7 Security Updates for RHEL
Posted on: 06/08/2011 09:14 PM

Red Hat has released the following security updates for RHEL: [RHSA-2011:0861-01] Moderate: subversion security update, [RHSA-2011:0862-01] Moderate: subversion security update, [RHSA-2011:0859-01] Moderate: cyrus-imapd security update, [RHSA-2011:0860-01] Critical: java-1.6.0-sun security update, [RHSA-2011:0856-01] Critical: java-1.6.0-openjdk security update, [RHSA-2011:0857-01] Important: java-1.6.0-openjdk security update, and [RHSA-2011:0858-01] Moderate: xerces-j2 security update

[RHSA-2011:0861-01] Moderate: subversion security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: subversion security update
Advisory ID: RHSA-2011:0861-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0861.html
Issue date: 2011-06-08
CVE Names: CVE-2011-1752
=====================================================================

1. Summary:

Updated subversion packages that fix one security issue are now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes. The
mod_dav_svn module is used with the Apache HTTP Server to allow access to
Subversion repositories via HTTP.

A NULL pointer dereference flaw was found in the way the mod_dav_svn module
processed requests submitted against the URL of a baselined resource. A
malicious, remote user could use this flaw to cause the httpd process
serving the request to crash. (CVE-2011-1752)

Red Hat would like to thank the Apache Subversion project for reporting
this issue. Upstream acknowledges Joe Schaefer of the Apache Software
Foundation as the original reporter.

All Subversion users should upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
updated packages, you must restart the httpd daemon, if you are using
mod_dav_svn, for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

709111 - CVE-2011-1752 subversion (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/subversion-1.1.4-4.el4.src.rpm

i386:
mod_dav_svn-1.1.4-4.el4.i386.rpm
subversion-1.1.4-4.el4.i386.rpm
subversion-debuginfo-1.1.4-4.el4.i386.rpm
subversion-devel-1.1.4-4.el4.i386.rpm
subversion-perl-1.1.4-4.el4.i386.rpm

ia64:
mod_dav_svn-1.1.4-4.el4.ia64.rpm
subversion-1.1.4-4.el4.ia64.rpm
subversion-debuginfo-1.1.4-4.el4.ia64.rpm
subversion-devel-1.1.4-4.el4.ia64.rpm
subversion-perl-1.1.4-4.el4.ia64.rpm

ppc:
mod_dav_svn-1.1.4-4.el4.ppc.rpm
subversion-1.1.4-4.el4.ppc.rpm
subversion-debuginfo-1.1.4-4.el4.ppc.rpm
subversion-devel-1.1.4-4.el4.ppc.rpm
subversion-perl-1.1.4-4.el4.ppc.rpm

s390:
mod_dav_svn-1.1.4-4.el4.s390.rpm
subversion-1.1.4-4.el4.s390.rpm
subversion-debuginfo-1.1.4-4.el4.s390.rpm
subversion-devel-1.1.4-4.el4.s390.rpm
subversion-perl-1.1.4-4.el4.s390.rpm

s390x:
mod_dav_svn-1.1.4-4.el4.s390x.rpm
subversion-1.1.4-4.el4.s390x.rpm
subversion-debuginfo-1.1.4-4.el4.s390x.rpm
subversion-devel-1.1.4-4.el4.s390x.rpm
subversion-perl-1.1.4-4.el4.s390x.rpm

x86_64:
mod_dav_svn-1.1.4-4.el4.x86_64.rpm
subversion-1.1.4-4.el4.x86_64.rpm
subversion-debuginfo-1.1.4-4.el4.x86_64.rpm
subversion-devel-1.1.4-4.el4.x86_64.rpm
subversion-perl-1.1.4-4.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/subversion-1.1.4-4.el4.src.rpm

i386:
mod_dav_svn-1.1.4-4.el4.i386.rpm
subversion-1.1.4-4.el4.i386.rpm
subversion-debuginfo-1.1.4-4.el4.i386.rpm
subversion-devel-1.1.4-4.el4.i386.rpm
subversion-perl-1.1.4-4.el4.i386.rpm

x86_64:
mod_dav_svn-1.1.4-4.el4.x86_64.rpm
subversion-1.1.4-4.el4.x86_64.rpm
subversion-debuginfo-1.1.4-4.el4.x86_64.rpm
subversion-devel-1.1.4-4.el4.x86_64.rpm
subversion-perl-1.1.4-4.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/subversion-1.1.4-4.el4.src.rpm

i386:
mod_dav_svn-1.1.4-4.el4.i386.rpm
subversion-1.1.4-4.el4.i386.rpm
subversion-debuginfo-1.1.4-4.el4.i386.rpm
subversion-devel-1.1.4-4.el4.i386.rpm
subversion-perl-1.1.4-4.el4.i386.rpm

ia64:
mod_dav_svn-1.1.4-4.el4.ia64.rpm
subversion-1.1.4-4.el4.ia64.rpm
subversion-debuginfo-1.1.4-4.el4.ia64.rpm
subversion-devel-1.1.4-4.el4.ia64.rpm
subversion-perl-1.1.4-4.el4.ia64.rpm

x86_64:
mod_dav_svn-1.1.4-4.el4.x86_64.rpm
subversion-1.1.4-4.el4.x86_64.rpm
subversion-debuginfo-1.1.4-4.el4.x86_64.rpm
subversion-devel-1.1.4-4.el4.x86_64.rpm
subversion-perl-1.1.4-4.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/subversion-1.1.4-4.el4.src.rpm

i386:
mod_dav_svn-1.1.4-4.el4.i386.rpm
subversion-1.1.4-4.el4.i386.rpm
subversion-debuginfo-1.1.4-4.el4.i386.rpm
subversion-devel-1.1.4-4.el4.i386.rpm
subversion-perl-1.1.4-4.el4.i386.rpm

ia64:
mod_dav_svn-1.1.4-4.el4.ia64.rpm
subversion-1.1.4-4.el4.ia64.rpm
subversion-debuginfo-1.1.4-4.el4.ia64.rpm
subversion-devel-1.1.4-4.el4.ia64.rpm
subversion-perl-1.1.4-4.el4.ia64.rpm

x86_64:
mod_dav_svn-1.1.4-4.el4.x86_64.rpm
subversion-1.1.4-4.el4.x86_64.rpm
subversion-debuginfo-1.1.4-4.el4.x86_64.rpm
subversion-devel-1.1.4-4.el4.x86_64.rpm
subversion-perl-1.1.4-4.el4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1752.html
https://access.redhat.com/security/updates/classification/#moderate
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.


[RHSA-2011:0862-01] Moderate: subversion security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: subversion security update
Advisory ID: RHSA-2011:0862-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0862.html
Issue date: 2011-06-08
CVE Names: CVE-2011-1752 CVE-2011-1783 CVE-2011-1921
=====================================================================

1. Summary:

Updated subversion packages that fix three security issues are now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64

3. Description:

Subversion (SVN) is a concurrent version control system which enables one
or more users to collaborate in developing and maintaining a hierarchy of
files and directories while keeping a history of all changes. The
mod_dav_svn module is used with the Apache HTTP Server to allow access to
Subversion repositories via HTTP.

An infinite loop flaw was found in the way the mod_dav_svn module processed
certain data sets. If the SVNPathAuthz directive was set to
"short_circuit", and path-based access control for files and directories
was enabled, a malicious, remote user could use this flaw to cause the
httpd process serving the request to consume an excessive amount of system
memory. (CVE-2011-1783)

A NULL pointer dereference flaw was found in the way the mod_dav_svn module
processed requests submitted against the URL of a baselined resource. A
malicious, remote user could use this flaw to cause the httpd process
serving the request to crash. (CVE-2011-1752)

An information disclosure flaw was found in the way the mod_dav_svn
module processed certain URLs when path-based access control for files and
directories was enabled. A malicious, remote user could possibly use this
flaw to access certain files in a repository that would otherwise not be
accessible to them. Note: This vulnerability cannot be triggered if the
SVNPathAuthz directive is set to "short_circuit". (CVE-2011-1921)

Red Hat would like to thank the Apache Subversion project for reporting
these issues. Upstream acknowledges Joe Schaefer of the Apache Software
Foundation as the original reporter of CVE-2011-1752; Ivan Zhakov of
VisualSVN as the original reporter of CVE-2011-1783; and Kamesh
Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921.

All Subversion users should upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
updated packages, you must restart the httpd daemon, if you are using
mod_dav_svn, for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

709111 - CVE-2011-1752 subversion (mod_dav_svn): DoS (crash) via request to deliver baselined WebDAV resources
709112 - CVE-2011-1783 subversion (mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control
709114 - CVE-2011-1921 subversion (mod_dav_svn): File contents disclosure of files configured to be unreadable by those users

6. Package List:

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm

i386:
mod_dav_svn-1.6.11-7.el5_6.4.i386.rpm
subversion-1.6.11-7.el5_6.4.i386.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm
subversion-devel-1.6.11-7.el5_6.4.i386.rpm
subversion-javahl-1.6.11-7.el5_6.4.i386.rpm
subversion-perl-1.6.11-7.el5_6.4.i386.rpm
subversion-ruby-1.6.11-7.el5_6.4.i386.rpm

x86_64:
mod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm
subversion-1.6.11-7.el5_6.4.i386.rpm
subversion-1.6.11-7.el5_6.4.x86_64.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm
subversion-devel-1.6.11-7.el5_6.4.i386.rpm
subversion-devel-1.6.11-7.el5_6.4.x86_64.rpm
subversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm
subversion-perl-1.6.11-7.el5_6.4.x86_64.rpm
subversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/subversion-1.6.11-7.el5_6.4.src.rpm

i386:
mod_dav_svn-1.6.11-7.el5_6.4.i386.rpm
subversion-1.6.11-7.el5_6.4.i386.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm
subversion-devel-1.6.11-7.el5_6.4.i386.rpm
subversion-javahl-1.6.11-7.el5_6.4.i386.rpm
subversion-perl-1.6.11-7.el5_6.4.i386.rpm
subversion-ruby-1.6.11-7.el5_6.4.i386.rpm

ia64:
mod_dav_svn-1.6.11-7.el5_6.4.ia64.rpm
subversion-1.6.11-7.el5_6.4.ia64.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.ia64.rpm
subversion-devel-1.6.11-7.el5_6.4.ia64.rpm
subversion-javahl-1.6.11-7.el5_6.4.ia64.rpm
subversion-perl-1.6.11-7.el5_6.4.ia64.rpm
subversion-ruby-1.6.11-7.el5_6.4.ia64.rpm

ppc:
mod_dav_svn-1.6.11-7.el5_6.4.ppc.rpm
subversion-1.6.11-7.el5_6.4.ppc.rpm
subversion-1.6.11-7.el5_6.4.ppc64.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.ppc.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.ppc64.rpm
subversion-devel-1.6.11-7.el5_6.4.ppc.rpm
subversion-devel-1.6.11-7.el5_6.4.ppc64.rpm
subversion-javahl-1.6.11-7.el5_6.4.ppc.rpm
subversion-perl-1.6.11-7.el5_6.4.ppc.rpm
subversion-ruby-1.6.11-7.el5_6.4.ppc.rpm

s390x:
mod_dav_svn-1.6.11-7.el5_6.4.s390x.rpm
subversion-1.6.11-7.el5_6.4.s390.rpm
subversion-1.6.11-7.el5_6.4.s390x.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.s390.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.s390x.rpm
subversion-devel-1.6.11-7.el5_6.4.s390.rpm
subversion-devel-1.6.11-7.el5_6.4.s390x.rpm
subversion-javahl-1.6.11-7.el5_6.4.s390x.rpm
subversion-perl-1.6.11-7.el5_6.4.s390x.rpm
subversion-ruby-1.6.11-7.el5_6.4.s390x.rpm

x86_64:
mod_dav_svn-1.6.11-7.el5_6.4.x86_64.rpm
subversion-1.6.11-7.el5_6.4.i386.rpm
subversion-1.6.11-7.el5_6.4.x86_64.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.i386.rpm
subversion-debuginfo-1.6.11-7.el5_6.4.x86_64.rpm
subversion-devel-1.6.11-7.el5_6.4.i386.rpm
subversion-devel-1.6.11-7.el5_6.4.x86_64.rpm
subversion-javahl-1.6.11-7.el5_6.4.x86_64.rpm
subversion-perl-1.6.11-7.el5_6.4.x86_64.rpm
subversion-ruby-1.6.11-7.el5_6.4.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm

i386:
mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm
subversion-1.6.11-2.el6_1.4.i686.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-devel-1.6.11-2.el6_1.4.i686.rpm
subversion-gnome-1.6.11-2.el6_1.4.i686.rpm
subversion-javahl-1.6.11-2.el6_1.4.i686.rpm
subversion-kde-1.6.11-2.el6_1.4.i686.rpm
subversion-perl-1.6.11-2.el6_1.4.i686.rpm
subversion-ruby-1.6.11-2.el6_1.4.i686.rpm

noarch:
subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm

x86_64:
mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm
subversion-1.6.11-2.el6_1.4.i686.rpm
subversion-1.6.11-2.el6_1.4.x86_64.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm
subversion-devel-1.6.11-2.el6_1.4.i686.rpm
subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm
subversion-gnome-1.6.11-2.el6_1.4.i686.rpm
subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm
subversion-javahl-1.6.11-2.el6_1.4.i686.rpm
subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm
subversion-kde-1.6.11-2.el6_1.4.i686.rpm
subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm
subversion-perl-1.6.11-2.el6_1.4.i686.rpm
subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm
subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm

noarch:
subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm

x86_64:
mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm
subversion-1.6.11-2.el6_1.4.i686.rpm
subversion-1.6.11-2.el6_1.4.x86_64.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm
subversion-devel-1.6.11-2.el6_1.4.i686.rpm
subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm
subversion-gnome-1.6.11-2.el6_1.4.i686.rpm
subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm
subversion-javahl-1.6.11-2.el6_1.4.i686.rpm
subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm
subversion-kde-1.6.11-2.el6_1.4.i686.rpm
subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm
subversion-perl-1.6.11-2.el6_1.4.i686.rpm
subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm
subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm

i386:
mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm
subversion-1.6.11-2.el6_1.4.i686.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-javahl-1.6.11-2.el6_1.4.i686.rpm

ppc64:
mod_dav_svn-1.6.11-2.el6_1.4.ppc64.rpm
subversion-1.6.11-2.el6_1.4.ppc.rpm
subversion-1.6.11-2.el6_1.4.ppc64.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm

s390x:
mod_dav_svn-1.6.11-2.el6_1.4.s390x.rpm
subversion-1.6.11-2.el6_1.4.s390.rpm
subversion-1.6.11-2.el6_1.4.s390x.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm

x86_64:
mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm
subversion-1.6.11-2.el6_1.4.i686.rpm
subversion-1.6.11-2.el6_1.4.x86_64.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm
subversion-javahl-1.6.11-2.el6_1.4.i686.rpm
subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm

i386:
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-devel-1.6.11-2.el6_1.4.i686.rpm
subversion-gnome-1.6.11-2.el6_1.4.i686.rpm
subversion-kde-1.6.11-2.el6_1.4.i686.rpm
subversion-perl-1.6.11-2.el6_1.4.i686.rpm
subversion-ruby-1.6.11-2.el6_1.4.i686.rpm

noarch:
subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm

ppc64:
subversion-debuginfo-1.6.11-2.el6_1.4.ppc.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.ppc64.rpm
subversion-devel-1.6.11-2.el6_1.4.ppc.rpm
subversion-devel-1.6.11-2.el6_1.4.ppc64.rpm
subversion-gnome-1.6.11-2.el6_1.4.ppc.rpm
subversion-gnome-1.6.11-2.el6_1.4.ppc64.rpm
subversion-javahl-1.6.11-2.el6_1.4.ppc.rpm
subversion-javahl-1.6.11-2.el6_1.4.ppc64.rpm
subversion-kde-1.6.11-2.el6_1.4.ppc.rpm
subversion-kde-1.6.11-2.el6_1.4.ppc64.rpm
subversion-perl-1.6.11-2.el6_1.4.ppc.rpm
subversion-perl-1.6.11-2.el6_1.4.ppc64.rpm
subversion-ruby-1.6.11-2.el6_1.4.ppc.rpm
subversion-ruby-1.6.11-2.el6_1.4.ppc64.rpm

s390x:
subversion-debuginfo-1.6.11-2.el6_1.4.s390.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.s390x.rpm
subversion-devel-1.6.11-2.el6_1.4.s390.rpm
subversion-devel-1.6.11-2.el6_1.4.s390x.rpm
subversion-gnome-1.6.11-2.el6_1.4.s390.rpm
subversion-gnome-1.6.11-2.el6_1.4.s390x.rpm
subversion-javahl-1.6.11-2.el6_1.4.s390.rpm
subversion-javahl-1.6.11-2.el6_1.4.s390x.rpm
subversion-kde-1.6.11-2.el6_1.4.s390.rpm
subversion-kde-1.6.11-2.el6_1.4.s390x.rpm
subversion-perl-1.6.11-2.el6_1.4.s390.rpm
subversion-perl-1.6.11-2.el6_1.4.s390x.rpm
subversion-ruby-1.6.11-2.el6_1.4.s390.rpm
subversion-ruby-1.6.11-2.el6_1.4.s390x.rpm

x86_64:
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm
subversion-devel-1.6.11-2.el6_1.4.i686.rpm
subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm
subversion-gnome-1.6.11-2.el6_1.4.i686.rpm
subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm
subversion-kde-1.6.11-2.el6_1.4.i686.rpm
subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm
subversion-perl-1.6.11-2.el6_1.4.i686.rpm
subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm
subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm

i386:
mod_dav_svn-1.6.11-2.el6_1.4.i686.rpm
subversion-1.6.11-2.el6_1.4.i686.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-javahl-1.6.11-2.el6_1.4.i686.rpm

x86_64:
mod_dav_svn-1.6.11-2.el6_1.4.x86_64.rpm
subversion-1.6.11-2.el6_1.4.i686.rpm
subversion-1.6.11-2.el6_1.4.x86_64.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm
subversion-javahl-1.6.11-2.el6_1.4.i686.rpm
subversion-javahl-1.6.11-2.el6_1.4.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/subversion-1.6.11-2.el6_1.4.src.rpm

i386:
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-devel-1.6.11-2.el6_1.4.i686.rpm
subversion-gnome-1.6.11-2.el6_1.4.i686.rpm
subversion-kde-1.6.11-2.el6_1.4.i686.rpm
subversion-perl-1.6.11-2.el6_1.4.i686.rpm
subversion-ruby-1.6.11-2.el6_1.4.i686.rpm

noarch:
subversion-svn2cl-1.6.11-2.el6_1.4.noarch.rpm

x86_64:
subversion-debuginfo-1.6.11-2.el6_1.4.i686.rpm
subversion-debuginfo-1.6.11-2.el6_1.4.x86_64.rpm
subversion-devel-1.6.11-2.el6_1.4.i686.rpm
subversion-devel-1.6.11-2.el6_1.4.x86_64.rpm
subversion-gnome-1.6.11-2.el6_1.4.i686.rpm
subversion-gnome-1.6.11-2.el6_1.4.x86_64.rpm
subversion-kde-1.6.11-2.el6_1.4.i686.rpm
subversion-kde-1.6.11-2.el6_1.4.x86_64.rpm
subversion-perl-1.6.11-2.el6_1.4.i686.rpm
subversion-perl-1.6.11-2.el6_1.4.x86_64.rpm
subversion-ruby-1.6.11-2.el6_1.4.i686.rpm
subversion-ruby-1.6.11-2.el6_1.4.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1752.html
https://www.redhat.com/security/data/cve/CVE-2011-1783.html
https://www.redhat.com/security/data/cve/CVE-2011-1921.html
https://access.redhat.com/security/updates/classification/#moderate
http://subversion.apache.org/security/CVE-2011-1783-advisory.txt
http://subversion.apache.org/security/CVE-2011-1752-advisory.txt
http://subversion.apache.org/security/CVE-2011-1921-advisory.txt

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.

[RHSA-2011:0859-01] Moderate: cyrus-imapd security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: cyrus-imapd security update
Advisory ID: RHSA-2011:0859-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0859.html
Issue date: 2011-06-08
CVE Names: CVE-2011-1926
=====================================================================

1. Summary:

Updated cyrus-imapd packages that fix one security issue are now available
for Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The cyrus-imapd packages contain a high-performance mail server with IMAP,
POP3, NNTP, and Sieve support.

It was discovered that cyrus-imapd did not flush the received commands
buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3
sessions. A man-in-the-middle attacker could use this flaw to inject
protocol commands into a victim's TLS session initialization messages. This
could lead to those commands being processed by cyrus-imapd, potentially
allowing the attacker to steal the victim's mail or authentication
credentials. (CVE-2011-1926)

Users of cyrus-imapd are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue. After installing
the update, cyrus-imapd will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

705288 - CVE-2011-1926 cyrus-imapd: STARTTLS plaintext command injection

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/cyrus-imapd-2.2.12-15.el4.src.rpm

i386:
cyrus-imapd-2.2.12-15.el4.i386.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm
cyrus-imapd-devel-2.2.12-15.el4.i386.rpm
cyrus-imapd-murder-2.2.12-15.el4.i386.rpm
cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm
cyrus-imapd-utils-2.2.12-15.el4.i386.rpm
perl-Cyrus-2.2.12-15.el4.i386.rpm

ia64:
cyrus-imapd-2.2.12-15.el4.ia64.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.ia64.rpm
cyrus-imapd-devel-2.2.12-15.el4.ia64.rpm
cyrus-imapd-murder-2.2.12-15.el4.ia64.rpm
cyrus-imapd-nntp-2.2.12-15.el4.ia64.rpm
cyrus-imapd-utils-2.2.12-15.el4.ia64.rpm
perl-Cyrus-2.2.12-15.el4.ia64.rpm

ppc:
cyrus-imapd-2.2.12-15.el4.ppc.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.ppc.rpm
cyrus-imapd-devel-2.2.12-15.el4.ppc.rpm
cyrus-imapd-murder-2.2.12-15.el4.ppc.rpm
cyrus-imapd-nntp-2.2.12-15.el4.ppc.rpm
cyrus-imapd-utils-2.2.12-15.el4.ppc.rpm
perl-Cyrus-2.2.12-15.el4.ppc.rpm

s390:
cyrus-imapd-2.2.12-15.el4.s390.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.s390.rpm
cyrus-imapd-devel-2.2.12-15.el4.s390.rpm
cyrus-imapd-murder-2.2.12-15.el4.s390.rpm
cyrus-imapd-nntp-2.2.12-15.el4.s390.rpm
cyrus-imapd-utils-2.2.12-15.el4.s390.rpm
perl-Cyrus-2.2.12-15.el4.s390.rpm

s390x:
cyrus-imapd-2.2.12-15.el4.s390x.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.s390x.rpm
cyrus-imapd-devel-2.2.12-15.el4.s390x.rpm
cyrus-imapd-murder-2.2.12-15.el4.s390x.rpm
cyrus-imapd-nntp-2.2.12-15.el4.s390x.rpm
cyrus-imapd-utils-2.2.12-15.el4.s390x.rpm
perl-Cyrus-2.2.12-15.el4.s390x.rpm

x86_64:
cyrus-imapd-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm
perl-Cyrus-2.2.12-15.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/cyrus-imapd-2.2.12-15.el4.src.rpm

i386:
cyrus-imapd-2.2.12-15.el4.i386.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm
cyrus-imapd-devel-2.2.12-15.el4.i386.rpm
cyrus-imapd-murder-2.2.12-15.el4.i386.rpm
cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm
cyrus-imapd-utils-2.2.12-15.el4.i386.rpm
perl-Cyrus-2.2.12-15.el4.i386.rpm

x86_64:
cyrus-imapd-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm
perl-Cyrus-2.2.12-15.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/cyrus-imapd-2.2.12-15.el4.src.rpm

i386:
cyrus-imapd-2.2.12-15.el4.i386.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm
cyrus-imapd-devel-2.2.12-15.el4.i386.rpm
cyrus-imapd-murder-2.2.12-15.el4.i386.rpm
cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm
cyrus-imapd-utils-2.2.12-15.el4.i386.rpm
perl-Cyrus-2.2.12-15.el4.i386.rpm

ia64:
cyrus-imapd-2.2.12-15.el4.ia64.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.ia64.rpm
cyrus-imapd-devel-2.2.12-15.el4.ia64.rpm
cyrus-imapd-murder-2.2.12-15.el4.ia64.rpm
cyrus-imapd-nntp-2.2.12-15.el4.ia64.rpm
cyrus-imapd-utils-2.2.12-15.el4.ia64.rpm
perl-Cyrus-2.2.12-15.el4.ia64.rpm

x86_64:
cyrus-imapd-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm
perl-Cyrus-2.2.12-15.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/cyrus-imapd-2.2.12-15.el4.src.rpm

i386:
cyrus-imapd-2.2.12-15.el4.i386.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.i386.rpm
cyrus-imapd-devel-2.2.12-15.el4.i386.rpm
cyrus-imapd-murder-2.2.12-15.el4.i386.rpm
cyrus-imapd-nntp-2.2.12-15.el4.i386.rpm
cyrus-imapd-utils-2.2.12-15.el4.i386.rpm
perl-Cyrus-2.2.12-15.el4.i386.rpm

ia64:
cyrus-imapd-2.2.12-15.el4.ia64.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.ia64.rpm
cyrus-imapd-devel-2.2.12-15.el4.ia64.rpm
cyrus-imapd-murder-2.2.12-15.el4.ia64.rpm
cyrus-imapd-nntp-2.2.12-15.el4.ia64.rpm
cyrus-imapd-utils-2.2.12-15.el4.ia64.rpm
perl-Cyrus-2.2.12-15.el4.ia64.rpm

x86_64:
cyrus-imapd-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-debuginfo-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-devel-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-murder-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-nntp-2.2.12-15.el4.x86_64.rpm
cyrus-imapd-utils-2.2.12-15.el4.x86_64.rpm
perl-Cyrus-2.2.12-15.el4.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/cyrus-imapd-2.3.7-7.el5_6.4.src.rpm

i386:
cyrus-imapd-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-perl-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-utils-2.3.7-7.el5_6.4.i386.rpm

x86_64:
cyrus-imapd-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-perl-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-utils-2.3.7-7.el5_6.4.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/cyrus-imapd-2.3.7-7.el5_6.4.src.rpm

i386:
cyrus-imapd-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-perl-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-utils-2.3.7-7.el5_6.4.i386.rpm

ia64:
cyrus-imapd-2.3.7-7.el5_6.4.ia64.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.ia64.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.ia64.rpm
cyrus-imapd-perl-2.3.7-7.el5_6.4.ia64.rpm
cyrus-imapd-utils-2.3.7-7.el5_6.4.ia64.rpm

ppc:
cyrus-imapd-2.3.7-7.el5_6.4.ppc.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.ppc.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.ppc64.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.ppc.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.ppc64.rpm
cyrus-imapd-perl-2.3.7-7.el5_6.4.ppc.rpm
cyrus-imapd-utils-2.3.7-7.el5_6.4.ppc.rpm

s390x:
cyrus-imapd-2.3.7-7.el5_6.4.s390x.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.s390.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.s390x.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.s390.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.s390x.rpm
cyrus-imapd-perl-2.3.7-7.el5_6.4.s390x.rpm
cyrus-imapd-utils-2.3.7-7.el5_6.4.s390x.rpm

x86_64:
cyrus-imapd-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-debuginfo-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.i386.rpm
cyrus-imapd-devel-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-perl-2.3.7-7.el5_6.4.x86_64.rpm
cyrus-imapd-utils-2.3.7-7.el5_6.4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/cyrus-imapd-2.3.16-6.el6_1.2.src.rpm

i386:
cyrus-imapd-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-utils-2.3.16-6.el6_1.2.i686.rpm

ppc64:
cyrus-imapd-2.3.16-6.el6_1.2.ppc64.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.ppc64.rpm
cyrus-imapd-utils-2.3.16-6.el6_1.2.ppc64.rpm

s390x:
cyrus-imapd-2.3.16-6.el6_1.2.s390x.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.s390x.rpm
cyrus-imapd-utils-2.3.16-6.el6_1.2.s390x.rpm

x86_64:
cyrus-imapd-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-utils-2.3.16-6.el6_1.2.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/cyrus-imapd-2.3.16-6.el6_1.2.src.rpm

i386:
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm

ppc64:
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.ppc.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.ppc64.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.ppc.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.ppc64.rpm

s390x:
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.s390.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.s390x.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.s390.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.s390x.rpm

x86_64:
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/cyrus-imapd-2.3.16-6.el6_1.2.src.rpm

i386:
cyrus-imapd-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-utils-2.3.16-6.el6_1.2.i686.rpm

x86_64:
cyrus-imapd-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-utils-2.3.16-6.el6_1.2.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/cyrus-imapd-2.3.16-6.el6_1.2.src.rpm

i386:
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm

x86_64:
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-debuginfo-2.3.16-6.el6_1.2.x86_64.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.i686.rpm
cyrus-imapd-devel-2.3.16-6.el6_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1926.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.


[RHSA-2011:0860-01] Critical: java-1.6.0-sun security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-sun security update
Advisory ID: RHSA-2011:0860-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0860.html
Issue date: 2011-06-08
CVE Names: CVE-2011-0802 CVE-2011-0814 CVE-2011-0862
CVE-2011-0863 CVE-2011-0864 CVE-2011-0865
CVE-2011-0867 CVE-2011-0868 CVE-2011-0869
CVE-2011-0871 CVE-2011-0873
=====================================================================

1. Summary:

Updated java-1.6.0-sun packages that fix several security issues are now
available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise
Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The Sun 1.6.0 Java release includes the Sun Java 6 Runtime Environment and
the Sun Java 6 Software Development Kit.

This update fixes several vulnerabilities in the Sun Java 6 Runtime
Environment and the Sun Java 6 Software Development Kit. Further
information about these flaws can be found on the "Oracle Java SE Critical
Patch Update Advisory" page, listed in the References section.
(CVE-2011-0802, CVE-2011-0814, CVE-2011-0862, CVE-2011-0863, CVE-2011-0864,
CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871,
CVE-2011-0873)

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide JDK and JRE 6 Update 26 and resolve these issues.
All running instances of Sun Java must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)
706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)
706245 - CVE-2011-0864 OpenJDK: JVM memory corruption via certain bytecode (HotSpot, 7020373)
706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)
711675 - CVE-2011-0873 Oracle JDK: unspecified vulnerability fixed in 6u26 (2D)
711676 - CVE-2011-0863 Oracle JDK: unspecified vulnerability fixed in 6u26 (Deployment)
711677 - CVE-2011-0802 CVE-2011-0814 Oracle JDK: unspecified vulnerabilities fixed in 6u26 (Sound)

6. Package List:

Red Hat Enterprise Linux AS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.x86_64.rpm

Red Hat Desktop version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4 Extras:

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el4.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 5):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.i586.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el5.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.i586.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el5.x86_64.rpm

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Supplementary (v. 6):

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.x86_64.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.i686.rpm

x86_64:
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-demo-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.i686.rpm
java-1.6.0-sun-devel-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-jdbc-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-plugin-1.6.0.26-1jpp.1.el6.x86_64.rpm
java-1.6.0-sun-src-1.6.0.26-1jpp.1.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0802.html
https://www.redhat.com/security/data/cve/CVE-2011-0814.html
https://www.redhat.com/security/data/cve/CVE-2011-0862.html
https://www.redhat.com/security/data/cve/CVE-2011-0863.html
https://www.redhat.com/security/data/cve/CVE-2011-0864.html
https://www.redhat.com/security/data/cve/CVE-2011-0865.html
https://www.redhat.com/security/data/cve/CVE-2011-0867.html
https://www.redhat.com/security/data/cve/CVE-2011-0868.html
https://www.redhat.com/security/data/cve/CVE-2011-0869.html
https://www.redhat.com/security/data/cve/CVE-2011-0871.html
https://www.redhat.com/security/data/cve/CVE-2011-0873.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.

[RHSA-2011:0856-01] Critical: java-1.6.0-openjdk security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Critical: java-1.6.0-openjdk security update
Advisory ID: RHSA-2011:0856-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0856.html
Issue date: 2011-06-08
CVE Names: CVE-2011-0862 CVE-2011-0864 CVE-2011-0865
CVE-2011-0867 CVE-2011-0868 CVE-2011-0869
CVE-2011-0871
=====================================================================

1. Summary:

Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

Integer overflow flaws were found in the way Java2D parsed JPEG images and
user-supplied fonts. An attacker could use these flaws to execute arbitrary
code with the privileges of the user running an untrusted applet or
application. (CVE-2011-0862)

It was found that the MediaTracker implementation created Component
instances with unnecessary access privileges. A remote attacker could use
this flaw to elevate their privileges by utilizing an untrusted applet or
application that uses Swing. (CVE-2011-0871)

A flaw was found in the HotSpot component in OpenJDK. Certain bytecode
instructions confused the memory management within the Java Virtual Machine
(JVM), resulting in an applet or application crashing. (CVE-2011-0864)

An information leak flaw was found in the NetworkInterface class. An
untrusted applet or application could use this flaw to access information
about available network interfaces that should only be available to
privileged code. (CVE-2011-0867)

An incorrect float-to-long conversion, leading to an overflow, was found
in the way certain objects (such as images and text) were transformed in
Java2D. A remote attacker could use this flaw to crash an untrusted applet
or application that uses Java2D. (CVE-2011-0868)

It was found that untrusted applets and applications could misuse a SOAP
connection to incorrectly set global HTTP proxy settings instead of
setting them in a local scope. This flaw could be used to intercept HTTP
requests. (CVE-2011-0869)

A flaw was found in the way signed objects were deserialized. If trusted
and untrusted code were running in the same Java Virtual Machine (JVM), and
both were deserializing the same signed object, the untrusted code could
modify said object by using this flaw to bypass the validation checks on
signed objects. (CVE-2011-0865)

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)
706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)
706245 - CVE-2011-0864 OpenJDK: JVM memory corruption via certain bytecode (HotSpot, 7020373)
706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm

i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm

i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.39.1.9.8.el6_1.src.rpm

i386:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.i686.rpm

x86_64:
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.39.1.9.8.el6_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0862.html
https://www.redhat.com/security/data/cve/CVE-2011-0864.html
https://www.redhat.com/security/data/cve/CVE-2011-0865.html
https://www.redhat.com/security/data/cve/CVE-2011-0867.html
https://www.redhat.com/security/data/cve/CVE-2011-0868.html
https://www.redhat.com/security/data/cve/CVE-2011-0869.html
https://www.redhat.com/security/data/cve/CVE-2011-0871.html
https://access.redhat.com/security/updates/classification/#critical
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.

[RHSA-2011:0857-01] Important: java-1.6.0-openjdk security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: java-1.6.0-openjdk security update
Advisory ID: RHSA-2011:0857-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0857.html
Issue date: 2011-06-08
CVE Names: CVE-2011-0862 CVE-2011-0864 CVE-2011-0865
CVE-2011-0867 CVE-2011-0868 CVE-2011-0869
CVE-2011-0871
=====================================================================

1. Summary:

Updated java-1.6.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

These packages provide the OpenJDK 6 Java Runtime Environment and the
OpenJDK 6 Software Development Kit.

Integer overflow flaws were found in the way Java2D parsed JPEG images and
user-supplied fonts. An attacker could use these flaws to execute arbitrary
code with the privileges of the user running an untrusted applet or
application. (CVE-2011-0862)

It was found that the MediaTracker implementation created Component
instances with unnecessary access privileges. A remote attacker could use
this flaw to elevate their privileges by utilizing an untrusted applet or
application that uses Swing. (CVE-2011-0871)

A flaw was found in the HotSpot component in OpenJDK. Certain bytecode
instructions confused the memory management within the Java Virtual Machine
(JVM), resulting in an applet or application crashing. (CVE-2011-0864)

An information leak flaw was found in the NetworkInterface class. An
untrusted applet or application could use this flaw to access information
about available network interfaces that should only be available to
privileged code. (CVE-2011-0867)

An incorrect float-to-long conversion, leading to an overflow, was found
in the way certain objects (such as images and text) were transformed in
Java2D. A remote attacker could use this flaw to crash an untrusted applet
or application that uses Java2D. (CVE-2011-0868)

It was found that untrusted applets and applications could misuse a SOAP
connection to incorrectly set global HTTP proxy settings instead of
setting them in a local scope. This flaw could be used to intercept HTTP
requests. (CVE-2011-0869)

A flaw was found in the way signed objects were deserialized. If trusted
and untrusted code were running in the same Java Virtual Machine (JVM), and
both were deserializing the same signed object, the untrusted code could
modify said object by using this flaw to bypass the validation checks on
signed objects. (CVE-2011-0865)

Note: All of the above flaws can only be remotely triggered in OpenJDK by
calling the "appletviewer" application.

All users of java-1.6.0-openjdk are advised to upgrade to these updated
packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these
issues. All running instances of OpenJDK Java must be restarted for the
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

706106 - CVE-2011-0865 OpenJDK: Deserialization allows creation of mutable SignedObject (Deserialization, 6618658)
706139 - CVE-2011-0862 OpenJDK: integer overflows in JPEGImageReader and font SunLayoutEngine (2D, 7013519)
706153 - CVE-2011-0867 OpenJDK: NetworkInterface information leak (Networking, 7013969)
706234 - CVE-2011-0869 OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)
706241 - CVE-2011-0868 OpenJDK: incorrect numeric type conversion in TransformHelper (2D, 7016495)
706245 - CVE-2011-0864 OpenJDK: JVM memory corruption via certain bytecode (HotSpot, 7020373)
706248 - CVE-2011-0871 OpenJDK: MediaTracker created Component instances with unnecessary privileges (Swing, 7020198)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6.src.rpm

i386:
java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.el5_6.i386.rpm

x86_64:
java-1.6.0-openjdk-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-debuginfo-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-demo-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-devel-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-javadoc-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm
java-1.6.0-openjdk-src-1.6.0.0-1.22.1.9.8.el5_6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0862.html
https://www.redhat.com/security/data/cve/CVE-2011-0864.html
https://www.redhat.com/security/data/cve/CVE-2011-0865.html
https://www.redhat.com/security/data/cve/CVE-2011-0867.html
https://www.redhat.com/security/data/cve/CVE-2011-0868.html
https://www.redhat.com/security/data/cve/CVE-2011-0869.html
https://www.redhat.com/security/data/cve/CVE-2011-0871.html
https://access.redhat.com/security/updates/classification/#important
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.

[RHSA-2011:0858-01] Moderate: xerces-j2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: xerces-j2 security update
Advisory ID: RHSA-2011:0858-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0858.html
Issue date: 2011-06-08
CVE Names: CVE-2009-2625
=====================================================================

1. Summary:

Updated xerces-j2 packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The xerces-j2 packages provide the Apache Xerces2 Java Parser, a
high-performance XML parser. A Document Type Definition (DTD) defines the
legal syntax (and also which elements can be used) for certain types of
files, such as XML files.

A flaw was found in the way the Apache Xerces2 Java Parser processed the
SYSTEM identifier in DTDs. A remote attacker could provide a
specially-crafted XML file, which once parsed by an application using the
Apache Xerces2 Java Parser, would lead to a denial of service (application
hang due to excessive CPU use). (CVE-2009-2625)

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. Applications using the Apache Xerces2 Java
Parser must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

512921 - CVE-2009-2625 OpenJDK: XML parsing Denial-Of-Service (6845701)

6. Package List:

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/xerces-j2-2.7.1-12.6.el6_0.src.rpm

i386:
xerces-j2-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-demo-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-scripts-2.7.1-12.6.el6_0.i686.rpm

x86_64:
xerces-j2-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-demo-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-scripts-2.7.1-12.6.el6_0.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/xerces-j2-2.7.1-12.6.el6_0.src.rpm

x86_64:
xerces-j2-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-demo-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-scripts-2.7.1-12.6.el6_0.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xerces-j2-2.7.1-12.6.el6_0.src.rpm

i386:
xerces-j2-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm

ppc64:
xerces-j2-2.7.1-12.6.el6_0.ppc64.rpm
xerces-j2-debuginfo-2.7.1-12.6.el6_0.ppc64.rpm

s390x:
xerces-j2-2.7.1-12.6.el6_0.s390x.rpm
xerces-j2-debuginfo-2.7.1-12.6.el6_0.s390x.rpm

x86_64:
xerces-j2-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/xerces-j2-2.7.1-12.6.el6_0.src.rpm

i386:
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-demo-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-scripts-2.7.1-12.6.el6_0.i686.rpm

ppc64:
xerces-j2-debuginfo-2.7.1-12.6.el6_0.ppc64.rpm
xerces-j2-demo-2.7.1-12.6.el6_0.ppc64.rpm
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.ppc64.rpm
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.ppc64.rpm
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.ppc64.rpm
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.ppc64.rpm
xerces-j2-scripts-2.7.1-12.6.el6_0.ppc64.rpm

s390x:
xerces-j2-debuginfo-2.7.1-12.6.el6_0.s390x.rpm
xerces-j2-demo-2.7.1-12.6.el6_0.s390x.rpm
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.s390x.rpm
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.s390x.rpm
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.s390x.rpm
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.s390x.rpm
xerces-j2-scripts-2.7.1-12.6.el6_0.s390x.rpm

x86_64:
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-demo-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-scripts-2.7.1-12.6.el6_0.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xerces-j2-2.7.1-12.6.el6_0.src.rpm

i386:
xerces-j2-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm

x86_64:
xerces-j2-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/xerces-j2-2.7.1-12.6.el6_0.src.rpm

i386:
xerces-j2-debuginfo-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-demo-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.i686.rpm
xerces-j2-scripts-2.7.1-12.6.el6_0.i686.rpm

x86_64:
xerces-j2-debuginfo-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-demo-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-apis-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-impl-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-other-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-javadoc-xni-2.7.1-12.6.el6_0.x86_64.rpm
xerces-j2-scripts-2.7.1-12.6.el6_0.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-2625.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.




Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/7_security_updates_for_rhel.html)