8 Security Updates for RHEL
Posted on: 05/31/2011 09:12 PM

Red Hat has released the following updates for Red Hat Enterprise Linux: [RHSA-2011:0844-01] Low: apr security update, [RHSA-2011:0841-01] Moderate: systemtap security update, [RHSA-2011:0843-01] Moderate: postfix security update, [RHSA-2011:0845-01] Important: bind security update, [RHSA-2011:0838-01] Moderate: gimp security update, [RHSA-2011:0840-01] Important: dhcp security update, [RHSA-2011:0842-01] Moderate: systemtap security update, and [RHSA-2011:0833-01] Important: kernel security and bug fix update

[RHSA-2011:0844-01] Low: apr security update

=====================================================================
Red Hat Security Advisory

Synopsis: Low: apr security update
Advisory ID: RHSA-2011:0844-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0844.html
Issue date: 2011-05-31
CVE Names: CVE-2011-1928
=====================================================================

1. Summary:

Updated apr packages that fix one security issue are now available for
Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64

3. Description:

The Apache Portable Runtime (APR) is a portability library used by the
Apache HTTP Server and other projects. It provides a free library of C data
structures and routines.

The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an
infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME
matching flag was used. A remote attacker could possibly use this flaw to
cause a denial of service on an application using the apr_fnmatch()
function. (CVE-2011-1928)

Note: This problem affected httpd configurations using the "Location"
directive with wildcard URLs. The denial of service could have been
triggered during normal operation; it did not specifically require a
malicious HTTP request.

This update also addresses additional problems introduced by the rewrite of
the apr_fnmatch() function, which was necessary to address the
CVE-2011-0419 flaw.

All apr users should upgrade to these updated packages, which contain a
backported patch to correct this issue. Applications using the apr library,
such as httpd, must be restarted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

706203 - CVE-2011-1928 apr: DoS flaw in apr_fnmatch() due to fix for CVE-2011-0419

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm

i386:
apr-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-devel-0.9.4-26.el4.i386.rpm

ia64:
apr-0.9.4-26.el4.i386.rpm
apr-0.9.4-26.el4.ia64.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.ia64.rpm
apr-devel-0.9.4-26.el4.ia64.rpm

ppc:
apr-0.9.4-26.el4.ppc.rpm
apr-0.9.4-26.el4.ppc64.rpm
apr-debuginfo-0.9.4-26.el4.ppc.rpm
apr-debuginfo-0.9.4-26.el4.ppc64.rpm
apr-devel-0.9.4-26.el4.ppc.rpm

s390:
apr-0.9.4-26.el4.s390.rpm
apr-debuginfo-0.9.4-26.el4.s390.rpm
apr-devel-0.9.4-26.el4.s390.rpm

s390x:
apr-0.9.4-26.el4.s390.rpm
apr-0.9.4-26.el4.s390x.rpm
apr-debuginfo-0.9.4-26.el4.s390.rpm
apr-debuginfo-0.9.4-26.el4.s390x.rpm
apr-devel-0.9.4-26.el4.s390x.rpm

x86_64:
apr-0.9.4-26.el4.i386.rpm
apr-0.9.4-26.el4.x86_64.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.x86_64.rpm
apr-devel-0.9.4-26.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm

i386:
apr-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-devel-0.9.4-26.el4.i386.rpm

x86_64:
apr-0.9.4-26.el4.i386.rpm
apr-0.9.4-26.el4.x86_64.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.x86_64.rpm
apr-devel-0.9.4-26.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm

i386:
apr-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-devel-0.9.4-26.el4.i386.rpm

ia64:
apr-0.9.4-26.el4.i386.rpm
apr-0.9.4-26.el4.ia64.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.ia64.rpm
apr-devel-0.9.4-26.el4.ia64.rpm

x86_64:
apr-0.9.4-26.el4.i386.rpm
apr-0.9.4-26.el4.x86_64.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.x86_64.rpm
apr-devel-0.9.4-26.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/apr-0.9.4-26.el4.src.rpm

i386:
apr-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-devel-0.9.4-26.el4.i386.rpm

ia64:
apr-0.9.4-26.el4.i386.rpm
apr-0.9.4-26.el4.ia64.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.ia64.rpm
apr-devel-0.9.4-26.el4.ia64.rpm

x86_64:
apr-0.9.4-26.el4.i386.rpm
apr-0.9.4-26.el4.x86_64.rpm
apr-debuginfo-0.9.4-26.el4.i386.rpm
apr-debuginfo-0.9.4-26.el4.x86_64.rpm
apr-devel-0.9.4-26.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm

i386:
apr-1.2.7-11.el5_6.5.i386.rpm
apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm
apr-docs-1.2.7-11.el5_6.5.i386.rpm

x86_64:
apr-1.2.7-11.el5_6.5.i386.rpm
apr-1.2.7-11.el5_6.5.x86_64.rpm
apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm
apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm
apr-docs-1.2.7-11.el5_6.5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm

i386:
apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm
apr-devel-1.2.7-11.el5_6.5.i386.rpm

x86_64:
apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm
apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm
apr-devel-1.2.7-11.el5_6.5.i386.rpm
apr-devel-1.2.7-11.el5_6.5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/apr-1.2.7-11.el5_6.5.src.rpm

i386:
apr-1.2.7-11.el5_6.5.i386.rpm
apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm
apr-devel-1.2.7-11.el5_6.5.i386.rpm
apr-docs-1.2.7-11.el5_6.5.i386.rpm

ia64:
apr-1.2.7-11.el5_6.5.ia64.rpm
apr-debuginfo-1.2.7-11.el5_6.5.ia64.rpm
apr-devel-1.2.7-11.el5_6.5.ia64.rpm
apr-docs-1.2.7-11.el5_6.5.ia64.rpm

ppc:
apr-1.2.7-11.el5_6.5.ppc.rpm
apr-1.2.7-11.el5_6.5.ppc64.rpm
apr-debuginfo-1.2.7-11.el5_6.5.ppc.rpm
apr-debuginfo-1.2.7-11.el5_6.5.ppc64.rpm
apr-devel-1.2.7-11.el5_6.5.ppc.rpm
apr-devel-1.2.7-11.el5_6.5.ppc64.rpm
apr-docs-1.2.7-11.el5_6.5.ppc.rpm

s390x:
apr-1.2.7-11.el5_6.5.s390.rpm
apr-1.2.7-11.el5_6.5.s390x.rpm
apr-debuginfo-1.2.7-11.el5_6.5.s390.rpm
apr-debuginfo-1.2.7-11.el5_6.5.s390x.rpm
apr-devel-1.2.7-11.el5_6.5.s390.rpm
apr-devel-1.2.7-11.el5_6.5.s390x.rpm
apr-docs-1.2.7-11.el5_6.5.s390x.rpm

x86_64:
apr-1.2.7-11.el5_6.5.i386.rpm
apr-1.2.7-11.el5_6.5.x86_64.rpm
apr-debuginfo-1.2.7-11.el5_6.5.i386.rpm
apr-debuginfo-1.2.7-11.el5_6.5.x86_64.rpm
apr-devel-1.2.7-11.el5_6.5.i386.rpm
apr-devel-1.2.7-11.el5_6.5.x86_64.rpm
apr-docs-1.2.7-11.el5_6.5.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm

i386:
apr-1.3.9-3.el6_1.2.i686.rpm
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm

x86_64:
apr-1.3.9-3.el6_1.2.i686.rpm
apr-1.3.9-3.el6_1.2.x86_64.rpm
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm
apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm

i386:
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm
apr-devel-1.3.9-3.el6_1.2.i686.rpm

x86_64:
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm
apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm
apr-devel-1.3.9-3.el6_1.2.i686.rpm
apr-devel-1.3.9-3.el6_1.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm

x86_64:
apr-1.3.9-3.el6_1.2.i686.rpm
apr-1.3.9-3.el6_1.2.x86_64.rpm
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm
apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm

x86_64:
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm
apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm
apr-devel-1.3.9-3.el6_1.2.i686.rpm
apr-devel-1.3.9-3.el6_1.2.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm

i386:
apr-1.3.9-3.el6_1.2.i686.rpm
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm
apr-devel-1.3.9-3.el6_1.2.i686.rpm

ppc64:
apr-1.3.9-3.el6_1.2.ppc.rpm
apr-1.3.9-3.el6_1.2.ppc64.rpm
apr-debuginfo-1.3.9-3.el6_1.2.ppc.rpm
apr-debuginfo-1.3.9-3.el6_1.2.ppc64.rpm
apr-devel-1.3.9-3.el6_1.2.ppc.rpm
apr-devel-1.3.9-3.el6_1.2.ppc64.rpm

s390x:
apr-1.3.9-3.el6_1.2.s390.rpm
apr-1.3.9-3.el6_1.2.s390x.rpm
apr-debuginfo-1.3.9-3.el6_1.2.s390.rpm
apr-debuginfo-1.3.9-3.el6_1.2.s390x.rpm
apr-devel-1.3.9-3.el6_1.2.s390.rpm
apr-devel-1.3.9-3.el6_1.2.s390x.rpm

x86_64:
apr-1.3.9-3.el6_1.2.i686.rpm
apr-1.3.9-3.el6_1.2.x86_64.rpm
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm
apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm
apr-devel-1.3.9-3.el6_1.2.i686.rpm
apr-devel-1.3.9-3.el6_1.2.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/apr-1.3.9-3.el6_1.2.src.rpm

i386:
apr-1.3.9-3.el6_1.2.i686.rpm
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm
apr-devel-1.3.9-3.el6_1.2.i686.rpm

x86_64:
apr-1.3.9-3.el6_1.2.i686.rpm
apr-1.3.9-3.el6_1.2.x86_64.rpm
apr-debuginfo-1.3.9-3.el6_1.2.i686.rpm
apr-debuginfo-1.3.9-3.el6_1.2.x86_64.rpm
apr-devel-1.3.9-3.el6_1.2.i686.rpm
apr-devel-1.3.9-3.el6_1.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1928.html
https://access.redhat.com/security/updates/classification/#low
https://rhn.redhat.com/errata/RHSA-2011-0507.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.



[RHSA-2011:0841-01] Moderate: systemtap security update

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: systemtap security update
Advisory ID: RHSA-2011:0841-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0841.html
Issue date: 2011-05-31
CVE Names: CVE-2011-1769
=====================================================================

1. Summary:

Updated systemtap packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

SystemTap is an instrumentation system for systems running the Linux
kernel, version 2.6. Developers can write scripts to collect data on the
operation of the system.

A divide-by-zero flaw was found in the way SystemTap handled malformed
debugging information in DWARF format. When SystemTap unprivileged mode was
enabled, an unprivileged user in the stapusr group could use this flaw to
crash the system. Additionally, a privileged user (root, or a member of the
stapdev group) could trigger this flaw when tricked into instrumenting a
specially-crafted ELF binary, even when unprivileged mode was not enabled.
(CVE-2011-1769)

SystemTap users should upgrade to these updated packages, which contain a
backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

702687 - CVE-2011-1769 systemtap: does not guard against DWARF operations div-by-zero errors, which can cause a kernel panic

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/systemtap-1.3-4.el5_6.1.src.rpm

i386:
systemtap-1.3-4.el5_6.1.i386.rpm
systemtap-client-1.3-4.el5_6.1.i386.rpm
systemtap-debuginfo-1.3-4.el5_6.1.i386.rpm
systemtap-initscript-1.3-4.el5_6.1.i386.rpm
systemtap-runtime-1.3-4.el5_6.1.i386.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.i386.rpm
systemtap-server-1.3-4.el5_6.1.i386.rpm
systemtap-testsuite-1.3-4.el5_6.1.i386.rpm

x86_64:
systemtap-1.3-4.el5_6.1.x86_64.rpm
systemtap-client-1.3-4.el5_6.1.x86_64.rpm
systemtap-debuginfo-1.3-4.el5_6.1.i386.rpm
systemtap-debuginfo-1.3-4.el5_6.1.x86_64.rpm
systemtap-initscript-1.3-4.el5_6.1.x86_64.rpm
systemtap-runtime-1.3-4.el5_6.1.x86_64.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.i386.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.x86_64.rpm
systemtap-server-1.3-4.el5_6.1.x86_64.rpm
systemtap-testsuite-1.3-4.el5_6.1.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/systemtap-1.3-4.el5_6.1.src.rpm

i386:
systemtap-1.3-4.el5_6.1.i386.rpm
systemtap-client-1.3-4.el5_6.1.i386.rpm
systemtap-debuginfo-1.3-4.el5_6.1.i386.rpm
systemtap-initscript-1.3-4.el5_6.1.i386.rpm
systemtap-runtime-1.3-4.el5_6.1.i386.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.i386.rpm
systemtap-server-1.3-4.el5_6.1.i386.rpm
systemtap-testsuite-1.3-4.el5_6.1.i386.rpm

ia64:
systemtap-1.3-4.el5_6.1.ia64.rpm
systemtap-client-1.3-4.el5_6.1.ia64.rpm
systemtap-debuginfo-1.3-4.el5_6.1.ia64.rpm
systemtap-initscript-1.3-4.el5_6.1.ia64.rpm
systemtap-runtime-1.3-4.el5_6.1.ia64.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.ia64.rpm
systemtap-server-1.3-4.el5_6.1.ia64.rpm
systemtap-testsuite-1.3-4.el5_6.1.ia64.rpm

ppc:
systemtap-1.3-4.el5_6.1.ppc64.rpm
systemtap-client-1.3-4.el5_6.1.ppc64.rpm
systemtap-debuginfo-1.3-4.el5_6.1.ppc64.rpm
systemtap-initscript-1.3-4.el5_6.1.ppc64.rpm
systemtap-runtime-1.3-4.el5_6.1.ppc64.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.ppc64.rpm
systemtap-server-1.3-4.el5_6.1.ppc64.rpm
systemtap-testsuite-1.3-4.el5_6.1.ppc64.rpm

s390x:
systemtap-1.3-4.el5_6.1.s390x.rpm
systemtap-client-1.3-4.el5_6.1.s390x.rpm
systemtap-debuginfo-1.3-4.el5_6.1.s390.rpm
systemtap-debuginfo-1.3-4.el5_6.1.s390x.rpm
systemtap-initscript-1.3-4.el5_6.1.s390x.rpm
systemtap-runtime-1.3-4.el5_6.1.s390x.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.s390.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.s390x.rpm
systemtap-server-1.3-4.el5_6.1.s390x.rpm
systemtap-testsuite-1.3-4.el5_6.1.s390x.rpm

x86_64:
systemtap-1.3-4.el5_6.1.x86_64.rpm
systemtap-client-1.3-4.el5_6.1.x86_64.rpm
systemtap-debuginfo-1.3-4.el5_6.1.i386.rpm
systemtap-debuginfo-1.3-4.el5_6.1.x86_64.rpm
systemtap-initscript-1.3-4.el5_6.1.x86_64.rpm
systemtap-runtime-1.3-4.el5_6.1.x86_64.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.i386.rpm
systemtap-sdt-devel-1.3-4.el5_6.1.x86_64.rpm
systemtap-server-1.3-4.el5_6.1.x86_64.rpm
systemtap-testsuite-1.3-4.el5_6.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1769.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.



[RHSA-2011:0843-01] Moderate: postfix security update

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: postfix security update
Advisory ID: RHSA-2011:0843-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0843.html
Issue date: 2011-05-31
CVE Names: CVE-2011-1720
=====================================================================

1. Summary:

Updated postfix packages that fix one security issue are now available for
Red Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL),
and TLS.

A heap-based buffer over-read flaw was found in the way Postfix performed
SASL handlers management for SMTP sessions, when Cyrus SASL authentication
was enabled. A remote attacker could use this flaw to cause the Postfix
smtpd server to crash via a specially-crafted SASL authentication request.
The smtpd process was automatically restarted by the postfix master process
after the time configured with service_throttle_time elapsed.
(CVE-2011-1720)

Note: Cyrus SASL authentication for Postfix is not enabled by default.

Red Hat would like to thank the CERT/CC for reporting this issue. Upstream
acknowledges Thomas Jarosch of Intra2net AG as the original reporter.

Users of Postfix are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the postfix service will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

699035 - CVE-2011-1720 postfix (smtpd): Crash due to improper management of SASL handlers for SMTP sessions

6. Package List:

Red Hat Enterprise Linux AS version 4:

Source:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/postfix-2.2.10-1.5.el4.src.rpm

i386:
postfix-2.2.10-1.5.el4.i386.rpm
postfix-debuginfo-2.2.10-1.5.el4.i386.rpm
postfix-pflogsumm-2.2.10-1.5.el4.i386.rpm

ia64:
postfix-2.2.10-1.5.el4.ia64.rpm
postfix-debuginfo-2.2.10-1.5.el4.ia64.rpm
postfix-pflogsumm-2.2.10-1.5.el4.ia64.rpm

ppc:
postfix-2.2.10-1.5.el4.ppc.rpm
postfix-debuginfo-2.2.10-1.5.el4.ppc.rpm
postfix-pflogsumm-2.2.10-1.5.el4.ppc.rpm

s390:
postfix-2.2.10-1.5.el4.s390.rpm
postfix-debuginfo-2.2.10-1.5.el4.s390.rpm
postfix-pflogsumm-2.2.10-1.5.el4.s390.rpm

s390x:
postfix-2.2.10-1.5.el4.s390x.rpm
postfix-debuginfo-2.2.10-1.5.el4.s390x.rpm
postfix-pflogsumm-2.2.10-1.5.el4.s390x.rpm

x86_64:
postfix-2.2.10-1.5.el4.x86_64.rpm
postfix-debuginfo-2.2.10-1.5.el4.x86_64.rpm
postfix-pflogsumm-2.2.10-1.5.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

Source:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/postfix-2.2.10-1.5.el4.src.rpm

i386:
postfix-2.2.10-1.5.el4.i386.rpm
postfix-debuginfo-2.2.10-1.5.el4.i386.rpm
postfix-pflogsumm-2.2.10-1.5.el4.i386.rpm

x86_64:
postfix-2.2.10-1.5.el4.x86_64.rpm
postfix-debuginfo-2.2.10-1.5.el4.x86_64.rpm
postfix-pflogsumm-2.2.10-1.5.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

Source:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/postfix-2.2.10-1.5.el4.src.rpm

i386:
postfix-2.2.10-1.5.el4.i386.rpm
postfix-debuginfo-2.2.10-1.5.el4.i386.rpm
postfix-pflogsumm-2.2.10-1.5.el4.i386.rpm

ia64:
postfix-2.2.10-1.5.el4.ia64.rpm
postfix-debuginfo-2.2.10-1.5.el4.ia64.rpm
postfix-pflogsumm-2.2.10-1.5.el4.ia64.rpm

x86_64:
postfix-2.2.10-1.5.el4.x86_64.rpm
postfix-debuginfo-2.2.10-1.5.el4.x86_64.rpm
postfix-pflogsumm-2.2.10-1.5.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

Source:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/postfix-2.2.10-1.5.el4.src.rpm

i386:
postfix-2.2.10-1.5.el4.i386.rpm
postfix-debuginfo-2.2.10-1.5.el4.i386.rpm
postfix-pflogsumm-2.2.10-1.5.el4.i386.rpm

ia64:
postfix-2.2.10-1.5.el4.ia64.rpm
postfix-debuginfo-2.2.10-1.5.el4.ia64.rpm
postfix-pflogsumm-2.2.10-1.5.el4.ia64.rpm

x86_64:
postfix-2.2.10-1.5.el4.x86_64.rpm
postfix-debuginfo-2.2.10-1.5.el4.x86_64.rpm
postfix-pflogsumm-2.2.10-1.5.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/postfix-2.3.3-2.3.el5_6.src.rpm

i386:
postfix-2.3.3-2.3.el5_6.i386.rpm
postfix-debuginfo-2.3.3-2.3.el5_6.i386.rpm
postfix-pflogsumm-2.3.3-2.3.el5_6.i386.rpm

x86_64:
postfix-2.3.3-2.3.el5_6.x86_64.rpm
postfix-debuginfo-2.3.3-2.3.el5_6.x86_64.rpm
postfix-pflogsumm-2.3.3-2.3.el5_6.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/postfix-2.3.3-2.3.el5_6.src.rpm

i386:
postfix-2.3.3-2.3.el5_6.i386.rpm
postfix-debuginfo-2.3.3-2.3.el5_6.i386.rpm
postfix-pflogsumm-2.3.3-2.3.el5_6.i386.rpm

ia64:
postfix-2.3.3-2.3.el5_6.ia64.rpm
postfix-debuginfo-2.3.3-2.3.el5_6.ia64.rpm
postfix-pflogsumm-2.3.3-2.3.el5_6.ia64.rpm

ppc:
postfix-2.3.3-2.3.el5_6.ppc.rpm
postfix-debuginfo-2.3.3-2.3.el5_6.ppc.rpm
postfix-pflogsumm-2.3.3-2.3.el5_6.ppc.rpm

s390x:
postfix-2.3.3-2.3.el5_6.s390x.rpm
postfix-debuginfo-2.3.3-2.3.el5_6.s390x.rpm
postfix-pflogsumm-2.3.3-2.3.el5_6.s390x.rpm

x86_64:
postfix-2.3.3-2.3.el5_6.x86_64.rpm
postfix-debuginfo-2.3.3-2.3.el5_6.x86_64.rpm
postfix-pflogsumm-2.3.3-2.3.el5_6.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm

i386:
postfix-2.6.6-2.2.el6_1.i686.rpm
postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm

x86_64:
postfix-2.6.6-2.2.el6_1.x86_64.rpm
postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm

i386:
postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm
postfix-perl-scripts-2.6.6-2.2.el6_1.i686.rpm

x86_64:
postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm
postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm

x86_64:
postfix-2.6.6-2.2.el6_1.x86_64.rpm
postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm

x86_64:
postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm
postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm

i386:
postfix-2.6.6-2.2.el6_1.i686.rpm
postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm

ppc64:
postfix-2.6.6-2.2.el6_1.ppc64.rpm
postfix-debuginfo-2.6.6-2.2.el6_1.ppc64.rpm

s390x:
postfix-2.6.6-2.2.el6_1.s390x.rpm
postfix-debuginfo-2.6.6-2.2.el6_1.s390x.rpm

x86_64:
postfix-2.6.6-2.2.el6_1.x86_64.rpm
postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm

i386:
postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm
postfix-perl-scripts-2.6.6-2.2.el6_1.i686.rpm

ppc64:
postfix-debuginfo-2.6.6-2.2.el6_1.ppc64.rpm
postfix-perl-scripts-2.6.6-2.2.el6_1.ppc64.rpm

s390x:
postfix-debuginfo-2.6.6-2.2.el6_1.s390x.rpm
postfix-perl-scripts-2.6.6-2.2.el6_1.s390x.rpm

x86_64:
postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm
postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm

i386:
postfix-2.6.6-2.2.el6_1.i686.rpm
postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm

x86_64:
postfix-2.6.6-2.2.el6_1.x86_64.rpm
postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/postfix-2.6.6-2.2.el6_1.src.rpm

i386:
postfix-debuginfo-2.6.6-2.2.el6_1.i686.rpm
postfix-perl-scripts-2.6.6-2.2.el6_1.i686.rpm

x86_64:
postfix-debuginfo-2.6.6-2.2.el6_1.x86_64.rpm
postfix-perl-scripts-2.6.6-2.2.el6_1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1720.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.


[RHSA-2011:0845-01] Important: bind security update

=====================================================================
Red Hat Security Advisory

Synopsis: Important: bind security update
Advisory ID: RHSA-2011:0845-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0845.html
Issue date: 2011-05-31
CVE Names: CVE-2011-1910
=====================================================================

1. Summary:

Updated bind and bind97 packages that fix one security issue are now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.

An off-by-one flaw was found in the way BIND processed negative responses
with large resource record sets (RRSets). An attacker able to send
recursive queries to a BIND server that is configured as a caching
resolver could use this flaw to cause named to exit with an assertion
failure. (CVE-2011-1910)

All BIND users are advised to upgrade to these updated packages, which
resolve this issue. After installing the update, the BIND daemon (named)
will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

708301 - CVE-2011-1910 bind: Large RRSIG RRsets and Negative Caching can crash named

6. Package List:

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/bind97-9.7.0-6.P2.el5_6.2.src.rpm

i386:
bind97-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-chroot-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-utils-9.7.0-6.P2.el5_6.2.i386.rpm

x86_64:
bind97-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-chroot-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-utils-9.7.0-6.P2.el5_6.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/bind97-9.7.0-6.P2.el5_6.2.src.rpm

i386:
bind97-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-chroot-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-utils-9.7.0-6.P2.el5_6.2.i386.rpm

ia64:
bind97-9.7.0-6.P2.el5_6.2.ia64.rpm
bind97-chroot-9.7.0-6.P2.el5_6.2.ia64.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.ia64.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.ia64.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.ia64.rpm
bind97-utils-9.7.0-6.P2.el5_6.2.ia64.rpm

ppc:
bind97-9.7.0-6.P2.el5_6.2.ppc.rpm
bind97-chroot-9.7.0-6.P2.el5_6.2.ppc.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.ppc.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.ppc64.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.ppc.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.ppc64.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.ppc.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.ppc64.rpm
bind97-utils-9.7.0-6.P2.el5_6.2.ppc.rpm

s390x:
bind97-9.7.0-6.P2.el5_6.2.s390x.rpm
bind97-chroot-9.7.0-6.P2.el5_6.2.s390x.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.s390.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.s390x.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.s390.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.s390x.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.s390.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.s390x.rpm
bind97-utils-9.7.0-6.P2.el5_6.2.s390x.rpm

x86_64:
bind97-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-chroot-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-debuginfo-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-devel-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.i386.rpm
bind97-libs-9.7.0-6.P2.el5_6.2.x86_64.rpm
bind97-utils-9.7.0-6.P2.el5_6.2.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm

i386:
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm
bind-utils-9.7.3-2.el6_1.P1.1.i686.rpm

x86_64:
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm
bind-libs-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-utils-9.7.3-2.el6_1.P1.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm

i386:
bind-9.7.3-2.el6_1.P1.1.i686.rpm
bind-chroot-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm
bind-sdb-9.7.3-2.el6_1.P1.1.i686.rpm

x86_64:
bind-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-chroot-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm
bind-devel-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-sdb-9.7.3-2.el6_1.P1.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm

x86_64:
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm
bind-libs-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-utils-9.7.3-2.el6_1.P1.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm

x86_64:
bind-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-chroot-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm
bind-devel-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-sdb-9.7.3-2.el6_1.P1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm

i386:
bind-9.7.3-2.el6_1.P1.1.i686.rpm
bind-chroot-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm
bind-utils-9.7.3-2.el6_1.P1.1.i686.rpm

ppc64:
bind-9.7.3-2.el6_1.P1.1.ppc64.rpm
bind-chroot-9.7.3-2.el6_1.P1.1.ppc64.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.ppc.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.ppc64.rpm
bind-libs-9.7.3-2.el6_1.P1.1.ppc.rpm
bind-libs-9.7.3-2.el6_1.P1.1.ppc64.rpm
bind-utils-9.7.3-2.el6_1.P1.1.ppc64.rpm

s390x:
bind-9.7.3-2.el6_1.P1.1.s390x.rpm
bind-chroot-9.7.3-2.el6_1.P1.1.s390x.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.s390.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.s390x.rpm
bind-libs-9.7.3-2.el6_1.P1.1.s390.rpm
bind-libs-9.7.3-2.el6_1.P1.1.s390x.rpm
bind-utils-9.7.3-2.el6_1.P1.1.s390x.rpm

x86_64:
bind-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-chroot-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm
bind-libs-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-utils-9.7.3-2.el6_1.P1.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm

i386:
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm
bind-sdb-9.7.3-2.el6_1.P1.1.i686.rpm

ppc64:
bind-debuginfo-9.7.3-2.el6_1.P1.1.ppc.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.ppc64.rpm
bind-devel-9.7.3-2.el6_1.P1.1.ppc.rpm
bind-devel-9.7.3-2.el6_1.P1.1.ppc64.rpm
bind-sdb-9.7.3-2.el6_1.P1.1.ppc64.rpm

s390x:
bind-debuginfo-9.7.3-2.el6_1.P1.1.s390.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.s390x.rpm
bind-devel-9.7.3-2.el6_1.P1.1.s390.rpm
bind-devel-9.7.3-2.el6_1.P1.1.s390x.rpm
bind-sdb-9.7.3-2.el6_1.P1.1.s390x.rpm

x86_64:
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm
bind-devel-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-sdb-9.7.3-2.el6_1.P1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm

i386:
bind-9.7.3-2.el6_1.P1.1.i686.rpm
bind-chroot-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm
bind-utils-9.7.3-2.el6_1.P1.1.i686.rpm

x86_64:
bind-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-chroot-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-libs-9.7.3-2.el6_1.P1.1.i686.rpm
bind-libs-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-utils-9.7.3-2.el6_1.P1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/bind-9.7.3-2.el6_1.P1.1.src.rpm

i386:
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm
bind-sdb-9.7.3-2.el6_1.P1.1.i686.rpm

x86_64:
bind-debuginfo-9.7.3-2.el6_1.P1.1.i686.rpm
bind-debuginfo-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-devel-9.7.3-2.el6_1.P1.1.i686.rpm
bind-devel-9.7.3-2.el6_1.P1.1.x86_64.rpm
bind-sdb-9.7.3-2.el6_1.P1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1910.html
https://access.redhat.com/security/updates/classification/#important
http://www.isc.org/software/bind/advisories/cve-2011-1910

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.


[RHSA-2011:0838-01] Moderate: gimp security update


=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: gimp security update
Advisory ID: RHSA-2011:0838-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0838.html
Issue date: 2011-05-31
CVE Names: CVE-2009-1570 CVE-2010-4540 CVE-2010-4541
CVE-2010-4542 CVE-2010-4543 CVE-2011-1178
=====================================================================

1. Summary:

Updated gimp packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

3. Description:

The GIMP (GNU Image Manipulation Program) is an image composition and
editing program.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer
eXchange (PCX) image file plug-ins. An attacker could create a
specially-crafted BMP or PCX image file that, when opened, could cause the
relevant plug-in to crash or, potentially, execute arbitrary code with the
privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178)

A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro
(PSP) image file plug-in. An attacker could create a specially-crafted PSP
image file that, when opened, could cause the PSP plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user running
the GIMP. (CVE-2010-4543)

A stack-based buffer overflow flaw was found in the GIMP's Lightning,
Sphere Designer, and Gfig image filters. An attacker could create a
specially-crafted Lightning, Sphere Designer, or Gfig filter configuration
file that, when opened, could cause the relevant plug-in to crash or,
potentially, execute arbitrary code with the privileges of the user running
the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)

Red Hat would like to thank Stefan Cornelius of Secunia Research for
responsibly reporting the CVE-2009-1570 flaw.

Users of the GIMP are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The GIMP must be
restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

537356 - CVE-2009-1570 Gimp: Integer overflow in the BMP image file plugin
666793 - CVE-2010-4540 Gimp: Stack-based buffer overflow in Lighting plug-in
689831 - CVE-2011-1178 Gimp: Integer overflow in the PCX image file plug-in
703403 - CVE-2010-4541 Gimp: Stack-based buffer overflow in SphereDesigner plug-in
703405 - CVE-2010-4542 Gimp: Stack-based buffer overflow in Gfig plug-in
703407 - CVE-2010-4543 Gimp: Heap-based buffer overflow in Paint Shop Pro (PSP) plug-in

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gimp-2.2.13-2.0.7.el5_6.2.src.rpm

i386:
gimp-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm

x86_64:
gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.x86_64.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/gimp-2.2.13-2.0.7.el5_6.2.src.rpm

i386:
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm

x86_64:
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.x86_64.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/gimp-2.2.13-2.0.7.el5_6.2.src.rpm

i386:
gimp-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm

ia64:
gimp-2.2.13-2.0.7.el5_6.2.ia64.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.ia64.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.ia64.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.ia64.rpm

ppc:
gimp-2.2.13-2.0.7.el5_6.2.ppc.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.ppc.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.ppc64.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.ppc.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.ppc64.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.ppc.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.ppc64.rpm

s390x:
gimp-2.2.13-2.0.7.el5_6.2.s390x.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.s390.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.s390x.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.s390.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.s390x.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.s390.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.s390x.rpm

x86_64:
gimp-2.2.13-2.0.7.el5_6.2.x86_64.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-debuginfo-2.2.13-2.0.7.el5_6.2.x86_64.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-devel-2.2.13-2.0.7.el5_6.2.x86_64.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.i386.rpm
gimp-libs-2.2.13-2.0.7.el5_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2009-1570.html
https://www.redhat.com/security/data/cve/CVE-2010-4540.html
https://www.redhat.com/security/data/cve/CVE-2010-4541.html
https://www.redhat.com/security/data/cve/CVE-2010-4542.html
https://www.redhat.com/security/data/cve/CVE-2010-4543.html
https://www.redhat.com/security/data/cve/CVE-2011-1178.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.


[RHSA-2011:0840-01] Important: dhcp security update


=====================================================================
Red Hat Security Advisory

Synopsis: Important: dhcp security update
Advisory ID: RHSA-2011:0840-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0840.html
Issue date: 2011-05-31
CVE Names: CVE-2011-0997
=====================================================================

1. Summary:

Updated dhcp packages that fix one security issue are now available for
Red Hat Enterprise Linux 3 Extended Life Cycle Support.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (v. 3 ELS) - i386
Red Hat Enterprise Linux ES (v. 3 ELS) - i386

3. Description:

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows
individual devices on an IP network to get their own network configuration
information, including an IP address, a subnet mask, and a broadcast
address.

It was discovered that the DHCP client daemon, dhclient, did not
sufficiently sanitize certain options provided in DHCP server replies, such
as the client hostname. A malicious DHCP server could send such an option
with a specially-crafted value to a DHCP client. If this option's value was
saved on the client system, and then later insecurely evaluated by a
process that assumes the option is trusted, it could lead to arbitrary code
execution with the privileges of that process. (CVE-2011-0997)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
reporting this issue.

All dhclient users should upgrade to these updated packages, which contain
a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

689832 - CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response values

6. Package List:

Red Hat Enterprise Linux AS (v. 3 ELS):

Source:
dhcp-3.0.1-10.3_EL3.src.rpm

i386:
dhclient-3.0.1-10.3_EL3.i386.rpm
dhcp-3.0.1-10.3_EL3.i386.rpm
dhcp-debuginfo-3.0.1-10.3_EL3.i386.rpm
dhcp-devel-3.0.1-10.3_EL3.i386.rpm

Red Hat Enterprise Linux ES (v. 3 ELS):

Source:
dhcp-3.0.1-10.3_EL3.src.rpm

i386:
dhclient-3.0.1-10.3_EL3.i386.rpm
dhcp-3.0.1-10.3_EL3.i386.rpm
dhcp-debuginfo-3.0.1-10.3_EL3.i386.rpm
dhcp-devel-3.0.1-10.3_EL3.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0997.html
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.



[RHSA-2011:0842-01] Moderate: systemtap security update


=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: systemtap security update
Advisory ID: RHSA-2011:0842-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0842.html
Issue date: 2011-05-31
CVE Names: CVE-2011-1769 CVE-2011-1781
=====================================================================

1. Summary:

Updated systemtap packages that fix two security issues are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64

3. Description:

SystemTap is an instrumentation system for systems running the Linux
kernel, version 2.6. Developers can write scripts to collect data on the
operation of the system.

Two divide-by-zero flaws were found in the way SystemTap handled malformed
debugging information in DWARF format. When SystemTap unprivileged mode was
enabled, an unprivileged user in the stapusr group could use these flaws to
crash the system. Additionally, a privileged user (root, or a member of the
stapdev group) could trigger these flaws when tricked into instrumenting a
specially-crafted ELF binary, even when unprivileged mode was not enabled.
(CVE-2011-1769, CVE-2011-1781)

SystemTap users should upgrade to these updated packages, which contain a
backported patch to correct these issues.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

702687 - CVE-2011-1769 systemtap: does not guard against DWARF operations div-by-zero errors, which can cause a kernel panic
703972 - CVE-2011-1781 systemtap: divide by zero stack unwinding flaw

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm

i386:
systemtap-1.4-6.el6_1.1.i686.rpm
systemtap-client-1.4-6.el6_1.1.i686.rpm
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-grapher-1.4-6.el6_1.1.i686.rpm
systemtap-initscript-1.4-6.el6_1.1.i686.rpm
systemtap-runtime-1.4-6.el6_1.1.i686.rpm

x86_64:
systemtap-1.4-6.el6_1.1.x86_64.rpm
systemtap-client-1.4-6.el6_1.1.x86_64.rpm
systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm
systemtap-grapher-1.4-6.el6_1.1.x86_64.rpm
systemtap-initscript-1.4-6.el6_1.1.x86_64.rpm
systemtap-runtime-1.4-6.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Desktop Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm

i386:
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm
systemtap-server-1.4-6.el6_1.1.i686.rpm
systemtap-testsuite-1.4-6.el6_1.1.i686.rpm

x86_64:
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.x86_64.rpm
systemtap-server-1.4-6.el6_1.1.x86_64.rpm
systemtap-testsuite-1.4-6.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm

x86_64:
systemtap-1.4-6.el6_1.1.x86_64.rpm
systemtap-client-1.4-6.el6_1.1.x86_64.rpm
systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm
systemtap-initscript-1.4-6.el6_1.1.x86_64.rpm
systemtap-runtime-1.4-6.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux HPC Node Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm

x86_64:
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm
systemtap-grapher-1.4-6.el6_1.1.x86_64.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.x86_64.rpm
systemtap-server-1.4-6.el6_1.1.x86_64.rpm
systemtap-testsuite-1.4-6.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Server (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm

i386:
systemtap-1.4-6.el6_1.1.i686.rpm
systemtap-client-1.4-6.el6_1.1.i686.rpm
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-grapher-1.4-6.el6_1.1.i686.rpm
systemtap-initscript-1.4-6.el6_1.1.i686.rpm
systemtap-runtime-1.4-6.el6_1.1.i686.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm
systemtap-server-1.4-6.el6_1.1.i686.rpm

ppc64:
systemtap-1.4-6.el6_1.1.ppc64.rpm
systemtap-client-1.4-6.el6_1.1.ppc64.rpm
systemtap-debuginfo-1.4-6.el6_1.1.ppc.rpm
systemtap-debuginfo-1.4-6.el6_1.1.ppc64.rpm
systemtap-grapher-1.4-6.el6_1.1.ppc64.rpm
systemtap-initscript-1.4-6.el6_1.1.ppc64.rpm
systemtap-runtime-1.4-6.el6_1.1.ppc64.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.ppc.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.ppc64.rpm
systemtap-server-1.4-6.el6_1.1.ppc64.rpm

s390x:
systemtap-1.4-6.el6_1.1.s390x.rpm
systemtap-client-1.4-6.el6_1.1.s390x.rpm
systemtap-debuginfo-1.4-6.el6_1.1.s390.rpm
systemtap-debuginfo-1.4-6.el6_1.1.s390x.rpm
systemtap-grapher-1.4-6.el6_1.1.s390x.rpm
systemtap-initscript-1.4-6.el6_1.1.s390x.rpm
systemtap-runtime-1.4-6.el6_1.1.s390x.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.s390.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.s390x.rpm
systemtap-server-1.4-6.el6_1.1.s390x.rpm

x86_64:
systemtap-1.4-6.el6_1.1.x86_64.rpm
systemtap-client-1.4-6.el6_1.1.x86_64.rpm
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm
systemtap-grapher-1.4-6.el6_1.1.x86_64.rpm
systemtap-initscript-1.4-6.el6_1.1.x86_64.rpm
systemtap-runtime-1.4-6.el6_1.1.x86_64.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.x86_64.rpm
systemtap-server-1.4-6.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm

i386:
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-testsuite-1.4-6.el6_1.1.i686.rpm

ppc64:
systemtap-debuginfo-1.4-6.el6_1.1.ppc64.rpm
systemtap-testsuite-1.4-6.el6_1.1.ppc64.rpm

s390x:
systemtap-debuginfo-1.4-6.el6_1.1.s390x.rpm
systemtap-testsuite-1.4-6.el6_1.1.s390x.rpm

x86_64:
systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm
systemtap-testsuite-1.4-6.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm

i386:
systemtap-1.4-6.el6_1.1.i686.rpm
systemtap-client-1.4-6.el6_1.1.i686.rpm
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-grapher-1.4-6.el6_1.1.i686.rpm
systemtap-initscript-1.4-6.el6_1.1.i686.rpm
systemtap-runtime-1.4-6.el6_1.1.i686.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm
systemtap-server-1.4-6.el6_1.1.i686.rpm

x86_64:
systemtap-1.4-6.el6_1.1.x86_64.rpm
systemtap-client-1.4-6.el6_1.1.x86_64.rpm
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm
systemtap-grapher-1.4-6.el6_1.1.x86_64.rpm
systemtap-initscript-1.4-6.el6_1.1.x86_64.rpm
systemtap-runtime-1.4-6.el6_1.1.x86_64.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.i686.rpm
systemtap-sdt-devel-1.4-6.el6_1.1.x86_64.rpm
systemtap-server-1.4-6.el6_1.1.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 6):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation-6.1.z/en/os/SRPMS/systemtap-1.4-6.el6_1.1.src.rpm

i386:
systemtap-debuginfo-1.4-6.el6_1.1.i686.rpm
systemtap-testsuite-1.4-6.el6_1.1.i686.rpm

x86_64:
systemtap-debuginfo-1.4-6.el6_1.1.x86_64.rpm
systemtap-testsuite-1.4-6.el6_1.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-1769.html
https://www.redhat.com/security/data/cve/CVE-2011-1781.html
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.


[RHSA-2011:0833-01] Important: kernel security and bug fix update


=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2011:0833-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0833.html
Issue date: 2011-05-31
CVE Names: CVE-2011-0726 CVE-2011-1078 CVE-2011-1079
CVE-2011-1080 CVE-2011-1093 CVE-2011-1163
CVE-2011-1166 CVE-2011-1170 CVE-2011-1171
CVE-2011-1172 CVE-2011-1494 CVE-2011-1495
CVE-2011-1577 CVE-2011-1763
=====================================================================

1. Summary:

Updated kernel packages that fix multiple security issues and several bugs
are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* A flaw in the dccp_rcv_state_process() function could allow a remote
attacker to cause a denial of service, even when the socket was already
closed. (CVE-2011-1093, Important)

* Multiple buffer overflow flaws were found in the Linux kernel's
Management Module Support for Message Passing Technology (MPT) based
controllers. A local, unprivileged user could use these flaws to cause a
denial of service, an information leak, or escalate their privileges.
(CVE-2011-1494, CVE-2011-1495, Important)

* A missing validation of a null-terminated string data structure element
in the bnep_sock_ioctl() function could allow a local user to cause an
information leak or a denial of service. (CVE-2011-1079, Moderate)

* Missing error checking in the way page tables were handled in the Xen
hypervisor implementation could allow a privileged guest user to cause the
host, and the guests, to lock up. (CVE-2011-1166, Moderate)

* A flaw was found in the way the Xen hypervisor implementation checked for
the upper boundary when getting a new event channel port. A privileged
guest user could use this flaw to cause a denial of service or escalate
their privileges. (CVE-2011-1763, Moderate)

* The start_code and end_code values in "/proc/[pid]/stat" were not
protected. In certain scenarios, this flaw could be used to defeat Address
Space Layout Randomization (ASLR). (CVE-2011-0726, Low)

* A missing initialization flaw in the sco_sock_getsockopt() function could
allow a local, unprivileged user to cause an information leak.
(CVE-2011-1078, Low)

* A missing validation of a null-terminated string data structure element
in the do_replace() function could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)

* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)

* Missing validations of null-terminated string data structure elements in
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),
and do_arpt_get_ctl() functions could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170,
CVE-2011-1171, CVE-2011-1172, Low)

* A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT)
implementation could allow a local attacker to cause a denial of service
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1577, Low)

Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and
CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078,
CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook
for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163
and CVE-2011-1577.

This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

5. Bugs fixed (http://bugzilla.redhat.com/):

681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak
681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator
681262 - CVE-2011-1080 kernel: ebtables stack infoleak
682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close
684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat
688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak
688156 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. [rhel-5.6.z]
688579 - CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest()
689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace
689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace
689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace
689699 - Deadlock between device driver attachment and device removal with a USB device [rhel-5.6.z]
689700 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO [rhel-5.6.z]
690134 - Time runs too fast in a VM on processors with > 4GHZ freq [rhel-5.6.z]
690239 - gfs2: creating large files suddenly slow to a crawl [rhel-5.6.z]
694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows
695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops
696136 - RHEL 5.6 (kernel -238) causes audio issues [rhel-5.6.z]
697448 - slab corruption after seeing some nfs-related BUG: warning [rhel-5.6.z]
699808 - dasd: fix race between open and offline [rhel-5.6.z]
701240 - CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function

6. Package List:

Red Hat Enterprise Linux Desktop (v. 5 client):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm

i386:
kernel-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm
kernel-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-headers-2.6.18-238.12.1.el5.i386.rpm
kernel-xen-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm

noarch:
kernel-doc-2.6.18-238.12.1.el5.noarch.rpm

x86_64:
kernel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm

i386:
kernel-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm
kernel-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-headers-2.6.18-238.12.1.el5.i386.rpm
kernel-xen-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm

ia64:
kernel-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.ia64.rpm
kernel-devel-2.6.18-238.12.1.el5.ia64.rpm
kernel-headers-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.ia64.rpm

noarch:
kernel-doc-2.6.18-238.12.1.el5.noarch.rpm

ppc:
kernel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.12.1.el5.ppc.rpm
kernel-headers-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.12.1.el5.ppc64.rpm

s390x:
kernel-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.s390x.rpm
kernel-devel-2.6.18-238.12.1.el5.s390x.rpm
kernel-headers-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.12.1.el5.s390x.rpm

x86_64:
kernel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2011-0726.html
https://www.redhat.com/security/data/cve/CVE-2011-1078.html
https://www.redhat.com/security/data/cve/CVE-2011-1079.html
https://www.redhat.com/security/data/cve/CVE-2011-1080.html
https://www.redhat.com/security/data/cve/CVE-2011-1093.html
https://www.redhat.com/security/data/cve/CVE-2011-1163.html
https://www.redhat.com/security/data/cve/CVE-2011-1166.html
https://www.redhat.com/security/data/cve/CVE-2011-1170.html
https://www.redhat.com/security/data/cve/CVE-2011-1171.html
https://www.redhat.com/security/data/cve/CVE-2011-1172.html
https://www.redhat.com/security/data/cve/CVE-2011-1494.html
https://www.redhat.com/security/data/cve/CVE-2011-1495.html
https://www.redhat.com/security/data/cve/CVE-2011-1577.html
https://www.redhat.com/security/data/cve/CVE-2011-1763.html
https://access.redhat.com/security/updates/classification/#important
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html#RHSA-2011-0833

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.





Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/8_security_updates_for_rhel_7bdb.html)