.5.0.12-16.el40:2.0.0.17-1.el50:2.0.0.17-1.el5.centos0:1.8.1-7.el4_7.20:1.8.5-5.el5_2.60:1.10.2.3-36.el5_110:4.8.0-38.el6_60:4.4.2.3-36.el5_110:1.1.1-48.107.el5.centos0:1.1.1-48.107.el5_1130:9.3.4-10.P1.el5_3.330:9.3.4-10.P1.el5_3.20:2.6.18-128.7.1.el50:2.6.18-128.1.14.el51:1.1.22-0.rc1.9.27.el4_7.51:1.3.7-8.el5_3.432:9.9.4-14.el7_0.130:9.3.6-25.P1.el5_11.232:9.8.2-0.30.rc1.el6_6.10:3.0.3-146.el5_110:0.9.8e-33.el5_1132:9.7.0-21.P2.el5_11.10:0.6.5-13.el5_3.10:4.2.2p1-18.el5.centos0:4.2.2p1-18.el5_110:31.3.0-1.el5_110:31.3.0-1.el6.centos0:31.3.0-1.el6_60:31.3.0-1.el5.centos0:2.6.18-400.1.1.el50:1.6.1-31.el5_3.30:5.5.23-0jpp.7.el5_2.10:2.2.3-22.el5.centos.20:2.2.3-22.el5_3.20:5.5.40-2.el50:2.5-123.el5_11.10:5.3.3-26.el5_110:2.6.18-400.el5^3\D.+$2:2.0.16-14.1.RHEL32:2.2.10-1.2.1.el4_72:2.3.3-2.1.el5_2^4\D.+$0:1.8.5-5.el5_2.50:1.8.1-7.el4_7.10:5.1.6-45.el5_110:3.16.2.3-1.el7_00:3.16.2.3-1.el5_110:3.16.2.3-2.el7_00:3.16.2.3-3.el6_60:3.16.2.3-2.el6_60:31.3.0-3.el7.centos0:31.3.0-4.el5_110:31.3.0-4.el5.centos0:31.3.0-3.el6.centos0:31.3.0-3.el6_60:31.3.0-3.el7_00:1.2.2-1.0.6.el5_110:2.6.26-2.1.25.el5_110:1.7.2p1-28.el50:4.1-81.el50:3.6.6-0.136.el50:2.6.18-371.el50:5.3.3-27.el6_5.20:5.3.3-24.el51:1.6.0.33-1.13.5.0.el6_61:1.6.0.33-1.13.5.0.el7_01:1.6.0.33-1.13.5.0.el5_111:1.7.0.71-2.5.3.1.el5_110:31.2.0-2.el5_110:31.2.0-2.el5.centos0:1.3.8-2.el51:1.6.0.85-1jpp.3.el5_111:1.6.0.85-1jpp.2.el71:1.6.0.85-1jpp.2.el60:1.6.11-10.el6_50:1.6.11-12.el5_100:1.33.1-15.el50:0.9.8e-31.el5_110:1.5.1-70.el50:1.1.1-48.90.el51:1.7.0.72-1jpp.2.el71:1.7.0.72-1jpp.4.el5_111:1.7.0.72-1jpp.2.el60:31.2.0-3.el5_110:31.2.0-3.el6_60:31.2.0-1.el7_00:31.2.0-3.el7_00:31.2.0-1.el7.centos0:31.2.0-3.el5.centos0:31.2.0-3.el7.centos0:0.12.2-81.el5.centos0:1.2.1-7.5.el6_50:1.2.1-2jpp.8.el5_100:5.8.10-9.el6_60:5.8.12-5.el5_110:1.6.1-78.el50:1.6.1-78.el50:3.16.1-4.el5_110:3.16.2-2.el7_00:3.14.3-12.el6_50:3.16.1-7.el6_50:3.16.1-2.el6_50:3.16.2-7.el7_00:3.16.1-2.el6_50:3.14.3-12.el6_50:3.16.2-7.el7_00:3.16.1-7.el6_50:3.16.2-2.el7_00:3.16.1-4.el5_110:1.6.1-80.el5_110:1.6.1-80.el5_110:3.16.1-2.el57:3.1.10-22.el6_57:2.6.STABLE21-7.el5_100:11.2.202.406-1.el50:11.2.202.406-1.el60:1.9.6-3.el50:2.6.18-371.12.1.el50:3.2-33.el5_10.40:4.2.45-5.el7_0.40:4.1.2-15.el6_5.20:3.2-33.el5_11.40:24.8.0-2.el5.centos0:24.8.0-1.el7_00:24.8.0-1.el7.centos0:24.8.0-2.el5_100:24.8.0-1.el6_50:24.8.0-1.el5.centos0:24.8.0-1.el6.centos0:24.8.0-1.el5_100:3.2-33.el5.10:4.2.45-5.el7_0.20:4.1.2-15.el6_5.11:3.0-7jpp.4.el5_101:3.1-16.el7_01:3.1-0.9.el6_50:3.22-17.1.2.el5_100:3.22-25.1.el6_5.10:3.22-34.el7_0.10:3.22-17.1.20:3.16.1-2.el50:3.16.1-2.el50:1.0.15-7.el5_111:1.6.0.16.1-1jpp.1.el6_51:1.6.0.16.1-1jpp.1.el5_100:2.17-55.el7_0.10:2.12-1.132.el6_5.40:2.5-118.el5_10.30:11.2.202.400-1.el60:11.2.202.400-1.el51:1.5.0.16.7-1jpp.1.el5_101:1.5.0.16.7-1jpp.1.el6_50:0.9.8e-27.el5_10.40:5.3.3-27.el6_5.10:5.3.3-23.el5_101:0.9-6.el5_101:1.7.0.7.1-1jpp.1.el5_101:1.7.0.7.1-1jpp.1.el6_532:9.7.0-21.P2.el532:9.7.0-21.P2.el51:1.6.0.81-1jpp.1.el5_101:1.6.0.81-1jpp.1.el6_51:2.2.15-31.el6_51:2.2.15-31.el6.centos1:2.2.3-87.el5_101:2.2.3-87.el5.centos0:2.2.3-87.el5_100:2.2.15-31.el6.centos0:2.2.15-31.el6_50:2.2.3-87.el5.centos1:1.6.0.0-6.1.13.4.el6_51:1.6.0.0-6.1.13.4.el5_101:1.6.0.0-6.1.13.4.el7_00:4.10.6-1.el7_00:3.15.4-7.el7_00:4.10.6-1.el5_100:3.15.3-7.el5_101:1.7.0.65-1jpp.1.el6_51:1.7.0.65-1jpp.2.el5_100:3.6.6-0.140.el5_100:3.6.9-169.el6_50:24.7.0-1.el7.centos0:24.7.0-1.el7_00:2.6.18-371.11.1.el51:1.7.0.65-2.5.1.2.el5_100:11.2.202.394-1.el60:11.2.202.394-1.el50:3.6.6-0.140.el5_100:3.6.9-169.el6_51:1.7.0.65-2.5.1.2.el5_100:11.2.202.378-1.el50:11.2.202.378-1.el60:24.5.0-1.el6.centos0:24.5.0-1.el5_100:24.5.0-1.el6_50:24.5.0-1.el5.centos0:24.7.0-1.el5.centos0:24.7.0-1.el6_50:24.7.0-1.el5_100:24.7.0-1.el6.centos1:1.5.0.16.6-1jpp.1.el5_101:1.5.0.16.6-1jpp.1.el6_50:11.2.202.359-1.el50:11.2.202.359-1.el60:0.9.8e-27.el5_10.30:1.2.9-4jpp.8.el5_100:1.4.1-16.el5_100:11.2.202.356-1.el60:11.2.202.356-1.el51:1.7.0.55-2.4.7.1.el5_100:2.6.18-371.8.1.el51:1.6.0.75-1jpp.1.el6_51:1.6.0.75-1jpp.3.el5_101:2.2.3-85.el5_101:2.2.3-85.el5.centos0:2.2.3-85.el5.centos0:2.2.3-85.el5_101:1.7.0.55-1jpp.1.el6_51:1.7.0.55-1jpp.2.el5_101:1.6.0.16.0-1jpp.1.el6_51:1.6.0.16.0-1jpp.1.el5_101:1.6.0.0-5.1.13.3.el6_51:1.6.0.0-5.1.13.3.el5_100:11.2.202.350-1.el50:11.2.202.350-1.el60:5.5.37-1.el50:1.0.15-6.el5_100:2.7.0-9.9.el6_50:2.7.0-6jpp.20:2.3.43_2.2.29-27.el5_100:2.3.43-27.el5_10^7.*$^7.*$^7.*$0:24.6.0-1.el7.centos0:24.6.0-1.el5_100:24.6.0-1.el5.centos0:24.6.0-1.el7_00:24.6.0-1.el6_50:24.6.0-1.el6.centos0:3.6.6-0.139.el5_100:3.6.9-168.el6_50:2.6.18-371.6.1.el50:1.7.2p1-29.el5_100:8.1.23-10.el5_100:2.6.18-371.9.1.el50:3.8.2-19.el5_100:5.5.36-2.el50:11.2.202.341-1.el50:11.2.202.341-1.el60:2.6.32-27.2.el6_50:2.6.32-7.3.el5_100:8.4.20-1.el6_50:8.4.20-1.el5_100:5.1.6-44.el5_100:0.9.7a-12.el5_10.10:0.9.8e-18.el6_5.20:24.4.0-1.el5.centos0:24.4.0-1.el6.centos0:24.4.0-1.el5_100:24.4.0-1.el6_50:11.2.202.346-1.el50:11.2.202.346-1.el60:1.4.1-14.el5_101:5.3.2.2-22.el5_10.11:1.7.0.7.0-1jpp.1.el5_101:1.7.0.7.0-1jpp.1.el6_50:3.0.33-3.40.el5_101:1.6.0.15.1-1jpp.1.el5_101:1.6.0.15.1-1jpp.1.el6_50:11.2.202.335-1.el50:11.2.202.335-1.el60:2.6.18-371.4.1.el50:0.8.4-26.el5_10.10:83-266.el5.centos.10:83-266.el5_10.10:11.2.202.336-1.el60:11.2.202.336-1.el52:1.2.10-7.1.el5_5.30:2.3.43_2.2.29-12.el5_5.10:2.3.43-12.el5_5.10:2.2.1-28.el5_50:10.1.82.76-1.el50:1.9.2.11-4.el5_50:1.9.2.11-2.el50:3.12.8-1.el50:3.6.11-2.el57:3.5.4-17.el5_5.10:83-164.el5_5.251:1.5.0.12.2-1jpp.1.el54:5.8.8-32.el5_5.10:1.4.2.13.5-1jpp.1.el50:2.0.0.24-10.el5_50:3.6.9-2.el50:1.9.2.9-1.el50:3.12.7-2.el50:4.8.6-1.el50:9.3.4-1.el50:3.6.7-3.el50:1.9.2.7-3.el50:1.3.9-3.el6_0.10:1.2.7-11.el5_5.20:0.6.16-9.el5_50:3.6.7-2.el50:1.9.2.7-2.el50:5.0.77-4.el5_5.40:9.4.0-1.el51:1.39.1-1.el5_5.10:10.1.102.64-1.el50:2.0.0.24-9.el51:1.6.0.9.0-1jpp.4.el61:1.6.0.9.0-1jpp.3.el50:0.5.4-4.4.el5_5.141:1.3.7-18.el5_5.40:2.6.18-194.11.4.el50:2.0.10-3.el5_5.10:0.98.6-5.el5_5.230:9.3.6-4.P1.el5_5.31:1.7.0.6.1-1jpp.1.el5_101:1.7.0.6.1-1jpp.1.el6_50:0.3.0-4.el5_50:1.4.2.13.7-1jpp.3.el50:2.3.11-6.el6_0.20:2.2.1-28.el5_5.10:2.6.18-194.17.1.el50:2.6.6-5.el5_50:9.4.1-1.el50:9.4.1-1.el61:1.6.0.8.1-1jpp.2.el50:1.4.4-4.el5_50:3.0-33.8.el5_5.50:1.6.1-36.el5_5.61:1.5.0.11.2-1jpp.1.el50:9.3.3-1.el50:2.0.0.24-6.el50:2.02.56-7.el5_5.40:1.7.2p1-6.el5_50:8.1.22-1.el5_5.10:8.4.5-1.el5_5.11:1.3.7-18.el5_5.80:3.0.33-3.29.el5_5.10:2.2.1-25.el5_50:83-164.el5_5.300:6.2.8.0-4.el5_5.20:1.1.1-48.76.el5_5.10:2.7.9-27.el60:2.6.6-32.el50:2.5-49.el5_5.60:2.6.18-274.12.1.el57:2.6.STABLE21-6.el50:0.9.8e-12.el5_4.60:3.6.22-1.el6_10:3.6.22-1.el5_70:1.9.2.22-1.el5_70:1.9.2.22-1.el6_10:3.6.23-2.el5_70:1.9.2.23-1.el5_70:1.9.2.23-1.el6_1.10:3.6.23-2.el6_11:1.6.0.0-3.1.13.1.el6_51:1.6.0.0-3.1.13.1.el5_100:3.7.2-4.el50:0.4.1-4.el51:1.5.0.11.1-1jpp.3.el56:3.5.4-21.el5_5.10:2.6.18-164.10.1.el50:2.6.5-1.el50:7.15.5-9.el50:83-105.el5_4.220:0.99.6.2-6.el5_5.20:3.0.2-38.3.el5_7.10:2.6.18-194.26.1.el52:1.15.1-23.0.1.el5_4.20:5.5.23-0jpp.22.el5_70:4.2.1-1.el5_7.10:1.4.2.13.10-1jpp.1.el50:1.6.1-63.el5_70:3.0.18-1.el5_40:1.9.0.18-1.el5_40:3.0.19-1.el5_50:1.9.0.19-1.el5_50:3.8.2-7.el5_5.50:8.4.4-1.el5_5.10:0.0-6.20091205snap.el5_5.30:1.7.2p1-7.el5_50:4.2.1-9.1.el6_20:3.6-5.16.10:9.3.1-1.el50:5.0.77-4.el5_5.30:9.4.6-1.el60:9.4.6-1.el50:0.0-6.20091205snap.el5_5.20:2.2.3-43.el5_5.31:1.5.0.12.5-1jpp.1.el61:1.5.0.12.5-1jpp.1.el51:1.6.0.22-1jpp.1.el50:2.2.3-53.el5_7.30:1.3.5-11.el5_4.10:0.6.3-33.el5_5.30:1.6.9p17-6.el5_41:1.5.0.13.0-1jpp.1.el61:1.5.0.13.0-1jpp.1.el50:83-105.el5_4.2732:9.7.3-2.el6_1.P3.330:9.3.6-16.P1.el5_7.10:0.1.34-12.el50:1.9.2.20-3.el6_10:1.9.2.20-3.el5_70:5.5.23-0jpp.9.el5_50:1.5.0.22-1jpp.3.el50:3.0.33-3.29.el5_50:1.1.2-52.el5_50:1.2.0-52.el5_50:3.3.8-0.52.el5_50:1.1.2-16.el5_71:1.2.24-5.el6_11:1.5.0.16.5-1jpp.1.el5_101:1.5.0.16.5-1jpp.1.el6_50:2.6.18-194.11.1.el50:2.0.33-9.4.el5_4.21:1.6.0.19-1jpp.1.el51:0.7.0-9.el5_40:3.1.6-39.el5_5.10:2.6.18-194.11.3.el50:2.3.16-6.el6_1.40:2.3.7-12.el5_7.20:3.7.11-4.el5_5.30:2.0.0.24-24.el50:3.1.12-2.el6_10:9.3.2-1.el50:1.4.1-2.el6_10:1.2.2-1.0.4.el5_70:4.63-5.el5_5.20:8.13.8-8.el50:10.1-2.el50:1.2-11.el6_00:1.1-3.el5_5.31:1.7.0.51-2.4.4.1.el5_100:0.3.0-54.el5_5.20:1.0.3-6.el5_50:3.12.10-4.el5_70:3.12.9-12.el6_10:4.8.8-1.el5_70:10.3.183.10-1.el50:10.3.183.10-1.el60:0.9.8e-12.el5_5.70:1.6.1-36.el5_5.20:83-164.el50:7.0.2-11.el51:1.3.7-11.el5_4.60:2.0.0.24-18.el5_60:5.1.6-27.el5_5.30:1.0.15-1.el5_5.10:0.5.1-17.el5_50:1.3-9.el50:2.3.16-6.el6_1.30:2.3.7-12.el5_7.10:2.0.0.24-26.el5_70:2.0.0.24-27.el5_70:2.2.1-28.el5_7.20:2.3.11-6.el6_1.80:1.9.6-2.3.el50:1.7.9-7.el5.20:1.6.3-8.el5.10:1.4p6-13.el5.10:1.5-16.el5.21:1.6.0.29-1jpp.1.el51:1.6.0.29-1jpp.1.el60:2.6.18-194.17.4.el532:9.7.3-2.el6_1.P3.232:9.7.3-2.el6_1.P3.232:9.7.0-6.P2.el5_6.30:2.2.3-53.el5_7.10:2.2.15-9.el6_1.20:1.10.2.3-20.el5_5.10:4.4.2.3-20.el5_5.10:2.5-49.el5_5.70:1.2.0-52.el5_5.20:1.1.2-52.el5_5.20:3.3.8-0.52.el5_5.212:3.0.5-29.el5_7.112:4.1.1-19.P1.el6_1.10:10.3.183.5-1.el60:10.3.183.5-1.el50:10.1.85.3-1.el51:1.6.0.9.2-1jpp.2.el61:1.6.0.9.2-1jpp.2.el50:3.0.6-4.el50:1.0.7-7.el5_7.11:2.0.9-2.el6_1.10:10.35.58-8.el5_7.30:2.6.18-194.8.1.el50:2.6.18-238.12.1.el50:2.2-35.4.el5_50:2.0.0.24-25.el50:3.1.14-1.el6_10:0.6.16-10.el5_60:3.0.3-132.el5_7.20:3.2-32.el52:1.2.10-7.1.el5_7.50:2.2.1-28.el5_7.10:2.3.11-6.el6_1.70:0.8.4-4.el5_4.20:3.6.13-2.el50:1.9.2.13-3.el50:3.6.13-2.el6_00:1.9.2.13-3.el6_032:9.7.0-6.P2.el5_7.40:4.1.2-46.el5_4.21:1.6.0.0-1.11.b16.el50:1.1.1-48.76.el5_7.50:1.7.7-29.el6_1.20:1.3.9-3.el6_1.20:1.2.7-11.el5_6.50:10.2.153.1-1.el50:10.2.153.1-1.el60:2.6.18-274.el51:3.1.1-19.5.el5_5.11:1.6.0.0-1.39.b17.el6_01:1.6.0.0-1.39.b17.el6_01:1.6.0.0-1.20.b17.el50:4.8.8-1.el6_10:3.12.10-1.el6_10:3.12.10-2.el6_10:3.12.10-7.el5_70:3.0.3-120.el5_6.20:1.5.1-37.el50:2.4.3-44.el50:2.4.3-43.el50:1.6.0-8.el6_0.10:1.6.0-8.el6_0.10:1.6.0-3.el5_6.21:2.3.0-6.11.el5_4.40:4.1.2-50.el50:0.8.2-15.el5_6.40:1.6.11-7.el5_6.10:7.19.7-26.el6_1.10:7.19.7-26.el6_1.10:7.15.5-9.el5_6.330:9.3.6-4.P1.el5_4.20:10.3.181.14-1.el60:10.3.181.14-1.el50:1.4.2.13.8-1jpp.3.el50:1.1.2-15.el5_61:1.2.24-4.el6_00:1.4.5-3.el6_50:1.2.2-1.0.5.el5_100:3.8.2-7.el5_6.70:3.9.4-1.el6_0.21:1.5.0.12.3-1jpp.1.el51:1.5.0.12.3-1jpp.2.el62:2.6.6-2.2.el6_12:2.6.6-2.2.el6_12:2.3.3-2.3.el5_60:3.5.4-68.el6_0.20:3.5.4-68.el6_0.20:3.0.33-3.29.el5_6.20:2.6.18-238.19.1.el50:10.0.45.2-1.el50:0.8.2-22.el50:2.6.6-1.el50:2.6.18-274.7.1.el50:1.9.2.20-2.el6_10:3.6.20-2.el6_10:3.6.20-2.el50:1.9.2.20-2.el50:0.9.7a-9.el5_4.20:3.5.4-0.83.el5_7.20:2.5-58.el5_6.20:2.3.43_2.2.29-12.el5_6.70:2.3.43-12.el5_6.70:2.6.18-164.15.1.el51:1.6.0.24-1jpp.1.el61:1.6.0.24-1jpp.1.el50:10.2.152.27-1.el60:10.2.152.27-1.el50:2.2.2-6.el6_0.10:2.2.2-6.el6_0.10:2.0.5-16.el5_6.10:0.56.13-4.el6_0.10:0.54.7-2.1.el5_5.20:75-5.el5_7.20:82-6.el6_1.30:83-164.el5_5.210:1.4.1-3.el5_4.80:8.4.7-1.el5_6.10:2.6.18-238.5.1.el50:7.3.6-49.el60:7.3-9.el5_60:2.0.0.24-14.el5_60:1.1.2-12.el5_4.10:1.6.1-55.el5_6.10:3.9.8-33.el6_0.10:3.9.8-33.el6_0.10:1.6.7-6.el5_6.10:3.9.8-11.el5_6.11:1.5.0.12.3-1jpp.2.el51:1.5.0.12.3-1jpp.3.el60:2.6.18-194.3.1.el50:1.4.2.13.6-1jpp.2.el50:2.3.43_2.2.29-12.el50:2.3.43-12.el50:0.9.8e-12.el5_4.10:8.1.23-1.el5_7.20:8.4.9-1.el6_1.10:8.4.9-1.el5_7.10:2.2-2.3.el5_50:2.6.18-164.11.1.el50:3.5.10-24.el6_1.16:3.5.4-26.el5_7.10:8.1.21-1.el5_5.10:2.6.6-5.el5_7.10:1.0.15-1.el5_6.40:1.9.2.24-2.el5_70:3.6.24-3.el6_10:3.6.24-3.el5_70:1.9.2.24-2.el6_1.10:5.3.3-1.el5_7.30:5.3.3-3.el6_1.30:3.6.17-1.el6_00:1.9.2.17-4.el6_00:3.6.17-1.el5_60:3.6.17-1.el5.centos0:1.9.2.17-4.el6_00:1.9.2.17-3.el50:3.6.17-1.el6_00:1.9.2.17-3.el5_60:1.6.1-36.el5_4.11:1.6.0.0-1.17.b17.el50:2.6.18-238.1.1.el51:1.6.0.26-1jpp.1.el51:1.6.0.26-1jpp.1.el60:2.0.0.24-13.el5_532:9.7.3-2.el6_1.P1.132:9.7.3-2.el6_1.P1.132:9.7.0-6.P2.el5_6.20:4.63-5.el5_6.20:2.0.52-21.el50:9.4.2-3.el6_00:9.4.2-1.el54:5.8.8-32.el5_7.60:2.0.0.24-21.el51:1.6.0.0-1.16.b17.el51:1.6.0.0-1.36.b17.el6_01:1.6.0.0-1.36.b17.el6_01:1.6.0.0-1.18.b17.el512:4.1.1-12.P1.el6_0.412:4.1.1-12.P1.el6_0.412:3.0.5-23.el5_6.42:2.2.13-2.0.7.el5_6.20:0.10.2-29.el6_5.30:24.3.0-2.el5_100:24.3.0-2.el6_50:5.3.3-1.el5_6.10:10.2.159.1-1.el60:10.2.159.1-1.el51:1.6.0.20-1jpp.1.el50:2.2-2.3.el5_6.10:1.4.2.13.9-1jpp.1.el50:3.6.4-8.el50:1.1.0-12.el50:2.16.7-7.el50:0.12-21.el50:2.14.2-7.el50:1.9.2.4-10.el50:2.16.0-26.el50:3.12.8-3.el6_00:3.12.8-3.el6_00:3.12.8-4.el5_60:2.6.18-194.32.1.el50:83-224.el50:2.6.26-2.1.15.el5_8.60:2.7.6-8.el6_3.43:2.1.9-6.el5_6.10:11.2.202.251-1.el60:11.2.202.251-1.el50:1.10.2.3-22.el5_7.20:4.4.2.3-22.el5_7.20:4.8.0-16.el6_1.10:0.9.7-5.el5_4.30:0.7.32.10-1.el5_7.10:0.12.2-24.el5_6.10:1.8.5-19.el5_6.10:10.3.183.11-1.el50:10.3.183.11-1.el60:1.14.9-8.el5_7.30:3.9.4-1.el6_0.10:3.9.4-1.el6_0.10:3.8.2-7.el5_6.61:1.6.0.9.1-1jpp.1.el51:1.6.0.9.1-1jpp.1.el60:0.73-10.el5_51:0.7.0-10.el5_5.10:2.3.16-6.el6_1.20:2.3.16-6.el6_1.20:2.3.7-7.el5_6.41:1.5.0.15.0-1jpp.1.el6_31:1.5.0.15.0-1jpp.1.el5_80:8.70-14.el5_8.10:8.70-14.el6_3.10:0.8.7-3.1.el5_80:2.6.18-308.20.1.el50:11.2.202.243-1.el60:11.2.202.243-1.el52:2.3.3-2.2.el5_60:4.8.4-1.el5_40:3.12.6-1.el5_40:2.6.26-2.1.15.el5_8.50:2.7.6-8.el6_3.30:8.4.12-1.el6_20:8.4.12-1.el5_80:2.6.18-308.13.1.el50:2.6.6-5.el5_7.40:4.9.1-4.el5_80:3.13.5-4.el5_81:1.6.0.0-1.23.1.9.10.el5_71:1.6.0.0-1.40.1.9.10.el6_10:3.0.3-135.el5_8.40:1.6.1-36.el5_5.40:8.1.23-6.el5_80:10.0.8-2.el5.centos0:2.6.21-5.el5_7.60:2.6.32-4.el6_1.40:1.1.26-2.el6_3.10:1.1.17-4.el5_8.30:1.2.9-8.1.20:3.9.4-6.el6_30:3.8.2-15.el5_80:2.6.18-238.el50:2.6.18-194.el50:10.0.6-2.el5_80:3.5.4-0.70.el5_6.10:2.5-81.el5_8.430:9.3.6-20.P1.el5_8.40:11.2.202.258-1.el60:11.2.202.258-1.el50:1.3.9-3.el6_0.10:1.2.7-11.el5_6.40:1.4.2.13.8-1jpp.2.el50:10.3.181.22-1.el60:10.3.181.22-1.el532:9.8.2-0.10.rc1.el6_3.230:9.3.6-20.P1.el5_8.20:1.3-4.el5_6.10:2.2.1-26.el5_50:2.0.0.24-2.el5_40:2.6-23.el5_4.10:3.0.33-3.29.el5_7.40:1.28.1-3.el6_0.30:1.28.1-3.el6_0.30:1.14.9-8.el5_6.21:3.1.1-19.10.el5_8.10:8.1.23-4.el5_80:83-249.el5.centos.50:83-249.el5_8.50:2.3.11-6.el6_2.90:2.2.1-31.el5_8.10:83-249.el5.centos.40:83-249.el5_8.40:2.0.0.24-8.el51:1.6.0.11.0-1jpp.1.el6_31:1.6.0.11.0-1jpp.1.el5_80:1.9.2.18-2.el6_10:3.6.18-1.el6_10:3.6.18-1.el5_60:1.9.2.18-2.el6_10:3.6.18-1.el6_10:3.6.18-1.el5.centos0:1.9.2.18-2.el5_60:10.0.7-2.el5_832:9.7.0-10.P2.el5_8.20:10.0.5-1.el5.centos0:10.0.5-1.el6.centos0:10.0.5-1.el5_80:10.0.5-1.el6_20:1.9.2.15-2.el6_00:1.9.2.15-2.el6_00:1.9.2.15-2.el5_61:1.6.0.0-1.28.1.10.10.el5_80:5.5.23-0jpp.17.el5_60:5.0.77-4.el5_4.20:10.0.5-2.el6.centos0:10.0.5-2.el5.centos0:10.0.5-2.el5_80:10.0.5-2.el6_20:5.3.3-7.el5_81:1.6.0.8-1jpp.1.el50:2.13-0.59.el50:5.5.23-0jpp.31.el5_81:1.1.2-3.el5_7.61:1.2.3-4.el6_2.10:10.3.183.18-1.el50:10.3.183.18-1.el61:1.6.0.10.1-1jpp.5.el6_21:1.6.0.10.1-1jpp.1.el50:5.3.3-13.el5_80:1.7.2p1-8.el5_51:1.5.0.13.1-1jpp.2.el6_21:1.5.0.13.1-1jpp.1.el50:3.5.10-0.108.el5_80:2.6.18-308.8.1.el50:5.1.6-34.el5_80:5.3.3-3.el6_2.80:5.1.6-24.el5_4.50:0.9.8e-22.el5_8.40:1.0.0-20.el6_2.50:0.4.20-33.el5_5.21:3.1.1-19.5.el5_5.60:8.1.23-5.el5_80:10.3.183.20-1.el60:10.3.183.20-1.el50:9.3-1.el50:3.9.4-9.el6_30:3.8.2-18.el5_81:1.6.0.0-1.28.1.10.9.el5_80:2.6.18-274.18.1.el50:0.9.8e-17.el6.centos.20:0.9.7a-11.el5_8.20:0.9.8e-17.el6_2.20:1.0.0-20.el6_2.40:0.9.8e-22.el5_8.30:2.5-65.el5_7.30:1.4.2.13.11-1jpp.1.el50:0.9.8e-20.el5_7.1.0.1.centos0:0.9.8e-20.el5_7.112:3.0.5-31.el5_8.10:8.4.13-1.el6_30:8.4.13-1.el5_80:2.5-81.el5_8.12:1.2.46-2.el6_22:1.2.10-15.el5_71:3.1.1-19.10.el5_8.40:2.6.18-308.8.2.el50:5.1.6-27.el5_7.40:3.0.33-3.39.el5_80:3.5.10-115.el6_20:2.6.18-308.el50:10.0.8-2.el6_30:10.0.8-2.el6.centos0:10.0.8-2.el5_80:8.4.11-1.el6_20:8.4.11-1.el5_80:5.3.3-3.el6_2.50:5.3.3-1.el5_7.51:1.5.0.14.0-1jpp.1.el6_31:1.5.0.14.0-1jpp.1.el5_80:1.8.5-22.el5_7.10:0.98.6-7.el5_8.10:3.0-33.15.el5_8.11:3.2.1-19.6.el6_2.71:3.1.1-19.10.el5_8.31:1.3.7-30.el50:1.49-4.el5_80:2.15.1-4.el6_30:5.1.6-27.el5_7.50:5.3.3-3.el6_2.60:10.3.181.26-1.el60:10.3.181.26-1.el50:10.0.8-1.el6.centos0:10.0.8-1.el5.centos0:10.0.8-1.el5_80:10.0.8-1.el6_30:1.7-9.62.el530:9.3.6-20.P1.el5_8.532:9.8.2-0.10.rc1.el6_3.50:1.6.11-2.el6_1.40:1.6.11-2.el6_1.40:1.6.11-7.el5_6.40:2.1.12-4.el5_80:2.6.18-308.16.1.el50:1.2-11.2.el532:9.7.0-10.P2.el5_8.10:1.4.8-5.el5.centos.130:1.4.8-5.el5_7.130:2.4.3-46.el5_8.20:1.6.11-7.el5_6.30:24.2.0-2.el5_100:24.2.0-2.el5.centos0:10.0.6-1.el5.centos0:10.0.6-1.el6.centos0:10.0.6-1.el5_80:10.0.6-1.el6_30:2.6.18-371.1.2.el532:9.7.3-8.P3.el6_2.330:9.3.6-20.P1.el5_8.10:1.0.0-20.el6_2.30:0.9.8e-22.el5_8.10:1.4.5-11.el6_40:1.4.4-7.el5_100:2.0.0.24-15.el5_60:3.1.9-3.el6_01:1.6.0.9.0-1jpp.5.el61:1.6.0.9.0-1jpp.4.el50:5.1.6-39.el5_80:3.0.3-135.el5_8.20:10.0.7-1.el6.centos0:10.0.7-1.el5.centos0:10.0.7-1.el6_30:10.0.7-1.el5_80:1.7.2p1-14.el5_8.20:3.8.2-14.el5_80:3.9.4-5.el6_22:2.6.9-6.el6_52:2.2.13-3.el5_100:1.0.15-1.el5_5.30:1.2.13-1.el6_0.20:1.4.2.13.4-1jpp.1.el50:1.0.11-1.el5_5.50:1.4.5-18.el5_10.10:1.4.1-7.el5_8.20:2.6.18-308.11.1.el51:1.5.0.16.2-1jpp.1.el6_41:1.5.0.16.2-1jpp.1.el5_91:1.6.0.15.0-1jpp.1.el6_41:1.6.0.15.0-1jpp.1.el5_100:1.7.2p1-14.el5_80:1.7.4p5-12.el6_30:2.2.14-150:8.45.42-2.el5.centos.11:2.16.0-59.el5.centos.10:8.45.42-2.el5_9.11:2.16.0-59.el5_9.10:2.6.18-308.24.1.el532:9.7.0-10.P2.el5_8.40:2.0.0.24-28.el5.centos0:2.0.0.24-28.el5_70:2.28.1-9.el6_40:2.13.5-10.el5_100:2.2.3-31.el5_4.41:1.7.0.25-2.3.10.4.el5_90:10.0.4-1.el6.centos0:10.0.4-1.el5.centos0:10.0.4-1.el6_20:10.0.4-1.el5_81:1.6.0.14.0-1jpp.1.el6_41:1.6.0.14.0-1jpp.1.el5_90:1.4.1-10.el5_9.20:2.8.5-10.el6_4.20:3.6.14-4.el6_00:1.9.2.14-3.el6_00:3.6.14-4.el5_60:3.6.14-4.el6_00:1.9.2.14-3.el6_00:1.9.2.14-4.el5_60:2.6.18-348.18.1.el50:3.6.6-0.138.el5_100:3.6.9-167.el6_50:2.2.15-29.el6.centos1:2.2.15-29.el6.centos0:2.2.3-82.el5.centos1:2.2.3-82.el5.centos1:2.2.15-29.el6_40:2.2.15-29.el6_41:2.2.3-82.el5_90:2.2.3-82.el5_90:1.14.9-8.el50:11.2.202.285-1.el60:11.2.202.285-1.el50:2.6.18-274.3.1.el51:1.6.0.0-1.65.1.11.14.el6_41:1.6.0.0-1.42.1.11.14.el5_100:2.6.18-348.12.1.el51:1.5.0.16.3-1jpp.1.el6_41:1.5.0.16.3-1jpp.1.el5_90:7.15.5-17.el5_90:7.19.7-37.el6_40:2.5-81.el5_8.70:2.2.3-63.el5_8.10:1.9.2.26-2.el6.centos0:1.9.2.26-2.el6_20:1.9.2.26-2.el5_70:0-0.7.el5_9.31:1.7.0.45-2.4.3.1.el5_100:2.6.18-308.4.1.el51:1.6.0.0-1.27.1.10.8.el5_80:1.8.5-31.el5_90:1.8.7.352-12.el6_40:7.4-15.el6_0.10:7.4-15.el6_0.10:7.1-5.el5_6.10:2.6.26-2.1.12.el5_7.20:0.3.0-56.el5_10.10:10.3.183.19-1.el60:10.3.183.19-1.el50:1.7-9.62.el5_9.10:5.3.3-27.el6_50:5.3.3-22.el5_100:83-262.el5.centos.10:83-262.el5_9.11:1.7.0.9-2.3.8.0.el5_90:2.6.18-274.17.1.el51:1.7.0.6.0-1jpp.1.el6_41:1.7.0.6.0-1jpp.1.el5_100:17.0.5-1.el5.centos0:17.0.5-1.el6.centos0:17.0.5-1.el5_90:17.0.5-1.el6_40:2.6.18-348.16.1.el50:3.0.3-135.el5_8.50:1.2.1-2jpp.7.el5_90:1.6.1-70.el5_9.20:1.10.3-10.el6_4.31:1.3.7-30.el5_9.31:1.4.2-50.el6_4.40:17.0.6-1.el6.centos0:17.0.6-1.el6_40:8.4.7-1.el6_0.10:8.4.7-1.el6_0.10:8.1.23-1.el5_6.10:5.5.23-0jpp.40.el5_90:1.13.0-11.1.el6.centos.20:1.1.1-48.101.el5_10.10:1.13.0-11.1.el6_4.20:1.11.23-11.el6_2.10:1.11.22-11.el5_8.11:1.7.0.5.0-1jpp.2.el6_41:1.7.0.5.0-1jpp.2.el5_90:1.6-7.el5_80:1.6-5.el6_20:6b-380:0.12-0.21.pre5.el6_30:0.11.1-8.el5_90:17.0.3-1.el5.centos0:17.0.3-1.el6.centos0:2.16.0-30.el5_90:0.12-23.el5_90:17.0.3-1.el5_90:17.0.3-1.el6_30:2.28.1-17.el6_30:0.3.0-4.el6_30:2.0.0.24-17.el5_60:2.6.32-20.el6_40:2.6.32-5.el5_90:2.7.9-10.el6_4.10:2.6.6-17.el5_9.11:1.0.9-60.el50:5.3.3-21.el51:1.6.0.13.2-1jpp.1.el6_41:1.6.0.13.2-1jpp.1.el5_91:1.5.0.16.0-1jpp.1.el6_41:1.5.0.16.0-1jpp.1.el5_932:9.7.0-10.P2.el5_8.30:2.6.18-238.9.1.el50:3.15.3-3.el5_100:4.10.2-2.el5_100:3.0.3-142.el5_9.20:5.1.6-43.el5_100:8.4.18-1.el5_100:8.4.18-1.el6_40:2.6.18-371.3.1.el50:1.6.1-70.el50:10.0.3-1.el5.centos0:10.0.3-1.el6.centos0:10.0.3-1.el5_80:10.0.3-1.el6_20:3.14.3-6.el5_90:4.9.5-1.el5_90:1.13.0-23.1.el6.centos0:1.1.1-48.101.0.1.el5.centos.20:1.13.0-23.1.el6_50:1.1.1-48.101.el5_10.20:11.2.202.332-1.el60:11.2.202.332-1.el50:1.0.0-27.el6_4.20:0.9.8e-26.el5_9.10:11.2.202.280-2.el60:11.2.202.280-1.el51:1.6.0.13.0-1jpp.3.el6_41:1.6.0.13.0-1jpp.2.el5_90:10.0.11-1.el5.centos0:10.0.11-1.el6.centos0:10.0.11-1.el5_80:10.0.11-1.el6_31:2.2.3-78.el5.centos1:2.2.15-28.el6.centos0:2.2.15-28.el6.centos0:2.2.3-78.el5.centos1:2.2.3-78.el5_91:2.2.15-28.el6_40:2.2.3-78.el5_90:2.2.15-28.el6_40:0.22.0-2.2.el5_100:0.26.2-5.1.el6_51:1.6.0.0-1.22.1.9.8.el5_60:0.86-6.el60:0.86-6.el6_40:0.73-11.el5_91:3.0-7jpp.21:3.1-0.7.el6_31:1.7.0.4.0-1jpp.2.el6_41:1.7.0.4.0-1jpp.2.el5_90:0.8.2-29.el50:17.0.6-2.el6.centos0:17.0.6-1.el5.centos0:17.0.6-2.el6_40:17.0.6-1.el5_92:2.3.14-20.el5_102:2.3.14-39.el6_40:5.3.3-13.el5_9.10:9.5.4-1.el60:9.5.4-1.el5_91:3.13-8.el50:5.0.95-5.el5_90:2.2.3-74.el5.centos0:2.2.3-74.el50:6.2.8.0-15.el5_80:2.16.2-10.el51:1.6.0.12.0-1jpp.1.el6_31:1.6.0.12.0-1jpp.1.el5_80:1.0.8-19.el6_50:1.0.8-8.el5_100:11.2.202.261-1.el60:11.2.202.261-1.el50:17.0.8-5.el6.centos0:17.0.8-5.el6_40:17.0.8-5.el5_90:17.0.8-5.el5.centos0:1.33.1-16.el5_90:1.41.0-15.el6_40:8.4.13-6.el50:3.9.8-15.el50:1.9402-130.el6_41:0.27-130.el6_40:1.58-130.el6_40:0.04-130.el6_40:0.30-130.el6_44:5.8.8-40.el5_90:0.20-130.el6_40:0.88-130.el6_41:0.18-130.el6_41:1.40-130.el6_41:0.56-130.el6_41:0.221-130.el6_40:1.28-130.el6_41:0.3500-130.el6_41:0.38-130.el6_41:3.90-130.el6_41:0.16-130.el6_41:2.2003.0-130.el6_40:3.17-130.el6_41:3.13-130.el6_41:0.26-130.el6_40:2.18-130.el6_41:1.04-130.el6_41:0.02-130.el6_41:2.020-130.el6_40:1.15-130.el6_43:0.77-130.el6_40:6.55-130.el6_40:0.26-130.el6_44:5.10.1-130.el6_40:3.51-130.el6_40:0.92-130.el6_40:5.10.1-130.el6_41:5.47-130.el6_40:2.020-130.el6_41:0.34-130.el6_44:1.9721-130.el6_41:1.09-130.el6_40:2.1.3-5.el5_9.21:1.7.0.9-2.3.5.3.el5_91:1.7.0.9-2.3.5.3.el6_30:2.7.6-4.el6_2.40:2.6.26-2.1.15.el5_8.20:9.5.1-1.el50:9.5.1-1.el6_20:5.5.23-0jpp.38.el5_91:1.5.0.12.4-1jpp.1.el61:1.5.0.12.4-1jpp.1.el50:3.0.33-3.37.el50:0.12.2-64.el5.centos0:0.12.2-64.el50:5.0.95-1.el5_7.10:3.0.3-142.el5_9.12:2.2.13-2.0.7.el5_8.50:1.8.5-27.el50:11.2.202.297-1.el60:11.2.202.297-1.el50:1.7.2p1-13.el51:1.6.0.10.0-1jpp.2.el51:1.6.0.10.0-1jpp.2.el60:1.10.2.3-28.el5_80:4.4.2.3-28.el5_80:4.8.0-19.el6_2.11:5.3.2.2-20.el50:17.0.3-2.el6.centos0:17.0.3-2.el5.centos0:17.0.3-2.el6_40:17.0.3-2.el5_90:5.1.6-40.el5_90:5.3.3-23.el6_40:11.2.202.262-1.el60:11.2.202.262-1.el50:11.2.202.310-1.el60:11.2.202.310-1.el50:8.70-11.el6_2.60:8.70-6.el5_7.60:83-262.el5.centos.30:83-262.el5_9.30:11.2.202.291-1.el60:11.2.202.291-1.el50:1.6.11-11.el5_90:1.6.11-9.el6_40:2.6.26-2.1.21.el5_9.10:2.7.6-12.el6_4.10:1.0.15-5.el50:2.6.18-348.4.1.el50:2.6.18-348.2.1.el50:5.3.3-1.el5_7.60:9.4.7-1.el50:9.4.7-1.el60:10.0.12-1.el5.centos0:10.0.12-1.el6.centos0:10.0.12-1.el6_30:10.0.12-1.el5_932:9.7.0-17.P2.el5_9.10:17.0.10-1.el6.centos0:17.0.10-1.el5.centos0:17.0.10-1.el6_40:17.0.10-1.el5_100:1.4.5-18.el5_100:2.1.12-5.el51:1.7.0.9-2.3.4.1.el6_31:1.7.0.9-2.3.4.el5_9.10:3.5.10-0.109.el5_80:3.5.10-116.el6_21:1.6.0.0-1.41.1.11.11.90.el5_91:1.6.0.0-1.62.1.11.11.90.el6_40:11.2.202.275-2.el60:11.2.202.275-2.el50:3.15.3-3.el6_50:3.15.3-4.el5_100:11.2.202.270-1.el60:11.2.202.270-1.el50:9.5.5-1.el6_4.10:9.5.5-2.el5_102:1.2.48-1.el6_22:1.2.10-16.el5_80:2.2.1-32.el5_9.10:2.3.11-14.el6_3.10:2.6.6-11.el5.40:2.7.9-5.el6.21:1.2.0-13.el50:83-239.el5.centos.10:83-239.el5_7.11:1.7.0.9-2.3.7.1.el6_31:1.7.0.9-2.3.7.1.el5_91:1.6.0.0-1.36.1.11.9.el5_90:1.8.5-29.el5_90:2.5-107.el5_9.40:1.4.1-10.el5_9.10:2.8.5-10.el6_4.10:17.0.9-1.el6.centos0:17.0.9-1.el5.centos0:17.0.9-1.el5_90:17.0.9-1.el6_40:2.6.18-348.6.1.el50:8.45.42-1.el51:1.6.0.0-1.25.1.10.6.el5_80:6.5.1-7.11.el5_90:24.2.0-1.el6.centos0:24.2.0-1.el5_100:24.2.0-1.el5.centos0:24.2.0-1.el6_50:9.5.5-1.el6_40:9.5.5-1.el5_90:4.9.2-2.el5_90:3.13.6-3.el5_90:3.6.26-1.el5.centos0:1.9.2.26-1.el6.centos0:3.6.26-1.el6.centos0:3.6.26-1.el6_20:3.6.26-1.el5_70:1.9.2.26-1.el5_70:1.9.2.26-1.el6_20:11.2.202.327-1.el60:11.2.202.327-1.el51:1.7.0.19-2.3.9.1.el5_92:1.2.49-1.el6_22:1.2.10-17.el5_80:3.0.33-3.38.el5_80:17.0.7-1.el6.centos0:17.0.7-1.el5.centos0:17.0.7-1.el5_90:17.0.7-1.el6_40:2.0.10-6.el5_100:2.0.14-6.el6_40:10.0.10-1.el6.centos0:10.0.10-1.el5.centos0:10.0.10-1.el6_30:10.0.10-1.el5_80:0.6.21-5.el6_30:0.6.21-1.el5_82:2.3.14-19.el51:1.5.0.16.4-1jpp.1.el6_41:1.5.0.16.4-1jpp.1.el5_100:1.1.23.1-1.el6_40:1.0.24.1-1.el5_90:17.0.8-1.el5.centos0:17.0.8-1.el6.centos0:17.0.8-3.el6.centos0:17.0.8-1.el6_40:17.0.8-3.el5_90:17.0.8-1.el5_90:17.0.8-3.el6_40:2.5-118.el5_10.20:1.102pre-154.el50:6.2.8.0-12.el51:1.6.0.0-1.35.1.11.8.el5_90:2.0.1-11.el6_20:1.95.8-11.el5_80:5.0.95-3.el51:1.6.0.0-1.40.1.11.11.el5_91:1.6.0.0-1.61.1.11.11.el6_40:10.3.183.16-1.el50:10.3.183.16-1.el60:9.5.3-1.el6_30:9.5.3-1.el5_90:11.2.202.273-1.el60:11.2.202.273-1.el50:10.3.183.15-1.el60:10.3.183.15-1.el50:2.6.18-348.1.1.el50:1.4.8-21.el5.centos0:1.4.8-21.el50:2.6.18-348.21.1.el50:2.0.16-16.el50:7.15.5-16.el5_90:7.19.7-36.el6_432:9.7.0-17.P2.el5_9.21:1.7.0.4.2-1jpp.1.el6_41:1.7.0.4.2-1jpp.1.el5_91:5.0.1-0.rc2.177.el50:2.6.18-348.3.1.el5^6.*$^6.*$0:10.0.12-3.el5.centos0:10.0.12-3.el6.centos0:10.0.12-3.el5_90:10.0.12-3.el6_31:1.6.0.0-1.33.1.11.6.el5_9^5.*$unix^5\D.+$0:2.10.4-29.el5