8 RHEL Updates
Posted on: 07/21/2011 07:14 PM

Red Hat has released the following RHEL updates: [RHSA-2011:1085-01] Important: freetype security update, [RHSA-2011:1073-01] Low: bash security, bug fix, and enhancement update, [RHSA-2011:1005-01] Low: sysstat security, bug fix, and enhancement update, [RHSA-2011:1065-01] Important: Red Hat Enterprise Linux 5.7 kernel security and bug fix update, [RHSA-2011:1019-01] Moderate: libvirt security, bug fix, and enhancement update, [RHSA-2011:1000-01] Low: rgmanager security, bug fix, and enhancement update, [RHSA-2011:0975-01] Low: sssd security, bug fix, and enhancement update, and [RHSA-2011:0999-01] Moderate: rsync security, bug fix, and enhancement update.

[RHSA-2011:1085-01] Important: freetype security update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: freetype security update
Advisory ID: RHSA-2011:1085-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1085.html
Issue date: 2011-07-21
CVE Names: CVE-2011-0226
=====================================================================

1. Summary:

Updated freetype packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

FreeType is a free, high-quality, portable font engine that can open and
manage font files. It also loads, hints, and renders individual glyphs
efficiently. These packages provide the FreeType 2 font engine.

A flaw was found in the way the FreeType font rendering engine processed
certain PostScript Type 1 fonts. If a user loaded a specially-crafted font
file with an application linked against FreeType, it could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2011-0226)

Users are advised to upgrade to these updated packages, which contain a
backported patch to correct this issue. The X server must be restarted (log
out, then log back in) for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

722701 - CVE-2011-0226 freetype: postscript type1 font parsing vulnerability

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm

i386:
freetype-2.3.11-6.el6_1.6.i686.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm

x86_64:
freetype-2.3.11-6.el6_1.6.i686.rpm
freetype-2.3.11-6.el6_1.6.x86_64.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm

i386:
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-demos-2.3.11-6.el6_1.6.i686.rpm
freetype-devel-2.3.11-6.el6_1.6.i686.rpm

x86_64:
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm
freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm
freetype-devel-2.3.11-6.el6_1.6.i686.rpm
freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm

x86_64:
freetype-2.3.11-6.el6_1.6.i686.rpm
freetype-2.3.11-6.el6_1.6.x86_64.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm

x86_64:
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm
freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm
freetype-devel-2.3.11-6.el6_1.6.i686.rpm
freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm

i386:
freetype-2.3.11-6.el6_1.6.i686.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-devel-2.3.11-6.el6_1.6.i686.rpm

ppc64:
freetype-2.3.11-6.el6_1.6.ppc.rpm
freetype-2.3.11-6.el6_1.6.ppc64.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.ppc.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.ppc64.rpm
freetype-devel-2.3.11-6.el6_1.6.ppc.rpm
freetype-devel-2.3.11-6.el6_1.6.ppc64.rpm

s390x:
freetype-2.3.11-6.el6_1.6.s390.rpm
freetype-2.3.11-6.el6_1.6.s390x.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.s390.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.s390x.rpm
freetype-devel-2.3.11-6.el6_1.6.s390.rpm
freetype-devel-2.3.11-6.el6_1.6.s390x.rpm

x86_64:
freetype-2.3.11-6.el6_1.6.i686.rpm
freetype-2.3.11-6.el6_1.6.x86_64.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm
freetype-devel-2.3.11-6.el6_1.6.i686.rpm
freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm

i386:
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-demos-2.3.11-6.el6_1.6.i686.rpm

ppc64:
freetype-debuginfo-2.3.11-6.el6_1.6.ppc64.rpm
freetype-demos-2.3.11-6.el6_1.6.ppc64.rpm

s390x:
freetype-debuginfo-2.3.11-6.el6_1.6.s390x.rpm
freetype-demos-2.3.11-6.el6_1.6.s390x.rpm

x86_64:
freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm
freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm

i386:
freetype-2.3.11-6.el6_1.6.i686.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-devel-2.3.11-6.el6_1.6.i686.rpm

x86_64:
freetype-2.3.11-6.el6_1.6.i686.rpm
freetype-2.3.11-6.el6_1.6.x86_64.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm
freetype-devel-2.3.11-6.el6_1.6.i686.rpm
freetype-devel-2.3.11-6.el6_1.6.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/freetype-2.3.11-6.el6_1.6.src.rpm

i386:
freetype-debuginfo-2.3.11-6.el6_1.6.i686.rpm
freetype-demos-2.3.11-6.el6_1.6.i686.rpm

x86_64:
freetype-debuginfo-2.3.11-6.el6_1.6.x86_64.rpm
freetype-demos-2.3.11-6.el6_1.6.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0226.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.


[RHSA-2011:1073-01] Low: bash security, bug fix, and enhancement update
=====================================================================
Red Hat Security Advisory

Synopsis: Low: bash security, bug fix, and enhancement update
Advisory ID: RHSA-2011:1073-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1073.html
Issue date: 2011-07-21
CVE Names: CVE-2008-5374
=====================================================================

1. Summary:

An updated bash package that fixes one security issue, several bugs, and
adds one enhancement is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

Bash is the default shell for Red Hat Enterprise Linux.

It was found that certain scripts bundled with the Bash documentation
created temporary files in an insecure way. A malicious, local user could
use this flaw to conduct a symbolic link attack, allowing them to overwrite
the contents of arbitrary files accessible to the victim running the
scripts. (CVE-2008-5374)

This update fixes the following bugs:

* When using the source builtin at location ".", occasionally, bash
opted to preserve internal consistency and abort scripts. This caused
bash to abort scripts that assigned values to read-only variables.
This is now fixed to ensure that such scripts are now executed as
written and not aborted. (BZ#448508)

* When the tab key was pressed for auto-completion options for the typed
text, the cursor moved to an unexpected position on a previous line if
the prompt contained characters that cannot be viewed and a "\]". This
is now fixed to retain the cursor at the expected position at the end of
the target line after autocomplete options correctly display. (BZ#463880)

* Bash attempted to interpret the NOBITS .dynamic section of the ELF
header. This resulted in a "^D: bad ELF interpreter: No such
file or directory" message. This is fixed to ensure that the invalid
"^D" does not appear in the error message. (BZ#484809)

* The $RANDOM variable in Bash carried over values from a previous
execution for later jobs. This is fixed and the $RANDOM variable
generates a new random number for each use. (BZ#492908)

* When Bash ran a shell script with an embedded null character, bash's
source builtin parsed the script incorrectly. This is fixed and
bash's source builtin correctly parses shell script null characters.
(BZ#503701)

* The bash manual page for "trap" did not mention that signals ignored upon
entry cannot be listed later. The manual page was updated for this update
and now specifically notes that "Signals ignored upon entry to the shell
cannot be trapped, reset or listed". (BZ#504904)

* Bash's readline incorrectly displayed additional text when resizing
the terminal window when text spanned more than one line, which caused
incorrect display output. This is now fixed to ensure that text in more
than one line in a resized window displays as expected. (BZ#525474)

* Previously, bash incorrectly displayed "Broken pipe" messages for
builtins like "echo" and "printf" when output did not succeed due to
EPIPE. This is fixed to ensure that the unnecessary "Broken pipe"
messages no longer display. (BZ#546529)

* Inserts with the repeat function were not possible after a deletion in
vi-mode. This has been corrected and, with this update, the repeat function
works as expected after a deletion. (BZ#575076)

* In some situations, bash incorrectly appended "/" to files instead of
just directories during tab-completion, causing incorrect
auto-completions. This is fixed and auto-complete appends "/" only to
directories. (BZ#583919)

* Bash had a memory leak in the "read" builtin when the number of fields
being read was not equal to the number of variables passed as arguments,
causing a shell script crash. This is fixed to prevent a memory leak and
shell script crash. (BZ#618393)

* /usr/share/doc/bash-3.2/loadables in the bash package contained source
files which would not build due to missing C header files. With this
update, the unusable (and unbuildable) source files were removed from the
package. (BZ#663656)

This update also adds the following enhancement:

* The system-wide "/etc/bash.bash_logout" bash logout file is now enabled.
This allows administrators to write system-wide logout actions for all
users. (BZ#592979)

Users of bash are advised to upgrade to this updated package, which
contains backported patches to resolve these issues and add this
enhancement.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

448508 - Parsing of {} broken; breaks startup scripts
463880 - bash completion in UTF8 locale has cursor positioning errors with long $PS1
475474 - CVE-2008-5374 bash: Insecure temporary file use in aliasconv.sh, aliasconv.bash, cshtobash (symlink attack)
484809 - [RHEL5] bash includes Control-D in "bad ELF interpreter" message
492908 - $RANDOM value remains the same
503701 - Cannot process scripts beyond an embedded NULL character when running in 'source' mode
504904 - trap -p not displaying ignored signal when run from child bash
525474 - bash/readline not detecting window resize properly
583919 - tab-completion appends slash to non-directories
592979 - system global bash.bash_logout is diabled in config-top.h
618393 - memory leak in bash reading files
663656 - Unusable loadables in /doc

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bash-3.2-32.el5.src.rpm

i386:
bash-3.2-32.el5.i386.rpm
bash-debuginfo-3.2-32.el5.i386.rpm

x86_64:
bash-3.2-32.el5.x86_64.rpm
bash-debuginfo-3.2-32.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bash-3.2-32.el5.src.rpm

i386:
bash-3.2-32.el5.i386.rpm
bash-debuginfo-3.2-32.el5.i386.rpm

ia64:
bash-3.2-32.el5.i386.rpm
bash-3.2-32.el5.ia64.rpm
bash-debuginfo-3.2-32.el5.i386.rpm
bash-debuginfo-3.2-32.el5.ia64.rpm

ppc:
bash-3.2-32.el5.ppc.rpm
bash-debuginfo-3.2-32.el5.ppc.rpm

s390x:
bash-3.2-32.el5.s390x.rpm
bash-debuginfo-3.2-32.el5.s390x.rpm

x86_64:
bash-3.2-32.el5.x86_64.rpm
bash-debuginfo-3.2-32.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2008-5374.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.

[RHSA-2011:1005-01] Low: sysstat security, bug fix, and enhancement update
=====================================================================
Red Hat Security Advisory

Synopsis: Low: sysstat security, bug fix, and enhancement update
Advisory ID: RHSA-2011:1005-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1005.html
Issue date: 2011-07-21
CVE Names: CVE-2007-3852
=====================================================================

1. Summary:

An updated sysstat package that fixes one security issue, various bugs, and
adds one enhancement is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The sysstat package contains a set of utilities which enable system
monitoring of disks, network, and other I/O activity.

It was found that the sysstat initscript created a temporary file in an
insecure way. A local attacker could use this flaw to create arbitrary
files via a symbolic link attack. (CVE-2007-3852)

This update fixes the following bugs:

* On systems under heavy load, the sadc utility would sometimes output the
following error message if a write() call was unable to write all of the
requested input:

"Cannot write data to system activity file: Success."

In this updated package, the sadc utility tries to write the remaining
input, resolving this issue. (BZ#454617)

* On the Itanium architecture, the "sar -I" command provided incorrect
information about the interrupt statistics of the system. With this update,
the "sar -I" command has been disabled for this architecture, preventing
this bug. (BZ#468340)

* Previously, the "iostat -n" command used invalid data to create
statistics for read and write operations. With this update, the data source
for these statistics has been fixed, and the iostat utility now returns
correct information. (BZ#484439)

* The "sar -d" command used to output invalid data about block devices.
With this update, the sar utility recognizes disk registration and disk
overflow statistics properly, and only correct and relevant data is now
displayed. (BZ#517490)

* Previously, the sar utility set the maximum number of days to be logged
in one month too high. Consequently, data from a month was appended to
data from the preceding month. With this update, the maximum number of days
has been set to 25, and data from a month now correctly replaces data from
the preceding month. (BZ#578929)

* In previous versions of the iostat utility, the number of NFS mount
points was hard-coded. Consequently, various issues occurred while iostat
was running and NFS mount points were mounted or unmounted; certain values
in iostat reports overflowed and some mount points were not reported at
all. With this update, iostat properly recognizes when an NFS mount point
mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767)

* When a device name was longer than 13 characters, the iostat utility
printed a redundant new line character, making its output less readable.
This bug has been fixed and now, no extra characters are printed if a long
device name occurs in iostat output. (BZ#604637)

* Previously, if kernel interrupt counters overflowed, the sar utility
provided confusing output. This bug has been fixed and the sum of
interrupts is now reported correctly. (BZ#622557)

* When some processors were disabled on a multi-processor system, the sar
utility sometimes failed to provide information about the CPU activity.
With this update, the uptime of a single processor is used to compute the
statistics, rather than the total uptime of all processors, and this bug no
longer occurs. (BZ#630559)

* Previously, the mpstat utility wrongly interpreted data about processors
in the system. Consequently, it reported a processor that did not exist.
This bug has been fixed and non-existent CPUs are no longer reported by
mpstat. (BZ#579409)

* Previously, there was no easy way to enable the collection of statistics
about disks and interrupts. Now, the SADC_OPTIONS variable can be used to
set parameters for the sadc utility, fixing this bug. (BZ#598794)

* The read_uptime() function failed to close its open file upon exit. A
patch has been provided to fix this bug. (BZ#696672)

This update also adds the following enhancement:

* With this update, the cifsiostat utility has been added to the sysstat
package to provide CIFS (Common Internet File System) mount point I/O
statistics. (BZ#591530)

All sysstat users are advised to upgrade to this updated package, which
contains backported patches to correct these issues and add this
enhancement.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

251200 - CVE-2007-3852 sysstat insecure temporary file usage
454617 - [RHEL5] Though function write() executed sucessful, sadc end with an error.
484439 - iostat -n enhancement not report NFS client stats correctly
517490 - The 'sar -d ' command outputs invalid data
578929 - March sar data was appended to February data
579409 - The sysstat's programs such as mpstat shows one extra cpu.
598794 - Enable parametrization of sadc arguments
604637 - extraneous newline in iostat report for long device names
622557 - sar interrupt count goes backward
630559 - 'sar -P ALL -f xxxx ' does not display activity information.
675058 - iostat: bogus value appears when device is unmounted/mounted
694767 - iostat doesn't report statistics for shares with long names
696672 - Resource leak
706095 - iostat -n - values in output overflows

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sysstat-7.0.2-11.el5.src.rpm

i386:
sysstat-7.0.2-11.el5.i386.rpm
sysstat-debuginfo-7.0.2-11.el5.i386.rpm

x86_64:
sysstat-7.0.2-11.el5.x86_64.rpm
sysstat-debuginfo-7.0.2-11.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sysstat-7.0.2-11.el5.src.rpm

i386:
sysstat-7.0.2-11.el5.i386.rpm
sysstat-debuginfo-7.0.2-11.el5.i386.rpm

ia64:
sysstat-7.0.2-11.el5.ia64.rpm
sysstat-debuginfo-7.0.2-11.el5.ia64.rpm

ppc:
sysstat-7.0.2-11.el5.ppc.rpm
sysstat-debuginfo-7.0.2-11.el5.ppc.rpm

s390x:
sysstat-7.0.2-11.el5.s390x.rpm
sysstat-debuginfo-7.0.2-11.el5.s390x.rpm

x86_64:
sysstat-7.0.2-11.el5.x86_64.rpm
sysstat-debuginfo-7.0.2-11.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2007-3852.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.

[RHSA-2011:1065-01] Important: Red Hat Enterprise Linux 5.7 kernel security and bug fix update
=====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat Enterprise Linux 5.7 kernel security and bug fix update
Advisory ID: RHSA-2011:1065-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1065.html
Issue date: 2011-07-21
CVE Names: CVE-2011-1780 CVE-2011-2525 CVE-2011-2689
=====================================================================

1. Summary:

Updated kernel packages that fix multiple security issues, address several
hundred bugs, and add numerous enhancements are now available as part of
the ongoing support and maintenance of Red Hat Enterprise Linux version 5.
This is the seventh regular update.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw was found in the way the Xen hypervisor implementation handled
instruction emulation during virtual machine exits. A malicious user-space
process running in an SMP guest could trick the emulator into reading a
different instruction than the one that caused the virtual machine to exit.
An unprivileged guest user could trigger this flaw to crash the host. This
only affects systems with both an AMD x86 processor and the AMD
Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important)

* A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet
scheduler API implementation to be called on built-in qdisc structures. A
local, unprivileged user could use this flaw to trigger a NULL pointer
dereference, resulting in a denial of service. (CVE-2011-2525, Moderate)

* A flaw was found in the way space was allocated in the Linux kernel's
Global File System 2 (GFS2) implementation. If the file system was almost
full, and a local, unprivileged user made an fallocate() request, it could
result in a denial of service. Note: Setting quotas to prevent users from
using all available disk space would prevent exploitation of this flaw.
(CVE-2011-2689, Moderate)

These updated kernel packages include a number of bug fixes and
enhancements. Space precludes documenting all of these changes in this
advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for
information about the most significant bug fixes and enhancements included
in this update:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Tech
nical_Notes/kernel.html#RHSA-2011-1065

All Red Hat Enterprise Linux 5 users are advised to install these updated
packages, which correct these issues. The system must be rebooted for this
update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

390451 - Pick up paging performance improvements from upstream Xen
431738 - lsattr doesn't show attributes of ext3 quota files
441730 - [rhts] connectathon nfsidem test failing
452650 - [RHEL5.2]: Blktap is limited to 100 disks total
460821 - pv-on-hvm: disk shows up twice.
465876 - NMI Watchdog detected LOCKUP in :sctp:sctp_copy_local_addr_list
477032 - kdump hang on HP xw9400
481546 - HTB qdisc miscalculates bandwidth with TSO enabled
481629 - update myri10g driver from 1.3.2 to 1.5.2
491740 - export of an NFSV3 file system via kerberos requires AUTH_SYS as well
491786 - s2io should check inputs for rx_ring_sz
494927 - Read-only filesystem after 'ext3_free_blocks_sb: bit already cleared for block' errors
501314 - No beep when running xen kernel
511901 - [NFS]: silly renamed .nfs0000* files can be left on fs forever
517629 - Sequence id issue with nfs4/kerberos between RHEL kernel and Fedora 11
525898 - soft lockups with kswapd in RHEL 5.4 kernel 2.6.18-164.el5 x86_64
537277 - KERNEL: QLA2XXX 0000:0E:00.0: RISC PAUSED -- HCCR=0, DUMPING FIRMWARE!
553411 - xts crypto module missing from RHEL5 installer runtime
553803 - GFS2: recovery stuck on transaction lock
567449 - RHEL5.6: iw_cxgb4 driver inclusion
567540 - unregister_netdevice: waiting for veth5 to become free when I remove netloop
579000 - [RFE] Support L2 packets under bonding layer
579858 - Wrong RX bytes/packet count on vlan interface with igb driver
589512 - slab corruption after seeing some nfs-related BUG: warning
603345 - i5k_amb does not work for Intel 5000 Chipset (kernel)
607114 - System panic in pskb_expand_head When arp_validate option is specified in bonding ARP monitor mode
611407 - kvm guest unable to kdump without noapic
621916 - Host panic on cross-vendor migration (RHEL 5.5 guest)
622542 - Xorg failures on machines using intel video card driver
622647 - Reading /proc/locks yelds corrupt data
623979 - synch arch/i386/pci/irq-xen.c
626585 - GFS2: [RFE] fallocate support for GFS2
626974 - nfs: too many GETATTR and ACCESS calls after direct i/o
626977 - [nfs] make close(2) asynchronous when closing nfs o_direct files
627496 - Fix shrinking windows with window scaling
631950 - remove FS-Cache code from NFS
632399 - Misleading message from fs/nfs/file.c:do_vfs_lock()
633196 - testing NMI watchdog ... WARNING: CPU#0: NMI appears to be stuck (62->62)!
635992 - Areca driver, arcmsr, update
637970 - GFS2: Not enough space reserved in gfs2_write_begin and possibly elsewhere.
642388 - ip_nat_ftp not working if ack for "227 Enter Passive mode" packet is lost
643292 - [netfront] ethtool -i should return proper information for netfront device
643872 - [netback] ethtool -i should return proper information for netback device
645343 - ISCSI/multipath hang - must propagate SCSI device deletion to DM mpath
645528 - SIGPROF keeps a large task from ever completing a fork()
645646 - RFE: Virtio nic should be support "ethtool -i virtio nic"
646513 - HP_GETHOSTINFO ioctl always causes mpt controller reset
648572 - virtio GSO makes IPv6 very slow
648657 - fseek()/NFS performance regression between RHEL4 and RHEL5
648854 - linux-2.6.18: netback: take net_schedule_list_lock when removing entry from net_schedule_list
651333 - RHEL5.6: EHCI: AMD periodic frame list table quirk
651409 - BAD SEQID error messages returned by the NFS server
651512 - e1000 driver tracebacks when running under VMware ESX4
652321 - jbd2_stats_proc_init has wrong location.
652369 - temporary loss of path to SAN results in persistent EIO with msync
653286 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes.
653828 - bonding failover in every monitor interval with virtio-net driver
654293 - sunrpc: need a better way to set tcp_slot_table_entries in RHEL 5
656836 - Memory leak in virtio-console driver if driver probe routine fails
657166 - XFS causes kernel panic due to double free of log tickets
658012 - NMI panic during xfs forced shutdown
658418 - Kernel warning at boot: i7core_edac: probe of 0000:80:14.0 failed with error -22
659594 - Kernel panic when restart network on vlan with bonding
659715 - cifs: ia64 kernel unaligned access
659816 - Performance counters don't work on HP Magnycours machines
660368 - dm-crypt: backport changes to support xts crypto mode
660661 - fsck.gfs2 reported statfs error after gfs2_grow
660728 - [LSI 5.7 feat] Update megaraid_sas to 5.34 and Include "Thunderbolt" support
660871 - mpctl module doesn't release fasync_struct at file close
661300 - xfstest 222: filesystem on /dev/loop0 is inconsistent
661306 - [Cisco 5.7 FEAT] Update enic driver to version 2.1.1.9
661904 - GFS2: Kernel changes necessary to allow growing completely full filesystems.
663041 - gfs2 FIEMAP oops
663123 - /proc/partitions not updating after creating LUNs via hpacucli
663563 - [ext4/xfstests] 011 caused filesystem corruption after running many times in a loop
664592 - a test unit ready causes a panic on 5.6 (CCISS driver)
664931 - COW corruption using popen(3).
665197 - WARNING: APIC timer calibration may be wrong
665972 - ISVM bit (ECX:31) for CPUID 0x00000001 is missing for HVM on AMD
666080 - GFS2: Blocks not marked free on delete
666304 - scsi_dh_emc gives "error attaching hardware handler" for EMC active-active SANs
666866 - Heavy load on ath5k wireless device makes system unresponsive
667327 - lib: fix vscnprintf() if @size is == 0
667660 - [NetApp 5.7 Bug] Include new NetApp PID entry to the alua_dev_list array in the ALUA hardware handler
667810 - "modprobe ip_conntrack hashsize=NNNN" panics kernel if /etc/modprobe.conf has hashsize=MMMM
668934 - UDP transmit under VLAN causes guest freeze
669603 - incomplete local port reservation
669961 - [NetApp 5.6 Bug] Erroneous TPG ID check in SCSI ALUA Handler
670367 - scsi_dh_emc get_req function should set REQ_FAILFAST flags same as upstream and other modules
670373 - panic in kfree() due to race condition in acpi_bus_receive_event()
671238 - [bonding] crash when adding/removing slaves with master interface down
671595 - Flapping errors (and panic) with bonding and arp_interval while using be2net included in 2.6.18-238
672619 - transmission stops when tap does not consume
672724 - mmapping a read only file on a gfs2 filesystem incorrectly acquires an exclusive glock
672981 - lseek() over NFS is returning an incorrect file length under some circumstances
673058 - kernel panic in pg_init_done - pgpath already deleted
673242 - Time runs too fast in a VM on processors with > 4GHZ freq
673459 - virtio_console driver never returns from selecting for write when the queue is full
673616 - vdso gettimeofday causes a segmentation fault
674175 - Impossible to load sctp module with ipv6 disable=1
674226 - Panic in selinux_bprm_post_apply_creds() due to an empty tty_files list
674298 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO
674514 - xenctx shows nonsensical values for 32-on-64 and HVM domains
675727 - vdso: missing wall_to_monotomic export
675986 - Fix block based fiemap
677703 - [RHEL5.5] Panic in iscsi_sw_tcp_data_ready()
677893 - [TestOnly] gfs regression testing for 5.7 beta
677902 - Incorrect "Speed" is recorded in the file "/proc/net/bonding/bondX"
678073 - qeth: allow channel path changes in recovery
678074 - [usb-audio] unable to set capture mixer levels
678359 - online disk resizing may cause data corruption
678571 - hap_gva_to_gfn_* do not preserve domain context
678618 - gdbsx hypervisor part backport
679120 - qeth: remove needless IPA-commands in offline
679407 - [5.7] niu: Fix races between up/down and get_stats.
679487 - [5.7] net: Fix netdev_run_todo serialization
680329 - sunrpc: reconnect race can lead to socket read corruption
681303 - backport vzalloc and vzalloc_node in support of drivers needing these functions
681586 - Out of vmalloc space
683155 - gfs2: creating large files suddenly slow to a crawl
683978 - need to backport common vpd infrastructure to rhel 5
684795 - missed unlock_page() in gfs2_write_begin()
688646 - intel_iommu domain id exhaustion
688989 - [5.6] sysctl tcp_syn_retries is not honored
689860 - guest with passthrough nic got kernel panic when send system_reset signal in QEMU monitor
689943 - GFS2 causes kernel panic in spectator mode
690555 - GFS2: resource group bitmap corruption resulting in panics and withdraws
692946 - need to backport debugfs_remove_recursive functionality
695357 - dasd: fix race between open and offline
696411 - Missing patch for full use of tcp_rto_min parameter
698432 - [Emulex 5.7] Update lpfc driver to version 8.2.0.96.1p
698879 - The pci resource for vf is not released after hot-removing Intel 82576 NIC
700546 - RHEL5: apparent file system corruption of snapshot fs with qla2xxx driver
702355 - NFS: Fix build break with CONFIG_NFS_V4=n
702652 - provide option to disable HPET
702657 - CVE-2011-1780 kernel: xen: svm: insufficiencies in handling emulated instructions during vm exits
703213 - GFS2: Add "dlm callback owed" glock flag
703416 - host kernel panic while guest running on 10G public bridge.
704497 - VT-d: Fix resource leaks on error paths in intremap code
705324 - cifs: regression in unicode conversion routines when mounting with -o mapchars
705455 - intel-iommu: missing flush prior to removing domains + avoid broken vm/si domain unlinking
705725 - hvm guest time may go backwards on some hosts
706414 - Adding slave to balance-tlb bond device results in soft lockup
709224 - setfacl does not update ctime when changing file permission on ext3/4
711450 - 12% degradation running IOzone with Outcache testing
717068 - Kernel panics during Veritas SF testing.
717742 - [RHEL5.7][kernel-xen] HVM guests hang during installation on AMD systems
720552 - CVE-2011-2525 kernel: kernel: net_sched: fix qdisc_notify()
720861 - CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-274.el5.src.rpm

i386:
kernel-2.6.18-274.el5.i686.rpm
kernel-PAE-2.6.18-274.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-274.el5.i686.rpm
kernel-PAE-devel-2.6.18-274.el5.i686.rpm
kernel-debug-2.6.18-274.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-274.el5.i686.rpm
kernel-debug-devel-2.6.18-274.el5.i686.rpm
kernel-debuginfo-2.6.18-274.el5.i686.rpm
kernel-debuginfo-common-2.6.18-274.el5.i686.rpm
kernel-devel-2.6.18-274.el5.i686.rpm
kernel-headers-2.6.18-274.el5.i386.rpm
kernel-xen-2.6.18-274.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-274.el5.i686.rpm
kernel-xen-devel-2.6.18-274.el5.i686.rpm

noarch:
kernel-doc-2.6.18-274.el5.noarch.rpm

x86_64:
kernel-2.6.18-274.el5.x86_64.rpm
kernel-debug-2.6.18-274.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-274.el5.x86_64.rpm
kernel-debug-devel-2.6.18-274.el5.x86_64.rpm
kernel-debuginfo-2.6.18-274.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-274.el5.x86_64.rpm
kernel-devel-2.6.18-274.el5.x86_64.rpm
kernel-headers-2.6.18-274.el5.x86_64.rpm
kernel-xen-2.6.18-274.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-274.el5.x86_64.rpm
kernel-xen-devel-2.6.18-274.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-274.el5.src.rpm

i386:
kernel-2.6.18-274.el5.i686.rpm
kernel-PAE-2.6.18-274.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-274.el5.i686.rpm
kernel-PAE-devel-2.6.18-274.el5.i686.rpm
kernel-debug-2.6.18-274.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-274.el5.i686.rpm
kernel-debug-devel-2.6.18-274.el5.i686.rpm
kernel-debuginfo-2.6.18-274.el5.i686.rpm
kernel-debuginfo-common-2.6.18-274.el5.i686.rpm
kernel-devel-2.6.18-274.el5.i686.rpm
kernel-headers-2.6.18-274.el5.i386.rpm
kernel-xen-2.6.18-274.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-274.el5.i686.rpm
kernel-xen-devel-2.6.18-274.el5.i686.rpm

ia64:
kernel-2.6.18-274.el5.ia64.rpm
kernel-debug-2.6.18-274.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-274.el5.ia64.rpm
kernel-debug-devel-2.6.18-274.el5.ia64.rpm
kernel-debuginfo-2.6.18-274.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-274.el5.ia64.rpm
kernel-devel-2.6.18-274.el5.ia64.rpm
kernel-headers-2.6.18-274.el5.ia64.rpm
kernel-xen-2.6.18-274.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-274.el5.ia64.rpm
kernel-xen-devel-2.6.18-274.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-274.el5.noarch.rpm

ppc:
kernel-2.6.18-274.el5.ppc64.rpm
kernel-debug-2.6.18-274.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-274.el5.ppc64.rpm
kernel-debug-devel-2.6.18-274.el5.ppc64.rpm
kernel-debuginfo-2.6.18-274.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-274.el5.ppc64.rpm
kernel-devel-2.6.18-274.el5.ppc64.rpm
kernel-headers-2.6.18-274.el5.ppc.rpm
kernel-headers-2.6.18-274.el5.ppc64.rpm
kernel-kdump-2.6.18-274.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-274.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-274.el5.ppc64.rpm

s390x:
kernel-2.6.18-274.el5.s390x.rpm
kernel-debug-2.6.18-274.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-274.el5.s390x.rpm
kernel-debug-devel-2.6.18-274.el5.s390x.rpm
kernel-debuginfo-2.6.18-274.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-274.el5.s390x.rpm
kernel-devel-2.6.18-274.el5.s390x.rpm
kernel-headers-2.6.18-274.el5.s390x.rpm
kernel-kdump-2.6.18-274.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-274.el5.s390x.rpm
kernel-kdump-devel-2.6.18-274.el5.s390x.rpm

x86_64:
kernel-2.6.18-274.el5.x86_64.rpm
kernel-debug-2.6.18-274.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-274.el5.x86_64.rpm
kernel-debug-devel-2.6.18-274.el5.x86_64.rpm
kernel-debuginfo-2.6.18-274.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-274.el5.x86_64.rpm
kernel-devel-2.6.18-274.el5.x86_64.rpm
kernel-headers-2.6.18-274.el5.x86_64.rpm
kernel-xen-2.6.18-274.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-274.el5.x86_64.rpm
kernel-xen-devel-2.6.18-274.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1780.html
https://www.redhat.com/security/data/cve/CVE-2011-2525.html
https://www.redhat.com/security/data/cve/CVE-2011-2689.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.


[RHSA-2011:1019-01] Moderate: libvirt security, bug fix, and enhancement update
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: libvirt security, bug fix, and enhancement update
Advisory ID: RHSA-2011:1019-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1019.html
Issue date: 2011-07-21
CVE Names: CVE-2011-2511
=====================================================================

1. Summary:

Updated libvirt packages that fix one security issue, several bugs and add
various enhancements are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Multi OS (v. 5 client) - i386, x86_64
RHEL Virtualization (v. 5 server) - i386, ia64, x86_64

3. Description:

The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems.

An integer overflow flaw was found in libvirtd's RPC call handling. An
attacker able to establish read-only connections to libvirtd could trigger
this flaw by calling virDomainGetVcpus() with specially-crafted parameters,
causing libvirtd to crash. (CVE-2011-2511)

This update fixes the following bugs:

* libvirt was rebased from version 0.6.3 to version 0.8.2 in Red Hat
Enterprise Linux 5.6. A code audit found a minor API change that effected
error messages seen by libvirt 0.8.2 clients talking to libvirt 0.7.1 –
0.7.7 (0.7.x) servers. A libvirt 0.7.x server could send
VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client expected
VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a libvirt 0.8.2
client saw a "Timed out during operation" message where it should see an
"Invalid network filter" error. This update adds a backported patch that
allows libvirt 0.8.2 clients to interoperate with the API as used by
libvirt 0.7.x servers, ensuring correct error messages are sent.
(BZ#665075)

* libvirt could crash if the maximum number of open file descriptors
(_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it accessed
file descriptors outside the bounds of the set. With this update the
maximum number of open file descriptors can no longer grow larger than the
FD_SETSIZE value. (BZ#665549)

* A libvirt race condition was found. An array in the libvirt event
handlers was accessed with a lock temporarily released. In rare cases, if
one thread attempted to access this array but a second thread reallocated
the array before the first thread reacquired a lock, it could lead to the
first thread attempting to access freed memory, potentially causing libvirt
to crash. With this update libvirt no longer refers to the old array and,
consequently, behaves as expected. (BZ#671569)

* Guests connected to a passthrough NIC would kernel panic if a
system_reset signal was sent through the QEMU monitor. With this update you
can reset such guests as expected. (BZ#689880)

* When using the Xen kernel, the rpmbuild command failed on the xencapstest
test. With this update you can run rpmbuild successfully when using the Xen
kernel. (BZ#690459)

* When a disk was hot unplugged, "ret >= 0" was passed to the qemuAuditDisk
calls in disk hotunplug operations before ret was, in fact, set to 0. As
well, the error path jumped to the "cleanup" label prematurely. As a
consequence, hotunplug failures were not audited and hotunplug successes
were audited as failures. This was corrected and hot unplugging checks now
behave as expected. (BZ#710151)

* A conflict existed between filter update locking sequences and virtual
machine startup locking sequences. When a filter update occurred on one or
more virtual machines, a deadlock could consequently occur if a virtual
machine referencing a filter was started. This update changes and makes
more flexible several qemu locking sequences ensuring this deadlock no
longer occurs. (BZ#697749)

* qemudDomainSaveImageStartVM closed some incoming file descriptor (fd)
arguments without informing the caller. The consequent double-closes could
cause Domain restoration failure. This update alters the
qemudDomainSaveImageStartVM signature to prevent the double-closes.
(BZ#681623)

This update also adds the following enhancements:

* The libvirt Xen driver now supports more than one serial port.
(BZ#670789)

* Enabling and disabling the High Precision Event Timer (HPET) in Xen
domains is now possible. (BZ#703193)

All libvirt users should install this update which addresses this
vulnerability, fixes these bugs and adds these enhancements. After
installing the updated packages, libvirtd must be restarted ("service
libvirtd restart") for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

665075 - minor libvirt API break in error reporting
665549 - libvirt crash on src/util/util.c in __virExec
671569 - race condition in libvirt could lead to crash on event handling
681623 - libvirt double-close bug in tight loop of save/restore [5.7]
689880 - guest with passthrough nic got kernel panic when send system_reset signal in QEMU monitor
690459 - rpmbuild failed on xencapstest when running under xen kernel
697749 - Deadlock between VM ops and filter update
703193 - support enabling/disabling xen hpet
710151 - Auditing of QEMU driver disk hotunplug events logs is missing and/or incorrect
717199 - CVE-2011-2511 libvirt: integer overflow in VirDomainGetVcpus

6. Package List:

RHEL Desktop Multi OS (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libvirt-0.8.2-22.el5.src.rpm

i386:
libvirt-0.8.2-22.el5.i386.rpm
libvirt-debuginfo-0.8.2-22.el5.i386.rpm
libvirt-devel-0.8.2-22.el5.i386.rpm
libvirt-python-0.8.2-22.el5.i386.rpm

x86_64:
libvirt-0.8.2-22.el5.i386.rpm
libvirt-0.8.2-22.el5.x86_64.rpm
libvirt-debuginfo-0.8.2-22.el5.i386.rpm
libvirt-debuginfo-0.8.2-22.el5.x86_64.rpm
libvirt-devel-0.8.2-22.el5.i386.rpm
libvirt-devel-0.8.2-22.el5.x86_64.rpm
libvirt-python-0.8.2-22.el5.x86_64.rpm

RHEL Virtualization (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libvirt-0.8.2-22.el5.src.rpm

i386:
libvirt-0.8.2-22.el5.i386.rpm
libvirt-debuginfo-0.8.2-22.el5.i386.rpm
libvirt-devel-0.8.2-22.el5.i386.rpm
libvirt-python-0.8.2-22.el5.i386.rpm

ia64:
libvirt-0.8.2-22.el5.ia64.rpm
libvirt-debuginfo-0.8.2-22.el5.ia64.rpm
libvirt-devel-0.8.2-22.el5.ia64.rpm
libvirt-python-0.8.2-22.el5.ia64.rpm

x86_64:
libvirt-0.8.2-22.el5.i386.rpm
libvirt-0.8.2-22.el5.x86_64.rpm
libvirt-debuginfo-0.8.2-22.el5.i386.rpm
libvirt-debuginfo-0.8.2-22.el5.x86_64.rpm
libvirt-devel-0.8.2-22.el5.i386.rpm
libvirt-devel-0.8.2-22.el5.x86_64.rpm
libvirt-python-0.8.2-22.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-2511.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.

[RHSA-2011:1000-01] Low: rgmanager security, bug fix, and enhancement update
=====================================================================
Red Hat Security Advisory

Synopsis: Low: rgmanager security, bug fix, and enhancement update
Advisory ID: RHSA-2011:1000-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1000.html
Issue date: 2011-07-21
CVE Names: CVE-2010-3389
=====================================================================

1. Summary:

An updated rgmanager package that fixes one security issue, several bugs,
and adds multiple enhancements is now available for Red Hat Enterprise
Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Clustering (v. 5 server) - i386, ia64, ppc, x86_64

3. Description:

The rgmanager package contains the Red Hat Resource Group Manager, which
provides the ability to create and manage high-availability server
applications in the event of system downtime.

It was discovered that certain resource agent scripts set the
LD_LIBRARY_PATH environment variable to an insecure value containing empty
path elements. A local user able to trick a user running those scripts to
run them while working from an attacker-writable directory could use this
flaw to escalate their privileges via a specially-crafted dynamic library.
(CVE-2010-3389)

Red Hat would like to thank Raphael Geissert for reporting this issue.

This update also fixes the following bugs:

* The failover domain "nofailback" option was not honored if a service was
in the "starting" state. This bug has been fixed. (BZ#669440)

* PID files with white spaces in the file name are now handled correctly.
(BZ#632704)

* The /usr/sbin/rhev-check.sh script can now be used from within Cron.
(BZ#634225)

* The clustat utility now reports the correct version. (BZ#654160)

* The oracledb.sh agent now attempts to try the "shutdown immediate"
command instead of using the "shutdown abort" command. (BZ#633992)

* The SAPInstance and SAPDatabase scripts now use proper directory name
quoting so they no longer collide with directory names like "/u".
(BZ#637154)

* The clufindhostname utility now returns the correct value in all cases.
(BZ#592613)

* The nfsclient resource agent now handles paths with trailing slashes
correctly. (BZ#592624)

* The last owner of a service is now reported correctly after a failover.
(BZ#610483)

* The /usr/share/cluster/fs.sh script no longer runs the "quotaoff" command
if quotas were not configured. (BZ#637678)

* The "listen" line in the /etc/httpd/conf/httpd.conf file generated by the
Apache resource agent is now correct. (BZ#675739)

* The tomcat-5 resource agent no longer generates incorrect configurations.
(BZ#637802)

* The time required to stop an NFS resource when the server is unavailable
has been reduced. (BZ#678494)

* When using exclusive prioritization, a higher priority service now
preempts a lower priority service after status check failures. (BZ#680256)

* The postgres-8 resource agent now correctly detects failed start
operations. (BZ#663827)

* The handling of reference counts passed by rgmanager to resource agents
now works properly, as expected. (BZ#692771)

As well, this update adds the following enhancements:

* It is now possible to disable updates to static routes by the IP resource
agent. (BZ#620700)

* It is now possible to use XFS as a file system within a cluster service.
(BZ#661893)

* It is now possible to use the "clustat" command as a non-root user, so
long as that user is in the "root" group. (BZ#510300)

* It is now possible to migrate virtual machines when central processing is
enabled. (BZ#525271)

* The rgmanager init script will now delay after stopping services in order
to allow time for other nodes to restart them. (BZ#619468)

* The handling of failed independent subtrees has been corrected.
(BZ#711521)

All users of Red Hat Resource Group Manager are advised to upgrade to this
updated package, which contains backported patches to correct these issues
and add these enhancements.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

592613 - clufindhostname -i returns random value
592624 - nfsclient exports doens't work.
610483 - last_owner is not correctly updated on service reallocarion on failover
632704 - If whitespace in mysql resource name then pid file is not found
634225 - rhev-check.sh needs /usr/sbin in path
637154 - SAPInstance and SAPDatabase fail to start/stop/status if /u exists
637678 - service failover hangs at quotaoff in /usr/share/cluster/fs.sh
637802 - Fix problems in generated config file for tomcat-5
639044 - CVE-2010-3389 rgmanager: insecure library loading vulnerability
654160 - clustat -v reports "clustat version DEVEL" on release package
661893 - Support/testing of XFS filesystem as part of RHEL Cluster
663827 - postgres-8 resource agent does not detect a failed start of postgres server
669440 - Service will failback on "nofailback" failover domain if service is in "starting" state
675739 - Listen line in generated httpd.conf incorrect
678494 - netfs.sh patch, when network is lost it takes too long to unmount the NFS filesystems
680256 - Service with highest exclusive prio should be relocated to another node with lower exclusive prio
711521 - Dependencies in independent_tree resources does not work as expected

6. Package List:

RHEL Clustering (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rgmanager-2.0.52-21.el5.src.rpm

i386:
rgmanager-2.0.52-21.el5.i386.rpm
rgmanager-debuginfo-2.0.52-21.el5.i386.rpm

ia64:
rgmanager-2.0.52-21.el5.ia64.rpm
rgmanager-debuginfo-2.0.52-21.el5.ia64.rpm

ppc:
rgmanager-2.0.52-21.el5.ppc.rpm
rgmanager-debuginfo-2.0.52-21.el5.ppc.rpm

x86_64:
rgmanager-2.0.52-21.el5.x86_64.rpm
rgmanager-debuginfo-2.0.52-21.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-3389.html
https://access.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.


[RHSA-2011:0975-01] Low: sssd security, bug fix, and enhancement update
=====================================================================
Red Hat Security Advisory

Synopsis: Low: sssd security, bug fix, and enhancement update
Advisory ID: RHSA-2011:0975-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0975.html
Issue date: 2011-07-21
CVE Names: CVE-2010-4341
=====================================================================

1. Summary:

Updated sssd packages that fix one security issue, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The System Security Services Daemon (SSSD) provides a set of daemons to
manage access to remote directories and authentication mechanisms. It
provides an NSS and PAM interface toward the system and a pluggable
back-end system to connect to multiple different account sources. It is
also the basis to provide client auditing and policy services for projects
such as FreeIPA.

A flaw was found in the SSSD PAM responder that could allow a local
attacker to force SSSD to enter an infinite loop via a carefully-crafted
packet. With SSSD unresponsive, legitimate users could be denied the
ability to log in to the system. (CVE-2010-4341)

Red Hat would like to thank Sebastian Krahmer for reporting this issue.

These updated sssd packages include a number of bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Refer to
the Red Hat Enterprise Linux 5.7 Technical Notes for information about
these changes:

https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Tech
nical_Notes/sssd.html#RHSA-2011-0975

All sssd users are advised to upgrade to these updated sssd packages, which
upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the
bugs and add the enhancements noted in the Technical Notes.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

640601 - sssd is not escaping correctly LDAP searches
661163 - CVE-2010-4341 sssd: DoS in sssd PAM responder can prevent logins
675007 - sssd corrupts group cache
676027 - sssd segfault when first entry of ldap_uri is unreachable
678032 - Remove HBAC time rules from SSSD
678092 - SSSD in 5.6 can not locate HBAC rules from FreeIPAv2
678412 - name service caches names, so id command shows recently deleted users
678606 - User information not updated on login for secondary domains
678615 - SSSD needs to look at IPA's compat tree for netgroups
678778 - IPA provider does not update removed group memberships on initgroups
678780 - sssd crashes at the next tgt renewals it tries.
679087 - SSSD IPA provider should honor the krb5_realm option
679097 - Does not read renewable ccache at startup.
682803 - sssd-be segmentation fault - ipa-client on ipa-server
682808 - sssd_nss core dumps with certain lookups
682853 - IPA provider should use realm instead of ipa_domain for base DN
683260 - sudo/ldap lookup via sssd gets stuck for 5min waiting on netgroup
688677 - Build SSSD in RHEL 5.7 against openldap24-libs
688694 - authconfig fails when access_provider is set as krb5 in sssd.conf.
688697 - sssd 1.5.1-9 breaks AD authentication
689887 - group memberships are not populated correctly during IPA provider initgroups
690093 - multiple problems with sssd + ldap (Active-Directory) and groups members.
690096 - SSSD should skip over groups with multiple names
690287 - Traceback messages seen while interrupting sss_obfuscate using ctrl+d.
690814 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV)
690867 - Groups with a zero-length memberuid attribute can cause SSSD to stop caching and responding to requests
691900 - SSSD needs to fall back to 'cn' for GECOS information (was: SSSD configuration problem when configured with MSAD)
692960 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV)
694149 - SSSD consumes GBs of RAM, possible memory leak
694853 - SSSD crashes during getent when anonymous bind is disabled.
695476 - Unable to resolve SRV record when called with _srv_, in ldap_uri
696979 - [REGRESSION] Filters not honoured against fully-qualified users.
701702 - sssd client libraries use select() but should use poll() instead
707340 - latest sssd fails if ldap_default_authtok_type is not mentioned
707574 - SSSD's async resolver only tries the first nameserver in /etc/resolv.conf

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/sssd-1.5.1-37.el5.src.rpm

i386:
sssd-1.5.1-37.el5.i386.rpm
sssd-client-1.5.1-37.el5.i386.rpm
sssd-debuginfo-1.5.1-37.el5.i386.rpm
sssd-tools-1.5.1-37.el5.i386.rpm

x86_64:
sssd-1.5.1-37.el5.x86_64.rpm
sssd-client-1.5.1-37.el5.i386.rpm
sssd-client-1.5.1-37.el5.x86_64.rpm
sssd-debuginfo-1.5.1-37.el5.i386.rpm
sssd-debuginfo-1.5.1-37.el5.x86_64.rpm
sssd-tools-1.5.1-37.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/sssd-1.5.1-37.el5.src.rpm

i386:
sssd-1.5.1-37.el5.i386.rpm
sssd-client-1.5.1-37.el5.i386.rpm
sssd-debuginfo-1.5.1-37.el5.i386.rpm
sssd-tools-1.5.1-37.el5.i386.rpm

ia64:
sssd-1.5.1-37.el5.ia64.rpm
sssd-client-1.5.1-37.el5.i386.rpm
sssd-client-1.5.1-37.el5.ia64.rpm
sssd-debuginfo-1.5.1-37.el5.i386.rpm
sssd-debuginfo-1.5.1-37.el5.ia64.rpm
sssd-tools-1.5.1-37.el5.ia64.rpm

ppc:
sssd-1.5.1-37.el5.ppc.rpm
sssd-client-1.5.1-37.el5.ppc.rpm
sssd-client-1.5.1-37.el5.ppc64.rpm
sssd-debuginfo-1.5.1-37.el5.ppc.rpm
sssd-debuginfo-1.5.1-37.el5.ppc64.rpm
sssd-tools-1.5.1-37.el5.ppc.rpm

s390x:
sssd-1.5.1-37.el5.s390x.rpm
sssd-client-1.5.1-37.el5.s390.rpm
sssd-client-1.5.1-37.el5.s390x.rpm
sssd-debuginfo-1.5.1-37.el5.s390.rpm
sssd-debuginfo-1.5.1-37.el5.s390x.rpm
sssd-tools-1.5.1-37.el5.s390x.rpm

x86_64:
sssd-1.5.1-37.el5.x86_64.rpm
sssd-client-1.5.1-37.el5.i386.rpm
sssd-client-1.5.1-37.el5.x86_64.rpm
sssd-debuginfo-1.5.1-37.el5.i386.rpm
sssd-debuginfo-1.5.1-37.el5.x86_64.rpm
sssd-tools-1.5.1-37.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4341.html
https://access.redhat.com/security/updates/classification/#low
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.1
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/sssd.html#RHSA-2011-0975

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.

[RHSA-2011:0999-01] Moderate: rsync security, bug fix, and enhancement update
=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: rsync security, bug fix, and enhancement update
Advisory ID: RHSA-2011:0999-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0999.html
Issue date: 2011-07-21
CVE Names: CVE-2007-6200
=====================================================================

1. Summary:

An updated rsync package that fixes one security issue, several bugs, and
adds enhancements is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

rsync is a program for synchronizing files over a network.

A flaw was found in the way the rsync daemon handled the "filter",
"exclude", and "exclude from" options, used for hiding files and preventing
access to them from rsync clients. A remote attacker could use this flaw to
bypass those restrictions by using certain command line options and
symbolic links, allowing the attacker to overwrite those files if they knew
their file names and had write access to them. (CVE-2007-6200)

Note: This issue only affected users running rsync as a writable daemon:
"read only" set to "false" in the rsync configuration file (for example,
"/etc/rsyncd.conf"). By default, this option is set to "true".

This update also fixes the following bugs:

* The rsync package has been upgraded to upstream version 3.0.6, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#339971)

* When running an rsync daemon that was receiving files, a deferred info,
error or log message could have been sent directly to the sender instead of
being handled by the "rwrite()" function in the generator. Also, under
certain circumstances, a deferred info or error message from the receiver
could have bypassed the log file and could have been sent only to the
client process. As a result, an "unexpected tag 3" fatal error could have
been displayed. These problems have been fixed in this update so that an
rsync daemon receiving files now works as expected. (BZ#471182)

* Prior to this update, the rsync daemon called a number of timezone-using
functions after doing a chroot. As a result, certain C libraries were
unable to generate proper timestamps from inside a chrooted daemon. This
bug has been fixed in this update so that the rsync daemon now calls the
respective timezone-using functions prior to doing a chroot, and proper
timestamps are now generated as expected. (BZ#575022)

* When running rsync under a non-root user with the "-A" ("--acls") option
and without using the "--numeric-ids" option, if there was an Access
Control List (ACL) that included a group entry for a group that the
respective user was not a member of on the receiving side, the
"acl_set_file()" function returned an invalid argument value ("EINVAL").
This was caused by rsync mistakenly mapping the group name to the Group ID
"GID_NONE" ("-1"), which failed. The bug has been fixed in this update so
that no invalid argument is returned and rsync works as expected.
(BZ#616093)

* When creating a sparse file that was zero blocks long, the "rsync
- --sparse" command did not properly truncate the sparse file at the end of
the copy transaction. As a result, the file size was bigger than expected.
This bug has been fixed in this update by properly truncating the file so
that rsync now copies such files as expected. (BZ#530866)

* Under certain circumstances, when using rsync in daemon mode, rsync
generator instances could have entered an infinitive loop, trying to write
an error message for the receiver to an invalid socket. This problem has
been fixed in this update by adding a new sibling message: when the
receiver is reporting a socket-read error, the generator will notice this
fact and avoid writing an error message down the socket, allowing it to
close down gracefully when the pipe from the receiver closes. (BZ#690148)

* Prior to this update, there were missing deallocations found in the
"start_client()" function. This bug has been fixed in this update and no
longer occurs. (BZ#700450)

All users of rsync are advised to upgrade to this updated package, which
resolves these issues and adds enhancements.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

339971 - [RFE] Rebase rsync packages to version 3
407171 - CVE-2007-6200 rsync excluded content access restrictions bypass via symlinks
471182 - rsync errors: unexpected tag 3 [sender]
530866 - rsync --sparse does not properly copy sparse files
575022 - rsyncd gets confused with timezones when logging to syslog
616093 - EINVAL (Invalid argument) setting group --acls
690148 - Rsync instances stay in memory when using in daemon mode
700450 - Resource leaks revealed by Coverity scan.

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/rsync-3.0.6-4.el5.src.rpm

i386:
rsync-3.0.6-4.el5.i386.rpm
rsync-debuginfo-3.0.6-4.el5.i386.rpm

x86_64:
rsync-3.0.6-4.el5.x86_64.rpm
rsync-debuginfo-3.0.6-4.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/rsync-3.0.6-4.el5.src.rpm

i386:
rsync-3.0.6-4.el5.i386.rpm
rsync-debuginfo-3.0.6-4.el5.i386.rpm

ia64:
rsync-3.0.6-4.el5.ia64.rpm
rsync-debuginfo-3.0.6-4.el5.ia64.rpm

ppc:
rsync-3.0.6-4.el5.ppc.rpm
rsync-debuginfo-3.0.6-4.el5.ppc.rpm

s390x:
rsync-3.0.6-4.el5.s390x.rpm
rsync-debuginfo-3.0.6-4.el5.s390x.rpm

x86_64:
rsync-3.0.6-4.el5.x86_64.rpm
rsync-debuginfo-3.0.6-4.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2007-6200.html
https://access.redhat.com/security/updates/classification/#moderate
http://rsync.samba.org/security.html#s3_0_0

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.





Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/8_rhel_updates.html)