Red Hat Vulnerability Assessment for com.redhat.rhsa-all.xml
This file has been automatically generated for purpose of vulnerability assessment of
Red Hat products.
Evaluation Characteristics
| Evaluation target | cent7.a5.jp |
|---|---|
| Benchmark URL | com.redhat.rhsa-all.xccdf.xml |
| Benchmark version | None, generated from OVAL file. |
| Started at | 2021-11-14T19:34:04+09:00 |
| Finished at | 2021-11-14T19:34:06+09:00 |
| Performed by | end0tknr |
| Test system | cpe:/a:redhat:openscap:1.3.5 |
CPE Platforms
- cpe:/o:redhat:enterprise_linux
Addresses
- IPv4 127.0.0.1
- IPv4 10.0.2.15
- IPv4 192.168.56.105
- IPv6 0:0:0:0:0:0:0:1
- IPv6 fe80:0:0:0:13a6:a8e0:a3d3:942f
- IPv6 fe80:0:0:0:552d:8f34:48d6:67fa
- MAC 00:00:00:00:00:00
- MAC 08:00:27:C5:E0:0B
- MAC 08:00:27:FC:17:4C
Compliance and Scoring
There were no failed or uncertain rules. It seems that no action is necessary.
Rule results
No rules were evaluated.
Score
| Scoring system | Score | Maximum | Percent |
|---|---|---|---|
| urn:xccdf:scoring:default | 0.000000 | 100.000000 |
Rule Overview
Result Details
RHBA-2007:0304: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 5 (Important)oval-com.redhat.rhba-def-20070304 highRHBA-2007:0304 CVE-2005-2873 CVE-2005-3257 CVE-2006-0557 CVE-2006-1863 CVE-2007-1592 CVE-2007-3379
RHBA-2007:0304: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 5 (Important)
| Rule ID | oval-com.redhat.rhba-def-20070304 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHBA-2007:0304, CVE-2005-2873, CVE-2005-3257, CVE-2006-0557, CVE-2006-1863, CVE-2007-1592, CVE-2007-3379 |
| Description | New features introduced in this update include: * Xen paravirt kernels for x86/x86_64* * CONFIG_SERIAL_8250_NR_UARTS is increased to 64 * implement diskdump support for sata_nv driver * implement diskdump support for ibmvscsi driver * add netdump support to 8139cp driver * update CIFS to 1.45 Added Platform support: * add support to allow disabling of MSI on PHX6700/6702 SHPC * add support for Intel ICH9 chipset * add PCIe power management quirk * add support for H206 processor PowerNow! with new freqency control * add support for AMD quad-core systems * add support for RDTSCP * add MCE Thresholding support for AMD 0x10 family processors * add PCI-Express support for Altix * add support for eClipz * add new ppc host ethernet adapter device driver * update SHUB2 hardware support The following device drivers have been upgraded to new versions: 3w-9xxx: 2.26.04.010 to 2.26.05.007 ahci: 1.2 to 2.0 ata_piix: 1.05 to 2.00ac7 bnx2: 1.4.38 to 1.4.43-rh bonding: 2.6.3 to 2.6.3-rh cciss: 2.6.10 to 2.6.14 e1000: 7.0.33-k2-NAPI to 7.2.7-k2-NAPI ibmvscsic: 1.5.6 to 1.5.7 ipr: 2.0.11.2 to 2.0.11.4 ixgb: 1.0.100-k2-NAPI to 1.0.109-k2-NAPI libata: 1.20 to 2.00 megaraid_mm: 2.20.2.6 to 2.20.2.6rh megaraid_sas: 00.00.02.03-RH1 to 00.00.03.05 mptbase: 3.02.62.01rh to 3.02.73rh pdc_adma: 0.03 to 0.04 qla2100: 8.01.04-d7 to 8.01.04-d8-rh1 qla2200: 8.01.04-d7 to 8.01.04-d8-rh1 qla2300: 8.01.04-d7 to 8.01.04-d8-rh1 qla2322: 8.01.04-d7 to 8.01.04-d8-rh1 qla2400: 8.01.04-d7 to 8.01.04-d8-rh1 qla2xxx: 8.01.04-d7 to 8.01.04-d8-rh1 qla6312: 8.01.04-d7 to 8.01.04-d8-rh1 r8169: 1.2 to 2.2LK-NAPI sata_mv: 0.6 to 0.7 sata_nv: 0.8 to 3.2 sata_promise: 1.04 to 1.05 sata_qstor: 0.05 to 0.06 sata_sil: 0.9 to 2.0 sata_sis: 0.5 to 0.6 sata_svw: 1.07 to 2.0 sata_sx4: 0.8 to 0.9 sata_uli: 0.5 to 1.0 sata_via: 1.1 to 2.0 sata_vsc: 1.2 to 2.0 sky2: 1.1 to 1.6 stex: 2.9.0.13 to 3.0.0.1 tg3: 3.52-rh to 3.64-rh Infiniband update from 1.0 to OFED-1.1 code base There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. |
RHBA-2007:0331: conga bug fix update (Low)oval-com.redhat.rhba-def-20070331 lowRHBA-2007:0331 CVE-2007-0240 CVE-2007-1462
RHBA-2007:0331: conga bug fix update (Low)
| Rule ID | oval-com.redhat.rhba-def-20070331 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHBA-2007:0331, CVE-2007-0240, CVE-2007-1462 |
| Description | The Conga package is a web-based administration tool for remote cluster and storage management. This erratum applies the following bug fixes: - The borrowed Zope packages used by Conga have been patched to eliminate a possibility of XSS attack. - Passwords are no longer sent back from the server in cleartext for use as input values. - A form error was fixed so that Conga no longer allows for cluster names of over 15 characters. - An error wherein clusters and systems could not be deleted from the manage systems interface has been addressed. - Entering an incorrect password for a system no longer generates an Unbound Local Reference exception. - Luci failover domain forms are no longer empty - The fence_xvm string in cluster.conf for virtual cluster fencing has been corrected. - The advanced options parameters section has been fixed. - A bug where virtual services were unable for configuration has been addressed. - kmod-gfs-xen is now installed when necessary. - The 'enable shared storage support' checkbox is now cleared when a configuration error is encountered. - When configuring an outer physical cluster, it is no longer necessary to add the fence_xvmd tag manually. Users of Conga are advised to upgrade to these updated packages, which apply these fixes. |
RHBA-2007:0565: tcp_wrappers bug fix update (Moderate)oval-com.redhat.rhba-def-20070565 mediumRHBA-2007:0565 CVE-2009-0786
RHBA-2007:0565: tcp_wrappers bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhba-def-20070565 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHBA-2007:0565, CVE-2009-0786 |
| Description | The tcp_wrappers package provides small daemon programs which can monitor and filter incoming requests for systat, finger, FTP, telnet, rlogin, rsh, exec, tftp, talk and other network services. It also contains the libwrap library that adds the same filtering capabilities to programs linked against it, like sshd and more. This update brings the following changes: * localhost and localhost.localdomain are treated as being equivalent when comparing the client hostname and the list of allowed/denied hostnames. * the hosts_ctl function uses the address parameter to get the ip address and resolve it to symbolic hostname, if not given. * the behavior of signal handling when the "spawn" option is used has been changed to be transparent to the application using the library. These fixes correct the behavior of certain applications, including net-snmp and vsftpd. Users should upgrade to this updated package, which resolves these issues. |
RHBA-2008:0314: Updated kernel packages for Red Hat Enterprise Linux 5.2 (Important)oval-com.redhat.rhba-def-20080314 highRHBA-2008:0314 CVE-2007-5906 CVE-2008-2365
RHBA-2008:0314: Updated kernel packages for Red Hat Enterprise Linux 5.2 (Important)
| Rule ID | oval-com.redhat.rhba-def-20080314 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHBA-2008:0314, CVE-2007-5906, CVE-2008-2365 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. General Kernel Feature Support: * rebase xen packages to version 3.1.2 * performance improvements and bug fixes for GFS2 * update utrace support * add eCryptfs support * add NFS server support for 32-bit clients, and 64-bit inodes * add memory accounting in UDP * add RFC 4303 compliant auditing support * add new algorithms and interfaces in IPsec * add authenc in crypto library General Platform Support: * update on-demand governor driver * enable config options for IPMI panic handling * add HDMI support for AMD and ATI integrated chipsets * update OFED support to v1.3 * update FireWire support to latest upstream * eliminate erroneous PCI Rom warning messages * add support to offline CPU when realtime processes are running Architecture Specific Support: x86, AMD64, Intel(R) 64: * add support of pci=norom boot parameter to disable p2p rom window * enable pci=bfsort * increase boot command line size to 2048 for 64-bit architectures * add event based profiling support to AMD Greyhound systems * add Intel Dynamic Acceleration Technology Intel(R) 64: * add CMCI for hot-plugged processors * remove Intel(R) 64 stack hard limit of DEFAULT_USER_STACK_SIZE * add zonelist order sysctl/boot option on NUMA systems 64-bit PowerPC: * add OProfile support to IBM Cell/B.E. platforms * update PMI driver for Cell blades * enable support of FB_RADEON driver for IBM Power6 blades * update ehea driver to latest upstream * add Scaled Processor Utilization of Resources Register SPURR support * boot Cell blades with more than 2GB memory * improve watchpoint support in GDB for power platform * improve hugepage allocation with memory-less nodes * add SLB shadow buffer support IBM System z: * add large page support to IBM System z * add IBM eServer zSeries HiperSockets MAC layer routing and IP packet support * add IBM z/VM monitor stream state 2 application support * add support for IBM z/VM DIAG 2FC for HYPFS * add AF_IUCV Protocol support on BSD socket interface * add dynamic CHPID reconfiguration support via SCLP New Driver Support or Driver Updates: Miscellaneous Driver Updates: * add R500/R600 drm driver (X11 deccelerator driver) support * add trust computing/trust platfrom module * add support for Realtek ALC888S codec Network Driver Updates: * add bnx2x driver for Broadcom 10GbE hardware * add dm9601 driver support for DAVICOM's ZT6688 * update bnx2, e1000, e1000e, tg3, forcedeth, igb, ixgb, and cxgb3 drivers * add WEXT scan capabilities to wireless extensions API * update mac80211/iwl4965 infrastructure * update cfg80211 driver to support mac80211/iwl4965 * update ixgbe driver to support new Intel 10GbE hardware * add r8169 driver support for Realtek 8111c and 8101e loms * update bonding, netxen, and ioatdma driver Storage Driver Updates: * update aic94xx, areca, aacraid, cciss, ibmvSCSI driver * update ipr driver to add dual SAS RAID controller support * add iSCSI Boot Firmware Table tool support * update qla2xxx, mpt-fusion, lpfc, stex, megaraid_sas * update firmwire for Qlogic 25xxx * update SATA driver and infrastructure * add SB800/SB700/SB600 SATA/LAN support * add DRAC4 hotplug support * add hotplug docking support for some laptops * add uevent, and kobject to device mapper infrastructure for xDR/GDPs * update device mapper support For a comprehensive list of kernel-related updates, refer to the latest version of the Red Hat Enterprise Linux 5.2 release notes on: http://www.redhat.com/docs/manuals/enterprise/ Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which apply these kernel updates. |
RHBA-2009:0070: util-linux bug-fix update (Low)oval-com.redhat.rhba-def-20090070 lowRHBA-2009:0070 CVE-2008-1926
RHBA-2009:0070: util-linux bug-fix update (Low)
| Rule ID | oval-com.redhat.rhba-def-20090070 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHBA-2009:0070, CVE-2008-1926 |
| Description | The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. This update fixes the following bugs: * The login command segmentation fault on EOF. * The script command does not log all commands to the typescript file. * Obsolete information in the mkfs man page. * Obsolete information about fstab-sync in the fstab man page. * Obsolete information in the fdisk man page. * The blockdev command calls the blkpg ioctl with a wrong data structure. * The mount command does not check for validity of mtab information. * The mkswap defaults to v0 format on ppc64. * The fdisk command does not warn about DOS partition table limitations on on large hard drives. * The fdisk command does not properly detect VMware partitions. * The sfdisk command does not work correctly with large hard drives. * The logger command cannot be used when /usr is non-root partition. * The audit log injection attack via the login command. * The swapon command with the "-a" option does not complain about missing devices. Users of util-linux are advised to upgrade to this updated package, which resolves these issues. |
RHBA-2010:0266: cman bug fix and enhancement update (Low)oval-com.redhat.rhba-def-20100266 lowRHBA-2010:0266 CVE-2008-4192
RHBA-2010:0266: cman bug fix and enhancement update (Low)
| Rule ID | oval-com.redhat.rhba-def-20100266 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHBA-2010:0266, CVE-2008-4192 |
| Description | The Cluster Manager (cman) utility provides user-level services for managing a Linux cluster. Changes in this update: * fence_rsa fails to login with new RSA II firmware. (BZ#549473) * fence_virsh reports vm status incorrectly. (BZ#544664) * improve error messages from ccsd if there is a network problem. (BZ#517399) * new fence agent for VMWare. (BZ#548577) Note: this is a Tech Preview only. * fence agent for HP iLO2 MP. (BZ#508722) * fence agent for RSB ends with traceback. (BZ#545054) * security feature for SNMP based agent: apc_snmp & ibmblade. (BZ#532922) * change default timeout values for various fence agents. (BZ#549124) * "Option -V" (show version) was not working in all fence agents. (BZ#549113) * automatically configure consensus based on token timeout. (BZ#544482) * add readconfig & dumpconfig to fence_tool. (BZ#514662) * make groupd handle partition merges. (BZ#546082) * groupd: clean up leaving failed node. (BZ#521817) * scsi_reserve should always echo after failure. (BZ#514260) * fence_scsi_test: add debug information. (BZ#516763) * fence_scsi_test should not allow -c & -s options together. (BZ#528832) * fix fence_ipmilan read from unitialized memory. (BZ#532138) * make qdiskd stop crying wolf. (BZ#532773) * fencing failed when used without telnet or ssh. (BZ#512343) * APC changed product name (MasterSwitch -> Switched Rack PDU). (BZ#447481) * fix invalid initalization introduced by retry-on option. * broken device detection for DRAC3 ERA/O. (BZ#489809) * fix case sensitivities in action parameter. (BZ#528938) * fencing_snmp failed on all operations & traceback fix. (BZ#528916) * accept unknown options from standard input. (BZ#532920) * fence_apc unable to obtain plug status. (BZ#532916) * timeout options added. (BZ#507514) * better default timeout for bladecenter. (BZ#526806) * the LOGIN_TIMEOUT value was too short for fence_lpar & the SSH login timed out before the connection could be completed. (BZ#546340) * add missing-as-off option (missing blade/device is always OFF). (BZ#248006) * make qdiskd "master-wins" node work. (BZ#372901) * make qdisk self-fence system if write errors take longer than interval*tko. (BZ#511113) * make service_cman.lcrso executable, so RPM adds it to the debuginfo pkg. (BZ#511346) * don't check for xm command in cman init script: virsh is more appropriate. (BZ#516111) * allow re-registering of a quorum device. (BZ#525270) * fix fence_scsi, multipath & persistent reservations. (BZ#516625) * cman_tool leave remove reduces quorum when no services are connected. (BZ#515446) * fence_sanbox2 unable to retrieve status. (BZ#512947) * gfs_controld: GETLK should free unused resource. (BZ#513285) * allow IP addresses as node names. (BZ#504158) * fence_scsi man page contains invalid option. (BZ#515731) * fence_scsi support for 2 node clusters. (BZ#516085) * Support for power cycle in fence ipmi. (BZ#482913) * add option 'list devices' for fencing agents. (BZ#519697) * add support for switching IPv4/IPv6. (BZ#520458) * fence agent ends with traceback if option is missing. (BZ#508262) * command line options to override default ports for different services, such as SSH & Telnet (i.e. -u option) were added. (BZ#506928) Note: "-u" does not currently work with fence_wti. Other agents honor the port override command line options properly, however. (BZ#506928) * force stdout close for fencing agents. (BZ#518622) * support for long options. (BZ#519670) * fix a situation where cman could kill the wrong nodes. (BZ#513260) * fix support for >100 gfs & gfs2 file systems. (BZ#561892) * fix a problem where 'dm suspend' would hang a withdrawn GFS file system. (BZ#570530) * fix a problem where fence_snmp returned success when the operation failed. (BZ#573834) * fencing support for the new iDRAC interface included with Dell PowerEdge R710 & R910 blade servers was added. (BZ#496748) All cman users should install this update which makes these changes. |
RHBA-2011:0054: samba3x bug fix and enhancement update ()oval-com.redhat.rhba-def-20110054 unknownRHBA-2011:0054 CVE-2010-0547 CVE-2010-0787
RHBA-2011:0054: samba3x bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20110054 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2011:0054, CVE-2010-0547, CVE-2010-0787 |
| Description | Samba is a suite of programs used by machines for authentication, and file and printer sharing. These updated samba3x packages provide fixes for the following bugs: * Users of trusted child domains were not authenticated correctly. As a result, some users of such domains did not appear as members of the parent domain even if the child domain allowed full inheriting from the parent domain. With this update, all users of a trusted child domain are authenticated successfully. (BZ#459842) * The smb.conf manual page contained an ambiguous description of the 'default case' parameter. With this update, the description is updated and gives a clear description. (BZ#480405) * Service principal names were not always created correctly and as a result, the system was attempting to acquire a service ticket using a wrong hostname. This caused the Kerberos authentication to fail. With this update, service principal names are created correctly. (BZ#560239) * CUPS printing could fail in an Active Directory environment with Kerberos. With this update, regular users can print in such environment. (BZ#565774) * When the 'normalize names' setting was enabled, the winbindd service could have failed after user authentication. With this update, authentication is successful. (BZ#565915) * Packages requiring samba cannot recognize samba3x as an updated samba version. With this update, dependent packages recognize samba3x as the new samba version. (BZ#582756) * Some remote users could not authenticate from workstations running Windows. This occurred, because the winbind service failed to authenticate to Windows Server 2008 using the "ntlm-server-1" ntm_auth protocol. With this update, the service works correctly. (BZ#590766) * In the offline mode, the winbind service could have logged the following message: "Exceeding 200 client connections, no idle connection found." With this update, the error no longer occurs and you can set the client limit manually with the command 'winbind max clients'. (BZ#604081) * The winbindd client limit was set to 200 and could not be changed. With this update, you can set the client limit manually with the command 'winbind max clients'. (BZ#641379) * Previously, the samba3x package considered any samba package a conflicting package. With this update, samba3x checks for possible non-conflicting versions of the samba package. (BZ#609578) * When using non-standard character sets, the command 'wbinfo' displayed user and group names with accented characters incorrectly. With this update, those names are displayed correctly with all supported character sets. (BZ#649708) * Samba could have failed to connect to workstations running Windows 7 with Live Essentials installed due to a SPNEGO parsing failure. With this update, the connection succeeds. (BZ#651722) In addition, these updated packages provide the following enhancements: * Interoperation with Windows 7 and Windows Server 2008 was fixed. Secure channel connections to servers with Windows Server 2008 R2 and interdomain trusts with Windows Server 2008 domains are now supported. Previously also, due to errors in the secure channel to Windows 7 and Windows Server 2008 R2, the winbind daemon could corrupt the secure channel. With this update, this no longer occurs. (BZ#527997) * In Red Hat Enterprise Linux 5.6, the samba3x package no longer provides the libtalloc library. The library is now provided in a separate source RPM. (BZ#596883) * In Red Hat Enterprise Linux 5.6, the samba3x package no longer provides the libtdb library. The library is now provided in a separate source RPM. (BZ#596886) Users are advised to upgrade to these updated samba3x packages, which resolve these issues and add these enhancements. |
RHBA-2011:1656: mod_nss bug fix update ()oval-com.redhat.rhba-def-20111656 unknownRHBA-2011:1656 CVE-2011-4973
RHBA-2011:1656: mod_nss bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20111656 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2011:1656, CVE-2011-4973 |
| Description | The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. This update fixes the following bugs: * When the NSS library was not initialized and mod_nss tried to clear its SSL cache on start-up, mod_nss terminated unexpectedly when the NSS library was built with debugging enabled. With this update, mod_nss does not try to clear the SSL cache in the described scenario, thus preventing this bug. (BZ#691502) * Previously, a static array containing the arguments for launching the nss_pcache command was overflowing the size by one. This could lead to a variety of issues including unexpected termination. This bug has been fixed, and mod_nss now uses properly sized static array when launching nss_pcache. (BZ#714154) * Prior to this update, client certificates were only retrieved during the initial SSL handshake if the NSSVerifyClient option was set to "require" or "optional". Also, the FakeBasicAuth option only retrieved Common Name rather than the entire certificate subject. Consequently, it was possible to spoof an identity using that option. This bug has been fixed, the FakeBasicAuth option is now prefixed with "/" and is thus compatible with OpenSSL, and certificates are now retrieved on all subsequent requests beyond the first one. (BZ#702437) Users of mod_nss are advised to upgrade to this updated package, which fixes these bugs. |
RHBA-2012:0319: gnutls bug fix update ()oval-com.redhat.rhba-def-20120319 unknownRHBA-2012:0319 CVE-2006-7239
RHBA-2012:0319: gnutls bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20120319 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2012:0319, CVE-2006-7239 |
| Description | The gnutls package provides the GNU Transport Layer Security (GnuTLS) library, which provides a secure layer over a transport layer using protocols such as TLS, SSL and DTLS. This update fixes the following bug: * Under certain circumstances, a NULL pointer could have been dereferenced in the GnuTLS library. This caused TLS clients, such as the rsyslog utility, to terminate unexpectedly with a segmentation fault. This update adds a test condition ensuring that a NULL pointer can no longer be dereferenced and TLS clients no longer crash. (BZ#789041) All users of gnutls are advised to upgrade to these updated packages, which fix this bug. All applications linked with the GnuTLS library must be restarted (or the system rebooted) in order for this update to take effect. |
RHBA-2012:0763: glibc bug fix and enhancement update ()oval-com.redhat.rhba-def-20120763 unknownRHBA-2012:0763 CVE-2012-6686
RHBA-2012:0763: glibc bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20120763 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2012:0763, CVE-2012-6686 |
| Description | The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. These updated glibc packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/glibc.html#RHBA-2012-0763 Users of glibc are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. |
RHBA-2012:0881: freeradius bug fix and enhancement update ()oval-com.redhat.rhba-def-20120881 unknownRHBA-2012:0881 CVE-2011-4966
RHBA-2012:0881: freeradius bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20120881 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2012:0881, CVE-2011-4966 |
| Description | FreeRADIUS is an open-source Remote Authentication Dial In User Service (RADIUS) server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol.
The freeradius packages have been upgraded to upstream version 2.1.12, which provides a number of bug fixes and enhancements over the previous version. (BZ#736878)
This update fixes the following bugs:
* The radtest command-line argument to request the PPP hint option was not parsed correctly. Consequently, radclient did not add the PPP hint to the request packet and the test failed. This update corrects the problem and radtest now functions as expected. (BZ#787116)
* After log rotation, the freeradius logrotate script failed to reload the radiusd daemon after a log rotation and log messages were lost. This update has added a command to the freeradius logrotate script to reload the radiusd daemon and the radiusd daemon reinitializes and reopens its log files after log rotation as expected. (BZ#705723)
* The radtest argument with the eap-md5 option failed because it passed the IP family argument when invoking the radeapclient utility and the radeapclient utility did not recognize the IP family. The radeapclient now recognizes the IP family argument and radtest now works with eap-md5 as expected. (BZ#712803)
* Previously, freeradius was compiled without the "--with-udpfromto" option. Consequently, with a multihomed server and explicitly specifying the IP address, freeradius sent the reply from the wrong IP address. With this update, freeradius has been built with the --with-udpfromto configuration option and the RADIUS reply is always sourced from the IP the request was sent to. (BZ#700870)
* The password expiration field for local passwords was not checked by the unix module and the debug information was erroneous. Consequently, a user with an expired password in the local password file was authenticated despite having an expired password. With this update, check of the password expiration has been modified. A user with an expired local password is denied access and correct debugging information is written to the log file. (BZ#753764)
* Due to invalid syntax in the PostgreSQL admin schema file, the FreeRADIUS PostgreSQL tables failed to be created. With this update, the syntax has been adjusted and the tables are created as expected. (BZ#690756)
* When FreeRADIUS received a request, it sometimes failed with the following message:
WARNING: Internal sanity check failed in event handler for request 6
This bug was fixed by upgrading to upstream version 2.1.12. (BZ#782905)
* FreeRADIUS has a thread pool that will dynamically grow based on load. If multiple threads using the rlm_perl() function are spawned in quick succession, freeradius sometimes terminated unexpectedly with a segmentation fault due to parallel calls to the rlm_perl_clone() function. With this update, mutex for the threads has been added and the problem no longer occurs. (BZ#810605)
All users of freeradius are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
|
RHBA-2013:0009: mod_nss bug fix update ()oval-com.redhat.rhba-def-20130009 unknownRHBA-2013:0009 CVE-2011-4973
RHBA-2013:0009: mod_nss bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20130009 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2013:0009, CVE-2011-4973 |
| Description | The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library.
This update fixes the following bugs:
* The previous release had an incorrect post-install script. Consequently, when upgrading "mod_nss" from version 1.0.3 to 1.0.8, the group and file permissions were incorrectly set. The HTTP server (httpd) did not start and the following error message was displayed:
[error] NSS_Initialize failed. Certificate database: /etc/httpd/alias.
[error] SSL Library Error: -8038 SEC_ERROR_NOT_INITIALIZED
This update improves the post-install script to set file permissions and ownership correctly. As a result, all child processes of the Apache HTTP Server can enable SSL and now httpd starts as expected in the scenario described. (BZ#669963)
* With the release of "mod_nss" version 1.0.8 there was no lock mechanism to control sequential httpd process access to the "nss_pcache" process. This sometimes resulted in multiple requests being interpreted as a single request by "nss_pcache" and a single result returned. The calling process sometimes experienced a timeout error or a failure with the error message:
[error] Unable to read from pin store
With this update the code has been improved and multiple requests to the "nss_pcache" process are processed sequentially without the errors described. (BZ#677698)
* Due to a regression, the "mod_proxy" module no longer worked when configured to support reverse proxy operation. The following error was logged:
[error] SSL Proxy: I don't have the name of the host we're supposed to connect to so I can't verify that we are connecting to who we think we should be. Giving up.
A new patch has been applied and the "mod_proxy" module now works correctly to support SSL reverse proxy. (BZ#692868)
* Previously, a static array containing the arguments for launching the "nss_pcache" command overflowed the array size by one. This could lead to a variety of problems including unexpected termination. This bug has been fixed, and "mod_nss" now uses a properly sized static array when launching "nss_pcache". (BZ#714255)
* Due to an incorrect use of the memcpy() function in the "mod_nss" module, running the Apache HTTP Server with this module enabled could cause some requests to fail with the following message written to the error_log file:
request failed: error reading the headers
This update applies a patch to ensure that the memcpy() function is now used in accordance with the current specification, and using the "mod_nss" module no longer causes HTTP requests to fail. (BZ#749401)
* Prior to this update, client certificates were only retrieved during the initial SSL handshake if the NSSVerifyClient option was set to "require" or "optional". Also, the FakeBasicAuth option only retrieved Common Name rather than the entire certificate subject. Consequently, it was possible to spoof an identity using that option. This bug has been fixed, the FakeBasicAuth option is now prefixed with "/" and is thus compatible with OpenSSL. Certificates are now retrieved on all subsequent requests beyond the first one. (BZ#749402).
* When the NSS library was not initialized and "mod_nss" tried to clear its SSL cache on start-up, "mod_nss" terminated unexpectedly when the NSS library was built with debugging enabled. With this update, "mod_nss" does not try to clear the SSL cache in the described scenario, thus preventing this bug. (BZ#749405, BZ#784548)
* The "Requires: %{_libdir}/libnssckbi.so" directive has been added to the spec file to make "libnssckbi.so" a runtime dependency. This is to prevent symbolic links failing. (BZ#749406)
All users of mod_nss are advised to upgrade to these updated packages, which fix these bugs.
|
RHBA-2013:0022: glibc bug fix and enhancement update ()oval-com.redhat.rhba-def-20130022 unknownRHBA-2013:0022 CVE-2012-6686
RHBA-2013:0022: glibc bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20130022 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2013:0022, CVE-2012-6686 |
| Description | The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. These updated glibc packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.9 Technical Notes for information on the most significant of these changes: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.9_Technical_Notes/glibc.html#RHBA-2013-0022 All users of glibc are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements. |
RHBA-2013:0363: sudo bug fix and enhancement update ()oval-com.redhat.rhba-def-20130363 unknownRHBA-2013:0363 CVE-2013-1776
RHBA-2013:0363: sudo bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20130363 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2013:0363, CVE-2013-1776 |
| Description | The sudo (super user do) utility allows system administrators to give certain users the ability to run commands as root. The updated sudo packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes for information on the most significant of these changes: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/sudo.html Users of sudo are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2013:0386: tuned bug fix update ()oval-com.redhat.rhba-def-20130386 unknownRHBA-2013:0386 CVE-2012-6136
RHBA-2013:0386: tuned bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20130386 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2013:0386, CVE-2012-6136 |
| Description | The tuned packages contain a daemon that tunes system settings dynamically. It does so by monitoring the usage of several system components periodically. This update fixes the following bugs: * Red Hat Enterprise Linux 6.1 and later enters processor power-saving states more aggressively. This could result in a small performance penalty on certain workloads. With this update, the pmqos-static.py daemon has been added to the tuned packages, which allows to set the requested latency using the kernel Power Management QoS interface. It is run when the "latency-performance" profile is activated and it sets cpu_dma_latency=0, which keeps the CPU in C0 state, thus making the system as responsive as possible. (BZ#714180) * When the ELEVATOR_TUNE_DEVS option was set to a disk device in the /etc/sysconfig/ktune file instead of providing a disk scheduler control file, the scheduler setting was not written to a disk scheduler control file but directly into the disk device file. Consequently, contents of the disk could become corrupted. With this update, the value of ELEVATOR_TUNE_DEVS is checked and only the disk scheduler control file is allowed for writing. As a result, an invalid value of ELEVATOR_TUNE_DEVS is detected in the described scenario so that the disk contents damage can be prevented. (BZ#784308) * When the tuned daemon run with the "enterprise-storage" profile enabled and a non-root, non-boot disk partition from a device with write-back cache was mounted, tuned remounted the partition with the "nobarriers" option. If a power failure occurred at that time, the file system could become corrupted. With this update, tuned can detect usage of write-back cache on devices communicating with kernel via SCSI. In these cases, "nobarriers" is now disabled, thus preventing this bug in the described scenario. (BZ#801561) * Previously, when the tuned service was started, the tuned PID file was created with world-writable permissions. This bug has been fixed and the /var/run/tuned/tuned.pid file is now created with correct permissions as expected. (BZ#845336) * On a machine with hot-plug disk devices with the "enterprise-storage" profile activated, a new disk device could be added into the system, or the disk could be removed and inserted back. In such a scenario, the scheduler and read-ahead settings from the profile were not applied on the newly-added disks. With this update, a new udev rule has been added, which restarts the ktune daemon whenever a new disk device is added, thus fixing this bug. (BZ#847445) * The transparent hugepage kernel thread could interfere with latency-sensitive applications. To lower the latency, the transparent hugepages are now disabled in the latency-performance tuned profile. (BZ#887355) * Previously, non-root, non-boot partitions were re-mounted using the "nobarrier" option to improve performance. On virtual guests, this could lead to data corruption if power supply was suddenly interrupted, because there was usually a host cache in transfer. This bug has been fixed and the virtual-guest profile no longer re-mounts partitions using "nobarrier". (BZ#886956) Users of tuned are advised to upgrade to these updated packages, which fix these bugs. |
RHBA-2013:1150: net-snmp bug fix update ()oval-com.redhat.rhba-def-20131150 unknownRHBA-2013:1150 CVE-2012-6151
RHBA-2013:1150: net-snmp bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20131150 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2013:1150, CVE-2012-6151 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. This update fixes the following bug: * When an AgentX subagent disconnected from the SNMP daemon (snmpd), the daemon did not properly check that there were no active requests queued in the subagent and destroyed the session. Consequently, the session was referenced by snmpd later when processing queued requests and because it was already destroyed, snmpd terminated unexpectedly with a segmentation fault or looped indefinitely. This update adds several checks to prevent the destruction of sessions with active requests, and snmpd no longer crashes in the described scenario. (BZ#993579) Users of net-snmp are advised to upgrade to these updated packages, which fix this bug. |
RHBA-2013:1581: libvirt bug fix and enhancement update ()oval-com.redhat.rhba-def-20131581 unknownRHBA-2013:1581 CVE-2013-7336
RHBA-2013:1581: libvirt bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20131581 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2013:1581, CVE-2013-7336 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. These updated libvirt packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes for information on the most significant of these changes: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/libvirt.html#RHBA-2013-1581 All libvirt users are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. |
RHBA-2013:1647: mysql bug fix update ()oval-com.redhat.rhba-def-20131647 unknownRHBA-2013:1647 CVE-2013-1861 CVE-2013-3802 CVE-2013-3804 CVE-2013-3839
RHBA-2013:1647: mysql bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20131647 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2013:1647, CVE-2013-1861, CVE-2013-3802, CVE-2013-3804, CVE-2013-3839 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes the following bugs: * Prior to this update, the mysqld daemon worked with uninitialized memory when accessing non-nullable GEOMETRY types. Cosequenutly, mysqld could terminate unexpectedly when the mysqldump utility was running. With this update, mysqld initializes memory properly and thus no longer crashes in this scenario (BZ#842052) * Previously, the mysqldump utility expected log tables to be created on the MySQL 5.0.x server, from which it retrieved data. Consequently, mysqldump could not dump the MySQL system table. With this update, mysqldump no longer expects log tables to be created, and it is now able to dump the system table in the described scenario as expected. (BZ#877557) * Prior to this update, the mysqld init script did not correctly verify the status of the mysqld daemon. Consequently, the script could return an error message even when the daemon had successfully started. The mysqld init script has been fixed, and it now checks the daemon status properly. (BZ#884651) * Previously, the mysql-server sub-packages did not contain the logrotate script. Consequently, the log rotation had to be configured manually. With this update, the logrotate script has been provided by the mysql-server sub-packages, and users can use the script to log into the mysqld.log file by uncommenting appropriate lines in the script. (BZ#904061) Users of mysql are advised to upgrade to these updated packages, which fix these bugs. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHBA-2014:1200: sos bug fix update ()oval-com.redhat.rhba-def-20141200 unknownRHBA-2014:1200 CVE-2014-3925
RHBA-2014:1200: sos bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20141200 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2014:1200, CVE-2014-3925 |
| Description | The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. This update fixes the following bugs: * Previously, the sosreport utility did not include the output of the "brctl show" command for all systems. Consequently, information on bridged network configurations was only available in the report tarball on systems using Xen for virtualization. With this update, the networking module collects the output of "brctl show" as well as "brctl showstp" commands for each configured bridge, and thus bridged network configuration information is now available in the report tarball for all hosts. (BZ#833406) * Previous versions of the sosreport utility used the legacy ifconfig command to detect network interfaces, but ifconfig did not support interfaces named via biosdevname. As a consequence, no information on biosdevname interfaces was present in the report tarball. With this update, the sosreport networking plug-in now uses the "ip" command to detect interfaces of all types, and full information on biosdevname interfaces is now included. (BZ#980177) * Previously, the sosreport utility collected the krb5.keytab file from Kerberos installations. Although encrypted, this file can contain sensitive key material. With this update, sosreport collects a summary of krb5.keytab using the klist command but does not collect the krb5.keytab file itself. As a result, krb5.keytab data is still available but no sensitive information is included in the report tarball. (BZ#1029017) * Previously, the sosreport "ds" plug-in collected all directory server logs by default. Depending on the log configuration, this could lead to very large report sizes. With this update, sosreport collects by default only the current version of the directory server logs regarding to "access", "errors" and "audit", and rotated logs are not collected by default. In addition, the plug-in now supports an "all_logs" option that can be used to request the old behavior. As a result, the default report size for directory server hosts is now smaller and more consistent unless full log data is explicitly requested. (BZ#1086736) * Prior to this update, the sosreport utility could include password material in the grub.conf and fstab files collected by the boot loader and file system plug-ins if present on the collection system. Consequently, passwords, either plain text or hashed, could be included in the report tarball. With this bug fix update, password and other secrets are now removed during collection, and passwords from the fstab or grub.conf files can no longer appear in the report tarball. (BZ#1107751) Users of sos are advised to upgrade to this updated package, which fixes these bugs. |
RHBA-2014:1206: virt-who bug fix and enhancement update (Moderate)oval-com.redhat.rhba-def-20141206 mediumRHBA-2014:1206 CVE-2014-0189
RHBA-2014:1206: virt-who bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhba-def-20141206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHBA-2014:1206, CVE-2014-0189 |
| Description | The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the subscription manager. The virt-who package has been upgraded to upstream version 0.9, which provides a number of bug fixes and enhancements over the previous version. Notably, the permissions for the configuration file has been changed from world-readable to root-only readable. This change is only for new installations of virt-who; existing installations should be fixed manually by setting the permission of the /etc/sysconfig/virt-who file to 600. (BZ#861552) This update also fixes the following bugs: * Prior to this update, the configuration file for virt-who contained incorrect permissions and was world-readable, although this file can contain passwords. As a consequence, any user could read the passwords from the configuration file. To fix this bug, the permissions have been changed to be root-readable only, and non-root users can no longer read passwords from the virt-who configuration file. (BZ#1088756) * Previously, the virt-who utility did not report the state of virtual guests to the Subscription Asset Manager (SAM) server. To fix this bug, the info() method from libvirt has been used, and the state of a virtual machine is now reported to the SAM server. (BZ#1124732) In addition, this update adds the following enhancements: * With this update, support for Red Hat Enterprise Virtualization Manager virtualization back end has been added to virt-who. Now, the user can use virt-who on Red Hat Enterprise Linux 5.11.0 to gather host/guest associations from Red Hat Enterprise Virtualization Manager. (BZ#1009401) * Although virt-who worked properly with VMware ESX software, the support for VMware ESXi software was not functional due to differences between ESX and ESXi. With this update, support for ESXi as virtualization back end has been provided for virt-who, which can now use both ESX and ESXi as virtualization back ends. (BZ#1078858) Users of virt-who are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2014:1375: sssd bug fix and enhancement update ()oval-com.redhat.rhba-def-20141375 unknownRHBA-2014:1375 CVE-2014-0249
RHBA-2014:1375: sssd bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20141375 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2014:1375, CVE-2014-0249 |
| Description | The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system and a pluggable back-end system to connect to multiple different account sources. These updated sssd packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/sssd.html#RHBA-2014-1375 Users of sssd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2014:1376: xcb-util, xorg-x11-drivers, and mesa bug fix and enhancement update ()oval-com.redhat.rhba-def-20141376 unknownRHBA-2014:1376 CVE-2013-1994
RHBA-2014:1376: xcb-util, xorg-x11-drivers, and mesa bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20141376 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2014:1376, CVE-2013-1994 |
| Description | The xcb-util package provides a number of libraries that use the libxcb library, the core X protocol library, and some of the extension libraries. These libraries provide convenience functions and interfaces which make the raw X protocol more usable. Some of the libraries also provide client-side code which is not strictly part of the X protocol but which have traditionally been provided by the Xlib library. The individual X.Org drivers, previously provided by the xorg-x11-drivers package, are included to allow installation of all drivers at once, without having to track which individual drivers are present on each architecture. This package also provides Mesa 3D graphics API that is compatible with Open Graphics Library (OpenGL), as well as hardware-accelerated drivers for many popular graphics chips. The updated xcb-util packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes for information on the most significant of these changes: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/xcb-util.html#RHBA-2014-1376 Users of xcb-util, xorg-x11-drivers, and mesa are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. |
RHBA-2014:1417: icedtea-web bug fix and enhancement update ()oval-com.redhat.rhba-def-20141417 unknownRHBA-2014:1417 CVE-2013-6493
RHBA-2014:1417: icedtea-web bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20141417 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2014:1417, CVE-2013-6493 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. The icedtea-web packages have been upgraded to upstream version 1.5.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#1075790) Users of icedtea-web are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2014:1513: virt-who bug fix and enhancement update ()oval-com.redhat.rhba-def-20141513 unknownRHBA-2014:1513 CVE-2014-0189
RHBA-2014:1513: virt-who bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20141513 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2014:1513, CVE-2014-0189 |
| Description | The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the Red Hat Subscription Manager tool. The virt-who package has been upgraded to upstream version 0.10, which provides a number of bug fixes and enhancements over the previous version. This update includes support for multiple vCenter servers, fixed querying by cluster in large ESX environments, corrected communication with Red Hat Satellite server when ESXi has no host, fixed unregistering from Subscription Asset Manager (SAM) server, fixed bug in Virtual Desktop and Server Management (VDSM) mode, support for encrypted credentials, and fixed error when creating new VMs. (BZ#1002640, BZ#994575, BZ#1002447, BZ#1009230, BZ#1011877, BZ#1017056, BZ#1081286, BZ#1082416) This update also fixes the following bugs: * Previously, the virt-who daemon did not report guest attributes to the server, which disabled the virt_guest_limit feature. With this update, virt-who has been modified to correctly report guest attributes. As a result, virt_guest_limit is now supported by virt-who. (BZ#1098019) * Prior to this update, every call to Libvirtd.listDomains() function from the /usr/share/virt-who/virt/libvirtd/libvirtd.py script opened a new connection to the libvirtd daemon but did not close it. Consequently, after several iterations, virt-who consumed all connections allowed for any client of libvirtd. With this update, Libvirtd.listDomains() has been modified to properly close the livirtd connections, thus fixing this bug. (BZ#1113938) Users of virt-who are advised to upgrade to this updated package, which fixes these bugs and add these enhancements. |
RHBA-2015:0364: nss, nss-softokn, nss-util, and nspr bug fix and enhancement update ()oval-com.redhat.rhba-def-20150364 unknownRHBA-2015:0364 CVE-2014-1545
RHBA-2015:0364: nss, nss-softokn, nss-util, and nspr bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20150364 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:0364, CVE-2014-1545 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss, nss-softokn, and nss-util packages have been upgraded to upstream versions 3.16.2.3, and the nspr packages have been upgraded to upstream version 4.10.6. The upgraded versions provide a number of bug fixes and enhancements over the previous versions, including: * Updating to Firefox 31.3 is possible. * The softokn database code now checks the "NSS_SDB_USE_CACHE" environment variable. As a result, using libcurl and curl for HTTPS requests no longer results in unnecessary access system calls to non-existent paths, directories, and files. (BZ#1103250, BZ#1103251, BZ#1103252, BZ#1103925, BZ#1158161, BZ#1117959) This update also fixes the following bugs: * NSS changed the permissions of the /etc/pki/nssdb/pkcs11.txt file to the strict default value of 0600, even if the file had other permissions prior to this change. Consequently, users could not add security modules to their configuration under certain circumstances. NSS now only applies the strict default to new files and preserves existing permissions when replacing an existing pkcs11.txt. Users can make the necessary modifications to the NSS security module database. (BZ#1087926) * The internal NSS stan_GetCERTCertificate() call did not properly ensure that objects were not removed until the operation was finished. Consequently, stan_GetCERTCertificate() could terminate unexpectedly in the 389 Directory Server (DS) under the replication replay failure condition. The source code has been modified to properly manage object references, and the crashes reported by 389 DS no longer occur. (BZ#1094468) * The PKCS#12 decoder did not properly check the destination buffer length when decoding. Running the pk12util tool with the "-l" option to list the contents of certain PKCS#12-encoded files resulted in a segmentation fault. The decoder has been updated to perform the check, and pk12util now lists the encoded files as expected. (BZ#1174527) * A build-time check for platforms without NSS initialization support was missing. The NSS security tools terminated unexpectedly with a core dump when running on the 64-bit PowerPC architecture. The build files now check for the "NSS_NO_INIT_SUPPORT" build-time environment variable, and if it is set, the platforms continue to function as expected. (BZ#1154232) * The Softoken module did not correctly check the mechanism for user tokens. When both the client and the server worked in FIPS mode, the yum utility could not connect to OpenSSL-based servers, and the server returned the "decryption failed or bad record mac" error message. Softoken has been updated to allow user slots to have the full list of mechanisms just like the main slot, and yum is now able to connect to OpenSSL-based servers. (BZ#1131079) * Certain changes to the nss-softokn.spec file were implemented using the dracut utility configuration syntax for Red Hat Enterprise Linux 6 instead of the Red Hat Enterprise Linux 7 syntax. Consequently, the user could not use the curl utility to download an HTTPS URL in the dracut environment. The spec file has been modified to use the correct syntax, and dracut users can now use curl in this situation as expected. (BZ#1169957) In addition, this update adds the following enhancements: * With this update, the nss-softokn module conforms to the FIPS-140 standard. (BZ#1004102, BZ#1004107) * This update adds a mechanism that allows to derive a new symmetric key based on the encryption of some data with the original symmetric key. (BZ#1155340) Users of nss, nss-softokn, nss-util, and nspr are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:0386: cups bug fix and enhancement update ()oval-com.redhat.rhba-def-20150386 unknownRHBA-2015:0386 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031
RHBA-2015:0386: cups bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20150386 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:0386, CVE-2014-2856, CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 |
| Description | CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. This update fixes the following bugs: * When using the cupsEnumDests() API call, the libcups utility failed to take note of the client callback function. As a consequence, applications using this API could terminate unexpectedly. The cupsEnumDests() implementation has been fixed and callbacks now function as expected. (BZ#1072954) * Previously, the CUPS scheduler used an incorrect D-Bus interface when trying to add a colord profile, which led to colord profiles not working correctly. With this update, the correct D-Bus interface is used, and colord profiles now function as expected. (BZ#1087323) * When handling an incoming Internet Printing Protocol (IPP) request with an associated document to follow, the CUPS scheduler did not check whether the client connection had data available to read before starting to handle the document data. Consequently, in some instances, a 10-second timeout could occur. The scheduler now checks for data availability before reading the document data, thus fixing this bug. (BZ#1110259) * When the CUPS scheduler read data from a client, it did not check for data availability in between reading the HTTP headers and the Internet Printing Protocol (IPP) request. This led to a race condition causing client requests to fail depending on the timing of the data packets. With this update, the scheduler checks for data availability, preventing the race condition from occurring. (BZ#1113045) * Previously, the manual page for the cupsd.conf(5) configuration file did not mention the ErrorPolicy directive. Text describing this directive has now been added to the manual page. (BZ#1120591) * Prior to this update, the cups utility was started before networking, and therefore it was not available in some configurations. A patch has been applied to fix this bug, and CUPS is now available throughout the network. (BZ#1144780) * A prior security update changed the /etc/cups/ppd/ directory not to be world-readable. However, the cupsGetPPD() function still assumed the files in the directory were world-readable. As a consequence, cupsGetPPD() returned a symbolic link to a file in /etc/cups/ppd/ to the caller even though the caller was not able to read it, which caused a variety of failures when printing. This update fixes cupsGetPPD3() to check for readability, and these failures thus no longer occur. (BZ#1153708) * A prior fix for setting the value of the FINAL_CONTENT_TYPE variable caused unintended problems: the back end could not reliably determine the format of the input data and forced FINAL_CONTENT_TYPE to always be "printer/[queue name]". The incorrect fix has been reverted. Nevertheless, users who have files configured on both the local and remote ends of their queues will still encounter this problem, and thus need to make the local ends of their queues "raw". (BZ#1149245) In addition, this update adds the following enhancement: * Prior to this update, the commands required by the redhat-lsb-core package were provided by the cups packages, which itself has other requirements on other packages. To prevent redhat-lsb-core causing a larger dependency chain than needed, the CUPS client commands required by redhat-lsb-core have been moved into a new sub-package, cups-clients. (BZ#1115057) Users of cups are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. After installing this update, the cupsd daemon will be restarted automatically. |
RHBA-2015:0441: sssd bug fix and enhancement update ()oval-com.redhat.rhba-def-20150441 unknownRHBA-2015:0441 CVE-2014-0249
RHBA-2015:0441: sssd bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20150441 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:0441, CVE-2014-0249 |
| Description | The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. This update adds several enhancements that are described in more detail in the Red Hat Enterprise Linux 7.1 Release Notes, linked to in the References section, including: * Added the "domains=" option to the pam_sss module. * Added an SSSD plug-in to enable accessing a CIFS share. (BZ#727466, BZ#922081) This update fixes the following bugs: * The sssd-ad(5) man page did not explain that when using multiple types of providers, such as an Active Directory (AD) provider and an LDAP provider, the user must fully configure each of the providers. The man page explains this now. (BZ#1075141) * The system added the "sss" module to the nsswitch.conf file, even when SSSD was not running. The GNU C Library (glibc) calls returned incorrect error messages, which caused certain user space tools to not work properly. The "sssd_nss" module returns correct error codes, so that the user space tools handle them gracefully. (BZ#1124320) * The hard-coded list of supported AD servers in SSSD did not include the Windows Server 2012R2 (WS2012R2) release. Clients connected to WS2012R2 printed a warning to the logs and were unable to use some AD-specific performance enhancements. To fix these problems, this update adds WS2012R2 to the list. (BZ#1134940) * SSSD overwrote a variable containing password expiration data under certain circumstances, and did not sometimes display password expiration messages to the user. This update fixes the problem, and SSSD displays password expiration data as expected. (BZ#1144011) * Several AD-specific codepaths in the LDAP provider assumed data structures and functions that were available only with a full AD provider. Looking up secondary groups using the LDAP provider failed. This update modifies the codepaths to allow using the "id_provider=ldap" setting with AD servers and disables the support for the tokenGroups attribute when using this configuration. Clients using "id_provider=ldap" with an AD server work seamlessly. (BZ#1146541) * SSSD sometimes did not map some of the group security identifiers (SIDs) returned from the tokenGroups attribute, unless an SSSD client used the "id_provider=ad" setting. SSSD did not display all groups in the "id" output and could deny access to users. Support for tokenGroups is now disabled if "id_provider=ad" is not used, and SSSD reports the group membership correctly. (BZ#1161741) * Failed attempts to convert a GID to a group name during certain access control checks, which is required for comparison with the "simple_allow_groups" list, could cause SSSD to incorrectly deny access. SSSD now continues to resolve the next groups when only allow rules are used, and the users can log in even if SSSD cannot perform the conversion for some of their groups. (BZ#1175408) This update adds the following enhancements: * The sssd service can now be run as a non-root user. Previously, sssd could only be run as root, which could potentially pose a security risk. To set sssd to run unprivileged, add the "user=sssd" option to the [sssd] section of the sssd.conf file. (BZ#1113783) * SSSD is able use the group policy objects (GPOs) stored on an AD server for access control. Windows administrators can now use the GPOs to control access to Linux clients. (BZ#1115429) * A new Kerberos plug-in helps to map Kerberos principals to local SSSD user names. It is no longer necessary to configure the .k5login file or the "auth_to_local" rules in the krb5.conf file to enable passwordless logins to IdM clients for AD users in a setup with AD trusts. (BZ#1135043) Users of sssd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:0584: tboot bug fix and enhancement update ()oval-com.redhat.rhba-def-20150584 unknownRHBA-2015:0584 CVE-2014-5118
RHBA-2015:0584: tboot bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20150584 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:0584, CVE-2014-5118 |
| Description | The tboot packages provide the Trusted Boot (tboot) open source pre-kernel/VMM module. This module uses Intel Trusted Execution Technology (Intel TXT) to initialize the launch of operating system kernels and virtual machines. The tboot packages have been upgraded to upstream version 1.8.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#1147070) Users of tboot are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:0925: nss and nspr bug fix and enhancement update ()oval-com.redhat.rhba-def-20150925 unknownRHBA-2015:0925 CVE-2014-1569
RHBA-2015:0925: nss and nspr bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20150925 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:0925, CVE-2014-1569 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss packages have been upgraded to upstream version 3.18.0, and the nspr packages have been upgraded to upstream version 4.10.8. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 38 Extended Support Release. (BZ#1200905, BZ#1200921) Users of nss, nss-softokn, nss-util, and nspr are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:0926: nss, nss-util, and nspr bug fix and enhancement update ()oval-com.redhat.rhba-def-20150926 unknownRHBA-2015:0926 CVE-2014-1569
RHBA-2015:0926: nss, nss-util, and nspr bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20150926 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:0926, CVE-2014-1569 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss and nss-util packages have been upgraded to upstream versions 3.18, and the nspr packages have been upgraded to upstream version 4.10.8. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 38 Extended Support Release. (BZ#1205064, BZ#1205065, BZ#1207052) This update also fixes the following bugs: * Previously, a race condition in NSS in some cases caused heavily threaded applications, such as the ns-slapd daemon, to terminate unexpectedly when under load. This update fixes the underlying cause, and the described crash no longer occurs. (BZ#1182902) * When using version 3.16.1-4 of the nss packages, NSS returned different cipher suites than the prior versions of NSS. This caused certain applications that add external constraints to the cipher suites, such as the Lightweight Directory Access Protocol server (LDAPS), to fail. With this update, the cipher suites table in the /nss/lib/ssl/ssl3con.c file has been adjusted to be compatible with the previous version of NSS, and the affected applications now work as expected. (BZ#1202488) Users of nss, nss-util, and nspr are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:0965: nss, nss-util, and nspr bug fix and enhancement update ()oval-com.redhat.rhba-def-20150965 unknownRHBA-2015:0965 CVE-2014-1569
RHBA-2015:0965: nss, nss-util, and nspr bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20150965 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:0965, CVE-2014-1569 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss and nss-util packages have been upgraded to upstream versions 3.18, and the nspr packages have been upgraded to upstream version 4.10.8. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 38 Extended Support Release. (BZ#1211371, BZ#1211372, BZ#1211373) Users of nss, nss-util, and nspr are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:1292: openldap bug fix and enhancement update ()oval-com.redhat.rhba-def-20151292 unknownRHBA-2015:1292 CVE-2014-8182
RHBA-2015:1292: openldap bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20151292 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:1292, CVE-2014-8182 |
| Description | OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. The openldap packages have been upgraded to upstream version 2.4.40, which provides a number of bug fixes and enhancements over the previous version. (BZ#1147983) This update also fixes the following bugs: * Previously, openldap did not correctly handle when multiple processes attempted to establish an encrypted connection at the same time. Consequently, utilities, such as the nslcd service, could terminate unexpectedly with a segmentation fault. Incorrect thread initialization code that caused this bug has been fixed. As a result, utilities no longer crash when processes establish multiple concurrent encrypted connections. (BZ#1144294) * Previously, the server could terminate unexpectedly when processing SRV records due to invalid memory access. The error that caused the invalid memory access has been corrected, and the server no longer crashes when processing SRV records. (BZ#1164369) * Prior to this update, user data was deleted after updating openldap when the slapd.conf file was used to store the configuration, but the slapd.d/ directory also existed. This update fixes incorrect logic in the post-installation script, and user data is no longer deleted in this situation. (BZ#1193519) * The server sometimes terminated unexpectedly with a segmentation fault on IBM Power Systems due to a regression. A code optimization that caused this problem has been removed, preventing the segmentation fault from occurring. As a result, the server no longer crashes in this situation. (BZ#1202696) In addition, this update adds the following enhancements: * This update introduces the Check Password extension for OpenLDAP, required for PCI compliance. (BZ#1155390) * Support for the TLS protocol version 1.1 and later has been added. (BZ#1160467) Users of openldap are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:1307: netcf bug fix update ()oval-com.redhat.rhba-def-20151307 unknownRHBA-2015:1307 CVE-2014-8119
RHBA-2015:1307: netcf bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20151307 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:1307, CVE-2014-8119 |
| Description | The netcf packages contain a library for modifying the network configuration of a system. Network configuration is expressed in a platform-independent XML format, which netcf translates into changes to the system's "native" network configuration files. This update fixes the following bugs: * Previously, when the XML configuration for an interface enabled dynamic host configuration protocol (DHCP) for IPv6, the netcf library erroneously set the variable named "DHCPV6" in the ifcfg configuration file instead of "DHCPV6C". The underlying source code has been patched, and netcf now passes the correct "DHCPV6C" option to ifcfg. (BZ#1113978) * Prior to this update, when requested to configure an interface with an IPv4 netmask of 255.255.255.255, the netcf library logged an error as the interface configuration was rejected. This update fixes the netmask for the 32-bit interface prefix, and netcf now configures IPv4 interfaces successfully. (BZ#1116314) * Due to a parsing error, the ifcfg files with comments starting anywhere beyond column 1 or multiple variables on a single line caused the netcf library to generate errors when attempting to list host interfaces. The parsing error has been fixed, and any tool using netcf now lists active interfaces as expected. (BZ#1208897) * When multiple static IPv6 addresses were specified in an interface configuration, an extra set of quotes appeared in the IPV6ADDR_SECONDARIES entry in the generated configuration file. This update removes extraneous single quotes from IPV6ADDR_SECONDARIES, thus fixing this bug. (BZ#1208894) * Due to a denial of a service flaw in the netcf library, a specially crafted interface name previously caused applications using netcf, such as the libvirt daemon, to terminate unexpectedly. An upstream patch has been applied to fix this bug, and applications using netcf no longer crash in the aforementioned situation. (BZ#1165966) Users of netcf are advised to upgrade to these updated packages, which fix these bugs. |
RHBA-2015:1445: xorg-x11-server bug fix and enhancement update ()oval-com.redhat.rhba-def-20151445 unknownRHBA-2015:1445 CVE-2015-3418
RHBA-2015:1445: xorg-x11-server bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20151445 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:1445, CVE-2015-3418 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. This update fixes these bugs: * The Shift and Caps Lock and Num Lock keys' functionality was reversed when a USB keyboard was unplugged while in Caps Lock or Num Lock mode. Unplugging the keyboard with Caps Lock or Num Lock enabled and later plugging it back in led to incorrect modifier state on the keyboard. Now, the correct modifier state is applied when a keyboard is attached. The discrepancy between the actual and logical status of modifiers no longer occurs. (BZ#963829) * Connecting to a remote machine of different endianness architecture using the X Display Manager Control Protocol (XDMCP) could cause unexpected termination of the X server when the data length in the XkbSetGeometry request was erroneously swapped twice, and an incorrect value was produced. With this update, the data is swapped only once when appropriate, ensuring the use of correct data length. Connecting to remote machines no longer causes X server crashes in this situation. (BZ#1007006) * Due to a regression, the "Always" mode of the Xorg server's backing store (-bs) option was not functional, and applications expecting the retention of window content when it was unmapped did not work. The mode has been implemented, and applications that require it now work. (BZ#1138353) * The keyboard remained in Caps Lock or Num Lock mode even after the keys were pressed again to change input mode. Now, the Caps Lock and Num Lock functions no longer remain active after pressing the keys to deactivate them. (BZ#1161061) * The Xephyr server's 8-bit pseudocolor emulation incorrectly maintained only one colormap for the entire server. When running Xephyr at 8 bpp with multiple screens, only one screen displayed correct colors. Xephyr has been amended to maintain one colormap per screen and now displays correct colors on all screens. (BZ#1164828) * The X server package was missing requirements for basic drivers such as vesa, void, or evdev. With this update, installing the X server automatically pulls the basic required drivers as well. (BZ#1171121) * The fix for CVE-2014-8092 (RHSA-2014:1983) introduced a type conversion invalid in C++, preventing a C++ application, such as TigerVNC, to be compiled using the X server source files. Now, the header file uses an explicit cast for the type conversion, and C++ applications using X server source files can be compiled. (BZ#1177687) * The string format used in error messages was not supported by the X server. When connecting to an unwilling XDMCP server, an error, a backtrace, and termination of the X server occurred instead of displaying an error message. Now, the X server supports the string format, connecting to an unwilling XDMCP server no longer causes a crash, and an error message is displayed prior to exiting cleanly. (BZ#1184365) * The X Window System failed to load on reboot when the Xinerama extension and the SELinux module in enforcing mode were enabled. It kept attempting to load the GUI and went on in a loop. Now, the X Window System loads as expected in this situation. (BZ#1199591) * Passing a request containing zero height to the XPutImage() function could cause a "division by zero" error in the X server. Now, the X server checks the height value and avoids division by zero. The requests no longer cause errors. (BZ#1208094) Enhancement: * The xvfb-run script now accepts the "-a" argument to automatically select an unused display number. Users no longer have to choose one themselves, which was difficult and error-prone when running from automated scripts. The Xvfb server can be used for headless automation setups without the need to specify a display number explicitly. (BZ#1049297) Users of xorg-x11-server are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. |
RHBA-2015:1465: glibc bug fix update ()oval-com.redhat.rhba-def-20151465 unknownRHBA-2015:1465 CVE-2015-5229
RHBA-2015:1465: glibc bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20151465 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:1465, CVE-2015-5229 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. This update fixes the following bug: * A race condition in the malloc API family of functions could cause a deadlock leading to gluster NFS and Fuse mounts becoming unresponsive while running large amounts of I/O. The race condition in malloc has been removed and gluster NFS and Fuse mounts no longer hang in the described situation. (BZ#1244002) Users of glibc are advised to upgrade to these updated packages, which fix this bug. |
RHBA-2015:1554: 389-ds-base bug fix update ()oval-com.redhat.rhba-def-20151554 unknownRHBA-2015:1554 CVE-2015-3230
RHBA-2015:1554: 389-ds-base bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20151554 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:1554, CVE-2015-3230 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the LDAP server and command-line utilities for server administration. This update fixes the following bugs: * Previously, the code of search requests for asynchronous simple paged results was not thread-safe, which created a small window during which a conflict could occur in the simple paged result slot. As a consequence, the server could terminate unexpectedly. To fix this bug, the code is now thread-safe, and the crash no longer occurs in this situation. In addition, abandoning simple paged results request was previously not handled correctly if an abandon request was issued too quickly. Consequently, an internal search result object was in some cases not released. With this update, the search result request is safely released regardless of the timing of the abandon request. (BZ#1230037) * Prior to this update, a helper function to check whether the cache size is valid or not was resetting the cash size to a very small value. Consequently, the helper function was applied and the Distinguished Name (DN) cache was applied at the server start-up timing, which reduced the cache size. With this update, the helper function provides only the validity check and no longer resets the cache size. As a result, the entry and DN cache sizes do not get affected by the helper function. (BZ#1230038) * Previously, when AD users had multiple spaces inside the value of the RDN attribute, synchronizing the entry to the Directory Server failed. The underlying source code has been fixed, and Windows Synchronization (WinSync) plug-in in the Directory Server now works as expected. (BZ#1243718) Users of 389-ds-base are advised to upgrade to these updated packages, which fix these bugs. After installing this update, the 389 server service will be restarted automatically. |
RHBA-2015:2092: systemd bug fix and enhancement update ()oval-com.redhat.rhba-def-20152092 unknownRHBA-2015:2092 CVE-2016-7796
RHBA-2015:2092: systemd bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20152092 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2092, CVE-2016-7796 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. This update fixes multiple bugs and adds numerous enhancements. Refer to the following Red Hat Knowledgebase article for information on the most significant of these changes: https://access.redhat.com/articles/1611383 Users of systemd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. The system must be rebooted for this update to take effect. |
RHBA-2015:2116: GTK+ bug fix and enhancement update ()oval-com.redhat.rhba-def-20152116 unknownRHBA-2015:2116 CVE-2016-3190
RHBA-2015:2116: GTK+ bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20152116 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2116, CVE-2016-3190 |
| Description | The GTK+ packages contain the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. This update contains a number of rebases to the latest upstream stable versions, which provides a number of bug fixes and enhancements over the previous versions. For more information on the changes, see the GNOME release notes and Red Hat Enterprise Linux 7.2 Release Notes. The orc packages have been upgraded to version 0.4.22. (BZ#1174391) The atk packages have been upgraded to version 2.14.0. (BZ#1174433) The cairo packages have been upgraded to version 1.14.2. (BZ#1174435) The pango packages have been upgraded to version 1.36.8. (BZ#1174436) The gdk-pixbuf2 packages have been upgraded to version 2.31.1. (BZ#1174438) The gobject-introspection packages have been upgraded to version 1.42.0. (BZ#1174439) The glib-networking packages have been upgraded to version 2.42.2. (BZ#1174447) The dconf packages have been upgraded to version 0.22.0. (BZ#1174448) The gtksourceview3 packages have been upgraded to version 3.14.2. (BZ#1174500) The json-glib packages have been upgraded to version 1.0.2. (BZ#1174501) The webkitgtk3 packages have been upgraded to version 2.4.9. (BZ#1174556) The glibmm24 packages have been upgraded to version 2.42.0. (BZ#1174565) The harfbuzz packages have been upgraded to version 0.9.36. (BZ#1201148) The libxklavier packages have been upgraded to version 5.4. (BZ#1202874) The glib2 packages have been upgraded to version 2.42.2. (BZ#1203755) The gtk2 packages have been upgraded to version 2.24.28. (BZ#1221171) This update also fixes the following bugs: * Previously, GTK+ was treating frame times from _NET_WM_FRAME_DRAWN and _NET_WM_FRAME_TIMINGS as local monotonic times, but they are actually extended-precision versions of the server time. This was causing rendering stalls when using GTK+ applications remotely. With this update, frame times are converted to monotonic times when the X server and client are not running on the same system, and GTK+ applications can be used remotely without rendering stalls. (BZ#1243646) * Previously, the glib2 packages were rebased to a version that deprecated the g_memmove() function. As a consequence, libgsf failed to build from source. This update replaces g_memmove() with memmove(), thus fixing this bug. (BZ#1132679) * Prior to this update, the Python plug-in for GDB did not work with the version of GDB in Red Hat Enterprise Linux 7.1. As a consequence, GDB returned error messages when debugging glib2 applications. This update applies an upstream fix to use newer GDB APIs, and the Python GDB debugging aid for glib2 applications now works as expected. (BZ#1055733) * The glib2 utility previously returned confusing warning messages when programs added GObject properties after the class was initialized. The functionality of adding a property after the class was initialized has been added back due to backward compatibility concerns, and error messages on properties thus no longer appear. (BZ#1168600) * When selecting a file in the "Add attachment" window, Evolution previously terminated unexpectedly with a segmentation fault. This update fixes the gtk_tree_row_ref_deleted() function causing this bug, and attaching a file no longer leads to a crash. (BZ#1175941) * Previously, the CUPS back end checked an incorrect port to connect to remote printers. Consequently, fetching printer information failed and the "Print" button became insensitive. This update makes sure CUPS checks the correct port, thus fixing this bug. (BZ#1221157, BZ#1154038) Users of GTK+ are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:2142: pcre bug fix update ()oval-com.redhat.rhba-def-20152142 unknownRHBA-2015:2142 CVE-2015-2327
RHBA-2015:2142: pcre bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20152142 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2142, CVE-2015-2327 |
| Description | PCRE is a Perl-compatible regular expression library. This update fixes the following bugs: * Previously, non-matched groups within capturing groups up to a forced match were not being properly reset by PCRE, causing the library to incorrectly match some groups. With this update, non-matched groups within capturing groups up to a forced match are being properly marked as non-matching. (BZ#1161597) * Compiling zero-repeated groups with recursive back references no longer causes PCRE to crash. (BZ#1119356) * A bug in PCRE was causing it to match the wrong substring in regular expressions with empty-matching possessive zero-repeat groups. This problem has been fixed and matching these groups now behaves as expected. (BZ#1119320) * PCRE previously did not correctly evaluate regular expressions with literal quotations inside character class. For example, the expression "/[\Qa]\E]+/" was not matching the string "a", although it should. The problem has been fixed and regular expressions with literal quotations inside character class are now being evaluated correctly. (BZ#1111091) * An error in first character optimization was causing PCRE to incorrectly evaluate regular expressions where a start-anchored character with more than once case follows circumflex in multi-line UTF-8 mode. This update resolves the problem and PCRE now properly evaluates these regular expressions. (BZ#1110621) * Linking an application to the static PCRE library using the libpcre module for pkg-config was failing due to missing pthread symbols. The pkg-config modules for PCRE libraries have been updated to declare private libraries properly, and the "pkg-config --static --libs libpcre" command can now be used to link the static pcre library to an application. (BZ#1217111) * The pcredemo.c file, which is described in the pcresample(3) man page as containing code examples for PCRE, was missing from the pcre-devel package. The example file has been added to the pcre-devel package and can now be found in the /usr/share/doc/pcre-devel-8.32/ directory. (BZ#1217118) Users of pcre are advised to upgrade to these updated packages, which fix these bugs. |
RHBA-2015:2161: libcap-ng bug fix and enhancement update ()oval-com.redhat.rhba-def-20152161 unknownRHBA-2015:2161 CVE-2014-3215
RHBA-2015:2161: libcap-ng bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20152161 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2161, CVE-2014-3215 |
| Description | The libcap-ng library is designed to make programming with POSIX capabilities easier. It is shipped with utilities to analyze the POSIX capabilities of all running applications, as well as tools to set the file system-based capabilities. The libcap-ng packages have been upgraded to upstream version 0.7.5, which provides a number of bug fixes and enhancements over the previous version. (BZ#1185610) Users of libcap-ng are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:2194: httpd bug fix and enhancement update ()oval-com.redhat.rhba-def-20152194 unknownRHBA-2015:2194 CVE-2020-11985
RHBA-2015:2194: httpd bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20152194 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2194, CVE-2020-11985 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. This update fixes the following bugs: * The httpd daemon did not reset an internal array for storing variables defined using the "Define" directive. Consequently, variables could be undefined after a graceful restart. httpd has been fixed to reset this internal array during a graceful restart, and variables are now correctly defined in this scenario. (BZ#1227219) * The SSL_CLIENT_VERIFY environment variable was incorrectly handled when the "SSLVerifyClient optional_no_ca" and "SSLSessionCache" options were used. Consequently, when an SSL session was resumed, the SSL_CLIENT_VERIFY value was set to "SUCCESS" instead of the previously set "GENEROUS". SSL_CLIENT_VERIFY is now correctly set to GENEROUS in this scenario. (BZ#1170206) * The mod_ssl module did not call the ERR_free_strings method during its cleanup. Consequently, during the httpd daemon's reload, mod_ssl leaked memory. Now, ERR_free_strings is called by mod_ssl during the httpd reload, and mod_ssl no longer leaks memory. (BZ#1181690) * The status line of an HTTP response message from a server did not include the HTTP Reason-Phrase if the original response from the mod_proxy back-end server contained only a Status Code. Consequently, the server displayed only the Status Code to an HTTP client. HTTP clients now receive both the Status Code and Reason-Phrase. (BZ#1162159) * The mod_authz_dbm module requires the mod_authz_owner module but this dependency was not reflected in the mod_authz_dbm code. Consequently, when the "Require dbm-file-group" directive was used and mod_authz_dbm was loaded before mod_authz_owner, the httpd daemon terminated unexpectedly with a segmentation fault. The mod_authz_dbm code now allows loading before the mod_authz_owner module, and httpd no loner crashes in this scenario. (BZ#1221575) * The mod_proxy_fcgi module had a hardcoded 30-second timeout for a request. Consequently, it was impossible to change the timeout. mod_proxy_fcgi has been fixed to honor the Timeout or ProxyTimeout directives, and users are now able to configure the timeout of mod_proxy_fcgi. (BZ#1222328) * The mod_ssl method used for enabling Next Protocol Negotiation (NPN) support returned incorrect exit status when NPN was disabled. Consequently, although NPN was disabled by the configuration, mod_ssl continued to send it. The mod_ssl method now returns the correct value in this scenario, and mod_ssl no longer sends NPN unless configured to do so. (BZ#1226015) The update adds these enhancements: * The default configuration of the mod_ssl module in the Apache HTTP Server no longer enables support for SSL cipher suites using the single IDEA or SEED encryption algorithms, which are known to be easily exploitable. (BZ#1118476) * The mod_proxy_wstunnel module is now enabled by default and it includes support for SSL connections in the "wss://" scheme. Additionally, it is possible to use the "ws://" scheme in the "mod_rewrite" directives. This allows for using WebSockets as a target to "mod_rewrite" and enabling WebSockets in the proxy module. (BZ#1180745) * Apache HTTP Server now supports Microsoft User Principal Name (UPN) in the SSLUserName directive. Users can now authenticate with their Common Access Card (CAC) or certificate with a UPN in it, and have their UPN used as authenticated user information, consumed by both the access control in Apache and using the REMOTE_USER environment variable or a similar mechanism in applications. As a result, users can now set "SSLUserName SSL_CLIENT_SAN_OTHER_msUPN_0" for authentication using UPN. (BZ#1242503) Users of httpd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHBA-2015:2197: libreoffice bug fix and enhancement update ()oval-com.redhat.rhba-def-20152197 unknownRHBA-2015:2197 CVE-2015-1774
RHBA-2015:2197: libreoffice bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20152197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2197, CVE-2015-1774 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. The libreoffice packages have been upgraded to upstream version 4.3.7.2, which provides a number of bug fixes and enhancements over the previous version, most notably: * The possibility to print comments in page margin has been added. * Support for nested comments has been added. * OpenXML interoperability has been improved. * Accessibility support has been improved. * The color picker has been improved. * The start center has been improved. * Initial HiDPI support has been added. * The limitation on number of characters in a paragraph has been raised significantly. (BZ#1205091) For a complete list of bug fixes and enhancements provided by this upgrade, follow the link to the LibreOffice change log in the References section. Users of libreoffice are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:2258: samba bug fix and enhancement update ()oval-com.redhat.rhba-def-20152258 unknownRHBA-2015:2258 CVE-2015-7540
RHBA-2015:2258: samba bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20152258 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2258, CVE-2015-7540 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and other information. The samba packages have been upgraded to upstream version 4.2.3, which provides a number of bug fixes and enhancements over the previous version. Most notably, the "wbinfo -u" and "wbinfo -g" commands now only enumerate the users in their own domain by default. To enumerate all users on all trusted domains, run the "wbinfo --domain='*' -u" or "wbinfo --domain='*' -g" command. (BZ#1196140) This update also fixes the following bugs: * Accessing a printer published in Active Directory (AD) failed with error messages. Now, if Samba fails to find the printer in the Samba registry, it obtains the globally unique identifier (GUID) of the printer from AD and stores it in the registry. The printers work as expected. (BZ#1167325) * When running Samba without the winbindd service, authentication with user name and password sometimes failed. Now, it is possible to run Samba without winbindd, although it is not recommended. (BZ#1202347) * In long-running SMB sessions, re-authenticating sometimes caused the SMB server to terminate unexpectedly. Now, the server no longer crashes during the SMB session setup. Users can re-authenticate and then use the SMB file server as expected. (BZ#1223981) * The windbindd service terminated unexpectedly with a segmentation fault when the alternative domain name was not defined and Winbind was offline. This update defines the values for the alternative domain name as well as certain other settings that were previously not set. Windbind now works as expected in offline mode. (BZ#1225719) * Samba displayed the STATUS_ACCES_DENIED message when the client tried to reconnect after the session expired because of an invalid signing check. Samba now correctly verifies whether signing is required in this situation. Samba no longer displays the message, and the user is allowed to reconnect. (BZ#1228809) * The dfree utility sometimes reported an incorrect amount of free space on a Samba share. Now, the smbd service no longer ignores the block size of dfree, thus fixing the calculation of available space. The dfree utility correctly reports the available space on a Samba share. (BZ#1238194) * The "net ads keytab create" command sometimes terminated unexpectedly with a segmentation fault. Samba has been modified to initialize certain internal structures and free the cursor iterating the keytab. Now, "net ads keytab" no longer crashes. (BZ#1246166) * The users were sometimes unable to access a Samba share that specified identical values for the force user and force group when the "winbind use default domain = yes" setting was used. With this update, the users can access a Samba share in the described situation as expected. (BZ#1253193) * When the "map to guest = bad uid" setting was used, the user was sometimes denied permission to access a share as a guest user. Samba now handles "map to guest = bad uid" as expected, allowing users to access shares as guest users if they are not authenticated. (BZ#1255322) * The Samba files server terminated unexpectedly when the "mangling method = hash" setting was used in the smb.conf file. Samba now fully initializes the hash module, preventing the file server from accessing invalid data structures, and no longer crashes in this situation. (BZ#1255326) * When the user shared an XFS file system with disk quota, Samba displayed incorrect volume size on the client. With this update, Samba correctly displays the disk quota value as the volume size. (BZ#1258293) Users of samba are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing this update, the smb service will be restarted automatically. |
RHBA-2015:2287: setroubleshoot bug fix and enhancement update ()oval-com.redhat.rhba-def-20152287 unknownRHBA-2015:2287 CVE-2016-4445
RHBA-2015:2287: setroubleshoot bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20152287 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2287, CVE-2016-4445 |
| Description | The setroubleshoot packages contain a set of analysis plug-ins for use with the setroubleshoot utility. Each plug-in has the capacity to analyze SELinux Access Vector Cache (AVC) data, as well as system data, to provide user-friendly reports that describe how to interpret SELinux AVC denial messages. The setroubleshoot packages have been upgraded to upstream version 3.2.24, which provides a number of bug fixes and enhancements over the previous version. Notably, setroubleshoot now runs under the setroubleshoot user instead of the root user. (BZ#1212422) In addition, this update adds the following enhancement: * With this update, Bugzilla bug reports generated by the setroubleshoot utility include a version of the selinux-policy package. (BZ#1163346) Users of setroubleshoot are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2015:2395: redhat-upgrade-tool bug fix update ()oval-com.redhat.rhba-def-20152395 unknownRHBA-2015:2395 CVE-2014-3585
RHBA-2015:2395: redhat-upgrade-tool bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20152395 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2395, CVE-2014-3585 |
| Description | The Red Hat Upgrade Tool is used for performing an in-place upgrade of the current system to the next major version of Red Hat Enterprise Linux. It determines what packages are needed for the upgrade and gathers them from the source or sources given. It also fetches and sets up the boot images needed to run the upgrade and sets up the system to perform the upgrade on the next system boot. Running the Red Hat Upgrade Tool requires running the Preupgrade Assistant as a prerequisite. Users of redhat-upgrade-tool are advised to upgrade to this updated package, which fixes one bug. |
RHBA-2015:2424: sudo bug fix and enhancement update ()oval-com.redhat.rhba-def-20152424 unknownRHBA-2015:2424 CVE-2014-9680
RHBA-2015:2424: sudo bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20152424 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2424, CVE-2014-9680 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. This update fixes the following bug: * Previously, the umask_override entry in the sudoers(5) manual page also, incorrectly, contained information on the use_pty flag. With this update, information on the umask_override and usy_pty flags are in separate entries as expected. (BZ#1233607) In addition, this update adds the following enhancement: * The configuration of the sudo utility can now store the checksum of a command or script that is being permitted. When the command or script is run again, the checksum is compared to the stored checksum to verify that nothing has changed. If the command or binary is modified, the sudo utility refuses to run the command or logs a warning. This functionality makes it possible to correctly devolve responsibility and problem-solving activities if an incident occurs. (BZ#1183818) Users of sudo are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. |
RHBA-2015:2457: icedtea-web bug fix and enhancement update ()oval-com.redhat.rhba-def-20152457 unknownRHBA-2015:2457 CVE-2015-5234 CVE-2015-5235
RHBA-2015:2457: icedtea-web bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20152457 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2015:2457, CVE-2015-5234, CVE-2015-5235 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the netX project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. The icedtea-web packages have been upgraded to upstream version 1.6.1, which provides a number of bug fixes and enhancements over the previous version. Notable changes include the following: * The IcedTea-Web documentation and man pages have been significantly expanded. * IcedTea-Web now supports bash completion. * The "Custom Policies" and "Run in Sandbox" features have been enhanced. * An -html switch has been implemented for the Java Web Start (JavaWS) framework, which can serve as a replacement of the AppletViewer program. * It is now possible to use IcedTea-Web to crate desktop and menu launchers for applets and JavaWS applications. (BZ#1217153) Users of icedtea-web are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHBA-2016:2206: evolution-data-server bug fix update ()oval-com.redhat.rhba-def-20162206 unknownRHBA-2016:2206 CVE-2016-10727
RHBA-2016:2206: evolution-data-server bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20162206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2016:2206, CVE-2016-10727 |
| Description | The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. Users of evolution-data-server are advised to upgrade to these updated packages. |
RHBA-2017:0651: bind bug fix update ()oval-com.redhat.rhba-def-20170651 unknownRHBA-2017:0651 CVE-2016-2775
RHBA-2017:0651: bind bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20170651 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2017:0651, CVE-2016-2775 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. Users of bind are advised to upgrade to these updated packages. |
RHBA-2017:1767: bind bug fix update ()oval-com.redhat.rhba-def-20171767 unknownRHBA-2017:1767 CVE-2016-2775
RHBA-2017:1767: bind bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20171767 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2017:1767, CVE-2016-2775 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Users of bind are advised to upgrade to these updated packages. |
RHBA-2017:1929: openssl bug fix and enhancement update ()oval-com.redhat.rhba-def-20171929 unknownRHBA-2017:1929 CVE-2016-7056
RHBA-2017:1929: openssl bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20171929 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2017:1929, CVE-2016-7056 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Users of openssl are advised to upgrade to these updated packages. |
RHBA-2017:1991: libtirpc bug fix update ()oval-com.redhat.rhba-def-20171991 unknownRHBA-2017:1991 CVE-2018-14622
RHBA-2017:1991: libtirpc bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20171991 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2017:1991, CVE-2018-14622 |
| Description | The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Users of libtirpc are advised to upgrade to these updated packages. |
RHBA-2017:2100: GTK+ bug fix update ()oval-com.redhat.rhba-def-20172100 unknownRHBA-2017:2100 CVE-2015-7552
RHBA-2017:2100: GTK+ bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20172100 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2017:2100, CVE-2015-7552 |
| Description | The GTK+ packages contain the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Users of GTK+ are advised to upgrade to these updated packages. |
RHBA-2017:2117: dnsmasq bug fix and enhancement update ()oval-com.redhat.rhba-def-20172117 unknownRHBA-2017:2117 CVE-2019-14513
RHBA-2017:2117: dnsmasq bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20172117 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2017:2117, CVE-2019-14513 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. Users of dnsmasq are advised to upgrade to these updated packages. |
RHBA-2018:0042: dracut bug fix update ()oval-com.redhat.rhba-def-20180042 unknownRHBA-2018:0042 CVE-2017-5715
RHBA-2018:0042: dracut bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20180042 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2018:0042, CVE-2017-5715 |
| Description | The dracut packages contain an event-driven initial RAM file system (initramfs) generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition. This update fixes the following bug: * Microcode on AMD family 16h processors was not updated early in the boot process. With this bug fix, the issue is addressed. (BZ#1526943) Users of dracut are advised to upgrade to these updated packages, which fix this bug. |
RHBA-2018:3207: NetworkManager bug fix and enhancement update ()oval-com.redhat.rhba-def-20183207 unknownRHBA-2018:3207 CVE-2018-1000135
RHBA-2018:3207: NetworkManager bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20183207 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2018:3207, CVE-2018-1000135 |
| Description | NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. Users of NetworkManager are advised to upgrade to these updated packages. |
RHBA-2019:1992: cloud-init bug fix and enhancement update ()oval-com.redhat.rhba-def-20191992 unknownRHBA-2019:1992 CVE-2019-0816
RHBA-2019:1992: cloud-init bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20191992 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:1992, CVE-2019-0816 |
| Description | The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Users of cloud-init are advised to upgrade to these updated packages. |
RHBA-2019:2044: gnome bug fix and enhancement update ()oval-com.redhat.rhba-def-20192044 unknownRHBA-2019:2044 CVE-2018-5818 CVE-2018-5819
RHBA-2019:2044: gnome bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20192044 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:2044, CVE-2018-5818, CVE-2018-5819 |
| Description | GNOME is the default desktop environment of Red Hat Enterprise Linux. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. Users of gnome are advised to upgrade to these updated packages. |
RHBA-2019:2261: webkitgtk4 bug fix update ()oval-com.redhat.rhba-def-20192261 unknownRHBA-2019:2261 CVE-2019-7285 CVE-2019-7292 CVE-2019-8503 CVE-2019-8515 CVE-2019-8518 CVE-2019-8523
RHBA-2019:2261: webkitgtk4 bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20192261 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:2261, CVE-2019-7285, CVE-2019-7292, CVE-2019-8503, CVE-2019-8515, CVE-2019-8518, CVE-2019-8523 |
| Description | WebKitGTK+ is a full-featured port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. Users of webkitgtk4 are advised to upgrade to these updated packages. |
RHBA-2019:2339: lldpad bug fix and enhancement update ()oval-com.redhat.rhba-def-20192339 unknownRHBA-2019:2339 CVE-2018-10932
RHBA-2019:2339: lldpad bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20192339 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:2339, CVE-2018-10932 |
| Description | The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol (LLDP) Agent with Enhanced Ethernet support. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. Users of lldpad are advised to upgrade to these updated packages. |
RHBA-2019:2599: krb5 bug fix update ()oval-com.redhat.rhba-def-20192599 unknownRHBA-2019:2599 CVE-2018-20217
RHBA-2019:2599: krb5 bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20192599 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:2599, CVE-2018-20217 |
| Description | Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). This update fixes the following bug: * KDC and keytab can disagree on kvno after update (BZ#1732743) |
RHBA-2019:3384: ruby:2.5 bug fix and enhancement update ()oval-com.redhat.rhba-def-20193384 unknownRHBA-2019:3384 CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8325
RHBA-2019:3384: ruby:2.5 bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20193384 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:3384, CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8325 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHBA-2019:3408: openjpeg2 bug fix and enhancement update ()oval-com.redhat.rhba-def-20193408 unknownRHBA-2019:3408 CVE-2018-6616
RHBA-2019:3408: openjpeg2 bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20193408 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:3408, CVE-2018-6616 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHBA-2019:3416: pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update ()oval-com.redhat.rhba-def-20193416 unknownRHBA-2019:3416 CVE-2019-12086 CVE-2019-12814
RHBA-2019:3416: pki-core:10.6 and pki-deps:10:6 bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20193416 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:3416, CVE-2019-12086, CVE-2019-12814 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHBA-2019:3621: libidn2 bug fix and enhancement update ()oval-com.redhat.rhba-def-20193621 unknownRHBA-2019:3621 CVE-2019-18224
RHBA-2019:3621: libidn2 bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20193621 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:3621, CVE-2019-18224 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHBA-2019:3674: openldap bug fix and enhancement update ()oval-com.redhat.rhba-def-20193674 unknownRHBA-2019:3674 CVE-2020-15719
RHBA-2019:3674: openldap bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20193674 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:3674, CVE-2020-15719 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHBA-2019:4268: idm:DL1 bug fix update ()oval-com.redhat.rhba-def-20194268 unknownRHBA-2019:4268 CVE-2019-10195 CVE-2019-14867
RHBA-2019:4268: idm:DL1 bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20194268 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2019:4268, CVE-2019-10195, CVE-2019-14867 |
| Description | Bug Fix(es): * IPA upgrade fails for latest ipa package when adtrust is installed (BZ#1773516) |
RHBA-2020:1376: net-snmp bug fix and enhancement update ()oval-com.redhat.rhba-def-20201376 unknownRHBA-2020:1376 CVE-2019-20892
RHBA-2020:1376: net-snmp bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20201376 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2020:1376, CVE-2019-20892 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. Bug Fix(es) and Enhancement(s): * net-snmpd double free or corruption error (BZ#1802055) |
RHBA-2020:1628: pcp bug fix and enhancement update ()oval-com.redhat.rhba-def-20201628 unknownRHBA-2020:1628 CVE-2019-3695 CVE-2019-3696
RHBA-2020:1628: pcp bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20201628 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2020:1628, CVE-2019-3695, CVE-2019-3696 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHBA-2020:3527: kernel-rt bug fix update ()oval-com.redhat.rhba-def-20203527 unknownRHBA-2020:3527 CVE-2019-5108
RHBA-2020:3527: kernel-rt bug fix update ()
| Rule ID | oval-com.redhat.rhba-def-20203527 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2020:3527, CVE-2019-5108 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. This update fixes the following bug: * kernel-rt: update to the latest RHEL7.8.z source tree (BZ#1868505) The system must be rebooted for this update to take effect. |
RHBA-2021:0621: microcode_ctl bug fix and enhancement update (Moderate)oval-com.redhat.rhba-def-20210621 mediumRHBA-2021:0621 CVE-2020-8696
RHBA-2021:0621: microcode_ctl bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhba-def-20210621 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHBA-2021:0621, CVE-2020-8696 |
| Description | The microcode_ctl packages provide microcode updates for Intel and AMD processors. Bug Fix(es) and Enhancement(s): * [rhel-8.3.0.z] [HPEMC 8.3.z REGRESSION] Regression in intel microcode as of 20201110 (BZ#1907898) |
RHBA-2021:0623: microcode_ctl bug fix and enhancement update (Moderate)oval-com.redhat.rhba-def-20210623 mediumRHBA-2021:0623 CVE-2020-8696
RHBA-2021:0623: microcode_ctl bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhba-def-20210623 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHBA-2021:0623, CVE-2020-8696 |
| Description | The microcode_ctl packages provide microcode updates for Intel and AMD processors. Bug Fix(es) and Enhancement(s): * [HPEMC 7.9 REGRESSION] Microcode_ctl microcode_ctl (BZ#1905111) |
RHBA-2021:3054: opencryptoki bug fix and enhancement update ()oval-com.redhat.rhba-def-20213054 unknownRHBA-2021:3054 CVE-2021-3798
RHBA-2021:3054: opencryptoki bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhba-def-20213054 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHBA-2021:3054, CVE-2021-3798 |
| Description | The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities. Bug Fix(es) and Enhancement(s): * RHEL8.5 - openCryptoki: Soft token does not check if an EC key is valid (BZ#1979173) |
RHEA-2010:0272: valgrind bug fix and enhancement update ()oval-com.redhat.rhea-def-20100272 unknownRHEA-2010:0272 CVE-2008-4865
RHEA-2010:0272: valgrind bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20100272 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2010:0272, CVE-2008-4865 |
| Description | Valgrind is a tool to help you find memory-management problems in your programs. When a program is run under Valgrind's supervision, all reads and writes of memory are checked, and calls to malloc/new/free/delete are intercepted. As a result, Valgrind can detect a lot of problems that are otherwise very hard to find/diagnose. This update re-bases Valgrind to upstream version 3.5.0 (BZ#522330), and applies several enhancements and fixes including the following: * Valgrind now supports cmpxchg instructions. This allows Valgrind to profile code that uses the Intel cmpxchg instruction. (BZ#476271) * The rebase also adds emulation for the 0x67 address-size-override prefix and support for multiple 0x66 operand size prefixes. This prevents unexpected "unhandled instruction bytes" errors when using Valgrind to profile programs that use these prefixes. (BZ#515768 and BZ#530165) All Valgrind users should apply this update. |
RHEA-2011:0039: subversion enhancement update ()oval-com.redhat.rhea-def-20110039 unknownRHEA-2011:0039 CVE-2007-2448
RHEA-2011:0039: subversion enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20110039 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2011:0039, CVE-2007-2448 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. These updated subversion packages add the following enhancements: * The Subversion package has been upgraded to version 1.6.11 and supports now merge tracking and interactive conflict resolution. (BZ#497036, BZ#488810) * A SysV init script for the svnserve command is now available. (BZ#564073) Users of subversion are advised to upgrade to these updated packages, which add these enhancements. |
RHEA-2015:0369: elfutils bug fix and enhancement update ()oval-com.redhat.rhea-def-20150369 unknownRHEA-2015:0369 CVE-2014-0172
RHEA-2015:0369: elfutils bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20150369 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2015:0369, CVE-2014-0172 |
| Description | The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages have been upgraded to upstream version 0.160, which provides a number of bug fixes and enhancements over the previous version. The most notable enhancements are as follows: * Support for ELFv2 application binary interface on the little-endian variant of IBM Power Systems has been added to elfutils. * Support for unwinding on ARM 64-bit architecture has been added to elfutils. * Support for DWZ multifiles in elfutils is now enabled by default and no longer experimental. * A new option, "-F", "--force", has been added to the eu-unstrip utility for combining files with nonmatching ELF headers. * The eu-stack utility is now able to display DWARF debuginfo function names for frames and can use DWARF debuginfo to show inlined functions and frames. * Several new functions have been added to the libdw library. (BZ#1109245) Users of elfutils are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHEA-2015:1302: elfutils bug fix and enhancement update ()oval-com.redhat.rhea-def-20151302 unknownRHEA-2015:1302 CVE-2014-9447
RHEA-2015:1302: elfutils bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20151302 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2015:1302, CVE-2014-9447 |
| Description | The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages have been upgraded to upstream version 0.161, which provides a number of bug fixes and enhancements over the previous version. The most notable new features are: * The eu-stack utility supports showing inlined frames and it is now able to produce backtraces even for processes that might have some of their on-disk libraries updated or deleted. * Improved DWZ compressed DWARF multi-file support with new functions, "dwarf_getalt" and "dwarf_setalt", has been introduced. * Support for ARM 64-bit architecture and Red Hat Enterprise Linux for POWER, little endian has been added. * The libdw library now supports LZMA-compressed (.ko.xz) kernel modules. * Support for ".debug_macro" has been added; new functions has been introduced: "dwarf_getmacros_off", "dwarf_macro_getsrcfiles", "dwarf_macro_getparamcnt", and "dwarf_macro_param". * New GNU extensions to the DWARF format are now recognized. * New functions have been added to the libdw library: "dwarf_peel_type", "dwarf_cu_getdwarf", "dwarf_cu_die", "dwelf_elf_gnu_debuglink", "dwelf_dwarf_gnu_debugaltlink", "dwelf_elf_gnu_build_id". (BZ#1167724) Users of elfutils are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHEA-2015:2126: elfutils bug fix and enhancement update ()oval-com.redhat.rhea-def-20152126 unknownRHEA-2015:2126 CVE-2014-9447
RHEA-2015:2126: elfutils bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20152126 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2015:2126, CVE-2014-9447 |
| Description | The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages have been upgraded to upstream version 0.163, which provides a number of bug fixes and enhancements over the previous version. Notably: * Previously, elfutils libraries and tools could crash on malformed ELF files or incorrect DWARF data. All known ways to crash the libraries and tools on such incorrect input data have been fixed. * The following changes and improvements have been made to the eu-addr2line tool: - Input addresses are now always interpreted as hexadecimal numbers, never as octal or decimal numbers. - A new option, "-a", "--addresses", to print address before each entry. - A new option, "-C", "--demangle", to show demangled symbols. - A new option, "--pretty-print", to print all information on one line. As a result, it is possible to use eu-addr2line as a drop-in replacement for binutils addr2line. * This update introduces the following improvements to the libdw library: - A new header file elfutils/known-dwarf.h. - The preliminary DWARF5 constants "DW_AT_noreturn", "DW_LANG_C11", "DW_LANG_C_plus_plus_11", "DW_LANG_C_plus_plus_14", "DW_TAG_atomic_type", "DW_LANG_Fortran03", and "DW_LANG_Fortran08", plus the GNU extension "DW_AT_GNU_deleted" have been added to the elfutils/dwarf.h file. - A new function, dwarf_peel_type(), for handling qualified types. - The dwarf_getmacros function now serves both the .debug_macro and .debug_macinfo section data transparently. - New interfaces, "dwarf_getmacros_off", "dwarf_macro_getsrcfiles", "dwarf_macro_getparamcnt", and "dwarf_macro_param", are available for more generalized inspection of macros and their parameters. (BZ#1224169, BZ#1223462) Users of elfutils are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHEA-2018:0705: tcpdump bug fix and enhancement update ()oval-com.redhat.rhea-def-20180705 unknownRHEA-2018:0705 CVE-2017-11108 CVE-2017-11541 CVE-2017-11542 CVE-2017-11543 CVE-2017-11544 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725
RHEA-2018:0705: tcpdump bug fix and enhancement update ()
RHEA-2019:2270: openjpeg2 bug fix and enhancement update ()oval-com.redhat.rhea-def-20192270 unknownRHEA-2019:2270 CVE-2018-6616
RHEA-2019:2270: openjpeg2 bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20192270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2019:2270, CVE-2018-6616 |
| Description | OpenJPEG is an open-source JPEG 2000 library. For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. Users of openjpeg2 are advised to upgrade to these updated packages. |
RHEA-2019:3280: nss, nss-softokn, nss-util and nspr bug fix and enhancement update ()oval-com.redhat.rhea-def-20193280 unknownRHEA-2019:3280 CVE-2019-17007
RHEA-2019:3280: nss, nss-softokn, nss-util and nspr bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20193280 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2019:3280, CVE-2019-17007 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The nss, nss-softokn and nss-util packages have been upgraded to upstream versions 3.44, and the nspr packages have been upgraded to upstream version 4.21. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Notably, these upgrades allow users to upgrade to Mozilla Firefox 68 Extended Support Release. (BZ#1684609, BZ#1743623, BZ#1743625, BZ#1743628) |
RHEA-2019:3845: microcode_ctl bug fix and enhancement update ()oval-com.redhat.rhea-def-20193845 unknownRHEA-2019:3845 CVE-2019-0117
RHEA-2019:3845: microcode_ctl bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20193845 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2019:3845, CVE-2019-0117 |
| Description | The microcode_ctl packages provide microcode updates for Intel x86 processors. With this update, the Intel microcode version has been updated to microcode-20191112. Users of microcode_ctl are advised to upgrade to these updated packages, which add this enhancement. |
RHEA-2019:3846: microcode_ctl bug fix and enhancement update ()oval-com.redhat.rhea-def-20193846 unknownRHEA-2019:3846 CVE-2019-0117
RHEA-2019:3846: microcode_ctl bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20193846 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2019:3846, CVE-2019-0117 |
| Description | The microcode_ctl packages provide microcode updates for Intel x86 processors. This update adds the following enhancement: * Update Intel microcode version to microcode-20191112 (BZ#1769889) Users of microcode_ctl are advised to upgrade to these updated packages, which add this enhancement. |
RHEA-2019:3847: microcode_ctl bug fix and enhancement update ()oval-com.redhat.rhea-def-20193847 unknownRHEA-2019:3847 CVE-2019-0117
RHEA-2019:3847: microcode_ctl bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20193847 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2019:3847, CVE-2019-0117 |
| Description | The microcode_ctl packages provide microcode updates for Intel x86 processors. This update adds the following enhancement: * Update Intel microcode version to microcode-20191112 (BZ#1755017) Users of microcode_ctl are advised to upgrade to these updated packages, which add this enhancement. |
RHEA-2019:4262: webkit2gtk3 enhancement update ()oval-com.redhat.rhea-def-20194262 unknownRHEA-2019:4262 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8669 CVE-2019-8674 CVE-2019-8678 CVE-2019-8680 CVE-2019-8683 CVE-2019-8684 CVE-2019-8688 CVE-2019-8707 CVE-2019-8719 CVE-2019-8733 CVE-2019-8763 CVE-2019-8765 CVE-2019-8821 CVE-2019-8822
RHEA-2019:4262: webkit2gtk3 enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20194262 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2019:4262, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8669, CVE-2019-8674, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683, CVE-2019-8684, CVE-2019-8688, CVE-2019-8707, CVE-2019-8719, CVE-2019-8733, CVE-2019-8763, CVE-2019-8765, CVE-2019-8821, CVE-2019-8822 |
| Description | This update adds the following enhancement: * Update WebKitGTK to 2.24.4 (BZ#1755824). Users of webkit2gtk3 are advised to upgrade to this updated package, which adds this enhancement. |
RHEA-2020:0330: nodejs:12 enhancement update ()oval-com.redhat.rhea-def-20200330 unknownRHEA-2020:0330 CVE-2019-16775 CVE-2019-16776 CVE-2019-16777
RHEA-2020:0330: nodejs:12 enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20200330 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2020:0330, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777 |
| Description | The following packages have been upgraded to a later upstream version: nodejs (12.14.1). (BZ#1791067) |
RHEA-2020:0343: libpq bug fix and enhancement update ()oval-com.redhat.rhea-def-20200343 unknownRHEA-2020:0343 CVE-2019-10164
RHEA-2020:0343: libpq bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20200343 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2020:0343, CVE-2019-10164 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHEA-2020:4505: python-rtslib bug fix and enhancement update ()oval-com.redhat.rhea-def-20204505 unknownRHEA-2020:4505 CVE-2020-14019
RHEA-2020:4505: python-rtslib bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20204505 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2020:4505, CVE-2020-14019 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHEA-2021:1580: libarchive bug fix and enhancement update ()oval-com.redhat.rhea-def-20211580 unknownRHEA-2021:1580 CVE-2017-14502
RHEA-2021:1580: libarchive bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20211580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2021:1580, CVE-2017-14502 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHEA-2021:1906: libyang bug fix and enhancement update ()oval-com.redhat.rhea-def-20211906 unknownRHEA-2021:1906 CVE-2019-20391 CVE-2019-20392 CVE-2019-20393 CVE-2019-20394 CVE-2019-20395 CVE-2019-20396 CVE-2019-20397 CVE-2019-20398
RHEA-2021:1906: libyang bug fix and enhancement update ()
| Rule ID | oval-com.redhat.rhea-def-20211906 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | unknown |
| Identifiers and References | Identifiers: RHEA-2021:1906, CVE-2019-20391, CVE-2019-20392, CVE-2019-20393, CVE-2019-20394, CVE-2019-20395, CVE-2019-20396, CVE-2019-20397, CVE-2019-20398 |
| Description | For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2006:0016: initscripts security update (Moderate)oval-com.redhat.rhsa-def-20060016 mediumRHSA-2006:0016 CVE-2005-3629
RHSA-2006:0016: initscripts security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0016, CVE-2005-3629 |
| Description | The initscripts package contains the basic system scripts used to boot your Red Hat system, change runlevels, and shut the system down cleanly. Initscripts also contains the scripts that activate and deactivate most network interfaces. A bug was found in the way initscripts handled various environment variables when the /sbin/service command is run. It is possible for a local user with permissions to execute /sbin/service via sudo to execute arbitrary commands as the 'root' user. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-3629 to this issue. The following issues have also been fixed in this update: * extraneous characters were logged on bootup * fsck was attempted on file systems marked with _netdev in rc.sysinit before they were available * the dynamically-linked /sbin/multipath was called instead of the correct /sbin/multiplath.static Additionally, this update includes support for partitioned multipath devices and a technology preview of static IP over InifiniBand. All users of initscripts should upgrade to this updated package, which resolves these issues. |
RHSA-2006:0044: openssh security update (Low)oval-com.redhat.rhsa-def-20060044 lowRHSA-2006:0044 CVE-2006-0225
RHSA-2006:0044: openssh security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20060044 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2006:0044, CVE-2006-0225 |
| Description | OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An arbitrary command execution flaw was discovered in the way scp copies files locally. It is possible for a local attacker to create a file with a carefully crafted name that could execute arbitrary commands as the user running scp to copy files locally. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0225 to this issue. The following issue has also been fixed in this update: * If the sshd service was stopped using the sshd init script while the main sshd daemon was not running, the init script would kill other sshd processes, such as the running sessions. For example, this could happen when the 'service sshd stop' command was issued twice. Additionally, this update implements auditing of user logins through the system audit service. All users of openssh should upgrade to these updated packages, which resolve these issues. |
RHSA-2006:0052: squid security update (Moderate)oval-com.redhat.rhsa-def-20060052 mediumRHSA-2006:0052 CVE-2005-2917
RHSA-2006:0052: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060052 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0052, CVE-2005-2917 |
| Description | Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way squid processes certain NTLM authentication requests. It is possible for a remote attacker to crash the Squid server by sending a specially crafted NTLM authentication request. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-2917 to this issue. The following issues have also been fixed in this update: * An error introduced in squid-2.5.STABLE6-3.4E.12 can crash Squid when a user visits a site that has a bit longer DNS record. * An error introduced in the old package prevented Squid from returning correct information about large file systems. The new package is compiled with the IDENT lookup support so that users who want to use it do not have to recompile it. * Some authentication helpers needed SETUID rights but did not have them. If administrators wanted to use cache administrator, they had to change the SETUID bit manually. The updated package sets this bit so the new package can be updated without manual intervention from administrators. * Squid could not handle a reply from an HTTP server when the reply began with the new-line character. * An issue was discovered when a reply from an HTTP server was not HTTP 1.0 or 1.1 compliant. * The updated package keeps user-defined error pages when the package is updated and it adds new ones. All users of squid should upgrade to this updated package, which resolves these issues. |
RHSA-2006:0101: kernel security update (Important)oval-com.redhat.rhsa-def-20060101 highRHSA-2006:0101 CVE-2002-2185 CVE-2004-1190 CVE-2005-2458 CVE-2005-2709 CVE-2005-2800 CVE-2005-3044 CVE-2005-3106 CVE-2005-3109 CVE-2005-3276 CVE-2005-3356 CVE-2005-3358 CVE-2005-3784 CVE-2005-3806 CVE-2005-3848 CVE-2005-3857 CVE-2005-3858 CVE-2005-4605
RHSA-2006:0101: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060101 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0101, CVE-2002-2185, CVE-2004-1190, CVE-2005-2458, CVE-2005-2709, CVE-2005-2800, CVE-2005-3044, CVE-2005-3106, CVE-2005-3109, CVE-2005-3276, CVE-2005-3356, CVE-2005-3358, CVE-2005-3784, CVE-2005-3806, CVE-2005-3848, CVE-2005-3857, CVE-2005-3858, CVE-2005-4605 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: - a flaw in network IGMP processing that a allowed a remote user on the local network to cause a denial of service (disabling of multicast reports) if the system is running multicast applications (CVE-2002-2185, moderate) - a flaw which allowed a local user to write to firmware on read-only opened /dev/cdrom devices (CVE-2004-1190, moderate) - a flaw in gzip/zlib handling internal to the kernel that may allow a local user to cause a denial of service (crash) (CVE-2005-2458, low) - a flaw in procfs handling during unloading of modules that allowed a local user to cause a denial of service or potentially gain privileges (CVE-2005-2709, moderate) - a flaw in the SCSI procfs interface that allowed a local user to cause a denial of service (crash) (CVE-2005-2800, moderate) - a flaw in 32-bit-compat handling of the TIOCGDEV ioctl that allowed a local user to cause a denial of service (crash) (CVE-2005-3044, important) - a race condition when threads share memory mapping that allowed local users to cause a denial of service (deadlock) (CVE-2005-3106, important) - a flaw when trying to mount a non-hfsplus filesystem using hfsplus that allowed local users to cause a denial of service (crash) (CVE-2005-3109, moderate) - a minor info leak with the get_thread_area() syscall that allowed a local user to view uninitialized kernel stack data (CVE-2005-3276, low) - a flaw in mq_open system call that allowed a local user to cause a denial of service (crash) (CVE-2005-3356, important) - a flaw in set_mempolicy that allowed a local user on some 64-bit architectures to cause a denial of service (crash) (CVE-2005-3358, important) - a flaw in the auto-reap of child processes that allowed a local user to cause a denial of service (crash) (CVE-2005-3784, important) - a flaw in the IPv6 flowlabel code that allowed a local user to cause a denial of service (crash) (CVE-2005-3806, important) - a flaw in network ICMP processing that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3848, important) - a flaw in file lease time-out handling that allowed a local user to cause a denial of service (log file overflow) (CVE-2005-3857, moderate) - a flaw in network IPv6 xfrm handling that allowed a local user to cause a denial of service (memory exhaustion) (CVE-2005-3858, important) - a flaw in procfs handling that allowed a local user to read kernel memory (CVE-2005-4605, important) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. |
RHSA-2006:0129: spamassassin security update (Moderate)oval-com.redhat.rhsa-def-20060129 mediumRHSA-2006:0129 CVE-2005-3351
RHSA-2006:0129: spamassassin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060129 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0129, CVE-2005-3351 |
| Description | SpamAssassin provides a way to reduce unsolicited commercial email (SPAM) from incoming email. A denial of service bug was found in SpamAssassin. An attacker could construct a message in such a way that would cause SpamAssassin to crash. If a number of these messages are sent, it could lead to a denial of service, potentially preventing the delivery or filtering of email. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-3351 to this issue. The following issues have also been fixed in this update: * service spamassassin restart sometimes fails * Content Boundary "--" throws off message parser * sa-learn: massive memory usage on large messages * High memory usage with many newlines * service spamassassin messages not translated * Numerous other bug fixes that improve spam filter accuracy and safety Users of SpamAssassin should upgrade to this updated package containing version 3.0.5, which is not vulnerable to these issues. |
RHSA-2006:0132: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 3 (Moderate)oval-com.redhat.rhsa-def-20060132 mediumRHSA-2006:0132 CVE-2006-0095
RHSA-2006:0132: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 3 (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060132 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0132, CVE-2006-0095 |
| Description | The Linux kernel handles the basic functions of the operating system. This is the third regular kernel update to Red Hat Enterprise Linux 4. New features introduced in this update include: - Open InfiniBand (OpenIB) support - Serial Attached SCSI support - NFS access control lists, asynchronous I/O - IA64 multi-core support and sgi updates - Large SMP CPU limits increased using the largesmp kernel: Up to 512 CPUs in ia64, 128 in ppc64, and 64 in AMD64 and Intel EM64T - Improved read-ahead performance - Common Internet File System (CIFS) update - Error Detection and Correction (EDAC) modules - Unisys support There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. The following security bug was fixed in this update: - dm-crypt did not clear a structure before freeing it, which could allow local users to discover information about cryptographic keys (CVE-2006-0095) The following device drivers have been upgraded to new versions: cciss: 2.6.8 to 2.6.8-rh1 ipmi_devintf: 33.4 to 33.11 ipmi_msghandler: 33.4 to 33.11 ipmi_poweroff: 33.4 to 33.11 ipmi_si: 33.4 to 33.11 ipmi_watchdog: 33.4 to 33.11 mptbase: 3.02.18 to 3.02.60.01rh e1000: 6.0.54-k2-NAPI to 6.1.16-k2-NAPI ixgb: 1.0.95-k2-NAPI to 1.0.100-k2-NAPI tg3: 3.27-rh to 3.43-rh aacraid: 1.1.2-lk2 to 1.1-5[2412] ahci: 1.01 to 1.2 ata_piix: 1.03 to 1.05 iscsi_sfnet: 4:0.1.11-1 to 4:0.1.11-2 libata: 1.11 to 1.20 qla2100: 8.01.00b5-rh2 to 8.01.02-d3 qla2200: 8.01.00b5-rh2 to 8.01.02-d3 qla2300: 8.01.00b5-rh2 to 8.01.02-d3 qla2322: 8.01.00b5-rh2 to 8.01.02-d3 qla2xxx: 8.01.00b5-rh2 to 8.01.02-d3 qla6312: 8.01.00b5-rh2 to 8.01.02-d3 sata_nv: 0.6 to 0.8 sata_promise: 1.01 to 1.03 sata_svw: 1.06 to 1.07 sata_sx4: 0.7 to 0.8 sata_vsc: 1.0 to 1.1 cifs: 1.20 to 1.34 Added drivers: bnx2: 1.4.25 dell_rbu: 0.7 hangcheck-timer: 0.9.0 ib_mthca: 0.06 megaraid_sas: 00.00.02.00 qla2400: 8.01.02-d3 typhoon: 1.5.7 All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. |
RHSA-2006:0159: httpd security update (Moderate)oval-com.redhat.rhsa-def-20060159 mediumRHSA-2006:0159 CVE-2005-2970 CVE-2005-3352 CVE-2005-3357
RHSA-2006:0159: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060159 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0159, CVE-2005-2970, CVE-2005-3352, CVE-2005-3357 |
| Description | The Apache HTTP Server is a popular and freely-available Web server. A memory leak in the worker MPM could allow remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2970 to this issue. This vulnerability only affects users who are using the non-default worker MPM. A flaw in mod_imap when using the Referer directive with image maps was discovered. With certain site configurations, a remote attacker could perform a cross-site scripting attack if a victim can be forced to visit a malicious URL using certain web browsers. (CVE-2005-3352) A NULL pointer dereference flaw in mod_ssl was discovered affecting server configurations where an SSL virtual host is configured with access control and a custom 400 error document. A remote attacker could send a carefully crafted request to trigger this issue which would lead to a crash. This crash would only be a denial of service if using the non-default worker MPM. (CVE-2005-3357) Users of httpd should update to these erratum packages which contain backported patches to correct these issues along with some additional bugs. |
RHSA-2006:0160: tetex security update (Moderate)oval-com.redhat.rhsa-def-20060160 mediumRHSA-2006:0160 CVE-2005-3191 CVE-2005-3192 CVE-2005-3193 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627 CVE-2005-3628
RHSA-2006:0160: tetex security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060160 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0160, CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628 |
| Description | TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. Several flaws were discovered in the teTeX PDF parsing library. An attacker could construct a carefully crafted PDF file that could cause teTeX to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3191, CVE-2005-3192, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 and CVE-2005-3628 to these issues. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. |
RHSA-2006:0163: cups security update (Important)oval-com.redhat.rhsa-def-20060163 highRHSA-2006:0163 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
RHSA-2006:0163: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0163, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Chris Evans discovered several flaws in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. All users of CUPS should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2006:0164: mod_auth_pgsql security update (Critical)oval-com.redhat.rhsa-def-20060164 highRHSA-2006:0164 CVE-2005-3656
RHSA-2006:0164: mod_auth_pgsql security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0164, CVE-2005-3656 |
| Description | The mod_auth_pgsql package is an httpd module that allows user authentication against information stored in a PostgreSQL database. Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. All users of mod_auth_pgsql should upgrade to these updated packages, which contain a backported patch to resolve this issue. This issue does not affect the mod_auth_pgsql package supplied with Red Hat Enterprise Linux 2.1. Red Hat would like to thank iDefense for reporting this issue. |
RHSA-2006:0177: gpdf security update (Important)oval-com.redhat.rhsa-def-20060177 highRHSA-2006:0177 CVE-2005-3624 CVE-2005-3625 CVE-2005-3626 CVE-2005-3627
RHSA-2006:0177: gpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060177 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0177, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 |
| Description | gpdf is a GNOME based viewer for Portable Document Format (PDF) files. Chris Evans discovered several flaws in the way gpdf processes PDF files. An attacker could construct a carefully crafted PDF file that could cause gpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. Users of gpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. |
RHSA-2006:0178: ImageMagick security update (Moderate)oval-com.redhat.rhsa-def-20060178 mediumRHSA-2006:0178 CVE-2005-4601 CVE-2006-0082
RHSA-2006:0178: ImageMagick security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060178 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0178, CVE-2005-4601, CVE-2006-0082 |
| Description | ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A shell command injection flaw was found in ImageMagick's "display" command. It is possible to execute arbitrary commands by tricking a user into running "display" on a file with a specially crafted name. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2005-4601 to this issue. A format string flaw was discovered in the way ImageMagick handles filenames. It may be possible to execute arbitrary commands by tricking a user into running a carefully crafted ImageMagick command. (CVE-2006-0082) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. |
RHSA-2006:0184: kdelibs security update (Critical)oval-com.redhat.rhsa-def-20060184 highRHSA-2006:0184 CVE-2006-0019
RHSA-2006:0184: kdelibs security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060184 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0184, CVE-2006-0019 |
| Description | kdelibs contains libraries for the K Desktop Environment (KDE). A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. NOTE: this issue does not affect KDE in Red Hat Enterprise Linux 3 or 2.1. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue as well as two bug fixes. |
RHSA-2006:0194: gd security update (Moderate)oval-com.redhat.rhsa-def-20060194 mediumRHSA-2006:0194 CVE-2004-0941
RHSA-2006:0194: gd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060194 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0194, CVE-2004-0941 |
| Description | The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Several buffer overflow flaws were found in the way gd allocates memory. An attacker could create a carefully crafted image that could execute arbitrary code if opened by a victim using a program linked against the gd library. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2004-0941 to these issues. Users of gd should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues. |
RHSA-2006:0197: python security update (Moderate)oval-com.redhat.rhsa-def-20060197 mediumRHSA-2006:0197 CVE-2005-2491
RHSA-2006:0197: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0197, CVE-2005-2491 |
| Description | Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was found in Python's PCRE library that could be triggered by a maliciously crafted regular expression. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to execute arbitrary code with the privileges of the application using the library. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-2491 to this issue. Users of Python should upgrade to these updated packages, which contain a backported patch that is not vulnerable to this issue. |
RHSA-2006:0200: firefox security update (Critical)oval-com.redhat.rhsa-def-20060200 highRHSA-2006:0200 CVE-2005-4134 CVE-2006-0292 CVE-2006-0296
RHSA-2006:0200: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060200 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0200, CVE-2005-4134, CVE-2006-0292, CVE-2006-0296 |
| Description | Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's Javascript interpreter derefernces objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary javascript when a user runs Firefox. (CVE-2006-0296) A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time the next time it is run. (CVE-2005-4134) This update also fixes a bug when using XSLT to transform documents. Passing DOM Nodes as parameters to functions expecting an xsl:param could cause Firefox to throw an exception. Users of Firefox are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2006:0201: xpdf security update (Important)oval-com.redhat.rhsa-def-20060201 highRHSA-2006:0201 CVE-2006-0301
RHSA-2006:0201: xpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060201 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0201, CVE-2006-0301 |
| Description | The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. A heap based buffer overflow bug was discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of Xpdf should upgrade to this updated package, which contains a backported patch to resolve these issues. Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch. |
RHSA-2006:0204: mailman security update (Moderate)oval-com.redhat.rhsa-def-20060204 mediumRHSA-2006:0204 CVE-2005-3573 CVE-2005-4153
RHSA-2006:0204: mailman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060204 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0204, CVE-2005-3573, CVE-2005-4153 |
| Description | Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3573 to this issue. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. (CVE-2005-4153). Users of Mailman should upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2006:0205: libpng security update (Moderate)oval-com.redhat.rhsa-def-20060205 mediumRHSA-2006:0205 CVE-2006-0481
RHSA-2006:0205: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060205 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0205, CVE-2006-0481 |
| Description | The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap based buffer overflow bug was found in the way libpng strips alpha channels from a PNG image. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash or execute arbitrary code when the file is opened by a victim. The Common Vulnerabilities and Exposures project has assigned the name CVE-2006-0481 to this issue. Please note that the vunerable libpng function is only used by TeTeX and XEmacs on Red Hat Enterprise Linux 4. All users of libpng are advised to update to these updated packages which contain a backported patch that is not vulnerable to this issue. |
RHSA-2006:0206: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20060206 highRHSA-2006:0206 CVE-2006-0301
RHSA-2006:0206: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0206, CVE-2006-0301 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a pdf file viewer. A heap based buffer overflow bug was discovered in kpdf. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0301 to this issue. Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2006:0207: gnutls security update (Important)oval-com.redhat.rhsa-def-20060207 highRHSA-2006:0207 CVE-2006-0645
RHSA-2006:0207: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060207 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0207, CVE-2006-0645 |
| Description | The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GNU TLS includes Libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Several flaws were found in the way libtasn1 decodes DER. An attacker could create a carefully crafted invalid X.509 certificate in such a way that could trigger this flaw if parsed by an application that uses GNU TLS. This could lead to a denial of service (application crash). It is not certain if this issue could be escalated to allow arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0645 to this issue. In Red Hat Enterprise Linux 4, the GNU TLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GNU TLS maintainers to correct this issue. |
RHSA-2006:0232: tar security update (Moderate)oval-com.redhat.rhsa-def-20060232 mediumRHSA-2006:0232 CVE-2006-0300
RHSA-2006:0232: tar security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060232 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0232, CVE-2006-0300 |
| Description | The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. Jim Meyering discovered a buffer overflow bug in the way GNU tar extracts malformed archives. By tricking a user into extracting a malicious tar archive, it is possible to execute arbitrary code as the user running tar. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-0300 to this issue. Users of tar should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2006:0262: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20060262 highRHSA-2006:0262 CVE-2006-0746
RHSA-2006:0262: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060262 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0262, CVE-2006-0746 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer. Marcelo Ricardo Leitner discovered that a kpdf security fix, CVE-2005-3627, was incomplete. Red Hat issued kdegraphics packages with this incomplete fix in RHSA-2005:868. An attacker could construct a carefully crafted PDF file that could cause kpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0746 to this issue. Users of kpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2006:0264: sendmail security update (Critical)oval-com.redhat.rhsa-def-20060264 highRHSA-2006:0264 CVE-2006-0058
RHSA-2006:0264: sendmail security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060264 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0264, CVE-2006-0058 |
| Description | Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of asynchronous signals was discovered in Sendmail. A remote attacker may be able to exploit a race condition to execute arbitrary code as root. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0058 to this issue. By default on Red Hat Enterprise Linux 3 and 4, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be able to be remotely exploited by this vulnerability. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue. |
RHSA-2006:0266: gnupg security update (Important)oval-com.redhat.rhsa-def-20060266 highRHSA-2006:0266 CVE-2006-0049 CVE-2006-0455
RHSA-2006:0266: gnupg security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060266 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0266, CVE-2006-0049, CVE-2006-0455 |
| Description | GnuPG is a utility for encrypting data and creating digital signatures. Tavis Ormandy discovered a bug in the way GnuPG verifies cryptographically signed data with detached signatures. It is possible for an attacker to construct a cryptographically signed message which could appear to come from a third party. When a victim processes a GnuPG message with a malformed detached signature, GnuPG ignores the malformed signature, processes and outputs the signed data, and exits with status 0, just as it would if the signature had been valid. In this case, GnuPG's exit status would not indicate that no signature verification had taken place. This issue would primarily be of concern when processing GnuPG results via an automated script. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0455 to this issue. Tavis Ormandy also discovered a bug in the way GnuPG verifies cryptographically signed data with inline signatures. It is possible for an attacker to inject unsigned data into a signed message in such a way that when a victim processes the message to recover the data, the unsigned data is output along with the signed data, giving the appearance of having been signed. This issue is mitigated in the GnuPG shipped with Red Hat Enterprise Linux as the --ignore-crc-error option must be passed to the gpg executable for this attack to be successful. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0049 to this issue. Note that neither of these issues affect the way RPM or up2date verify RPM package files, nor is RPM vulnerable to either of these issues. All users of GnuPG are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2006:0267: ipsec-tools security update (Moderate)oval-com.redhat.rhsa-def-20060267 mediumRHSA-2006:0267 CVE-2005-3732
RHSA-2006:0267: ipsec-tools security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060267 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0267, CVE-2005-3732 |
| Description | The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. If a victim's machine has racoon configured in a non-recommended insecure manner, it is possible for a remote attacker to crash the racoon daemon. (CVE-2005-3732) Users of ipsec-tools should upgrade to these updated packages, which contain backported patches, and are not vulnerable to these issues. |
RHSA-2006:0271: freeradius security update (Important)oval-com.redhat.rhsa-def-20060271 highRHSA-2006:0271 CVE-2005-4744 CVE-2006-1354
RHSA-2006:0271: freeradius security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060271 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0271, CVE-2005-4744, CVE-2006-1354 |
| Description | FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A bug was found in the way FreeRADIUS authenticates users via the MSCHAP V2 protocol. It is possible for a remote attacker to authenticate as a victim by sending a malformed MSCHAP V2 login request to the FreeRADIUS server. (CVE-2006-1354) Please note that FreeRADIUS installations not using the MSCHAP V2 protocol for authentication are not vulnerable to this issue. A bug was also found in the way FreeRADIUS logs SQL errors from the sql_unixodbc module. It may be possible for an attacker to cause FreeRADIUS to crash or execute arbitrary code if they are able to manipulate the SQL database FreeRADIUS is connecting to. (CVE-2005-4744) Users of FreeRADIUS should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. |
RHSA-2006:0272: openmotif security update (Moderate)oval-com.redhat.rhsa-def-20060272 mediumRHSA-2006:0272 CVE-2005-3964
RHSA-2006:0272: openmotif security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060272 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0272, CVE-2005-3964 |
| Description | OpenMotif provides libraries which implement the Motif industry standard graphical user interface. A number of buffer overflow flaws were discovered in OpenMotif's libUil library. It is possible for an attacker to execute arbitrary code as a victim who has been tricked into executing a program linked against OpenMotif, which then loads a malicious User Interface Language (UIL) file. (CVE-2005-3964) Users of OpenMotif are advised to upgrade to these erratum packages, which contain a backported security patch to correct this issue. |
RHSA-2006:0276: php security update (Moderate)oval-com.redhat.rhsa-def-20060276 mediumRHSA-2006:0276 CVE-2003-1303 CVE-2005-2933 CVE-2005-3883 CVE-2006-0208 CVE-2006-0996 CVE-2006-1490
RHSA-2006:0276: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060276 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0276, CVE-2003-1303, CVE-2005-2933, CVE-2005-3883, CVE-2006-0208, CVE-2006-0996, CVE-2006-1490 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The phpinfo() PHP function did not properly sanitize long strings. An attacker could use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). (CVE-2006-0996) The html_entity_decode() PHP function was found to not be binary safe. An attacker could use this flaw to disclose a certain part of the memory. In order for this issue to be exploitable the target site would need to have a PHP script which called the "html_entity_decode()" function with untrusted input from the user and displayed the result. (CVE-2006-1490) The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. (CVE-2006-0208) An input validation error was found in the "mb_send_mail()" function. An attacker could use this flaw to inject arbitrary headers in a mail sent via a script calling the "mb_send_mail()" function where the "To" parameter can be controlled by the attacker. (CVE-2005-3883) A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. This issue only affected Red Hat Enterprise Linux 3. (CVE-2005-2933). Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues. |
RHSA-2006:0280: dia security update (Moderate)oval-com.redhat.rhsa-def-20060280 mediumRHSA-2006:0280 CVE-2006-1550
RHSA-2006:0280: dia security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060280 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0280, CVE-2006-1550 |
| Description | The Dia drawing program is designed to draw various types of diagrams. infamous41md discovered three buffer overflow bugs in Dia's xfig file format importer. If an attacker is able to trick a Dia user into opening a carefully crafted xfig file, it may be possible to execute arbitrary code as the user running Dia. (CVE-2006-1550) Users of Dia should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. |
RHSA-2006:0283: squirrelmail security update (Moderate)oval-com.redhat.rhsa-def-20060283 mediumRHSA-2006:0283 CVE-2006-0188 CVE-2006-0195 CVE-2006-0377
RHSA-2006:0283: squirrelmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060283 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0283, CVE-2006-0188, CVE-2006-0195, CVE-2006-0377 |
| Description | SquirrelMail is a standards-based webmail package written in PHP4. A bug was found in the way SquirrelMail presents the right frame to the user. If a user can be tricked into opening a carefully crafted URL, it is possible to present the user with arbitrary HTML data. (CVE-2006-0188) A bug was found in the way SquirrelMail filters incoming HTML email. It is possible to cause a victim's web browser to request remote content by opening a HTML email while running a web browser that processes certain types of invalid style sheets. Only Internet Explorer is known to process such malformed style sheets. (CVE-2006-0195) A bug was found in the way SquirrelMail processes a request to select an IMAP mailbox. If a user can be tricked into opening a carefully crafted URL, it is possible to execute arbitrary IMAP commands as the user viewing their mail with SquirrelMail. (CVE-2006-0377) Users of SquirrelMail are advised to upgrade to this updated package, which contains SquirrelMail version 1.4.6 and is not vulnerable to these issues. |
RHSA-2006:0328: firefox security update (Critical)oval-com.redhat.rhsa-def-20060328 highRHSA-2006:0328 CVE-2006-0748 CVE-2006-0749 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790
RHSA-2006:0328: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060328 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0328, CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790 |
| Description | Mozilla Firefox is an open source Web browser. Several bugs were found in the way Firefox processes malformed javascript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Firefox processes certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Firefox processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Firefox. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790) A bug was found in the way Firefox displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740) A bug was found in the way Firefox allows javascript mutation events on "input" form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729) Users of Firefox are advised to upgrade to these updated packages containing Firefox version 1.0.8 which corrects these issues. |
RHSA-2006:0329: mozilla security update (Critical)oval-com.redhat.rhsa-def-20060329 highRHSA-2006:0329 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1729 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790
RHSA-2006:0329: mozilla security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060329 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0329, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1724, CVE-2006-1727, CVE-2006-1728, CVE-2006-1729, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1740, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790 |
| Description | Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bugs were found in the way Mozilla processes malformed javascript. A malicious web page could modify the content of a different open web page, possibly stealing sensitive information or conducting a cross-site scripting attack. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Mozilla processes certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Mozilla processes malformed web pages. A carefully crafted malicious web page could cause the execution of arbitrary code as the user running Mozilla. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790) A bug was found in the way Mozilla displays the secure site icon. If a browser is configured to display the non-default secure site modal warning dialog, it may be possible to trick a user into believing they are viewing a secure site. (CVE-2006-1740) A bug was found in the way Mozilla allows javascript mutation events on "input" form elements. A malicious web page could be created in such a way that when a user submits a form, an arbitrary file could be uploaded to the attacker. (CVE-2006-1729) A bug was found in the way Mozilla executes in-line mail forwarding. If a user can be tricked into forwarding a maliciously crafted mail message as in-line content, it is possible for the message to execute javascript with the permissions of "chrome". (CVE-2006-0884) Users of Mozilla are advised to upgrade to these updated packages containing Mozilla version 1.7.13 which corrects these issues. |
RHSA-2006:0330: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20060330 highRHSA-2006:0330 CVE-2006-0292 CVE-2006-0296 CVE-2006-0748 CVE-2006-0749 CVE-2006-0884 CVE-2006-1045 CVE-2006-1724 CVE-2006-1727 CVE-2006-1728 CVE-2006-1730 CVE-2006-1731 CVE-2006-1732 CVE-2006-1733 CVE-2006-1734 CVE-2006-1735 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1741 CVE-2006-1742 CVE-2006-1790
RHSA-2006:0330: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060330 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0330, CVE-2006-0292, CVE-2006-0296, CVE-2006-0748, CVE-2006-0749, CVE-2006-0884, CVE-2006-1045, CVE-2006-1724, CVE-2006-1727, CVE-2006-1728, CVE-2006-1730, CVE-2006-1731, CVE-2006-1732, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1741, CVE-2006-1742, CVE-2006-1790 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several bugs were found in the way Thunderbird processes malformed javascript. A malicious HTML mail message could modify the content of a different open HTML mail message, possibly stealing sensitive information or conducting a cross-site scripting attack. Please note that JavaScript support is disabled by default in Thunderbird. (CVE-2006-1731, CVE-2006-1732, CVE-2006-1741) Several bugs were found in the way Thunderbird processes certain javascript actions. A malicious HTML mail message could execute arbitrary javascript instructions with the permissions of 'chrome', allowing the page to steal sensitive information or install browser malware. Please note that JavaScript support is disabled by default in Thunderbird. (CVE-2006-0292, CVE-2006-0296, CVE-2006-1727, CVE-2006-1728, CVE-2006-1733, CVE-2006-1734, CVE-2006-1735, CVE-2006-1742) Several bugs were found in the way Thunderbird processes malformed HTML mail messages. A carefully crafted malicious HTML mail message could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2006-0748, CVE-2006-0749, CVE-2006-1724, CVE-2006-1730, CVE-2006-1737, CVE-2006-1738, CVE-2006-1739, CVE-2006-1790) A bug was found in the way Thunderbird processes certain inline content in HTML mail messages. It may be possible for a remote attacker to send a carefully crafted mail message to the victim, which will fetch remote content, even if Thunderbird is configured not to fetch remote content. (CVE-2006-1045) A bug was found in the way Thunderbird executes in-line mail forwarding. If a user can be tricked into forwarding a maliciously crafted mail message as in-line content, it is possible for the message to execute javascript with the permissions of "chrome". (CVE-2006-0884) Users of Thunderbird are advised to upgrade to these updated packages containing Thunderbird version 1.0.8, which is not vulnerable to these issues. |
RHSA-2006:0354: elfutils security update (Low)oval-com.redhat.rhsa-def-20060354 lowRHSA-2006:0354 CVE-2005-1704
RHSA-2006:0354: elfutils security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20060354 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2006:0354, CVE-2005-1704 |
| Description | The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages that originally shipped with Red Hat Enterprise Linux 4 were GPL-licensed versions which lacked some functionality. Previous updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils. In the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files. (CVE-2005-1704) Also, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version. Users of elfutils should upgrade to these updated packages, which resolve these issues. |
RHSA-2006:0393: ntp security update (Low)oval-com.redhat.rhsa-def-20060393 lowRHSA-2006:0393 CVE-2005-2496
RHSA-2006:0393: ntp security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20060393 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2006:0393, CVE-2005-2496 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with a reference time source. The NTP daemon (ntpd), when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes ntpd to run with different privileges than intended. (CVE-2005-2496) The following issues have also been addressed in this update: - The init script had several problems - The script executed on upgrade could fail - The man page for ntpd indicated the wrong option for specifying a chroot directory - The ntp daemon could crash with the message "Exiting: No more memory!" - There is a new option for syncing the hardware clock after a successful run of ntpdate Users of ntp should upgrade to these updated packages, which resolve these issues. |
RHSA-2006:0425: libtiff security update (Important)oval-com.redhat.rhsa-def-20060425 highRHSA-2006:0425 CVE-2006-2024 CVE-2006-2025 CVE-2006-2026 CVE-2006-2120
RHSA-2006:0425: libtiff security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060425 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0425, CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120 |
| Description | The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. |
RHSA-2006:0427: ruby security update (Moderate)oval-com.redhat.rhsa-def-20060427 mediumRHSA-2006:0427 CVE-2006-1931
RHSA-2006:0427: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060427 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0427, CVE-2006-1931 |
| Description | Ruby is an interpreted scripting language for object-oriented programming. A bug was found in the way Ruby creates its xmlrpc and http servers. The servers use a non blocking socket, which enables a remote user to cause a denial of service condition if they are able to transmit a large volume of information from the network server. (CVE-2006-1931) Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue. |
RHSA-2006:0451: xorg-x11 security update (Important)oval-com.redhat.rhsa-def-20060451 highRHSA-2006:0451 CVE-2006-1526
RHSA-2006:0451: xorg-x11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060451 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0451, CVE-2006-1526 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces such as GNOME and KDE are designed upon. A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-1526) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. This issue does not affect Red Hat Enterprise Linux 2.1 or 3. |
RHSA-2006:0486: mailman security update (Moderate)oval-com.redhat.rhsa-def-20060486 mediumRHSA-2006:0486 CVE-2006-0052
RHSA-2006:0486: mailman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060486 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0486, CVE-2006-0052 |
| Description | Mailman is software to help manage email discussion lists. A flaw was found in the way Mailman handles MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. (CVE-2006-0052) Users of Mailman should upgrade to this updated package, which contains backported patches to correct this issue. |
RHSA-2006:0493: kernel security update (Important)oval-com.redhat.rhsa-def-20060493 highRHSA-2006:0493 CVE-2005-2973 CVE-2005-3272 CVE-2005-3359 CVE-2006-0555 CVE-2006-0741 CVE-2006-0744 CVE-2006-1522 CVE-2006-1525 CVE-2006-1527 CVE-2006-1528 CVE-2006-1855 CVE-2006-1856 CVE-2006-1862 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274
RHSA-2006:0493: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060493 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0493, CVE-2005-2973, CVE-2005-3272, CVE-2005-3359, CVE-2006-0555, CVE-2006-0741, CVE-2006-0744, CVE-2006-1522, CVE-2006-1525, CVE-2006-1527, CVE-2006-1528, CVE-2006-1855, CVE-2006-1856, CVE-2006-1862, CVE-2006-1864, CVE-2006-2271, CVE-2006-2272, CVE-2006-2274 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the IPv6 implementation that allowed a local user to cause a denial of service (infinite loop and crash) (CVE-2005-2973, important) * a flaw in the bridge implementation that allowed a remote user to cause forwarding of spoofed packets via poisoning of the forwarding table with already dropped frames (CVE-2005-3272, moderate) * a flaw in the atm module that allowed a local user to cause a denial of service (panic) via certain socket calls (CVE-2005-3359, important) * a flaw in the NFS client implementation that allowed a local user to cause a denial of service (panic) via O_DIRECT writes (CVE-2006-0555, important) * a difference in "sysretq" operation of EM64T (as opposed to Opteron) processors that allowed a local user to cause a denial of service (crash) upon return from certain system calls (CVE-2006-0741 and CVE-2006-0744, important) * a flaw in the keyring implementation that allowed a local user to cause a denial of service (OOPS) (CVE-2006-1522, important) * a flaw in IP routing implementation that allowed a local user to cause a denial of service (panic) via a request for a route for a multicast IP (CVE-2006-1525, important) * a flaw in the SCTP-netfilter implementation that allowed a remote user to cause a denial of service (infinite loop) (CVE-2006-1527, important) * a flaw in the sg driver that allowed a local user to cause a denial of service (crash) via a dio transfer to memory mapped (mmap) IO space (CVE-2006-1528, important) * a flaw in the threading implementation that allowed a local user to cause a denial of service (panic) (CVE-2006-1855, important) * two missing LSM hooks that allowed a local user to bypass the LSM by using readv() or writev() (CVE-2006-1856, moderate) * a flaw in the virtual memory implementation that allowed local user to cause a denial of service (panic) by using the lsof command (CVE-2006-1862, important) * a directory traversal vulnerability in smbfs that allowed a local user to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences (CVE-2006-1864, moderate) * a flaw in the ECNE chunk handling of SCTP that allowed a remote user to cause a denial of service (panic) (CVE-2006-2271, moderate) * a flaw in the handling of COOKIE_ECHO and HEARTBEAT control chunks of SCTP that allowed a remote user to cause a denial of service (panic) (CVE-2006-2272, moderate) * a flaw in the handling of DATA fragments of SCTP that allowed a remote user to cause a denial of service (infinite recursion and crash) (CVE-2006-2274, moderate) All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. |
RHSA-2006:0500: freetype security update (Moderate)oval-com.redhat.rhsa-def-20060500 mediumRHSA-2006:0500 CVE-2006-0747 CVE-2006-1861 CVE-2006-2661 CVE-2006-3467
RHSA-2006:0500: freetype security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060500 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0500, CVE-2006-0747, CVE-2006-1861, CVE-2006-2661, CVE-2006-3467 |
| Description | FreeType is a free, high-quality, and portable font engine. Chris Evans discovered several integer underflow and overflow flaws in the FreeType font engine. If a user loads a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code as the user. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2006-0747, CVE-2006-1861, CVE-2006-3467) A NULL pointer dereference flaw was found in the FreeType font engine. An application linked against FreeType can crash upon loading a malformed font file. (CVE-2006-2661) Users of FreeType should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2006:0515: sendmail security update (Important)oval-com.redhat.rhsa-def-20060515 highRHSA-2006:0515 CVE-2006-1173
RHSA-2006:0515: sendmail security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060515 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0515, CVE-2006-1173 |
| Description | Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw in the handling of multi-part MIME messages was discovered in Sendmail. A remote attacker could create a carefully crafted message that could crash the sendmail process during delivery (CVE-2006-1173). By default on Red Hat Enterprise Linux, Sendmail is configured to only accept connections from the local host. Therefore, only users who have configured Sendmail to listen to remote hosts would be remotely vulnerable to this issue. Users of Sendmail are advised to upgrade to these erratum packages, which contain a backported patch from the Sendmail team to correct this issue. |
RHSA-2006:0525: quagga security update (Moderate)oval-com.redhat.rhsa-def-20060525 mediumRHSA-2006:0525 CVE-2006-2223 CVE-2006-2224 CVE-2006-2276
RHSA-2006:0525: quagga security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060525 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0525, CVE-2006-2223, CVE-2006-2224, CVE-2006-2276 |
| Description | Quagga manages the TCP/IP based routing protocol. It takes a multi-server and multi-thread approach to resolve the current complexity of the Internet. An information disclosure flaw was found in the way Quagga interprets RIP REQUEST packets. RIPd in Quagga will respond to RIP REQUEST packets for RIP versions that have been disabled or that have authentication enabled, allowing a remote attacker to acquire information about the local network. (CVE-2006-2223) A route injection flaw was found in the way Quagga interprets RIPv1 RESPONSE packets when RIPv2 authentication is enabled. It is possible for a remote attacker to inject arbitrary route information into the RIPd routing tables. This issue does not affect Quagga configurations where only RIPv2 is specified. (CVE-2006-2224) A denial of service flaw was found in Quagga's telnet interface. If an attacker is able to connect to the Quagga telnet interface, it is possible to cause Quagga to consume vast quantities of CPU resources by issuing a malformed 'sh' command. (CVE-2006-2276) Users of Quagga should upgrade to these updated packages, which contain backported patches that correct these issues. |
RHSA-2006:0526: postgresql security update (Important)oval-com.redhat.rhsa-def-20060526 highRHSA-2006:0526 CVE-2006-0591 CVE-2006-2313 CVE-2006-2314
RHSA-2006:0526: postgresql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060526 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0526, CVE-2006-0591, CVE-2006-2313, CVE-2006-2314 |
| Description | PostgreSQL is an advanced Object-Relational database management system (DBMS). A bug was found in the way PostgreSQL's PQescapeString function escapes strings when operating in a multibyte character encoding. It is possible for an attacker to provide an application a carefully crafted string containing invalidly-encoded characters, which may be improperly escaped, allowing the attacker to inject malicious SQL. While this update fixes how PQescapeString operates, the PostgreSQL server has also been modified to prevent such an attack occurring through unpatched clients. (CVE-2006-2313, CVE-2006-2314). More details about this issue are available in the linked PostgreSQL technical documentation. An integer signedness bug was found in the way PostgreSQL generated password salts. The actual salt size is only half the size of the expected salt, making the process of brute forcing password hashes slightly easier. This update will not strengthen already existing passwords, but all newly assigned passwords will have the proper salt length. (CVE-2006-0591) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.13, which corrects these issues. |
RHSA-2006:0539: vixie-cron security update (Important)oval-com.redhat.rhsa-def-20060539 highRHSA-2006:0539 CVE-2006-2607
RHSA-2006:0539: vixie-cron security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060539 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0539, CVE-2006-2607 |
| Description | The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. A privilege escalation flaw was found in the way Vixie Cron runs programs; vixie-cron does not properly verify an attempt to set the current process user id succeeded. It was possible for a malicious local users who exhausted certain limits to execute arbitrary commands as root via cron. (CVE-2006-2607) All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2006:0541: dia security update (Moderate)oval-com.redhat.rhsa-def-20060541 mediumRHSA-2006:0541 CVE-2006-2453 CVE-2006-2480
RHSA-2006:0541: dia security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060541 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0541, CVE-2006-2453, CVE-2006-2480 |
| Description | The Dia drawing program is designed to draw various types of diagrams. Several format string flaws were found in the way dia displays certain messages. If an attacker is able to trick a Dia user into opening a carefully crafted file, it may be possible to execute arbitrary code as the user running Dia. (CVE-2006-2453, CVE-2006-2480) Users of Dia should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. |
RHSA-2006:0543: spamassassin security update (Moderate)oval-com.redhat.rhsa-def-20060543 mediumRHSA-2006:0543 CVE-2006-2447
RHSA-2006:0543: spamassassin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060543 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0543, CVE-2006-2447 |
| Description | SpamAssassin provides a way to reduce unsolicited commercial email (SPAM) from incoming email. A flaw was found with the way the Spamassassin spamd daemon processes the virtual pop username passed to it. If a site is running spamd with both the --vpopmail and --paranoid flags, it is possible for a remote user with the ability to connect to the spamd daemon to execute arbitrary commands as the user running the spamd daemon. (CVE-2006-2447) Note: None of the IMAP or POP servers shipped with Red Hat Enterprise Linux 4 support vpopmail delivery. Running spamd with the --vpopmail and --paranoid flags is uncommon and not the default startup option as shipped with Red Hat Enterprise Linux 4. Spamassassin, as shipped in Red Hat Enterprise Linux 4, performs RBL lookups against visi.com to help determine if an email is spam. However, this DNS RBL has recently disappeared, resulting in mail filtering delays and timeouts. Users of SpamAssassin should upgrade to these updated packages containing version 3.0.6 and backported patches, which are not vulnerable to these issues. |
RHSA-2006:0544: mysql security update (Important)oval-com.redhat.rhsa-def-20060544 highRHSA-2006:0544 CVE-2006-0903 CVE-2006-1516 CVE-2006-1517 CVE-2006-2753 CVE-2006-3081 CVE-2006-4380
RHSA-2006:0544: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060544 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0544, CVE-2006-0903, CVE-2006-1516, CVE-2006-1517, CVE-2006-2753, CVE-2006-3081, CVE-2006-4380 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way the MySQL mysql_real_escape() function escaped strings when operating in a multibyte character encoding. An attacker could provide an application a carefully crafted string containing invalidly-encoded characters which may be improperly escaped, leading to the injection of malicious SQL commands. (CVE-2006-2753) An information disclosure flaw was found in the way the MySQL server processed malformed usernames. An attacker could view a small portion of server memory by supplying an anonymous login username which was not null terminated. (CVE-2006-1516) An information disclosure flaw was found in the way the MySQL server executed the COM_TABLE_DUMP command. An authenticated malicious user could send a specially crafted packet to the MySQL server which returned random unallocated memory. (CVE-2006-1517) A log file obfuscation flaw was found in the way the mysql_real_query() function creates log file entries. An attacker with the the ability to call the mysql_real_query() function against a mysql server can obfuscate the entry the server will write to the log file. However, an attacker needed to have complete control over a server in order to attempt this attack. (CVE-2006-0903) This update also fixes numerous non-security-related flaws, such as intermittent authentication failures. All users of mysql are advised to upgrade to these updated packages containing MySQL version 4.1.20, which is not vulnerable to these issues. |
RHSA-2006:0547: squirrelmail security update (Moderate)oval-com.redhat.rhsa-def-20060547 mediumRHSA-2006:0547 CVE-2006-2842
RHSA-2006:0547: squirrelmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060547 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0547, CVE-2006-2842 |
| Description | SquirrelMail is a standards-based webmail package written in PHP4. A local file disclosure flaw was found in the way SquirrelMail loads plugins. In SquirrelMail 1.4.6 or earlier, if register_globals is on and magic_quotes_gpc is off, it became possible for an unauthenticated remote user to view the contents of arbitrary local files the web server has read-access to. This configuration is neither default nor safe, and configuring PHP with the register_globals set on is dangerous and not recommended. (CVE-2006-2842) Users of SquirrelMail should upgrade to this erratum package, which contains a backported patch to correct this issue. |
RHSA-2006:0548: kdebase security update (Important)oval-com.redhat.rhsa-def-20060548 highRHSA-2006:0548 CVE-2006-2449
RHSA-2006:0548: kdebase security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060548 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0548, CVE-2006-2449 |
| Description | The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include the KDE Display Manager (KDM). Ludwig Nussel discovered a flaw in KDM. A malicious local KDM user could use a symlink attack to read an arbitrary file that they would not normally have permissions to read. (CVE-2006-2449) Note: this issue does not affect the version of KDM as shipped with Red Hat Enterprise Linux 2.1 or 3. All users of KDM should upgrade to these updated packages which contain a backported patch to correct this issue. |
RHSA-2006:0568: php security update (Moderate)oval-com.redhat.rhsa-def-20060568 mediumRHSA-2006:0568 CVE-2006-1494 CVE-2006-1990 CVE-2006-3017
RHSA-2006:0568: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060568 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0568, CVE-2006-1494, CVE-2006-1990, CVE-2006-3017 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A directory traversal vulnerability was found in PHP. Local users could bypass open_basedir restrictions allowing remote attackers to create files in arbitrary directories via the tempnam() function. (CVE-2006-1494) The wordwrap() PHP function did not properly check for integer overflow in the handling of the "break" parameter. An attacker who could control the string passed to the "break" parameter could cause a heap overflow. (CVE-2006-1990) A flaw was found in the zend_hash_del() PHP function. For PHP scripts that rely on the use of the unset() function, a remote attacker could force variable initialization to be bypassed. This would be a security issue particularly for installations that enable the "register_globals" setting. "register_globals" is disabled by default in Red Hat Enterprise Linux. (CVE-2006-3017) Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues. |
RHSA-2006:0571: gnupg security update (Moderate)oval-com.redhat.rhsa-def-20060571 mediumRHSA-2006:0571 CVE-2006-3082
RHSA-2006:0571: gnupg security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060571 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0571, CVE-2006-3082 |
| Description | GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3082) All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2006:0573: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20060573 highRHSA-2006:0573 CVE-2006-2198 CVE-2006-2199 CVE-2006-3117
RHSA-2006:0573: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060573 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0573, CVE-2006-2198, CVE-2006-2199, CVE-2006-3117 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A Sun security specialist reported an issue with the application framework. An attacker could put macros into document locations that could cause OpenOffice.org to execute them when the file was opened by a victim. (CVE-2006-2198) A bug was found in the OpenOffice.org Java virtual machine implementation. An attacker could write a carefully crafted Java applet that can break through the "sandbox" and have full access to system resources with the current user privileges. (CVE-2006-2199) A buffer overflow bug was found in the OpenOffice.org file processor. An attacker could create a carefully crafted XML file that could cause OpenOffice.org to write data to an arbitrary location in memory when the file was opened by a victim. (CVE-2006-3117) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues. |
RHSA-2006:0574: kernel security update (Important)oval-com.redhat.rhsa-def-20060574 highRHSA-2006:0574 CVE-2006-2451
RHSA-2006:0574: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060574 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0574, CVE-2006-2451 |
| Description | The Linux kernel handles the basic functions of the operating system. During security research, Red Hat discovered a behavioral flaw in core dump handling. A local user could create a program that would cause a core file to be dumped into a directory they would not normally have permissions to write to. This could lead to a denial of service (disk consumption), or allow the local user to gain root privileges. (CVE-2006-2451) Prior to applying this update, users can remove the ability to escalate privileges using this flaw by configuring core files to dump to an absolute location. By default, core files are created in the working directory of the faulting application, but this can be overridden by specifying an absolute location for core files in /proc/sys/kernel/core_pattern. To avoid a potential denial of service, a separate partition for the core files should be used. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. |
RHSA-2006:0575: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 4 (Important)oval-com.redhat.rhsa-def-20060575 highRHSA-2006:0575 CVE-2005-3055 CVE-2005-3623 CVE-2006-0038 CVE-2006-0456 CVE-2006-0457 CVE-2006-0742 CVE-2006-1052 CVE-2006-1056 CVE-2006-1242 CVE-2006-1343 CVE-2006-1857 CVE-2006-2275 CVE-2006-2446 CVE-2006-2448 CVE-2006-2934
RHSA-2006:0575: Updated kernel packages available for Red Hat Enterprise Linux 4 Update 4 (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060575 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0575, CVE-2005-3055, CVE-2005-3623, CVE-2006-0038, CVE-2006-0456, CVE-2006-0457, CVE-2006-0742, CVE-2006-1052, CVE-2006-1056, CVE-2006-1242, CVE-2006-1343, CVE-2006-1857, CVE-2006-2275, CVE-2006-2446, CVE-2006-2448, CVE-2006-2934 |
| Description | New features introduced in this update include: * Device Mapper mirroring support * IDE diskdump support * x86, AMD64 and Intel EM64T: Multi-core scheduler support enhancements * Itanium: perfmon support for Montecito * much improved support for IBM x460 * AMD PowerNow! patches to support Opteron Rev G * Vmalloc support > 64MB The following device drivers have been upgraded to new versions: ipmi: 33.11 to 33.13 ib_mthca: 0.06 to 0.08 bnx2: 1.4.30 to 1.4.38 bonding: 2.6.1 to 2.6.3 e100: 3.4.8-k2-NAPI to 3.5.10-k2-NAPI e1000: 6.1.16-k3-NAPI to 7.0.33-k2-NAPI sky2: 0.13 to 1.1 tg3: 3.43-rh to 3.52-rh ipw2100: 1.1.0 to git-1.1.4 ipw2200: 1.0.0 to git-1.0.10 3w-9xxx: 2.26.02.001 to 2.26.04.010 ips: 7.10.18 to 7.12.02 iscsi_sfnet: 4:0.1.11-2 to 4:0.1.11-3 lpfc: 0:8.0.16.18 to 0:8.0.16.27 megaraid_sas: 00.00.02.00 to 00.00.02.03-RH1 qla2xxx: 8.01.02-d4 to 8.01.04-d7 qla6312: 8.01.02-d4 to 8.01.04-d7 sata_promise: 1.03 to 1.04 sata_vsc: 1.1 to 1.2 ibmvscsic: 1.5.5 to 1.5.6 ipr: 2.0.11.1 to 2.0.11.2 Added drivers: dcdbas: 5.6.0-2 sata_mv: 0.6 sata_qstor: 0.05 sata_uli: 0.5 skge: 1.1 stex: 2.9.0.13 pdc_adma: 0.03 This update includes fixes for the security issues: * a flaw in the USB devio handling of device removal that allowed a local user to cause a denial of service (crash) (CVE-2005-3055, moderate) * a flaw in the ACL handling of nfsd that allowed a remote user to bypass ACLs for readonly mounted NFS file systems (CVE-2005-3623, moderate) * a flaw in the netfilter handling that allowed a local user with CAP_NET_ADMIN rights to cause a buffer overflow (CVE-2006-0038, low) * a flaw in the IBM S/390 and IBM zSeries strnlen_user() function that allowed a local user to cause a denial of service (crash) or to retrieve random kernel data (CVE-2006-0456, important) * a flaw in the keyctl functions that allowed a local user to cause a denial of service (crash) or to read sensitive kernel memory (CVE-2006-0457, important) * a flaw in unaligned accesses handling on Itanium processors that allowed a local user to cause a denial of service (crash) (CVE-2006-0742, important) * a flaw in SELinux ptrace logic that allowed a local user with ptrace permissions to change the tracer SID to a SID of another process (CVE-2006-1052, moderate) * an info leak on AMD-based x86 and x86_64 systems that allowed a local user to retrieve the floating point exception state of a process run by a different user (CVE-2006-1056, important) * a flaw in IPv4 packet output handling that allowed a remote user to bypass the zero IP ID countermeasure on systems with a disabled firewall (CVE-2006-1242, low) * a minor info leak in socket option handling in the network code (CVE-2006-1343, low) * a flaw in the HB-ACK chunk handling of SCTP that allowed a remote user to cause a denial of service (crash) (CVE-2006-1857, moderate) * a flaw in the SCTP implementation that allowed a remote user to cause a denial of service (deadlock) (CVE-2006-2275, moderate) * a flaw in the socket buffer handling that allowed a remote user to cause a denial of service (panic) (CVE-2006-2446, important) * a flaw in the signal handling access checking on PowerPC that allowed a local user to cause a denial of service (crash) or read arbitrary kernel memory on 64-bit systems (CVE-2006-2448, important) * a flaw in the netfilter SCTP module when receiving a chunkless packet that allowed a remote user to cause a denial of service (crash) (CVE-2006-2934, important) There were several bug fixes in various parts of the kernel. The ongoing effort to resolve these problems has resulted in a marked improvement in the reliability and scalability of Red Hat Enterprise Linux 4. |
RHSA-2006:0577: mutt security update (Moderate)oval-com.redhat.rhsa-def-20060577 mediumRHSA-2006:0577 CVE-2006-3242
RHSA-2006:0577: mutt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060577 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0577, CVE-2006-3242 |
| Description | Mutt is a text-mode mail user agent. A buffer overflow flaw was found in the way Mutt processes an overly long namespace from a malicious imap server. In order to exploit this flaw a user would have to use Mutt to connect to a malicious IMAP server. (CVE-2006-3242) Users of Mutt are advised to upgrade to these erratum packages, which contain a backported patch to correct this issue. |
RHSA-2006:0582: kdebase security fix (Low)oval-com.redhat.rhsa-def-20060582 lowRHSA-2006:0582 CVE-2005-2494
RHSA-2006:0582: kdebase security fix (Low)
| Rule ID | oval-com.redhat.rhsa-def-20060582 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2006:0582, CVE-2005-2494 |
| Description | The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include the file manager Konqueror. Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If the directory /var/lock is writable by a user who is allowed to run kcheckpass, that user could gain root privileges. In Red Hat Enterprise Linux, the /var/lock directory is not writable by users and therefore this flaw could only have been exploited if the permissions on that directory have been badly configured. A patch to block this issue has been included in this update. (CVE-2005-2494) The following bugs have also been addressed: - kstart --tosystray does not send the window to the system tray in Kicker - When the customer enters or selects URLs in Firefox's address field, the desktop freezes for a couple of seconds - fish kioslave is broken on 64-bit systems All users of kdebase should upgrade to these updated packages, which contain patches to resolve these issues. |
RHSA-2006:0591: samba security update (Important)oval-com.redhat.rhsa-def-20060591 highRHSA-2006:0591 CVE-2006-3403
RHSA-2006:0591: samba security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060591 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0591, CVE-2006-3403 |
| Description | Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests. (CVE-2006-3403) Users of Samba are advised to upgrade to these packages, which contain a backported patch to correct this issue. |
RHSA-2006:0597: libwmf security update (Moderate)oval-com.redhat.rhsa-def-20060597 mediumRHSA-2006:0597 CVE-2006-3376
RHSA-2006:0597: libwmf security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060597 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0597, CVE-2006-3376 |
| Description | Libwmf is a library for reading and converting Windows MetaFile vector graphics (WMF). Libwmf is used by packages such as The GIMP and ImageMagick. An integer overflow flaw was discovered in libwmf. An attacker could create a carefully crafted WMF flaw that could execute arbitrary code if opened by a victim. (CVE-2006-3376). Users of libwmf should update to these packages which contain a backported security patch to correct this issue. |
RHSA-2006:0598: gimp security update (Moderate)oval-com.redhat.rhsa-def-20060598 mediumRHSA-2006:0598 CVE-2006-3404
RHSA-2006:0598: gimp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060598 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0598, CVE-2006-3404 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Henning Makholm discovered a buffer overflow bug in The GIMP XCF file loader. An attacker could create a carefully crafted image that could execute arbitrary code if opened by a victim. (CVE-2006-3404) Please note that this issue did not affect the gimp packages in Red Hat Enterprise Linux 2.1, or 3. Users of The GIMP should update to these erratum packages which contain a backported fix to correct this issue. |
RHSA-2006:0600: mailman security update (Moderate)oval-com.redhat.rhsa-def-20060600 mediumRHSA-2006:0600 CVE-2006-2941 CVE-2006-3636
RHSA-2006:0600: mailman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060600 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0600, CVE-2006-2941, CVE-2006-3636 |
| Description | Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. (CVE-2006-2941) Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. (CVE-2006-3636) Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities. Users of Mailman should upgrade to these updated packages, which contain backported patches to correct this issue. |
RHSA-2006:0602: wireshark security update (was ethereal) (Moderate)oval-com.redhat.rhsa-def-20060602 mediumRHSA-2006:0602 CVE-2006-3627 CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632
RHSA-2006:0602: wireshark security update (was ethereal) (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060602 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0602, CVE-2006-3627, CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632 |
| Description | Ethereal is a program for monitoring network traffic. In May 2006, Ethereal changed its name to Wireshark. This update deprecates the Ethereal packages in Red Hat Enterprise Linux 2.1, 3, and 4 in favor of the supported Wireshark packages. Several denial of service bugs were found in Ethereal's protocol dissectors. It was possible for Ethereal to crash or stop responding if it read a malformed packet off the network. (CVE-2006-3627, CVE-2006-3629, CVE-2006-3631) Several buffer overflow bugs were found in Ethereal's ANSI MAP, NCP NMAS, and NDPStelnet dissectors. It was possible for Ethereal to crash or execute arbitrary code if it read a malformed packet off the network. (CVE-2006-3630, CVE-2006-3632) Several format string bugs were found in Ethereal's Checkpoint FW-1, MQ, XML, and NTP dissectors. It was possible for Ethereal to crash or execute arbitrary code if it read a malformed packet off the network. (CVE-2006-3628) Users of Ethereal should upgrade to these updated packages containing Wireshark version 0.99.2, which is not vulnerable to these issues |
RHSA-2006:0603: libtiff security update (Important)oval-com.redhat.rhsa-def-20060603 highRHSA-2006:0603 CVE-2006-2656 CVE-2006-3459 CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465
RHSA-2006:0603: libtiff security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060603 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0603, CVE-2006-2656, CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465 |
| Description | The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files. Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. |
RHSA-2006:0604: ruby security update (Moderate)oval-com.redhat.rhsa-def-20060604 mediumRHSA-2006:0604 CVE-2006-3694
RHSA-2006:0604: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060604 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0604, CVE-2006-3694 |
| Description | Ruby is an interpreted scripting language for object-oriented programming. A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2006-3694) Users of Ruby should update to these erratum packages, which contain a backported patch and are not vulnerable to this issue. |
RHSA-2006:0605: perl security update (Important)oval-com.redhat.rhsa-def-20060605 highRHSA-2006:0605 CVE-2006-3813
RHSA-2006:0605: perl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060605 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0605, CVE-2006-3813 |
| Description | Perl is a high-level programming language commonly used for system administration utilities and Web programming. Kevin Finisterre discovered a flaw in sperl, the Perl setuid wrapper, which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files. (CVE-2005-0155) A fix for this issue was first included in the update RHSA-2005:103 released in February 2005. However the patch to correct this issue was dropped from the update RHSA-2005:674 made in October 2005. This regression has been assigned CVE-2006-3813. Users of Perl are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2006:0609: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20060609 highRHSA-2006:0609 CVE-2006-2776 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787 CVE-2006-2788 CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802 CVE-2006-3803 CVE-2006-3804 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812
RHSA-2006:0609: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060609 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0609, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 |
| Description | Seamonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. The Mozilla Foundation has discontinued support for the Mozilla Suite. This update deprecates the Mozilla Suite in Red Hat Enterprise Linux 4 in favor of the supported Seamonkey Suite. This update also resolves a number of outstanding Mozilla security issues: Several flaws were found in the way Seamonkey processed certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809, CVE-2006-3812) Several denial of service flaws were found in the way Seamonkey processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Seamonkey. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) Two flaws were found in the way Seamonkey-mail displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it was possible to execute arbitrary code as the user running Mozilla-mail. (CVE-2006-2781, CVE-2006-3804) A cross-site scripting flaw was found in the way Seamonkey processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed "script" tag. (CVE-2006-2783) Several flaws were found in the way Seamonkey processed certain javascript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way Seamonkey handled javascript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Seamonkey called the crypto.signText() javascript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way Seamonkey processed certain invalid HTTP response headers. A malicious web site could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A flaw was found in the way Seamonkey processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to execute arbitrary code as the user running Mozilla. (CVE-2006-2788) Users of Mozilla are advised to upgrade to this update, which contains Seamonkey version 1.0.3 that corrects these issues. |
RHSA-2006:0610: firefox security update (Critical)oval-com.redhat.rhsa-def-20060610 highRHSA-2006:0610 CVE-2006-2776 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787 CVE-2006-2788 CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802 CVE-2006-3803 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811 CVE-2006-3812
RHSA-2006:0610: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060610 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0610, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811, CVE-2006-3812 |
| Description | Mozilla Firefox is an open source Web browser. The Mozilla Foundation has discontinued support for the Mozilla Firefox 1.0 branch. This update deprecates the Mozilla Firefox 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Firefox 1.5 branch. This update also resolves a number of outstanding Firefox security issues: Several flaws were found in the way Firefox processed certain javascript actions. A malicious web page could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809, CVE-2006-3812) Several denial of service flaws were found in the way Firefox processed certain web content. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) A cross-site scripting flaw was found in the way Firefox processed Unicode Byte-Order-Mark (BOM) markers in UTF-8 web pages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed "script" tag. (CVE-2006-2783) Several flaws were found in the way Firefox processed certain javascript actions. A malicious web page could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way Firefox handled javascript input object mutation. A malicious web page could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Firefox called the crypto.signText() javascript function. A malicious web page could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) Two HTTP response smuggling flaws were found in the way Firefox processed certain invalid HTTP response headers. A malicious web site could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A flaw was found in the way Firefox processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-3808) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to execute arbitrary code as the user running Firefox. (CVE-2006-2788) Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.5 that corrects these issues. |
RHSA-2006:0611: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20060611 highRHSA-2006:0611 CVE-2006-2776 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2781 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787 CVE-2006-2788 CVE-2006-3113 CVE-2006-3677 CVE-2006-3801 CVE-2006-3802 CVE-2006-3803 CVE-2006-3804 CVE-2006-3805 CVE-2006-3806 CVE-2006-3807 CVE-2006-3808 CVE-2006-3809 CVE-2006-3810 CVE-2006-3811
RHSA-2006:0611: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060611 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0611, CVE-2006-2776, CVE-2006-2778, CVE-2006-2779, CVE-2006-2780, CVE-2006-2781, CVE-2006-2782, CVE-2006-2783, CVE-2006-2784, CVE-2006-2785, CVE-2006-2786, CVE-2006-2787, CVE-2006-2788, CVE-2006-3113, CVE-2006-3677, CVE-2006-3801, CVE-2006-3802, CVE-2006-3803, CVE-2006-3804, CVE-2006-3805, CVE-2006-3806, CVE-2006-3807, CVE-2006-3808, CVE-2006-3809, CVE-2006-3810, CVE-2006-3811 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. The Mozilla Foundation has discontinued support for the Mozilla Thunderbird 1.0 branch. This update deprecates the Mozilla Thunderbird 1.0 branch in Red Hat Enterprise Linux 4 in favor of the supported Mozilla Thunderbird 1.5 branch. This update also resolves a number of outstanding Thunderbird security issues: Several flaws were found in the way Thunderbird processed certain javascript actions. A malicious mail message could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install browser malware. (CVE-2006-2776, CVE-2006-2784, CVE-2006-2785, CVE-2006-2787, CVE-2006-3807, CVE-2006-3809) Several denial of service flaws were found in the way Thunderbird processed certain mail messages. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-2779, CVE-2006-2780, CVE-2006-3801, CVE-2006-3677, CVE-2006-3113, CVE-2006-3803, CVE-2006-3805, CVE-2006-3806, CVE-2006-3811) Several flaws were found in the way Thunderbird processed certain javascript actions. A malicious mail message could conduct a cross-site scripting attack or steal sensitive information (such as cookies owned by other domains). (CVE-2006-3802, CVE-2006-3810) A form file upload flaw was found in the way Thunderbird handled javascript input object mutation. A malicious mail message could upload an arbitrary local file at form submission time without user interaction. (CVE-2006-2782) A denial of service flaw was found in the way Thunderbird called the crypto.signText() javascript function. A malicious mail message could crash the browser if the victim had a client certificate loaded. (CVE-2006-2778) A flaw was found in the way Thunderbird processed Proxy AutoConfig scripts. A malicious Proxy AutoConfig server could execute arbitrary javascript instructions with the permissions of "chrome", allowing the page to steal sensitive information or install client malware. (CVE-2006-3808) Note: Please note that JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable with JavaScript disabled. Two flaws were found in the way Thunderbird displayed malformed inline vcard attachments. If a victim viewed an email message containing a carefully crafted vcard it was possible to execute arbitrary code as the user running Thunderbird. (CVE-2006-2781, CVE-2006-3804) A cross site scripting flaw was found in the way Thunderbird processed Unicode Byte-order-Mark (BOM) markers in UTF-8 mail messages. A malicious web page could execute a script within the browser that a web input sanitizer could miss due to a malformed "script" tag. (CVE-2006-2783) Two HTTP response smuggling flaws were found in the way Thunderbird processed certain invalid HTTP response headers. A malicious web site could return specially crafted HTTP response headers which may bypass HTTP proxy restrictions. (CVE-2006-2786) A double free flaw was found in the way the nsIX509::getRawDER method was called. If a victim visited a carefully crafted web page, it was possible to crash Thunderbird. (CVE-2006-2788) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.5 that corrects these issues. |
RHSA-2006:0612: krb5 security update (Important)oval-com.redhat.rhsa-def-20060612 highRHSA-2006:0612 CVE-2006-3083
RHSA-2006:0612: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060612 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0612, CVE-2006-3083 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found where some bundled Kerberos-aware applications would fail to check the result of the setuid() call. On Linux 2.6 kernels, the setuid() call can fail if certain user limits are hit. A local attacker could manipulate their environment in such a way to get the applications to continue to run as root, potentially leading to an escalation of privileges. (CVE-2006-3083). Users are advised to update to these erratum packages which contain a backported fix to correct this issue. |
RHSA-2006:0615: gnupg security update (Moderate)oval-com.redhat.rhsa-def-20060615 mediumRHSA-2006:0615 CVE-2006-3746
RHSA-2006:0615: gnupg security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060615 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0615, CVE-2006-3746 |
| Description | GnuPG is a utility for encrypting data and creating digital signatures. An integer overflow flaw was found in GnuPG. An attacker could create a carefully crafted message packet with a large length that could cause GnuPG to crash or possibly overwrite memory when opened. (CVE-2006-3746) All users of GnuPG are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2006:0617: kernel security update (Important)oval-com.redhat.rhsa-def-20060617 highRHSA-2006:0617 CVE-2004-2660 CVE-2006-1858 CVE-2006-2444 CVE-2006-2932 CVE-2006-2935 CVE-2006-2936 CVE-2006-3468 CVE-2006-3626 CVE-2006-3745
RHSA-2006:0617: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060617 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0617, CVE-2004-2660, CVE-2006-1858, CVE-2006-2444, CVE-2006-2932, CVE-2006-2935, CVE-2006-2936, CVE-2006-3468, CVE-2006-3626, CVE-2006-3745 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the proc file system that allowed a local user to use a suid-wrapper for scripts to gain root privileges (CVE-2006-3626, Important) * a flaw in the SCTP implementation that allowed a local user to cause a denial of service (panic) or to possibly gain root privileges (CVE-2006-3745, Important) * a flaw in NFS exported ext2/ext3 partitions when handling invalid inodes that allowed a remote authenticated user to cause a denial of service (filesystem panic) (CVE-2006-3468, Important) * a flaw in the restore_all code path of the 4/4GB split support of non-hugemem kernels that allowed a local user to cause a denial of service (panic) (CVE-2006-2932, Important) * a flaw in IPv4 netfilter handling for the unlikely use of SNMP NAT processing that allowed a remote user to cause a denial of service (crash) or potential memory corruption (CVE-2006-2444, Moderate) * a flaw in the DVD handling of the CDROM driver that could be used together with a custom built USB device to gain root privileges (CVE-2006-2935, Moderate) * a flaw in the handling of O_DIRECT writes that allowed a local user to cause a denial of service (memory consumption) (CVE-2004-2660, Low) * a flaw in the SCTP chunk length handling that allowed a remote user to cause a denial of service (crash) (CVE-2006-1858, Low) * a flaw in the input handling of the ftdi_sio driver that allowed a local user to cause a denial of service (memory consumption) (CVE-2006-2936, Low) In addition a bugfix was added to enable a clean reboot for the IBM Pizzaro machines. Red Hat would like to thank Wei Wang of McAfee Avert Labs and Kirill Korotaev for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. |
RHSA-2006:0619: httpd security update (Moderate)oval-com.redhat.rhsa-def-20060619 mediumRHSA-2006:0619 CVE-2006-3918
RHSA-2006:0619: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060619 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0619, CVE-2006-3918 |
| Description | The Apache HTTP Server is a popular Web server available for free. A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918) While a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers. If users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible. On Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user. Users of httpd should update to these erratum packages, which contain a backported patch to correct these issues. |
RHSA-2006:0633: ImageMagick security update (Moderate)oval-com.redhat.rhsa-def-20060633 mediumRHSA-2006:0633 CVE-2006-3743 CVE-2006-3744 CVE-2006-4144
RHSA-2006:0633: ImageMagick security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060633 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0633, CVE-2006-3743, CVE-2006-3744, CVE-2006-4144 |
| Description | ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Tavis Ormandy discovered several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files. An attacker could execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. (CVE-2006-3743, CVE-2006-3744, CVE-2006-4144) Users of ImageMagick should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. |
RHSA-2006:0634: xorg-x11 security update (Important)oval-com.redhat.rhsa-def-20060634 highRHSA-2006:0634 CVE-2006-3467
RHSA-2006:0634: xorg-x11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060634 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0634, CVE-2006-3467 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow flaw in the way the X.org server processes PCF files was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-3467) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. |
RHSA-2006:0658: wireshark security update (Low)oval-com.redhat.rhsa-def-20060658 lowRHSA-2006:0658 CVE-2006-4330 CVE-2006-4331 CVE-2006-4333
RHSA-2006:0658: wireshark security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20060658 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2006:0658, CVE-2006-4330, CVE-2006-4331, CVE-2006-4333 |
| Description | Wireshark is a program for monitoring network traffic. Bugs were found in Wireshark's SCSI and SSCOP protocol dissectors. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4330, CVE-2006-4333) An off-by-one bug was found in the IPsec ESP decryption preference parser. Ethereal could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4331) Users of Wireshark or Ethereal should upgrade to these updated packages containing Wireshark version 0.99.3, which is not vulnerable to these issues. These packages also fix a bug in the PAM configuration of the Wireshark packages which prevented non-root users starting a capture. |
RHSA-2006:0661: openssl security update (Important)oval-com.redhat.rhsa-def-20060661 highRHSA-2006:0661 CVE-2006-4339
RHSA-2006:0661: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060661 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0661, CVE-2006-4339 |
| Description | The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The Google Security Team discovered that OpenSSL is vulnerable to this attack. This issue affects applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) This errata also resolves a problem where a customized ca-bundle.crt file was overwritten when the openssl package was upgraded. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. |
RHSA-2006:0663: ncompress security update (Low)oval-com.redhat.rhsa-def-20060663 lowRHSA-2006:0663 CVE-2006-1168
RHSA-2006:0663: ncompress security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20060663 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2006:0663, CVE-2006-1168 |
| Description | The ncompress package contains file compression and decompression utilities, which are compatible with the original UNIX compress utility (.Z file extensions). Tavis Ormandy of the Google Security Team discovered a lack of bounds checking in ncompress. An attacker could create a carefully crafted file that could execute arbitrary code if uncompressed by a victim. (CVE-2006-1168) In addition, two bugs that affected Red Hat Enterprise Linux 4 ncompress packages were fixed: * The display statistics and compression results in verbose mode were not shown when operating on zero length files. * An attempt to compress zero length files resulted in an unexpected return code. Users of ncompress are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2006:0665: xorg-x11 security update (Important)oval-com.redhat.rhsa-def-20060665 highRHSA-2006:0665 CVE-2006-3739 CVE-2006-3740
RHSA-2006:0665: xorg-x11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060665 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0665, CVE-2006-3739, CVE-2006-3740 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported two integer overflow flaws in the way the X.org server processed CID font files. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-3739, CVE-2006-3740) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. |
RHSA-2006:0667: gzip security update (Moderate)oval-com.redhat.rhsa-def-20060667 mediumRHSA-2006:0667 CVE-2006-4334 CVE-2006-4335 CVE-2006-4336 CVE-2006-4337 CVE-2006-4338
RHSA-2006:0667: gzip security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060667 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0667, CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338 |
| Description | The gzip package contains the GNU gzip data compression program. Tavis Ormandy of the Google Security Team discovered two denial of service flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to hang or crash. (CVE-2006-4334, CVE-2006-4338) Tavis Ormandy of the Google Security Team discovered several code execution flaws in the way gzip expanded archive files. If a victim expanded a specially crafted archive, it could cause the gzip executable to crash or execute arbitrary code. (CVE-2006-4335, CVE-2006-4336, CVE-2006-4337) Users of gzip should upgrade to these updated packages, which contain a backported patch and is not vulnerable to these issues. |
RHSA-2006:0668: squirrelmail security update (Moderate)oval-com.redhat.rhsa-def-20060668 mediumRHSA-2006:0668 CVE-2006-4019
RHSA-2006:0668: squirrelmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060668 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0668, CVE-2006-4019 |
| Description | SquirrelMail is a standards-based webmail package written in PHP. A dynamic variable evaluation flaw was found in SquirrelMail. Users who have an account on a SquirrelMail server and are logged in could use this flaw to overwrite variables which may allow them to read or write other users' preferences or attachments. (CVE-2006-4019) Users of SquirrelMail should upgrade to this erratum package, which contains SquirrelMail 1.4.8 to correct this issue. This package also contains a number of additional patches to correct various bugs. Note: After installing this update, users are advised to restart their httpd service to ensure that the new version functions correctly. |
RHSA-2006:0669: php security update (Moderate)oval-com.redhat.rhsa-def-20060669 mediumRHSA-2006:0669 CVE-2006-3016 CVE-2006-4020 CVE-2006-4482 CVE-2006-4484 CVE-2006-4486
RHSA-2006:0669: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060669 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0669, CVE-2006-3016, CVE-2006-4020, CVE-2006-4482, CVE-2006-4484, CVE-2006-4486 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A response-splitting issue was discovered in the PHP session handling. If a remote attacker can force a carefully crafted session identifier to be used, a cross-site-scripting or response-splitting attack could be possible. (CVE-2006-3016) A buffer overflow was discovered in the PHP sscanf() function. If a script used the sscanf() function with positional arguments in the format string, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user. (CVE-2006-4020) An integer overflow was discovered in the PHP wordwrap() and str_repeat() functions. If a script running on a 64-bit server used either of these functions on untrusted user data, a remote attacker sending a carefully crafted request might be able to cause a heap overflow. (CVE-2006-4482) A buffer overflow was discovered in the PHP gd extension. If a script was set up to process GIF images from untrusted sources using the gd extension, a remote attacker could cause a heap overflow. (CVE-2006-4484) An integer overflow was discovered in the PHP memory allocation handling. On 64-bit platforms, the "memory_limit" setting was not enforced correctly, which could allow a denial of service attack by a remote user. (CVE-2006-4486) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. These packages also contain a fix for a bug where certain input strings to the metaphone() function could cause memory corruption. |
RHSA-2006:0675: firefox security update (Critical)oval-com.redhat.rhsa-def-20060675 highRHSA-2006:0675 CVE-2006-4253 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4568 CVE-2006-4569 CVE-2006-4571
RHSA-2006:0675: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060675 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0675, CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4567, CVE-2006-4568, CVE-2006-4569, CVE-2006-4571 |
| Description | Mozilla Firefox is an open source Web browser. Two flaws were found in the way Firefox processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4565, CVE-2006-4566) A number of flaws were found in Firefox. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4571) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running Firefox. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) A flaw was found in the Firefox auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a victim to previously accept an unverifiable certificate. (CVE-2006-4567) Firefox did not properly prevent a frame in one domain from injecting content into a sub-frame that belongs to another domain, which facilitates website spoofing and other attacks (CVE-2006-4568) Firefox did not load manually opened, blocked popups in the right domain context, which could lead to cross-site scripting attacks. In order to exploit this issue an attacker would need to find a site which would frame their malicious page and convince the user to manually open a blocked popup. (CVE-2006-4569) Users of Firefox are advised to upgrade to this update, which contains Firefox version 1.5.0.7 that corrects these issues. |
RHSA-2006:0676: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20060676 highRHSA-2006:0676 CVE-2006-4253 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4568 CVE-2006-4570 CVE-2006-4571
RHSA-2006:0676: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060676 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0676, CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4568, CVE-2006-4570, CVE-2006-4571 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Two flaws were found in the way SeaMonkey processed certain regular expressions. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the handling of Javascript timed events. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. (CVE-2006-4340) SeaMonkey did not properly prevent a frame in one domain from injecting content into a sub-frame that belongs to another domain, which facilitates website spoofing and other attacks (CVE-2006-4568) A flaw was found in SeaMonkey Messenger triggered when a HTML message contained a remote image pointing to a XBL script. An attacker could have created a carefully crafted message which would execute Javascript if certain actions were performed on the email by the recipient, even if Javascript was disabled. (CVE-2006-4570) A number of flaws were found in SeaMonkey. A malicious web page could crash the browser or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-4571) Users of SeaMonkey or Mozilla are advised to upgrade to this update, which contains SeaMonkey version 1.0.5 that corrects these issues. For users of Red Hat Enterprise Linux 2.1 this SeaMonkey update obsoletes Galeon. Galeon was a web browser based on the Mozilla Gecko layout engine. |
RHSA-2006:0677: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20060677 highRHSA-2006:0677 CVE-2006-4253 CVE-2006-4340 CVE-2006-4565 CVE-2006-4566 CVE-2006-4567 CVE-2006-4570 CVE-2006-4571
RHSA-2006:0677: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060677 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0677, CVE-2006-4253, CVE-2006-4340, CVE-2006-4565, CVE-2006-4566, CVE-2006-4567, CVE-2006-4570, CVE-2006-4571 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the way Thunderbird processed certain regular expressions. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4565, CVE-2006-4566) A flaw was found in the Thunderbird auto-update verification system. An attacker who has the ability to spoof a victim's DNS could get Firefox to download and install malicious code. In order to exploit this issue an attacker would also need to get a victim to previously accept an unverifiable certificate. (CVE-2006-4567) A flaw was found in the handling of Javascript timed events. A malicious HTML email could crash the browser or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4253) Daniel Bleichenbacher recently described an implementation error in RSA signature verification. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that which would be incorrectly verified by the NSS library. (CVE-2006-4340) A flaw was found in Thunderbird that triggered when a HTML message contained a remote image pointing to a XBL script. An attacker could have created a carefully crafted message which would execute Javascript if certain actions were performed on the email by the recipient, even if Javascript was disabled. (CVE-2006-4570) A number of flaws were found in Thunderbird. A malicious HTML email could cause a crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-4571) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.7 that corrects these issues. |
RHSA-2006:0680: gnutls security update (Important)oval-com.redhat.rhsa-def-20060680 highRHSA-2006:0680 CVE-2006-4790
RHSA-2006:0680: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060680 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0680, CVE-2006-4790 |
| Description | The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5 signatures. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. The core GnuTLS team discovered that GnuTLS is vulnerable to a variant of the Bleichenbacker attack. This issue affects applications that use GnuTLS to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4790) In Red Hat Enterprise Linux 4, the GnuTLS library is only used by the Evolution client when connecting to an Exchange server or when publishing calendar information to a WebDAV server. Users are advised to upgrade to these updated packages, which contain a backported patch from the GnuTLS maintainers to correct this issue. |
RHSA-2006:0689: kernel security update (Important)oval-com.redhat.rhsa-def-20060689 highRHSA-2006:0689 CVE-2005-4811 CVE-2006-0039 CVE-2006-2071 CVE-2006-3741 CVE-2006-4093 CVE-2006-4535 CVE-2006-4623 CVE-2006-4997
RHSA-2006:0689: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060689 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0689, CVE-2005-4811, CVE-2006-0039, CVE-2006-2071, CVE-2006-3741, CVE-2006-4093, CVE-2006-4535, CVE-2006-4623, CVE-2006-4997 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the SCTP support that allowed a local user to cause a denial of service (crash) with a specific SO_LINGER value. (CVE-2006-4535, Important) * a flaw in the hugepage table support that allowed a local user to cause a denial of service (crash). (CVE-2005-4811, Important) * a flaw in the mprotect system call that allowed setting write permission for a read-only attachment of shared memory. (CVE-2006-2071, Moderate) * a flaw in HID0[31] (en_attn) register handling on PowerPC 970 systems that allowed a local user to cause a denial of service. (crash) (CVE-2006-4093, Moderate) * a flaw in the perfmon support of Itanium systems that allowed a local user to cause a denial of service by consuming all file descriptors. (CVE-2006-3741, Moderate) * a flaw in the ATM subsystem. On systems with installed ATM hardware and configured ATM support, a remote user could cause a denial of service (panic) by accessing socket buffers memory after freeing them. (CVE-2006-4997, Moderate) * a flaw in the DVB subsystem. On systems with installed DVB hardware and configured DVB support, a remote user could cause a denial of service (panic) by sending a ULE SNDU packet with length of 0. (CVE-2006-4623, Low) * an information leak in the network subsystem that possibly allowed a local user to read sensitive data from kernel memory. (CVE-2006-0039, Low) In addition, two bugfixes for the IPW-2200 wireless driver were included. The first one ensures that wireless management applications correctly identify IPW-2200 controlled devices, while the second fix ensures that DHCP requests using the IPW-2200 operate correctly. Red Hat would like to thank Olof Johansson, Stephane Eranian and Solar Designer for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. |
RHSA-2006:0695: openssl security update (Important)oval-com.redhat.rhsa-def-20060695 highRHSA-2006:0695 CVE-2006-2937 CVE-2006-2940 CVE-2006-3738 CVE-2006-4343
RHSA-2006:0695: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060695 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0695, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343 |
| Description | The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols. Tavis Ormandy and Will Drewry of the Google Security Team discovered a buffer overflow in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. Tavis Ormandy and Will Drewry of the Google Security Team discovered a flaw in the SSLv2 client code. When a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) Dr S. N. Henson of the OpenSSL core team and Open Network Security recently developed an ASN.1 test suite for NISCC (www.niscc.gov.uk) which uncovered denial of service vulnerabilities: * Certain public key types can take disproportionate amounts of time to process, leading to a denial of service. (CVE-2006-2940) * During parsing of certain invalid ASN.1 structures an error condition was mishandled. This can result in an infinite loop which consumed system memory (CVE-2006-2937). This issue does not affect the OpenSSL version distributed in Red Hat Enterprise Linux 2.1. These vulnerabilities can affect applications which use OpenSSL to parse ASN.1 data from untrusted sources, including SSL servers which enable client authentication and S/MIME applications. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. |
RHSA-2006:0697: openssh security update (Important)oval-com.redhat.rhsa-def-20060697 highRHSA-2006:0697 CVE-2006-4924 CVE-2006-5051
RHSA-2006:0697: openssh security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060697 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0697, CVE-2006-4924, CVE-2006-5051 |
| Description | OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. Mark Dowd discovered a signal handler race condition in the OpenSSH sshd server. A remote attacker could possibly leverage this flaw to cause a denial of service (crash). (CVE-2006-5051) The OpenSSH project believes the likelihood of successful exploitation leading to arbitrary code execution appears remote. However, the Red Hat Security Response Team have not yet been able to verify this claim due to lack of upstream vulnerability information. We are therefore including a fix for this flaw and have rated it important security severity in the event our continued investigation finds this issue to be exploitable. Tavis Ormandy of the Google Security Team discovered a denial of service bug in the OpenSSH sshd server. A remote attacker can send a specially crafted SSH-1 request to the server causing sshd to consume a large quantity of CPU resources. (CVE-2006-4924) All users of openssh should upgrade to these updated packages, which contain backported patches that resolves these issues. |
RHSA-2006:0713: python security update (Important)oval-com.redhat.rhsa-def-20060713 highRHSA-2006:0713 CVE-2006-4980
RHSA-2006:0713: python security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060713 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0713, CVE-2006-4980 |
| Description | Python is an interpreted, interactive, object-oriented programming language. A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. (CVE-2006-4980) In addition, this errata fixes a regression in the SimpleXMLRPCServer backport for Red Hat Enterprise Linux 3 that was introduced with RHSA-2005:109. Users of Python should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2006:0719: nss_ldap security update (Moderate)oval-com.redhat.rhsa-def-20060719 mediumRHSA-2006:0719 CVE-2006-5170
RHSA-2006:0719: nss_ldap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060719 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0719, CVE-2006-5170 |
| Description | nss_ldap is a set of C library extensions that allow X.500 and LDAP directory servers to be used as primary sources for aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords. A flaw was found in the way nss_ldap handled a PasswordPolicyResponse control sent by an LDAP server. If an LDAP server responded to an authentication request with a PasswordPolicyResponse control, it was possible for an application using nss_ldap to improperly authenticate certain users. (CVE-2006-5170) This flaw was only exploitable within applications which did not properly process nss_ldap error messages. Only xscreensaver is currently known to exhibit this behavior. All users of nss_ldap should upgrade to these updated packages, which contain a backported patch that resolves this issue. |
RHSA-2006:0720: kdelibs security update (Critical)oval-com.redhat.rhsa-def-20060720 highRHSA-2006:0720 CVE-2006-4811
RHSA-2006:0720: kdelibs security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060720 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0720, CVE-2006-4811 |
| Description | The kdelibs package provides libraries for the K Desktop Environment (KDE). Qt is a GUI software toolkit for the X Window System. An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim. (CVE-2006-4811) Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2006:0725: qt security update (Moderate)oval-com.redhat.rhsa-def-20060725 mediumRHSA-2006:0725 CVE-2006-4811
RHSA-2006:0725: qt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060725 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0725, CVE-2006-4811 |
| Description | Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. An integer overflow flaw was found in the way Qt handled certain pixmap images. If an application linked against Qt created a pixmap image in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2006-4811) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2006:0726: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20060726 mediumRHSA-2006:0726 CVE-2006-4574 CVE-2006-4805 CVE-2006-5468 CVE-2006-5469 CVE-2006-5740
RHSA-2006:0726: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060726 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0726, CVE-2006-4574, CVE-2006-4805, CVE-2006-5468, CVE-2006-5469, CVE-2006-5740 |
| Description | Wireshark is a program for monitoring network traffic. Several flaws were found in Wireshark's HTTP, WBXML, LDAP, and XOT protocol dissectors. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2006-4805, CVE-2006-5468, CVE-2006-5469, CVE-2006-5740) A single NULL byte heap based buffer overflow was found in Wireshark's MIME Multipart dissector. Wireshark could crash or possibly execute arbitrary arbitrary code as the user running Wireshark. (CVE-2006-4574) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.4, which is not vulnerable to these issues. |
RHSA-2006:0727: texinfo security update (Moderate)oval-com.redhat.rhsa-def-20060727 mediumRHSA-2006:0727 CVE-2005-3011 CVE-2006-4810
RHSA-2006:0727: texinfo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060727 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0727, CVE-2005-3011, CVE-2006-4810 |
| Description | Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810) A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011) Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues. |
RHSA-2006:0729: ruby security update (Moderate)oval-com.redhat.rhsa-def-20060729 mediumRHSA-2006:0729 CVE-2006-5467
RHSA-2006:0729: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060729 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0729, CVE-2006-5467 |
| Description | Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in the way Ruby's CGI module handles certain multipart/form-data MIME data. If a remote attacker sends a specially crafted multipart-form-data request, it is possible to cause the ruby CGI script to enter an infinite loop, causing a denial of service. (CVE-2006-5467) Users of Ruby should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues. |
RHSA-2006:0730: php security update (Important)oval-com.redhat.rhsa-def-20060730 highRHSA-2006:0730 CVE-2006-5465
RHSA-2006:0730: php security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060730 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0730, CVE-2006-5465 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. The Hardened-PHP Project discovered an overflow in the PHP htmlentities() and htmlspecialchars() routines. If a PHP script used the vulnerable functions to parse UTF-8 data, a remote attacker sending a carefully crafted request could trigger the overflow and potentially execute arbitrary code as the 'apache' user. (CVE-2006-5465) Users of PHP should upgrade to these updated packages which contain a backported patch to correct this issue. |
RHSA-2006:0733: firefox security update (Critical)oval-com.redhat.rhsa-def-20060733 highRHSA-2006:0733 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5747 CVE-2006-5748
RHSA-2006:0733: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060733 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0733, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-5464) A flaw was found in the way Firefox verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Firefox as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.8 that corrects these issues. |
RHSA-2006:0734: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20060734 highRHSA-2006:0734 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5747 CVE-2006-5748
RHSA-2006:0734: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060734 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0734, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-5464) A flaw was found in the way SeaMonkey verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. SeaMonkey as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in SeaMonkey 1.0.5, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of SeaMonkey are advised to upgrade to these erratum packages, which contains SeaMonkey version 1.0.6 that corrects these issues. |
RHSA-2006:0735: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20060735 highRHSA-2006:0735 CVE-2006-5462 CVE-2006-5463 CVE-2006-5464 CVE-2006-5747 CVE-2006-5748
RHSA-2006:0735: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060735 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0735, CVE-2006-5462, CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious HTML mail message could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. (CVE-2006-5463, CVE-2006-5747, CVE-2006-5748) Several flaws were found in the way Thunderbird renders HTML mail messages. A malicious HTML mail message could cause the mail client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-5464) A flaw was found in the way Thunderbird verifies RSA signatures. For RSA keys with exponent 3 it is possible for an attacker to forge a signature that would be incorrectly verified by the NSS library. Thunderbird as shipped trusts several root Certificate Authorities that use exponent 3. An attacker could have created a carefully crafted SSL certificate which would be incorrectly trusted when their site was visited by a victim. This flaw was previously thought to be fixed in Thunderbird 1.5.0.7, however Ulrich Kuehn discovered the fix was incomplete (CVE-2006-5462) Users of Thunderbird are advised to upgrade to this update, which contains Thunderbird version 1.5.0.8 that corrects these issues. |
RHSA-2006:0738: openssh security update (Low)oval-com.redhat.rhsa-def-20060738 lowRHSA-2006:0738 CVE-2006-5794
RHSA-2006:0738: openssh security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20060738 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2006:0738, CVE-2006-5794 |
| Description | OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. An authentication flaw was found in OpenSSH's privilege separation monitor. If it ever becomes possible to alter the behavior of the unprivileged process when OpenSSH is using privilege separation, an attacker may then be able to login without possessing proper credentials. (CVE-2006-5794) Please note that this flaw by itself poses no direct threat to OpenSSH users. Without another security flaw that could allow an attacker to alter the behavior of OpenSSH's unprivileged process, this flaw cannot be exploited. There are currently no known flaws to exploit this behavior. However, we have decided to issue this erratum to fix this flaw to reduce the security impact if an unprivileged process flaw is ever found. Users of openssh should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2006:0742: elinks security update (Critical)oval-com.redhat.rhsa-def-20060742 highRHSA-2006:0742 CVE-2006-5925
RHSA-2006:0742: elinks security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060742 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0742, CVE-2006-5925 |
| Description | Elinks is a text mode Web browser used from the command line that supports rendering modern web pages. An arbitrary file access flaw was found in the Elinks SMB protocol handler. A malicious web page could have caused Elinks to read or write files with the permissions of the user running Elinks. (CVE-2006-5925) All users of Elinks are advised to upgrade to this updated package, which resolves this issue by removing support for the SMB protocol from Elinks. Note: this issue did not affect the Elinks package shipped with Red Hat Enterprise Linux 3, or the Links package shipped with Red Hat Enterprise Linux 2.1. |
RHSA-2006:0746: mod_auth_kerb security update (Low)oval-com.redhat.rhsa-def-20060746 lowRHSA-2006:0746 CVE-2006-5989
RHSA-2006:0746: mod_auth_kerb security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20060746 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2006:0746, CVE-2006-5989 |
| Description | mod_auth_kerb is module for the Apache HTTP Server designed to provide Kerberos authentication over HTTP. An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process (CVE-2006-5989). A bug in the handling of multiple realms configured using the "KrbAuthRealms" directive has also been fixed. All users of mod_auth_kerb should upgrade to these updated packages, which contain backported patches that resolve these issues. |
RHSA-2006:0749: tar security update (Moderate)oval-com.redhat.rhsa-def-20060749 mediumRHSA-2006:0749 CVE-2006-6097
RHSA-2006:0749: tar security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20060749 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2006:0749, CVE-2006-6097 |
| Description | The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. Teemu Salmela discovered a path traversal flaw in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. (CVE-2006-6097) Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue. |
RHSA-2006:0754: gnupg security update (Important)oval-com.redhat.rhsa-def-20060754 highRHSA-2006:0754 CVE-2006-6169 CVE-2006-6235
RHSA-2006:0754: gnupg security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20060754 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0754, CVE-2006-6169, CVE-2006-6235 |
| Description | GnuPG is a utility for encrypting data and creating digital signatures. Tavis Ormandy discovered a stack overwrite flaw in the way GnuPG decrypts messages. An attacker could create carefully crafted message that could cause GnuPG to execute arbitrary code if a victim attempts to decrypt the message. (CVE-2006-6235) A heap based buffer overflow flaw was found in the way GnuPG constructs messages to be written to the terminal during an interactive session. An attacker could create a carefully crafted message which with user interaction could cause GnuPG to execute arbitrary code with the permissions of the user running GnuPG. (CVE-2006-6169) All users of GnuPG are advised to upgrade to this updated package, which contains a backported patch to correct these issues. |
RHSA-2006:0758: firefox security update (Critical)oval-com.redhat.rhsa-def-20060758 highRHSA-2006:0758 CVE-2006-6497 CVE-2006-6498 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503 CVE-2006-6504
RHSA-2006:0758: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060758 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0758, CVE-2006-6497, CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Firefox to crash or execute arbitrary code as the user running Firefox. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504) Several flaws were found in the way Firefox renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Firefox. (CVE-2006-6497) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.9 that corrects these issues. |
RHSA-2006:0759: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20060759 highRHSA-2006:0759 CVE-2006-6497 CVE-2006-6498 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503 CVE-2006-6504 CVE-2006-6505
RHSA-2006:0759: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060759 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0759, CVE-2006-6497, CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause SeaMonkey to crash or execute arbitrary code as the user running SeaMonkey. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504) Several flaws were found in the way SeaMonkey renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running SeaMonkey. (CVE-2006-6497) A heap based buffer overflow flaw was found in the way SeaMonkey Mail parses the Content-Type mail header. A malicious mail message could cause the SeaMonkey Mail client to crash or possibly execute arbitrary code as the user running SeaMonkey Mail. (CVE-2006-6505) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.7 that corrects these issues. |
RHSA-2006:0760: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20060760 highRHSA-2006:0760 CVE-2006-6497 CVE-2006-6498 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503 CVE-2006-6504 CVE-2006-6505
RHSA-2006:0760: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20060760 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2006:0760, CVE-2006-6497, CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504, CVE-2006-6505 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processes certain malformed Javascript code. A malicious web page could cause the execution of Javascript code in such a way that could cause Thunderbird to crash or execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; this issue is not exploitable without enabling JavaScript. (CVE-2006-6498, CVE-2006-6501, CVE-2006-6502, CVE-2006-6503, CVE-2006-6504) Several flaws were found in the way Thunderbird renders web pages. A malicious web page could cause the browser to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-6497) A heap based buffer overflow flaw was found in the way Thunderbird parses the Content-Type mail header. A malicious mail message could cause the Thunderbird client to crash or possibly execute arbitrary code as the user running Thunderbird. (CVE-2006-6505) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.9 that corrects these issues. |
RHSA-2007:0001: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20070001 highRHSA-2007:0001 CVE-2006-5870
RHSA-2007:0001: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070001 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0001, CVE-2006-5870 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Several integer overflow bugs were found in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. (CVE-2006-5870) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix for this issue. |
RHSA-2007:0003: xorg-x11 security update (Important)oval-com.redhat.rhsa-def-20070003 highRHSA-2007:0003 CVE-2006-6101 CVE-2006-6102 CVE-2006-6103
RHSA-2007:0003: xorg-x11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0003, CVE-2006-6101, CVE-2006-6102, CVE-2006-6103 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported three integer overflow flaws in the X.org Render and DBE extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) Users of X.org should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. |
RHSA-2007:0008: dbus security update (Moderate)oval-com.redhat.rhsa-def-20070008 mediumRHSA-2007:0008 CVE-2006-6107
RHSA-2007:0008: dbus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070008 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0008, CVE-2006-6107 |
| Description | D-BUS is a system for sending messages between applications. It is used both for the systemwide message bus service, and as a per-user-login-session messaging facility. Kimmo Hämäläinen discovered a flaw in the way D-BUS processes certain messages. It is possible for a local unprivileged D-BUS process to disrupt the ability of another D-BUS process to receive messages. (CVE-2006-6107) Users of dbus are advised to upgrade to these updated packages, which contain backported patches to correct this issue. |
RHSA-2007:0011: libgsf security update (Moderate)oval-com.redhat.rhsa-def-20070011 mediumRHSA-2007:0011 CVE-2006-4514
RHSA-2007:0011: libgsf security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070011 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0011, CVE-2006-4514 |
| Description | The GNOME Structured File Library is a utility library for reading and writing structured file formats. A heap based buffer overflow flaw was found in the way GNOME Structured File Library processes and certain OLE documents. If an person opened a specially crafted OLE file, it could cause the client application to crash or execute arbitrary code. (CVE-2006-4514) Users of GNOME Structured File Library should upgrade to these updated packages, which contain a backported patch that resolves this issue. |
RHSA-2007:0014: kernel security update (Important)oval-com.redhat.rhsa-def-20070014 highRHSA-2007:0014 CVE-2006-4538 CVE-2006-4813 CVE-2006-4814 CVE-2006-5174 CVE-2006-5619 CVE-2006-5751 CVE-2006-5753 CVE-2006-5754 CVE-2006-5757 CVE-2006-5823 CVE-2006-6053 CVE-2006-6054 CVE-2006-6056 CVE-2006-6106 CVE-2006-6535
RHSA-2007:0014: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070014 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0014, CVE-2006-4538, CVE-2006-4813, CVE-2006-4814, CVE-2006-5174, CVE-2006-5619, CVE-2006-5751, CVE-2006-5753, CVE-2006-5754, CVE-2006-5757, CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6056, CVE-2006-6106, CVE-2006-6535 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the get_fdb_entries function of the network bridging support that allowed a local user to cause a denial of service (crash) or allow a potential privilege escalation (CVE-2006-5751, Important) * an information leak in the _block_prepare_write function that allowed a local user to read kernel memory (CVE-2006-4813, Important) * an information leak in the copy_from_user() implementation on s390 and s390x platforms that allowed a local user to read kernel memory (CVE-2006-5174, Important) * a flaw in the handling of /proc/net/ip6_flowlabel that allowed a local user to cause a denial of service (infinite loop) (CVE-2006-5619, Important) * a flaw in the AIO handling that allowed a local user to cause a denial of service (panic) (CVE-2006-5754, Important) * a race condition in the mincore system core that allowed a local user to cause a denial of service (system hang) (CVE-2006-4814, Moderate) * a flaw in the ELF handling on ia64 and sparc architectures which triggered a cross-region memory mapping and allowed a local user to cause a denial of service (CVE-2006-4538, Moderate) * a flaw in the dev_queue_xmit function of the network subsystem that allowed a local user to cause a denial of service (data corruption) (CVE-2006-6535, Moderate) * a flaw in the handling of CAPI messages over Bluetooth that allowed a remote system to cause a denial of service or potential code execution. This flaw is only exploitable if a privileged user establishes a connection to a malicious remote device (CVE-2006-6106, Moderate) * a flaw in the listxattr system call that allowed a local user to cause a denial of service (data corruption) or potential privilege escalation. To successfully exploit this flaw the existence of a bad inode is required first (CVE-2006-5753, Moderate) * a flaw in the __find_get_block_slow function that allowed a local privileged user to cause a denial of service (CVE-2006-5757, Low) * various flaws in the supported filesystems that allowed a local privileged user to cause a denial of service (CVE-2006-5823, CVE-2006-6053, CVE-2006-6054, CVE-2006-6056, Low) In addition to the security issues described above, fixes for the following bugs were included: * initialization error of the tg3 driver with some BCM5703x network card * a memory leak in the audit subsystem * x86_64 nmi watchdog timeout is too short * ext2/3 directory reads fail intermittently Red Hat would like to thank Dmitriy Monakhov and Kostantin Khorenko for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. |
RHSA-2007:0015: ImageMagick security update (Moderate)oval-com.redhat.rhsa-def-20070015 mediumRHSA-2007:0015 CVE-2006-2440 CVE-2006-5456 CVE-2006-5868
RHSA-2007:0015: ImageMagick security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070015 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0015, CVE-2006-2440, CVE-2006-5456, CVE-2006-5868 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several security flaws were discovered in the way ImageMagick decodes DCM, PALM, and SGI graphic files. An attacker may be able to execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file (CVE-2006-5456, CVE-2006-5868). A heap overflow flaw was found in ImageMagick. An attacker may be able to execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted file (CVE-2006-2440). This issue only affected the version of ImageMagick distributed with Red Hat Enterprise Linux 4. Users of ImageMagick should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0018: fetchmail security update (Moderate)oval-com.redhat.rhsa-def-20070018 mediumRHSA-2007:0018 CVE-2005-4348 CVE-2006-5867
RHSA-2007:0018: fetchmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070018 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0018, CVE-2005-4348, CVE-2006-5867 |
| Description | Fetchmail is a remote mail retrieval and forwarding utility. A denial of service flaw was found when Fetchmail was run in multidrop mode. A malicious mail server could send a message without headers which would cause Fetchmail to crash (CVE-2005-4348). This issue did not affect the version of Fetchmail shipped with Red Hat Enterprise Linux 2.1 or 3. A flaw was found in the way Fetchmail used TLS encryption to connect to remote hosts. Fetchmail provided no way to enforce the use of TLS encryption and would not authenticate POP3 protocol connections properly (CVE-2006-5867). This update corrects this issue by enforcing TLS encryption when the "sslproto" configuration directive is set to "tls1". Users of Fetchmail should update to these packages, which contain backported patches to correct these issues. Note: This update may break configurations which assumed that Fetchmail would use plain-text authentication if TLS encryption is not supported by the POP3 server even if the "sslproto" directive is set to "tls1". If you are using a custom configuration that depended on this behavior you will need to modify your configuration appropriately after installing this update. |
RHSA-2007:0019: gtk2 security update (Moderate)oval-com.redhat.rhsa-def-20070019 mediumRHSA-2007:0019 CVE-2007-0010
RHSA-2007:0019: gtk2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070019 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0019, CVE-2007-0010 |
| Description | The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug was found in the way the gtk2 GdkPixbufLoader() function processed invalid input. Applications linked against gtk2 could crash if they loaded a malformed image file. (CVE-2007-0010) Users of gtk2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2007:0022: squirrelmail security update (Moderate)oval-com.redhat.rhsa-def-20070022 mediumRHSA-2007:0022 CVE-2006-6142
RHSA-2007:0022: squirrelmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070022 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0022, CVE-2006-6142 |
| Description | SquirrelMail is a standards-based webmail package written in PHP. Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL. (CVE-2006-6142) Users of SquirrelMail should upgrade to this erratum package, which contains a backported patch to correct these issues. Notes: - After installing this update, users are advised to restart their httpd service to ensure that the updated version functions correctly. - config.php should NOT be modified, please modify config_local.php instead. - Known Bug: The configuration generator may potentially produce bad options that interfere with the operation of this application. Applying specific config changes to config_local.php manually is recommended. |
RHSA-2007:0033: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20070033 highRHSA-2007:0033 CVE-2007-0238 CVE-2007-0239 CVE-2007-1466
RHSA-2007:0033: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070033 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0033, CVE-2007-0238, CVE-2007-0239, CVE-2007-1466 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. iDefense reported an integer overflow flaw in libwpd, a library used internally to OpenOffice.org for handling Word Perfect documents. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-1466) John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice.org. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues. Red Hat would like to thank Fridrich Štrba for alerting us to the issue CVE-2007-1466 and providing a patch, and John Heasman for CVE-2007-0238. |
RHSA-2007:0044: bind security update (Moderate)oval-com.redhat.rhsa-def-20070044 mediumRHSA-2007:0044 CVE-2007-0494
RHSA-2007:0044: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070044 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0044, CVE-2007-0494 |
| Description | ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow an remote attacker to cause a denial of service. (CVE-2007-0494) For users of Red Hat Enterprise Linux 3, the previous BIND update caused an incompatible change to the default configuration that resulted in rndc not sharing the key with the named daemon. This update corrects this bug and restores the behavior prior to that update. Updating the bind package in Red Hat Enterprise Linux 3 could result in nonfunctional configuration in case the bind-libs package was not updated. This update corrects this bug by adding the correct dependency on bind-libs. Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0055: libwpd security update (Important)oval-com.redhat.rhsa-def-20070055 highRHSA-2007:0055 CVE-2007-0002 CVE-2007-1466
RHSA-2007:0055: libwpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070055 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0055, CVE-2007-0002, CVE-2007-1466 |
| Description | libwpd is a library for reading and converting Word Perfect documents. iDefense reported several overflow bugs in libwpd. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0002) All users are advised to upgrade to these updated packages, which contain a backported fix for this issue. Red Hat would like to thank Fridrich Štrba for alerting us to these issues and providing a patch. |
RHSA-2007:0057: bind security update (Moderate)oval-com.redhat.rhsa-def-20070057 mediumRHSA-2007:0057 CVE-2007-0493 CVE-2007-0494
RHSA-2007:0057: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070057 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0057, CVE-2007-0493, CVE-2007-0494 |
| Description | ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of service. (CVE-2007-0494) A use-after-free flaw was found in BIND. On servers that have recursion enabled, this could allow a remote attacker to cause a denial of service. (CVE-2007-0493) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0060: samba security update (Moderate)oval-com.redhat.rhsa-def-20070060 mediumRHSA-2007:0060 CVE-2007-0452
RHSA-2007:0060: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070060 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0060, CVE-2007-0452 |
| Description | Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service flaw was found in Samba's smbd daemon process. An authenticated user could send a specially crafted request which would cause a smbd child process to enter an infinite loop condition. By opening multiple CIFS sessions, an attacker could exhaust system resources. (CVE-2007-0452) Users of Samba should update to these packages, which contain a backported patch to correct this issue. |
RHSA-2007:0061: samba security update (Moderate)oval-com.redhat.rhsa-def-20070061 mediumRHSA-2007:0061 CVE-2007-0452
RHSA-2007:0061: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070061 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0061, CVE-2007-0452 |
| Description | Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service flaw was found in Samba's smbd daemon process. An authenticated user could send a specially crafted request which would cause a smbd child process to enter an infinite loop condition. By opening multiple CIFS sessions, an attacker could exhaust system resources (CVE-2007-0452). Users of Samba should update to these packages, which contain a backported patch to correct this issue. |
RHSA-2007:0064: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20070064 mediumRHSA-2007:0064 CVE-2006-5540 CVE-2007-0555
RHSA-2007:0064: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070064 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0064, CVE-2006-5540, CVE-2007-0555 |
| Description | PostgreSQL is an advanced Object-Relational database management system (DBMS). A flaw was found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit this issue (CVE-2007-0555). A denial of service flaw was found affecting the PostgreSQL server running on Red Hat Enterprise Linux 4 systems. An authenticated user could execute an SQL command which could crash the PostgreSQL server. (CVE-2006-5540) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.16 or 7.3.18, which correct these issues. |
RHSA-2007:0065: bluez-utils security update (Moderate)oval-com.redhat.rhsa-def-20070065 mediumRHSA-2007:0065 CVE-2006-6899
RHSA-2007:0065: bluez-utils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070065 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0065, CVE-2006-6899 |
| Description | The bluez-utils package contains Bluetooth daemons and utilities. A flaw was found in the Bluetooth HID daemon (hidd). A remote attacker would have been able to inject keyboard and mouse events via a Bluetooth connection without any authorization. (CVE-2006-6899) Note that Red Hat Enterprise Linux does not come with the Bluetooth HID daemon enabled by default. Users of bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue. |
RHSA-2007:0066: wireshark security update (Low)oval-com.redhat.rhsa-def-20070066 lowRHSA-2007:0066 CVE-2007-0456 CVE-2007-0457 CVE-2007-0458 CVE-2007-0459
RHSA-2007:0066: wireshark security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070066 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0066, CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459 |
| Description | Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's LLT, IEEE 802.11, http, and tcp protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-0456, CVE-2007-0457, CVE-2007-0458, CVE-2007-0459) Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.5, which is not vulnerable to these issues. |
RHSA-2007:0068: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20070068 mediumRHSA-2007:0068 CVE-2006-5540 CVE-2006-5541 CVE-2006-5542 CVE-2007-0555 CVE-2007-0556
RHSA-2007:0068: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070068 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0068, CVE-2006-5540, CVE-2006-5541, CVE-2006-5542, CVE-2007-0555, CVE-2007-0556 |
| Description | PostgreSQL is an advanced Object-Relational database management system (DBMS). Two flaws were found in the way the PostgreSQL server handles certain SQL-language functions. An authenticated user could execute a sequence of commands which could crash the PostgreSQL server or possibly read from arbitrary memory locations. A user would need to have permissions to drop and add database tables to be able to exploit these issues (CVE-2007-0555, CVE-2007-0556). Several denial of service flaws were found in the PostgreSQL server. An authenticated user could execute certain SQL commands which could crash the PostgreSQL server (CVE-2006-5540, CVE-2006-5541, CVE-2006-5542). Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.8 which corrects these issues. |
RHSA-2007:0069: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20070069 highRHSA-2007:0069 CVE-2007-0238 CVE-2007-0239
RHSA-2007:0069: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070069 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0069, CVE-2007-0238, CVE-2007-0239 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix to correct this issue. |
RHSA-2007:0074: spamassassin security update (Important)oval-com.redhat.rhsa-def-20070074 highRHSA-2007:0074 CVE-2007-0451
RHSA-2007:0074: spamassassin security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070074 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0074, CVE-2007-0451 |
| Description | SpamAssassin provides a way to reduce unsolicited commercial email (spam) from incoming email. A flaw was found in the way SpamAssassin processes HTML email containing URIs. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a number of these messages are sent, this could lead to a denial of service, potentially delaying or preventing the delivery of email. (CVE-2007-0451) Users of SpamAssassin should upgrade to these updated packages which contain version 3.1.8 which is not vulnerable to these issues. This is an upgrade from SpamAssassin version 3.0.6 to 3.1.8, which contains many bug fixes and spam detection enhancements. Further details are available in the SpamAssassin 3.1 changelog and upgrade guide. |
RHSA-2007:0075: spamassassin security update (Important)oval-com.redhat.rhsa-def-20070075 highRHSA-2007:0075 CVE-2007-0451
RHSA-2007:0075: spamassassin security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070075 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0075, CVE-2007-0451 |
| Description | SpamAssassin provides a way to reduce unsolicited commercial email (spam) from incoming email. A flaw was found in the way SpamAssassin processes HTML email containing URIs. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a number of these messages are sent, this could lead to a denial of service, potentially delaying or preventing the delivery of email. (CVE-2007-0451) Users of SpamAssassin should upgrade to these updated packages which contain version 3.1.8 which is not vulnerable to these issues. |
RHSA-2007:0076: php security update (Important)oval-com.redhat.rhsa-def-20070076 highRHSA-2007:0076 CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988 CVE-2007-1380 CVE-2007-1701 CVE-2007-1825
RHSA-2007:0076: php security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070076 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0076, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988, CVE-2007-1380, CVE-2007-1701, CVE-2007-1825 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A number of buffer overflow flaws were found in the PHP session extension, the str_replace() function, and the imap_mail_compose() function. If very long strings under the control of an attacker are passed to the str_replace() function then an integer overflow could occur in memory allocation. If a script uses the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker who is able to access a PHP application affected by any these issues could trigger these flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906) If unserializing untrusted data on 64-bit platforms, the zend_hash_init() function can be forced to enter an infinite loop, consuming CPU resources for a limited length of time, until the script timeout alarm aborts execution of the script. (CVE-2007-0988) If the wddx extension is used to import WDDX data from an untrusted source, certain WDDX input packets may allow a random portion of heap memory to be exposed. (CVE-2007-0908) If the odbc_result_all() function is used to display data from a database, and the contents of the database table are under the control of an attacker, a format string vulnerability is possible which could lead to the execution of arbitrary code. (CVE-2007-0909) A one byte memory read will always occur before the beginning of a buffer, which could be triggered for example by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907) Several flaws in PHP could allows attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Stefan Esser for his help diagnosing these issues. |
RHSA-2007:0077: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20070077 highRHSA-2007:0077 CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-1092 CVE-2007-1282
RHSA-2007:0077: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070077 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0077, CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092, CVE-2007-1282 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in SeaMonkey crashing or executing arbitrary code as the user running SeaMonkey. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way SeaMonkey processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way SeaMonkey displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running SeaMonkey. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way SeaMonkey handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious web site to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.8 that corrects these issues. |
RHSA-2007:0078: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20070078 highRHSA-2007:0078 CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-0996 CVE-2007-1092 CVE-2007-1282
RHSA-2007:0078: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070078 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0078, CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092, CVE-2007-1282 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777, CVE-2007-1092) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.10 that corrects these issues. |
RHSA-2007:0079: Firefox security update (Critical)oval-com.redhat.rhsa-def-20070079 highRHSA-2007:0079 CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-1092
RHSA-2007:0079: Firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070079 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0079, CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in Firefox crashing or executing arbitrary code as the user running Firefox. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way Firefox processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Firefox displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Firefox. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Firefox handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious web site to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.10 that corrects these issues. |
RHSA-2007:0082: php security update (Important)oval-com.redhat.rhsa-def-20070082 highRHSA-2007:0082 CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988 CVE-2007-1285 CVE-2007-1380 CVE-2007-1701 CVE-2007-1825
RHSA-2007:0082: php security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070082 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0082, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0988, CVE-2007-1285, CVE-2007-1380, CVE-2007-1701, CVE-2007-1825 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A number of buffer overflow flaws were found in the PHP session extension; the str_replace() function; and the imap_mail_compose() function. If very long strings were passed to the str_replace() function, an integer overflow could occur in memory allocation. If a script used the imap_mail_compose() function to create a new MIME message based on an input body from an untrusted source, it could result in a heap overflow. An attacker with access to a PHP application affected by any these issues could trigger the flaws and possibly execute arbitrary code as the 'apache' user. (CVE-2007-0906) When unserializing untrusted data on 64-bit platforms, the zend_hash_init() function could be forced into an infinite loop, consuming CPU resources for a limited time, until the script timeout alarm aborted execution of the script. (CVE-2007-0988) If the wddx extension was used to import WDDX data from an untrusted source, certain WDDX input packets could expose a random portion of heap memory. (CVE-2007-0908) If the odbc_result_all() function was used to display data from a database, and the database table contents were under an attacker's control, a format string vulnerability was possible which could allow arbitrary code execution. (CVE-2007-0909) A one byte memory read always occurs before the beginning of a buffer. This could be triggered, for example, by any use of the header() function in a script. However it is unlikely that this would have any effect. (CVE-2007-0907) Several flaws in PHP could allow attackers to "clobber" certain super-global variables via unspecified vectors. (CVE-2007-0910) An input validation bug allowed a remote attacker to trigger a denial of service attack by submitting an input variable with a deeply-nested-array. (CVE-2007-1285) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. |
RHSA-2007:0085: kernel security update (Important)oval-com.redhat.rhsa-def-20070085 highRHSA-2007:0085 CVE-2007-0001 CVE-2007-0006
RHSA-2007:0085: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070085 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0085, CVE-2007-0001, CVE-2007-0006 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for two security issues: * a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important) * a flaw in the file watch implementation of the audit subsystems that allowed a local user to cause a denial of service (panic). To exploit this flaw a privileged user must have previously created a watch for a file (CVE-2007-0001, Moderate) In addition to the security issues described above, a fix for the SCTP subsystem to address a system crash which may be experienced in Telco environments has been included. Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. |
RHSA-2007:0086: gnomemeeting security update (Critical)oval-com.redhat.rhsa-def-20070086 highRHSA-2007:0086 CVE-2007-1007
RHSA-2007:0086: gnomemeeting security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070086 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0086, CVE-2007-1007 |
| Description | GnomeMeeting is a tool to communicate with video and audio over the Internet. A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007) Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue. |
RHSA-2007:0087: ekiga security update (Critical)oval-com.redhat.rhsa-def-20070087 highRHSA-2007:0087 CVE-2007-0999 CVE-2007-1006
RHSA-2007:0087: ekiga security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070087 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0087, CVE-2007-0999, CVE-2007-1006 |
| Description | Ekiga is a tool to communicate with video and audio over the Internet. Format string flaws were found in the way Ekiga processes certain messages. If a user is running Ekiga, a remote attacker who can connect to Ekiga could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-0999, CVE-2007-1006) Users of Ekiga should upgrade to these updated packages which contain a backported patch to correct this issue. |
RHSA-2007:0095: krb5 security update (Critical)oval-com.redhat.rhsa-def-20070095 highRHSA-2007:0095 CVE-2007-0956 CVE-2007-0957 CVE-2007-1216
RHSA-2007:0095: krb5 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070095 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0095, CVE-2007-0956, CVE-2007-0957, CVE-2007-1216 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the username handling of the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could log in as root without requiring a password. (CVE-2007-0956) Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package. For users who have enabled the krb5 telnet daemon and have it accessible remotely, this update should be applied immediately. Whilst we are not aware at this time that the flaw is being actively exploited, we have confirmed that the flaw is very easily exploitable. This update also fixes two additional security issues: Buffer overflows were found which affect the Kerberos KDC and the kadmin server daemon. A remote attacker who can access the KDC could exploit this bug to run arbitrary code with the privileges of the KDC or kadmin server processes. (CVE-2007-0957) A double-free flaw was found in the GSSAPI library used by the kadmin server daemon. Red Hat Enterprise Linux 4 and 5 contain checks within glibc that detect double-free flaws. Therefore, on Red Hat Enterprise Linux 4 and 5 successful exploitation of this issue can only lead to a denial of service. Applications which use this library in earlier releases of Red Hat Enterprise Linux may also be affected. (CVE-2007-1216) All users are advised to update to these erratum packages which contain a backported fix to correct these issues. Red Hat would like to thank MIT and iDefense for reporting these vulnerabilities. |
RHSA-2007:0097: firefox security update (Critical)oval-com.redhat.rhsa-def-20070097 highRHSA-2007:0097 CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996
RHSA-2007:0097: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070097 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0097, CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996 |
| Description | Mozilla Firefox is an open source Web browser. Flaws were found in the way Firefox executed malformed JavaScript code. A malicious web page could cause Firefox to crash or allow arbitrary code to be executed as the user running Firefox. (CVE-2007-0775, CVE-2007-0777) Cross-site scripting (XSS) flaws were found in Firefox. A malicious web page could display misleading information, allowing a user to unknowingly divulge sensitive information, such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Firefox processed JavaScript contained in certain tags. A malicious web page could cause Firefox to execute JavaScript code with the privileges of the user running Firefox. (CVE-2007-0994) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may have been able to inject arbitrary HTML into a browsing session if the user reloaded a targeted site. (CVE-2007-0778) Certain web content could overlay Firefox user interface elements such as the hostname and security indicators. A malicious web page could trick a user into thinking they were visiting a different site. (CVE-2007-0779) Two flaws were found in Firefox's displaying of blocked popup windows. If a user could be convinced to open a blocked popup, it was possible to read arbitrary local files, or conduct a cross-site scripting attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Firefox. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Firefox handled the "location.hostname" value. A malicious web page could set domain cookies for an arbitrary site, or possibly perform a cross-site scripting attack. (CVE-2007-0981) Users of Firefox are advised to upgrade to this erratum package, containing Firefox version 1.5.0.10 which is not vulnerable to these issues. |
RHSA-2007:0099: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20070099 highRHSA-2007:0099 CVE-2007-0005 CVE-2007-0006 CVE-2007-0958
RHSA-2007:0099: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070099 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0099, CVE-2007-0005, CVE-2007-0006, CVE-2007-0958 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * a flaw in the key serial number collision avoidance algorithm of the keyctl subsystem that allowed a local user to cause a denial of service (CVE-2007-0006, Important) * a flaw in the Omnikey CardMan 4040 driver that allowed a local user to execute arbitrary code with kernel privileges. In order to exploit this issue, the Omnikey CardMan 4040 PCMCIA card must be present and the local user must have access rights to the character device created by the driver. (CVE-2007-0005, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) In addition to the security issues described above, a fix for a kernel panic in the powernow-k8 module, and a fix for a kernel panic when booting the Xen domain-0 on system with large memory installations have been included. Red Hat would like to thank Daniel Roethlisberger for reporting an issue fixed in this erratum. Red Hat Enterprise Linux 5 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum. |
RHSA-2007:0106: gnupg security update (Important)oval-com.redhat.rhsa-def-20070106 highRHSA-2007:0106 CVE-2007-1263
RHSA-2007:0106: gnupg security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070106 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0106, CVE-2007-1263 |
| Description | GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue. |
RHSA-2007:0107: gnupg security update (Important)oval-com.redhat.rhsa-def-20070107 highRHSA-2007:0107 CVE-2007-1263
RHSA-2007:0107: gnupg security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070107 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0107, CVE-2007-1263 |
| Description | GnuPG is a utility for encrypting data and creating digital signatures. Gerardo Richarte discovered that a number of applications that make use of GnuPG are prone to a vulnerability involving incorrect verification of signatures and encryption. An attacker could add arbitrary content to a signed message in such a way that a receiver of the message would not be able to distinguish between the properly signed parts of a message and the forged, unsigned, parts. (CVE-2007-1263) Whilst this is not a vulnerability in GnuPG itself, the GnuPG team have produced a patch to protect against messages with multiple plaintext packets. Users should update to these erratum packages which contain the backported patch for this issue. Red Hat would like to thank Core Security Technologies for reporting this issue. |
RHSA-2007:0108: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20070108 highRHSA-2007:0108 CVE-2006-6077 CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0777 CVE-2007-0778 CVE-2007-0779 CVE-2007-0780 CVE-2007-0800 CVE-2007-0981 CVE-2007-0995 CVE-2007-0996 CVE-2007-1282
RHSA-2007:0108: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070108 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0108, CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1282 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML mail message could execute JavaScript code in such a way that may result in Thunderbird crashing or executing arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-0775, CVE-2007-0777) Several cross-site scripting (XSS) flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996) A flaw was found in the way Thunderbird processed text/enhanced and text/richtext formatted mail message. A specially crafted mail message could execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2007-1282) A flaw was found in the way Thunderbird cached web content on the local disk. A malicious HTML mail message may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778) A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site. (CVE-2007-0779) Two flaws were found in the way Thunderbird displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800) Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Thunderbird. (CVE-2007-0008, CVE-2007-0009) A flaw was found in the way Thunderbird handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.10 that corrects these issues. |
RHSA-2007:0114: xen security update (Important)oval-com.redhat.rhsa-def-20070114 highRHSA-2007:0114 CVE-2007-0998
RHSA-2007:0114: xen security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070114 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0114, CVE-2007-0998 |
| Description | The Xen package contains the tools for managing the virtual machine monitor in Red Hat Enterprise Linux virtualization. A flaw was found affecting the VNC server code in QEMU. On a fullyvirtualized guest VM, where qemu monitor mode is enabled, a user who had access to the VNC server could gain the ability to read arbitrary files as root in the host filesystem. (CVE-2007-0998) In addition to disabling qemu monitor mode, the following bugs were also fixed: * Fix IA64 fully virtualized (VTi) shadow page table mode initialization. * Fix network bonding in balanced-rr mode. Without this update, a network path loss could result in packet loss. Users of Xen should update to these erratum packages containing backported patches which correct these issues. |
RHSA-2007:0123: cups security update (Moderate)oval-com.redhat.rhsa-def-20070123 mediumRHSA-2007:0123 CVE-2007-0720
RHSA-2007:0123: cups security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070123 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0123, CVE-2007-0720 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A bug was found in the way CUPS handled SSL negotiation. A remote user capable of connecting to the CUPS daemon could cause a denial of service to other CUPS users. (CVE-2007-0720) All users of CUPS should upgrade to these updated packages, which contain a backported patch introducing a timeout, which prevents connections being kept open for an arbitrarily long time. |
RHSA-2007:0124: file security update (Moderate)oval-com.redhat.rhsa-def-20070124 mediumRHSA-2007:0124 CVE-2007-1536
RHSA-2007:0124: file security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070124 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0124, CVE-2007-1536 |
| Description | The file command is used to identify a particular file according to the type of data contained by the file. An integer underflow flaw was found in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-1536) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue. |
RHSA-2007:0126: xorg-x11 security update (Important)oval-com.redhat.rhsa-def-20070126 highRHSA-2007:0126 CVE-2007-1003 CVE-2007-1351 CVE-2007-1352 CVE-2007-1667
RHSA-2007:0126: xorg-x11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070126 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0126, CVE-2007-1003, CVE-2007-1351, CVE-2007-1352, CVE-2007-1667 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1003) iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues. |
RHSA-2007:0127: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20070127 highRHSA-2007:0127 CVE-2007-1003
RHSA-2007:0127: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070127 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0127, CVE-2007-1003 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported an integer overflow flaw in the X.org X11 server XC-MISC extension. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. (CVE-2007-1003) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and is not vulnerable to this issue. |
RHSA-2007:0131: squid security update (Moderate)oval-com.redhat.rhsa-def-20070131 mediumRHSA-2007:0131 CVE-2007-1560
RHSA-2007:0131: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070131 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0131, CVE-2007-1560 |
| Description | Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed the TRACE request method. It was possible for an attacker behind the Squid proxy to issue a malformed TRACE request, crashing the Squid daemon child process. As long as these requests were sent, it would prevent legitimate usage of the proxy server. (CVE-2007-1560) This flaw does not affect the version of Squid shipped in Red Hat Enterprise Linux 2.1, 3, or 4. Users of Squid should upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue. |
RHSA-2007:0132: libXfont security update (Important)oval-com.redhat.rhsa-def-20070132 highRHSA-2007:0132 CVE-2007-1351 CVE-2007-1352
RHSA-2007:0132: libXfont security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070132 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0132, CVE-2007-1351, CVE-2007-1352 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. iDefense reported two integer overflows in the way X.org handled various font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-1351, CVE-2007-1352) Users of X.org libXfont should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. |
RHSA-2007:0150: freetype security update (Moderate)oval-com.redhat.rhsa-def-20070150 mediumRHSA-2007:0150 CVE-2007-1351
RHSA-2007:0150: freetype security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070150 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0150, CVE-2007-1351 |
| Description | FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed BDF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-1351) This flaw did not affect the version of FreeType shipped in Red Hat Enterprise Linux 2.1. Users of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue. Red Hat would like to thank iDefense for reporting this issue. |
RHSA-2007:0152: mysql security update (Moderate)oval-com.redhat.rhsa-def-20070152 mediumRHSA-2007:0152 CVE-2006-4226
RHSA-2007:0152: mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070152 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0152, CVE-2006-4226 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue. |
RHSA-2007:0153: php security update (Moderate)oval-com.redhat.rhsa-def-20070153 mediumRHSA-2007:0153 CVE-2007-0455 CVE-2007-1001 CVE-2007-1583 CVE-2007-1718
RHSA-2007:0153: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070153 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0153, CVE-2007-0455, CVE-2007-1001, CVE-2007-1583, CVE-2007-1718 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. |
RHSA-2007:0155: php security update (Important)oval-com.redhat.rhsa-def-20070155 highRHSA-2007:0155 CVE-2007-0455 CVE-2007-1001 CVE-2007-1285 CVE-2007-1286 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718
RHSA-2007:0155: php security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070155 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0155, CVE-2007-0455, CVE-2007-1001, CVE-2007-1285, CVE-2007-1286, CVE-2007-1583, CVE-2007-1711, CVE-2007-1718 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A denial of service flaw was found in the way PHP processed a deeply nested array. A remote attacker could cause the PHP interpreter to crash by submitting an input variable with a deeply nested array. (CVE-2007-1285) A flaw was found in the way PHP's unserialize() function processed data. If a remote attacker was able to pass arbitrary data to PHP's unserialize() function, they could possibly execute arbitrary code as the apache user. (CVE-2007-1286) A flaw was found in the way the mbstring extension set global variables. A script which used the mb_parse_str() function to set global variables could be forced to enable the register_globals configuration option, possibly resulting in global variable injection. (CVE-2007-1583) A double free flaw was found in PHP's session_decode() function. If a remote attacker was able to pass arbitrary data to PHP's session_decode() function, they could possibly execute arbitrary code as the apache user. (CVE-2007-1711) A flaw was discovered in the way PHP's mail() function processed header data. If a script sent mail using a Subject header containing a string from an untrusted source, a remote attacker could send bulk e-mail to unintended recipients. (CVE-2007-1718) A heap based buffer overflow flaw was discovered in PHP's gd extension. A script that could be forced to process WBMP images from an untrusted source could result in arbitrary code execution. (CVE-2007-1001) A buffer over-read flaw was discovered in PHP's gd extension. A script that could be forced to write arbitrary string using a JIS font from an untrusted source could cause the PHP interpreter to crash. (CVE-2007-0455) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. |
RHSA-2007:0157: xorg-x11-apps and libX11 security update (Moderate)oval-com.redhat.rhsa-def-20070157 mediumRHSA-2007:0157 CVE-2007-1667
RHSA-2007:0157: xorg-x11-apps and libX11 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070157 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0157, CVE-2007-1667 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow flaw was found in the X.org XGetPixel() function. Improper use of this function could cause an application calling it to function improperly, possibly leading to a crash or arbitrary code execution. (CVE-2007-1667) Users of the X.org X11 server should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. |
RHSA-2007:0158: evolution security update (Moderate)oval-com.redhat.rhsa-def-20070158 mediumRHSA-2007:0158 CVE-2007-1002
RHSA-2007:0158: evolution security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070158 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0158, CVE-2007-1002 |
| Description | Evolution is the GNOME collection of personal information management (PIM) tools. A format string bug was found in the way Evolution parsed the category field in a memo. If a user tried to save and then view a carefully crafted memo, arbitrary code may be executed as the user running Evolution. (CVE-2007-1002) This flaw did not affect the versions of Evolution shipped with Red Hat Enterprise Linux 2.1, 3, or 4. All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Härnhammar of Secunia Research for reporting this issue. |
RHSA-2007:0169: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20070169 highRHSA-2007:0169 CVE-2007-0771 CVE-2007-1000 CVE-2007-1388
RHSA-2007:0169: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070169 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0169, CVE-2007-0771, CVE-2007-1000, CVE-2007-1388 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * a flaw in the IPv6 socket option handling that allowed a local user to read arbitrary kernel memory (CVE-2007-1000, Important). * a flaw in the IPv6 socket option handling that allowed a local user to cause a denial of service (CVE-2007-1388, Important). * a flaw in the utrace support that allowed a local user to cause a denial of service (CVE-2007-0771, Important). In addition to the security issues described above, a fix for a memory leak in the audit subsystem and a fix for a data corruption bug on s390 systems have been included. Red Hat Enterprise Linux 5 users are advised to upgrade to these erratum packages, which are not vulnerable to these issues. |
RHSA-2007:0203: unzip security and bug fix update (Low)oval-com.redhat.rhsa-def-20070203 lowRHSA-2007:0203 CVE-2005-2475 CVE-2005-4667
RHSA-2007:0203: unzip security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070203 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0203, CVE-2005-2475, CVE-2005-4667 |
| Description | The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed (CVE-2005-2475) A buffer overflow was found in Unzip command line argument handling. If a user could be tricked into running Unzip with a specially crafted long file name, an attacker could execute arbitrary code with that user's privileges. (CVE-2005-4667) As well, this update adds support for files larger than 2GB. All users of unzip should upgrade to these updated packages, which contain backported patches that resolve these issues. |
RHSA-2007:0208: w3c-libwww security and bug fix update (Low)oval-com.redhat.rhsa-def-20070208 lowRHSA-2007:0208 CVE-2005-3183
RHSA-2007:0208: w3c-libwww security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070208 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0208, CVE-2005-3183 |
| Description | w3c-libwww is a general-purpose web library. Several buffer overflow flaws in w3c-libwww were found. If a client application that uses w3c-libwww connected to a malicious HTTP server, it could trigger an out of bounds memory access, causing the client application to crash (CVE-2005-3183). This updated version of w3c-libwww also fixes an issue when computing MD5 sums on a 64 bit machine. Users of w3c-libwww should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0220: gcc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20070220 mediumRHSA-2007:0220 CVE-2006-3619
RHSA-2007:0220: gcc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070220 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0220, CVE-2006-3619 |
| Description | The gcc packages include C, C++, Java, Fortran 77, Objective C, and Ada 95 GNU compilers and related support libraries. Jürgen Weigert discovered a directory traversal flaw in fastjar. An attacker could create a malicious JAR file which, if unpacked using fastjar, could write to any files the victim had write access to. (CVE-2006-3619) These updated packages also fix several bugs, including: * two debug information generator bugs * two internal compiler errors In addition to this, protoize.1 and unprotoize.1 manual pages have been added to the package and __cxa_get_exception_ptr@@CXXABI_1.3.1 symbol has been added into libstdc++.so.6. For full details regarding all fixed bugs, refer to the package changelog as well as the specified list of bug reports from bugzilla. All users of gcc should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:0229: gdb security and bug fix update (Low)oval-com.redhat.rhsa-def-20070229 lowRHSA-2007:0229 CVE-2006-4146
RHSA-2007:0229: gdb security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070229 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0229, CVE-2006-4146 |
| Description | GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion and then printing their data. Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If a user loaded an executable containing malicious debugging information into GDB, an attacker might be able to execute arbitrary code with the privileges of the user. (CVE-2006-4146) This updated package also addresses the following issues: * Fixed bogus 0x0 unwind of the thread's topmost function clone(3). * Fixed deadlock accessing invalid address; for corrupted backtraces. * Fixed a race which occasionally left the detached processes stopped. * Fixed 'gcore' command for 32bit debugged processes on 64bit hosts. * Added support for TLS 'errno' for threaded programs missing its '-debuginfo' package.. * Suggest TLS 'errno' resolving by hand if no threading was found.. * Added a fix to prevent stepping into asynchronously invoked signal handlers. * Added a fix to avoid false warning on shared objects bfd close on Itanium. * Fixed segmentation fault on the source display by ^X 1. * Fixed object names keyboard completion. * Added a fix to avoid crash of 'info threads' if stale threads exist. * Fixed a bug where shared libraries occasionally failed to load . * Fixed handling of exec() called by a threaded debugged program. * Fixed rebuilding requirements of the gdb package itself on multilib systems. * Fixed source directory pathname detection for the edit command. All users of gdb should upgrade to this updated package, which contains backported patches to resolve these issues. |
RHSA-2007:0235: util-linux security and bug fix update (Low)oval-com.redhat.rhsa-def-20070235 lowRHSA-2007:0235 CVE-2006-7108
RHSA-2007:0235: util-linux security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070235 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0235, CVE-2006-7108 |
| Description | The util-linux package contains a collection of basic system utilities. A flaw was found in the way the login process handled logins which did not require authentication. Certain processes which conduct their own authentication could allow a remote user to bypass intended access policies which would normally be enforced by the login process. (CVE-2006-7108) This update also fixes the following bugs: * The partx, addpart and delpart commands were not documented. * The "umount -l" command did not work on hung NFS mounts with cached data. * The mount command did not mount NFS V3 share where sec=none was specified. * The mount command did not read filesystem LABEL from unpartitioned disks. * The mount command did not recognize labels on VFAT filesystems. * The fdisk command did not support 4096 sector size for the "-b" option. * The mount man page did not list option "mand" or information about /etc/mtab limitations. All users of util-linux should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0244: busybox security update (Low)oval-com.redhat.rhsa-def-20070244 lowRHSA-2007:0244 CVE-2006-1058
RHSA-2007:0244: busybox security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070244 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0244, CVE-2006-1058 |
| Description | Busybox is a single binary which includes versions of a large number of system commands, including a shell. This package can be useful for recovering from certain types of system failures. BusyBox did not use a salt when generating passwords. This made it easier for local users to guess passwords from a stolen password file. (CVE-2006-1058) All users of busybox are advised to upgrade to these updated packages, which contain a patch to resolve this issue. |
RHSA-2007:0245: cpio security and bug fix update (Low)oval-com.redhat.rhsa-def-20070245 lowRHSA-2007:0245 CVE-2005-4268
RHSA-2007:0245: cpio security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070245 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0245, CVE-2005-4268 |
| Description | GNU cpio copies files into or out of a cpio or tar archive. A buffer overflow was found in cpio on 64-bit platforms. By tricking a user into adding a specially crafted large file to a cpio archive, a local attacker may be able to exploit this flaw to execute arbitrary code with the target user's privileges. (CVE-2005-4268) This erratum also addresses the following bugs: * cpio did not set exit codes appropriately. * cpio did not create a ram disk properly. All users of cpio are advised to upgrade to this updated package, which contains backported fixes to correct these issues. |
RHSA-2007:0252: sendmail security and bug fix update (Low)oval-com.redhat.rhsa-def-20070252 lowRHSA-2007:0252 CVE-2006-7176
RHSA-2007:0252: sendmail security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070252 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0252, CVE-2006-7176 |
| Description | Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of Sendmail on Red Hat Enterprise Linux was found to not reject the "localhost.localdomain" domain name for e-mail messages that came from external hosts. This could have allowed remote attackers to disguise spoofed messages (CVE-2006-7176). This updated package also fixes the following bugs: * Infinite loop within tls read. * Incorrect path to selinuxenabled in initscript. * Build artifacts from sendmail-cf package. * Missing socketmap support. * Add support for CipherList configuration directive. * Path for aliases file. * Failure of shutting down sm-client. * Allows to specify persistent queue runners. * Missing dnl for SMART_HOST define. * Fixes connections stay in CLOSE_WAIT. All users of Sendmail should upgrade to these updated packages, which contains backported patches to resolve these issues. |
RHSA-2007:0257: openssh security and bug fix update (Low)oval-com.redhat.rhsa-def-20070257 lowRHSA-2007:0257 CVE-2005-2666
RHSA-2007:0257: openssh security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070257 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0257, CVE-2005-2666 |
| Description | OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This package includes the core files necessary for both the OpenSSH client and server. OpenSSH stores hostnames, IP addresses, and keys in plaintext in the known_hosts file. A local attacker that has already compromised a user's SSH account could use this information to generate a list of additional targets that are likely to have the same password or key. (CVE-2005-2666) The following bugs have also been fixed in this update: * The ssh client could abort the running connection when the server application generated a large output at once. * When 'X11UseLocalhost' option was set to 'no' on systems with IPv6 networking enabled, the X11 forwarding socket listened only for IPv6 connections. * When the privilege separation was enabled in /etc/ssh/sshd_config, some log messages in the system log were duplicated and also had timestamps from an incorrect timezone. All users of openssh should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0276: shadow-utils security and bug fix update (Low)oval-com.redhat.rhsa-def-20070276 lowRHSA-2007:0276 CVE-2006-1174
RHSA-2007:0276: shadow-utils security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070276 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0276, CVE-2006-1174 |
| Description | The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, as well as programs for managing user and group accounts. A flaw was found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. This could allow a local attacker to read or modify the mailbox. (CVE-2006-1174) This update also fixes the following bugs: * shadow-utils debuginfo package was empty. * faillog was unusable on 64-bit systems. It checked every UID from 0 to the max UID, which was an excessively large number on 64-bit systems. * typo bug in login.defs file All users of shadow-utils are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:0286: gdm security and bug fix update (Low)oval-com.redhat.rhsa-def-20070286 lowRHSA-2007:0286 CVE-2006-1057
RHSA-2007:0286: gdm security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070286 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0286, CVE-2006-1057 |
| Description | Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. Marcus Meissner discovered a race condition issue in the way Gdm modifies the permissions on the .ICEauthority file. A local attacker could exploit this flaw to gain privileges. Due to the nature of the flaw, however, a successful exploitation was unlikely. (CVE-2006-1057) This erratum also includes a bug fix to correct the pam configuration for the audit system. All users of gdm should upgrade to this updated package, which contains backported patches to resolve these issues. |
RHSA-2007:0310: openldap security update (Low)oval-com.redhat.rhsa-def-20070310 lowRHSA-2007:0310 CVE-2006-4600
RHSA-2007:0310: openldap security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070310 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0310, CVE-2006-4600 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. (CVE-2006-4600) All users are advised to upgrade to these updated openldap packages, which contain a backported patch to correct this issue. |
RHSA-2007:0322: xscreensaver security update (Moderate)oval-com.redhat.rhsa-def-20070322 mediumRHSA-2007:0322 CVE-2007-1859
RHSA-2007:0322: xscreensaver security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070322 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0322, CVE-2007-1859 |
| Description | XScreenSaver is a collection of screensavers. Alex Yamauchi discovered a flaw in the way XScreenSaver verifies user passwords. When a system is using a remote directory service for login credentials, a local attacker may be able to cause a network outage causing XScreenSaver to crash, unlocking the screen. (CVE-2007-1859) Users of XScreenSaver should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2007:0323: xen security update (Important)oval-com.redhat.rhsa-def-20070323 highRHSA-2007:0323 CVE-2007-1320 CVE-2007-1321 CVE-2007-4993
RHSA-2007:0323: xen security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070323 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0323, CVE-2007-1320, CVE-2007-1321, CVE-2007-4993 |
| Description | The Xen package contains the tools for managing the virtual machine monitor in Red Hat Enterprise Linux virtualization. The following security flaws are fixed in the updated Xen package: Joris van Rantwijk found a flaw in the Pygrub utility which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully crafted grub.conf file which would trigger the execution of arbitrary code outside of that domain. (CVE-2007-4993) Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. (CVE-2007-1320) Tavis Ormandy discovered insufficient input validation leading to a heap overflow in the Xen NE2000 network driver. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain. Xen does not use this driver by default. (CVE-2007-1321) Users of Xen should update to these erratum packages containing backported patches which correct these issues. |
RHSA-2007:0327: tomcat security update (Important)oval-com.redhat.rhsa-def-20070327 highRHSA-2007:0327 CVE-2005-2090 CVE-2006-7195 CVE-2007-0450 CVE-2007-1358
RHSA-2007:0327: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070327 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0327, CVE-2005-2090, CVE-2006-7195, CVE-2007-0450, CVE-2007-1358 |
| Description | Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. Tomcat was found to accept multiple content-length headers in a request. This could allow attackers to poison a web-cache, bypass web application firewall protection, or conduct cross-site scripting attacks. (CVE-2005-2090) Tomcat permitted various characters as path delimiters. If Tomcat was used behind certain proxies and configured to only proxy some contexts, an attacker could construct an HTTP request to work around the context restriction and potentially access non-proxied content. (CVE-2007-0450) The implict-objects.jsp file distributed in the examples webapp displayed a number of unfiltered header values. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks. (CVE-2006-7195) Users should upgrade to these erratum packages which contain an update to Tomcat that resolves these issues. Updated jakarta-commons-modeler packages are also included which correct a bug when used with Tomcat 5.5.23. |
RHSA-2007:0336: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20070336 mediumRHSA-2007:0336 CVE-2007-2138
RHSA-2007:0336: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070336 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0336, CVE-2007-2138 |
| Description | PostgreSQL is an advanced Object-Relational database management system (DBMS). A flaw was found in the way PostgreSQL allows authenticated users to execute security-definer functions. It was possible for an unprivileged user to execute arbitrary code with the privileges of the security-definer function. (CVE-2007-2138) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 8.1.9, 7.4.17, and 7.3.19 which corrects this issue. |
RHSA-2007:0338: freeradius security update (Moderate)oval-com.redhat.rhsa-def-20070338 mediumRHSA-2007:0338 CVE-2007-2028
RHSA-2007:0338: freeradius security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070338 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0338, CVE-2007-2028 |
| Description | FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network. A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. (CVE-2007-2028) Users of FreeRADIUS should update to these erratum packages, which contain a backported patch to correct this issue. |
RHSA-2007:0342: ipsec-tools security update (Moderate)oval-com.redhat.rhsa-def-20070342 mediumRHSA-2007:0342 CVE-2007-1841
RHSA-2007:0342: ipsec-tools security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070342 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0342, CVE-2007-1841 |
| Description | The ipsec-tools package is used in conjunction with the IPsec functionality in the linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. It was possible for a remote attacker, with knowledge of an existing ipsec tunnel, to terminate the ipsec connection between two machines. (CVE-2007-1841) Users of ipsec-tools should upgrade to these updated packages, which contain a backported patch that resolves this issue. |
RHSA-2007:0343: gimp security update (Moderate)oval-com.redhat.rhsa-def-20070343 mediumRHSA-2007:0343 CVE-2007-2356
RHSA-2007:0343: gimp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070343 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0343, CVE-2007-2356 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Marsu discovered a stack overflow bug in The GIMP RAS file loader. An attacker could create a carefully crafted file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-2356) For users of Red Hat Enterprise Linux 5, the previous GIMP packages had a bug that concerned the execution order in which the symbolic links to externally packaged GIMP plugins are installed and removed, causing the symbolic links to vanish when the package is updated. Users of The GIMP should update to these erratum packages which contain a backported fix to correct these issues. |
RHSA-2007:0344: evolution-data-server security update (Moderate)oval-com.redhat.rhsa-def-20070344 mediumRHSA-2007:0344 CVE-2007-1558
RHSA-2007:0344: evolution-data-server security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070344 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0344, CVE-2007-1558 |
| Description | The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. A flaw was found in the way evolution-data-server processed certain APOP authentication requests. By sending certain responses when evolution-data-server attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) All users of evolution-data-server should upgrade to these updated packages, which contain a backported patch which resolves this issue. |
RHSA-2007:0345: vixie-cron security update (Moderate)oval-com.redhat.rhsa-def-20070345 mediumRHSA-2007:0345 CVE-2007-1856
RHSA-2007:0345: vixie-cron security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070345 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0345, CVE-2007-1856 |
| Description | The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Raphael Marichez discovered a denial of service bug in the way vixie-cron verifies crontab file integrity. A local user with the ability to create a hardlink to /etc/crontab can prevent vixie-cron from executing certain system cron jobs. (CVE-2007-1856) All users of vixie-cron should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2007:0346: vim security update (Moderate)oval-com.redhat.rhsa-def-20070346 mediumRHSA-2007:0346 CVE-2007-2438
RHSA-2007:0346: vim security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070346 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0346, CVE-2007-2438 |
| Description | VIM (VIsual editor iMproved) is a version of the vi editor. An arbitrary command execution flaw was found in the way VIM processes modelines. If a user with modelines enabled opened a text file containing a carefully crafted modeline, arbitrary commands could be executed as the user running VIM. (CVE-2007-2438) Users of VIM are advised to upgrade to these updated packages, which resolve this issue. Please note: this issue did not affect VIM as distributed with Red Hat Enterprise Linux 2.1, 3, or 4. |
RHSA-2007:0347: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20070347 highRHSA-2007:0347 CVE-2007-1496 CVE-2007-1497 CVE-2007-1592 CVE-2007-1861 CVE-2007-2172 CVE-2007-2242
RHSA-2007:0347: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070347 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0347, CVE-2007-1496, CVE-2007-1497, CVE-2007-1592, CVE-2007-1861, CVE-2007-2172, CVE-2007-2242 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * a flaw in the handling of IPv6 type 0 routing headers that allowed remote users to cause a denial of service that led to a network amplification between two routers (CVE-2007-2242, Important). * a flaw in the nfnetlink_log netfilter module that allowed a local user to cause a denial of service (CVE-2007-1496, Important). * a flaw in the flow list of listening IPv6 sockets that allowed a local user to cause a denial of service (CVE-2007-1592, Important). * a flaw in the handling of netlink messages that allowed a local user to cause a denial of service (infinite recursion) (CVE-2007-1861, Important). * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access (CVE-2007-2172, Important). * a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote users to bypass certain netfilter rules using IPv6 fragments (CVE-2007-1497, Moderate). In addition to the security issues described above, fixes for the following have been included: * a regression in ipv6 routing. * an error in memory initialization that caused gdb to output inaccurate backtraces on ia64. * the nmi watchdog timeout was updated from 5 to 30 seconds. * a flaw in distributed lock management that could result in errors during virtual machine migration. * an omitted include in kernel-headers that led to compile failures for some packages. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues. |
RHSA-2007:0348: php security update (Important)oval-com.redhat.rhsa-def-20070348 highRHSA-2007:0348 CVE-2007-1864 CVE-2007-2509 CVE-2007-2510
RHSA-2007:0348: php security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070348 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0348, CVE-2007-1864, CVE-2007-2509, CVE-2007-2510 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affect PHP applications using the pure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864) A flaw was found in the PHP 'ftp' extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509) A buffer overflow flaw was found in the PHP 'soap' extension, regarding the handling of an HTTP redirect response when using the SOAP client provided by this extension with an untrusted SOAP server. No mechanism to trigger this flaw remotely is known. (CVE-2007-2510) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. |
RHSA-2007:0349: php security update (Important)oval-com.redhat.rhsa-def-20070349 highRHSA-2007:0349 CVE-2007-1864 CVE-2007-2509
RHSA-2007:0349: php security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070349 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0349, CVE-2007-1864, CVE-2007-2509 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. A PHP script which implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the 'apache' user. Note that this flaw does not affect PHP applications using the pure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864) A flaw was found in the PHP 'ftp' extension. If a PHP script used this extension to provide access to a private FTP server, and passed untrusted script input directly to any function provided by this extension, a remote attacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509) Users of PHP should upgrade to these updated packages which contain backported patches to correct these issues. |
RHSA-2007:0353: evolution security update (Moderate)oval-com.redhat.rhsa-def-20070353 mediumRHSA-2007:0353 CVE-2007-1558
RHSA-2007:0353: evolution security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070353 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0353, CVE-2007-1558 |
| Description | Evolution is the GNOME collection of personal information management (PIM) tools. A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server. (CVE-2007-1558) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. |
RHSA-2007:0354: samba security update (Critical)oval-com.redhat.rhsa-def-20070354 highRHSA-2007:0354 CVE-2007-2446 CVE-2007-2447
RHSA-2007:0354: samba security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070354 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0354, CVE-2007-2446, CVE-2007-2447 |
| Description | Samba provides file and printer sharing services to SMB/CIFS clients. Various bugs were found in NDR parsing, used to decode MS-RPC requests in Samba. A remote attacker could have sent carefully crafted requests causing a heap overflow, which may have led to the ability to execute arbitrary code on the server. (CVE-2007-2446) Unescaped user input parameters were being passed as arguments to /bin/sh. A remote, authenticated, user could have triggered this flaw and executed arbitrary code on the server. Additionally, on Red Hat Enterprise Linux 5 only, this flaw could be triggered by a remote unauthenticated user if Samba was configured to use the non-default "username map script" option. (CVE-2007-2447) Users of Samba should upgrade to these packages, which contain backported patches to correct these issues. After upgrading, Samba should be restarted using "service smb restart" On Red Hat Enterprise Linux 5 the impact of these issues is reduced as Samba is constrained by the default SELinux "targeted" policy. Red Hat would like to thank the Samba developers, TippingPoint, and iDefense for reporting these issues. |
RHSA-2007:0356: libpng security update (Moderate)oval-com.redhat.rhsa-def-20070356 mediumRHSA-2007:0356 CVE-2006-5793 CVE-2007-2445
RHSA-2007:0356: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070356 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0356, CVE-2006-5793, CVE-2007-2445 |
| Description | The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was found in the handling of malformed images in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-2445) A flaw was found in the sPLT chunk handling code in libpng. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was opened. (CVE-2006-5793) Users of libpng should update to these updated packages which contain backported patches to correct these issues. Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for these issues. |
RHSA-2007:0358: squirrelmail security update (Moderate)oval-com.redhat.rhsa-def-20070358 mediumRHSA-2007:0358 CVE-2007-1262 CVE-2007-2589
RHSA-2007:0358: squirrelmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070358 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0358, CVE-2007-1262, CVE-2007-2589 |
| Description | SquirrelMail is a standards-based webmail package written in PHP4. Several HTML filtering bugs were discovered in SquirrelMail. An attacker could inject arbitrary JavaScript leading to cross-site scripting attacks by sending an e-mail viewed by a user within SquirrelMail. (CVE-2007-1262) Squirrelmail did not sufficiently check arguments to IMG tags in HTML e-mail messages. This could be exploited by an attacker by sending arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening a maliciously crafted HTML e-mail message. (CVE-2007-2589) Users of SquirrelMail should upgrade to this erratum package, which contains a backported patch to correct these issues. |
RHSA-2007:0368: tcpdump security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20070368 mediumRHSA-2007:0368 CVE-2007-1218 CVE-2007-3798
RHSA-2007:0368: tcpdump security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070368 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0368, CVE-2007-1218, CVE-2007-3798 |
| Description | Tcpdump is a command line tool for monitoring network traffic. Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE 802.11 processing code. If a certain link type was explicitly specified, an attacker could inject a carefully crafted frame onto the IEEE 802.11 network that could crash a running tcpdump session. (CVE-2007-1218) An integer overflow flaw was found in tcpdump's BGP processing code. An attacker could execute arbitrary code with the privilege of the pcap user by injecting a crafted frame onto the network. (CVE-2007-3798) In addition, the following bugs have been addressed: * The arpwatch service initialization script would exit prematurely, returning an incorrect successful exit status and preventing the status command from running in case networking is not available. * Tcpdump would not drop root privileges completely when launched with the -C option. This might have been abused by an attacker to gain root privileges in case a security problem was found in tcpdump. Users of tcpdump are encouraged to specify meaningful arguments to the -Z option in case they want tcpdump to write files with privileges other than of the pcap user. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. |
RHSA-2007:0376: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20070376 highRHSA-2007:0376 CVE-2006-7203 CVE-2007-1353 CVE-2007-2453 CVE-2007-2525
RHSA-2007:0376: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070376 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0376, CVE-2006-7203, CVE-2007-1353, CVE-2007-2453, CVE-2007-2525 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (CVE-2006-7203, Important). * a flaw in the PPP over Ethernet implementation that allowed a remote user to cause a denial of service (CVE-2007-2525, Important). * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak (CVE-2007-1353, Low). * a bug in the random number generator that prevented the manual seeding of the entropy pool (CVE-2007-2453, Low). In addition to the security issues described above, fixes for the following have been included: * a race condition between ext3_link/unlink that could create an orphan inode list corruption. * a bug in the e1000 driver that could lead to a watchdog timeout panic. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues. |
RHSA-2007:0385: fetchmail security update (Moderate)oval-com.redhat.rhsa-def-20070385 mediumRHSA-2007:0385 CVE-2007-1558
RHSA-2007:0385: fetchmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070385 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0385, CVE-2007-1558 |
| Description | Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. A flaw was found in the way fetchmail processed certain APOP authentication requests. By sending certain responses when fetchmail attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) All users of fetchmail should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2007:0386: mutt security update (Moderate)oval-com.redhat.rhsa-def-20070386 mediumRHSA-2007:0386 CVE-2006-5297 CVE-2007-1558 CVE-2007-2683
RHSA-2007:0386: mutt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070386 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0386, CVE-2006-5297, CVE-2007-1558, CVE-2007-2683 |
| Description | Mutt is a text-mode mail user agent. A flaw was found in the way Mutt used temporary files on NFS file systems. Due to an implementation issue in the NFS protocol, Mutt was not able to exclusively open a new file. A local attacker could conduct a time-dependent attack and possibly gain access to e-mail attachments opened by a victim. (CVE-2006-5297) A flaw was found in the way Mutt processed certain APOP authentication requests. By sending certain responses when mutt attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way Mutt handled certain characters in gecos fields which could lead to a buffer overflow. The gecos field is an entry in the password database typically used to record general information about the user. A local attacker could give themselves a carefully crafted "Real Name" which could execute arbitrary code if a victim uses Mutt and expands the attackers alias. (CVE-2007-2683) All users of mutt should upgrade to this updated package, which contains a backported patches to correct these issues. |
RHSA-2007:0387: tcpdump security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20070387 mediumRHSA-2007:0387 CVE-2007-1218 CVE-2007-3798
RHSA-2007:0387: tcpdump security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070387 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0387, CVE-2007-1218, CVE-2007-3798 |
| Description | Tcpdump is a command line tool for monitoring network traffic. Moritz Jodeit discovered a denial of service bug in the tcpdump IEEE 802.11 processing code. An attacker could inject a carefully crafted frame onto the IEEE 802.11 network that could crash a running tcpdump session if a certain link type was explicitly specified. (CVE-2007-1218) An integer overflow flaw was found in tcpdump's BGP processing code. An attacker could execute arbitrary code with the privilege of the pcap user by injecting a crafted frame onto the network. (CVE-2007-3798) In addition, the following bugs have been addressed: * if called with -C and -W switches, tcpdump would create the first savefile with the privileges of the user that executed tcpdump (usually root), rather than with ones of the pcap user. This could result in the inability to save the complete traffic log file properly without the immediate notice of the user running tcpdump. * the arpwatch service initialization script would exit prematurely, returning a successful exit status incorrectly and preventing the status command from running in case networking is not available. Users of tcpdump are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. |
RHSA-2007:0389: quagga security update (Moderate)oval-com.redhat.rhsa-def-20070389 mediumRHSA-2007:0389 CVE-2007-1995
RHSA-2007:0389: quagga security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070389 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0389, CVE-2007-1995 |
| Description | Quagga is a TCP/IP based routing software suite. An out of bounds memory read flaw was discovered in Quagga's bgpd. A configured peer of bgpd could cause Quagga to crash, leading to a denial of service (CVE-2007-1995). All users of Quagga should upgrade to this updated package, which contains a backported patch to correct these issues. |
RHSA-2007:0391: file security update (Moderate)oval-com.redhat.rhsa-def-20070391 mediumRHSA-2007:0391 CVE-2007-2799
RHSA-2007:0391: file security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070391 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0391, CVE-2007-2799 |
| Description | The file command is used to identify a particular file according to the type of data contained by the file. The fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution. (CVE-2007-2799) This issue did not affect the version of the file utility distributed with Red Hat Enterprise Linux 2.1 or 3. Users should upgrade to this erratum package, which contain a backported patch to correct this issue. |
RHSA-2007:0395: mod_perl security update (Low)oval-com.redhat.rhsa-def-20070395 lowRHSA-2007:0395 CVE-2007-1349
RHSA-2007:0395: mod_perl security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070395 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0395, CVE-2007-1349 |
| Description | Mod_perl incorporates a Perl interpreter into the Apache web server, so that the Apache web server can directly execute Perl code. An issue was found in the "namespace_from_uri" method of the ModPerl::RegistryCooker class. If a server implemented a mod_perl registry module using this method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service (CVE-2007-1349). Users of mod_perl should update to these erratum packages which contain a backported fix to correct this issue. |
RHSA-2007:0400: firefox security update (Critical)oval-com.redhat.rhsa-def-20070400 highRHSA-2007:0400 CVE-2007-1362 CVE-2007-1562 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871
RHSA-2007:0400: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070400 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0400, CVE-2007-1362, CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious web site could use this method to access or modify sensitive data from another web site. (CVE-2007-2870) A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.12 that corrects these issues. |
RHSA-2007:0401: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20070401 highRHSA-2007:0401 CVE-2007-1362 CVE-2007-1558 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2871
RHSA-2007:0401: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070401 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0401, CVE-2007-1362, CVE-2007-1558, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2871 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-2867, CVE-2007-2868) Several denial of service flaws were found in the way Thunderbird handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Thunderbird from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way Thunderbird processed certain APOP authentication requests. By sending certain responses when Thunderbird attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way Thunderbird displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of Thunderbird are advised to apply this update, which contains Thunderbird version 1.5.0.12 that corrects these issues. |
RHSA-2007:0402: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20070402 highRHSA-2007:0402 CVE-2007-1362 CVE-2007-1558 CVE-2007-1562 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871
RHSA-2007:0402: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070402 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0402, CVE-2007-1362, CVE-2007-1558, CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-2867, CVE-2007-2868) A flaw was found in the way SeaMonkey handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562) Several denial of service flaws were found in the way SeaMonkey handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent SeaMonkey from functioning properly. (CVE-2007-1362, CVE-2007-2869) A flaw was found in the way SeaMonkey processed certain APOP authentication requests. By sending certain responses when SeaMonkey attempted to authenticate against an APOP server, a remote attacker could potentially acquire certain portions of a user's authentication credentials. (CVE-2007-1558) A flaw was found in the way SeaMonkey handled the addEventListener JavaScript method. A malicious web site could use this method to access or modify sensitive data from another web site. (CVE-2007-2870) A flaw was found in the way SeaMonkey displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain SeaMonkey version 1.0.9 that corrects these issues. |
RHSA-2007:0403: freetype security update (Moderate)oval-com.redhat.rhsa-def-20070403 mediumRHSA-2007:0403 CVE-2007-2754
RHSA-2007:0403: freetype security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070403 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0403, CVE-2007-2754 |
| Description | FreeType is a free, high-quality, portable font engine. An integer overflow flaw was found in the way the FreeType font engine processed TTF font files. If a user loaded a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or execute arbitrary code. While it is uncommon for a user to explicitly load a font file, there are several application file formats which contain embedded fonts that are parsed by FreeType. (CVE-2007-2754) Users of FreeType should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2007:0406: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20070406 highRHSA-2007:0406 CVE-2007-0245
RHSA-2007:0406: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070406 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0406, CVE-2007-0245 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A heap overflow flaw was found in the RTF import filer. An attacker could create a carefully crafted RTF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0245) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix to correct this issue. |
RHSA-2007:0488: kernel security update (Important)oval-com.redhat.rhsa-def-20070488 highRHSA-2007:0488 CVE-2006-5158 CVE-2006-7203 CVE-2007-0773 CVE-2007-0958 CVE-2007-1353 CVE-2007-2172 CVE-2007-2525 CVE-2007-2876 CVE-2007-3104
RHSA-2007:0488: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070488 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0488, CVE-2006-5158, CVE-2006-7203, CVE-2007-0773, CVE-2007-0958, CVE-2007-1353, CVE-2007-2172, CVE-2007-2525, CVE-2007-2876, CVE-2007-3104 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) * a flaw in the mount handling routine for 64-bit systems that allowed a local user to cause denial of service (crash). (CVE-2006-7203, Important) * a flaw in the IPv4 forwarding base that allowed a local user to cause an out-of-bounds access. (CVE-2007-2172, Important) * a flaw in the PPP over Ethernet implementation that allowed a local user to cause a denial of service (memory consumption) by creating a socket using connect and then releasing it before the PPPIOCGCHAN ioctl has been called. (CVE-2007-2525, Important) * a flaw in the fput ioctl handling of 32-bit applications running on 64-bit platforms that allowed a local user to cause a denial of service (panic). (CVE-2007-0773, Important) * a flaw in the NFS locking daemon that allowed a local user to cause denial of service (deadlock). (CVE-2006-5158, Moderate) * a flaw in the sysfs_readdir function that allowed a local user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-3104, Moderate) * a flaw in the core-dump handling that allowed a local user to create core dumps from unreadable binaries via PT_INTERP. (CVE-2007-0958, Low) * a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low) In addition, the following bugs were addressed: * the NFS could recurse on the same spinlock. Also, NFS, under certain conditions, did not completely clean up Posix locks on a file close, leading to mount failures. * the 32bit compatibility didn't return to userspace correct values for the rt_sigtimedwait system call. * the count for unused inodes could be incorrect at times, resulting in dirty data not being written to disk in a timely manner. * the cciss driver had an incorrect disk size calculation (off-by-one error) which prevented disk dumps. Red Hat would like to thank Ilja van Sprundel and the OpenVZ Linux kernel team for reporting issues fixed in this erratum. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. |
RHSA-2007:0492: spamassassin security update (Moderate)oval-com.redhat.rhsa-def-20070492 mediumRHSA-2007:0492 CVE-2007-2873
RHSA-2007:0492: spamassassin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070492 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0492, CVE-2007-2873 |
| Description | SpamAssassin provides a way to reduce unsolicited commercial email (spam) from incoming email. Martin Krafft discovered a symlink issue in SpamAssassin that affects certain non-default configurations. A local user could use this flaw to create or overwrite files writable by the spamd process (CVE-2007-2873). Users of SpamAssassin should upgrade to these updated packages which contain a backported patch to correct this issue. Note: This issue did not affect the version of SpamAssassin shipped with Red Hat Enterprise Linux 3. |
RHSA-2007:0494: kdebase security update (Important)oval-com.redhat.rhsa-def-20070494 highRHSA-2007:0494 CVE-2007-2022
RHSA-2007:0494: kdebase security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070494 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0494, CVE-2007-2022 |
| Description | The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager. A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser (CVE-2007-2022). Users of Konqueror who have installed the Adobe Flash Player plugin should upgrade to these updated packages, which contain a patch provided by Dirk Müller that protects against this issue. |
RHSA-2007:0497: iscsi-initiator-utils security update (Moderate)oval-com.redhat.rhsa-def-20070497 mediumRHSA-2007:0497 CVE-2007-3099 CVE-2007-3100
RHSA-2007:0497: iscsi-initiator-utils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070497 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0497, CVE-2007-3099, CVE-2007-3100 |
| Description | The iscsi package provides the server daemon for the iSCSI protocol, as well as the utility programs used to manage it. iSCSI is a protocol for distributed disk access using SCSI commands sent over Internet Protocol networks. Olaf Kirch discovered two flaws in open-iscsi. A local attacker could use these flaws to cause the server daemon to stop responding, leading to a denial of service. (CVE-2007-3099, CVE-2007-3100). All users of open-iscsi should upgrade to this updated package which resolves these issues. Note: This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4. open-iscsi is available in Red Hat Enterprise Linux 5 as a Technology Preview. |
RHSA-2007:0501: libexif integer overflow (Moderate)oval-com.redhat.rhsa-def-20070501 mediumRHSA-2007:0501 CVE-2006-4168
RHSA-2007:0501: libexif integer overflow (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070501 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0501, CVE-2006-4168 |
| Description | The libexif package contains the EXIF library. Applications use this library to parse EXIF image files. An integer overflow flaw was found in the way libexif parses EXIF image tags. If a victim opens a carefully crafted EXIF image file it could cause the application linked against libexif to execute arbitrary code or crash. (CVE-2007-4168) Users of libexif should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. |
RHSA-2007:0509: evolution security update (Important)oval-com.redhat.rhsa-def-20070509 highRHSA-2007:0509 CVE-2007-3257
RHSA-2007:0509: evolution security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070509 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0509, CVE-2007-3257 |
| Description | Evolution is the GNOME collection of personal information management (PIM) tools. A flaw was found in the way Evolution processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running evolution. (CVE-2007-3257) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. |
RHSA-2007:0510: evolution-data-server security update (Important)oval-com.redhat.rhsa-def-20070510 highRHSA-2007:0510 CVE-2007-3257
RHSA-2007:0510: evolution-data-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070510 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0510, CVE-2007-3257 |
| Description | The evolution-data-server package provides a unified backend for programs that work with contacts, tasks, and calendar information. A flaw was found in the way evolution-data-server processes certain IMAP server messages. If a user can be tricked into connecting to a malicious IMAP server it may be possible to execute arbitrary code as the user running the evolution-data-server process. (CVE-2007-3257) All users of evolution-data-server should upgrade to these updated packages, which contain a backported patch which resolves this issue. |
RHSA-2007:0513: gimp security update (Moderate)oval-com.redhat.rhsa-def-20070513 mediumRHSA-2007:0513 CVE-2006-4519 CVE-2007-2949 CVE-2007-3741
RHSA-2007:0513: gimp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070513 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0513, CVE-2006-4519, CVE-2007-2949, CVE-2007-3741 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow and input validation flaws were found in The GIMP's image loaders. An attacker could create a carefully crafted image file that could cause The GIMP to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2006-4519, CVE-2007-2949, CVE-2007-3741) Users of The GIMP should update to these erratum packages, which contain a backported fix to correct these issues. |
RHSA-2007:0519: xorg-x11 security update (Moderate)oval-com.redhat.rhsa-def-20070519 mediumRHSA-2007:0519 CVE-2007-3103
RHSA-2007:0519: xorg-x11 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070519 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0519, CVE-2007-3103 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A temporary file flaw was found in the way the X.Org X11 xfs font server startup script executes. A local user could modify the permissions of the file of their choosing, possibly elevating their local privileges (CVE-2007-3103). Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues. |
RHSA-2007:0520: xorg-x11-xfs security update (Moderate)oval-com.redhat.rhsa-def-20070520 mediumRHSA-2007:0520 CVE-2007-3103
RHSA-2007:0520: xorg-x11-xfs security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070520 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0520, CVE-2007-3103 |
| Description | The X.Org X11 xfs font server provides a standard mechanism for an X server to communicate with a font renderer. A temporary file flaw was found in the way the X.Org X11 xfs font server startup script executes. A local user could modify the permissions of a file of their choosing, possibly elevating their local privileges. (CVE-2007-3103) Users of the X.org X11 xfs font server should upgrade to these updated packages, which contain a backported patch and are not vulnerable to this issue. |
RHSA-2007:0534: httpd security update (Moderate)oval-com.redhat.rhsa-def-20070534 mediumRHSA-2007:0534 CVE-2006-5752 CVE-2007-1863
RHSA-2007:0534: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070534 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0534, CVE-2006-5752, CVE-2007-1863 |
| Description | The Apache HTTP Server is a popular Web server. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update. |
RHSA-2007:0539: aide security update (Moderate)oval-com.redhat.rhsa-def-20070539 mediumRHSA-2007:0539 CVE-2007-3849
RHSA-2007:0539: aide security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070539 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0539, CVE-2007-3849 |
| Description | Advanced Intrusion Detection Environment (AIDE) is a file integrity checker and intrusion detection program. A flaw was discovered in the way file checksums were stored in the AIDE database. A packaging flaw in the Red Hat AIDE rpm resulted in the file database not containing any file checksum information. This could prevent AIDE from detecting certain file modifications. (CVE-2007-3849) This update also fixes the following bugs: * certain configurations could result in a segmentation fault upon initialization. * AIDE was unable to open its log file in the LSPP evaluated configuration. * if AIDE found SELinux context differences, the changed files report it generated only included the first 32 characters of the context. All users of AIDE are advised to upgrade to this updated package containing AIDE version 0.13.1 which is not vulnerable to these issues. |
RHSA-2007:0540: openssh security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20070540 mediumRHSA-2007:0540 CVE-2006-5052 CVE-2007-3102
RHSA-2007:0540: openssh security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070540 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0540, CVE-2006-5052, CVE-2007-3102 |
| Description | OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) A flaw was found in the way the OpenSSH server processes GSSAPI authentication requests. When GSSAPI authentication was enabled in the OpenSSH server, a remote attacker was potentially able to determine if a username is valid. (CVE-2006-5052) The following bugs in SELinux MLS (Multi-Level Security) support has also been fixed in this update: * It was sometimes not possible to select a SELinux role and level when logging in using ssh. * If the user obtained a non-default SELinux role or level, the role change was not recorded in the audit subsystem. * In some cases, on labeled networks, sshd allowed logins from level ranges it should not allow. The updated packages also contain experimental support for using private keys stored in PKCS#11 tokens for client authentication. The support is provided through the NSS (Network Security Services) library. All users of openssh should upgrade to these updated packages, which contain patches to correct these issues. |
RHSA-2007:0542: mcstrans security and bug fix update (Low)oval-com.redhat.rhsa-def-20070542 lowRHSA-2007:0542 CVE-2007-4570
RHSA-2007:0542: mcstrans security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070542 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0542, CVE-2007-4570 |
| Description | mcstrans is the translation daemon used on SELinux machines to translate program context into human readable form. An algorithmic complexity weakness was found in the way the mcstrans daemon handled ranges of compartments in sensitivity labels. A local user could trigger this flaw causing mctransd to temporarily stop responding to other requests; a partial denial of service. (CVE-2007-4570) This update also fixes a problem where the mcstrans daemon was preventing SSH connections into an SELinux box, that was running a Multi-Level Security (MLS) Policy with multiple categories. Users of mcstrans are advised to upgrade to this updated package, which resolves this issue. |
RHSA-2007:0555: pam security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20070555 mediumRHSA-2007:0555 CVE-2007-1716 CVE-2007-3102
RHSA-2007:0555: pam security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070555 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0555, CVE-2007-1716, CVE-2007-3102 |
| Description | Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. (CVE-2007-1716) A flaw was found in the way the PAM library wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) As well, these updated packages fix the following bugs: * truncated MD5-hashed passwords in "/etc/shadow" were treated as valid, resulting in insecure and invalid passwords. * the pam_namespace module did not convert context names to raw format and did not unmount polyinstantiated directories in some cases. It also crashed when an unknown user name was used in "/etc/security/namespace.conf", the pam_namespace configuration file. * the pam_selinux module was not relabeling the controlling tty correctly, and in some cases it did not send complete information about user role and level change to the audit subsystem. These updated packages add the following enhancements: * pam_limits module now supports parsing additional config files placed into the /etc/security/limits.d/ directory. These files are read after the main configuration file. * the modules pam_limits, pam_access, and pam_time now send a message to the audit subsystem when a user is denied access based on the number of login sessions, origin of user, and time of login. * pam_unix module security properties were improved. Functionality in the setuid helper binary, unix_chkpwd, which was not required for user authentication, was moved to a new non-setuid helper binary, unix_update. All users of PAM should upgrade to these updated packages, which resolve these issues and add these enhancements. |
RHSA-2007:0556: httpd security update (Moderate)oval-com.redhat.rhsa-def-20070556 mediumRHSA-2007:0556 CVE-2006-5752 CVE-2007-1863 CVE-2007-3304
RHSA-2007:0556: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070556 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0556, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 |
| Description | The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service (CVE-2007-3304). This issue is not exploitable on Red Hat Enterprise Linux 5 if using the default SELinux targeted policy. A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack. On Red Hat Enterprise Linux the server-status page is not enabled by default and it is best practice to not make this publicly available. (CVE-2006-5752) A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-1863) Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. Users should restart Apache after installing this update. |
RHSA-2007:0559: cman security update (Important)oval-com.redhat.rhsa-def-20070559 highRHSA-2007:0559 CVE-2007-3374
RHSA-2007:0559: cman security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070559 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0559, CVE-2007-3374 |
| Description | cman is the Red Hat Cluster Manager. A flaw was found in the cman daemon. A local attacker could connect to the cman daemon and trigger a static buffer overflow leading to a denial of service or, potentially, an escalation of privileges. (CVE-2007-3374) Users of Cluster Manager should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2007:0562: krb5 security update (Important)oval-com.redhat.rhsa-def-20070562 highRHSA-2007:0562 CVE-2007-2442 CVE-2007-2443 CVE-2007-2798
RHSA-2007:0562: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070562 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0562, CVE-2007-2442, CVE-2007-2443, CVE-2007-2798 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. David Coffey discovered an uninitialized pointer free flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux 4 and 5, glibc detects attempts to free invalid pointers. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2442) David Coffey also discovered an overflow flaw in the RPC library used by kadmind. On Red Hat Enterprise Linux, exploitation of this flaw is limited to a denial of service. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-2443) A stack buffer overflow flaw was found in kadmind. An authenticated attacker who can access kadmind could trigger this flaw and potentially execute arbitrary code on the Kerberos server. (CVE-2007-2798) Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues. |
RHSA-2007:0569: tomcat security update (Moderate)oval-com.redhat.rhsa-def-20070569 mediumRHSA-2007:0569 CVE-2007-2449 CVE-2007-2450
RHSA-2007:0569: tomcat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070569 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0569, CVE-2007-2449, CVE-2007-2450 |
| Description | Tomcat is a servlet container for Java Servlet and JavaServer Pages (JSP) technologies. Some JSPs within the 'examples' web application did not escape user provided data. If the JSP examples were accessible, this flaw could allow a remote attacker to perform cross-site scripting attacks (CVE-2007-2449). Note: it is recommended the 'examples' web application not be installed on a production system. The Manager and Host Manager web applications did not escape user provided data. If a user is logged in to the Manager or Host Manager web application, an attacker could perform a cross-site scripting attack (CVE-2007-2450). Users of Tomcat should update to these erratum packages, which contain backported patches to correct these issues. |
RHSA-2007:0595: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20070595 mediumRHSA-2007:0595 CVE-2007-3107
RHSA-2007:0595: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070595 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0595, CVE-2007-3107 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain a fix for the following security issue: * a flaw in the signal handling on PowerPC-based systems that allowed a local user to cause a denial of service (floating point corruption). (CVE-2007-3107, Moderate). In addition to the security issue described above, a fix for the following have been included: * a bug that can lead to data corruption with ServerWorks IDE controllers. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues. |
RHSA-2007:0605: HelixPlayer security update (Critical)oval-com.redhat.rhsa-def-20070605 highRHSA-2007:0605 CVE-2007-3410
RHSA-2007:0605: HelixPlayer security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070605 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0605, CVE-2007-3410 |
| Description | HelixPlayer is a media player. A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. It was possible for a malformed SMIL file to execute arbitrary code with the permissions of the user running HelixPlayer. (CVE-2007-3410) All users of HelixPlayer are advised to upgrade to this updated package, which contains a backported patch and is not vulnerable to this issue. |
RHSA-2007:0631: coolkey security and bug fix update (Low)oval-com.redhat.rhsa-def-20070631 lowRHSA-2007:0631 CVE-2007-4129
RHSA-2007:0631: coolkey security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070631 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0631, CVE-2007-4129 |
| Description | coolkey contains the driver support for the CoolKey and Common Access Card (CAC) Smart Card products. The CAC is used by the U.S. Government. Steve Grubb discovered a flaw in the way coolkey created a temporary directory. A local attacker could perform a symlink attack and cause arbitrary files to be overwritten. (CVE-2007-4129) In addition, the updated packages contain fixes for the following bugs in the CAC Smart Card support: * CAC Smart Cards can have from 1 to 3 certificates. The coolkey driver, however, was not recognizing cards if they had less than 3 certificates. * logging into a CAC Smart Card token with a new application would cause other, already authenticated, applications to lose their login status unless the Smart Card was then removed from the reader and re-inserted. All CAC users should upgrade to these updated packages, which resolve these issues. |
RHSA-2007:0640: conga security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20070640 mediumRHSA-2007:0640 CVE-2007-4136
RHSA-2007:0640: conga security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070640 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0640, CVE-2007-4136 |
| Description | The Conga package is a web-based administration tool for remote cluster and storage management. A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service (CVE-2007-4136). Fixes in this updated package include: * The nodename is now set for manual fencing. * The node log no longer displays in random order. * A bug that prevented a node from responding when a cluster was deleted is now fixed. * A PAM configuration that incorrectly called the deprecated module pam_stack was removed. * A bug that prevented some quorum disk configurations from being accepted is now fixed. * Setting multicast addresses now works properly. * rpm -V on luci no longer fails. * The user interface rendering time for storage interface is now faster. * An error message that incorrectly appeared when rebooting nodes during cluster creation was removed. * Cluster snaps configuration (an unsupported feature) has been removed altogether to prevent user confusion. * A user permission bug resulting from a luci code error is now fixed. * luci and ricci init script return codes are now LSB-compliant. * VG creation on cluster nodes now defaults to "clustered". * An SELinux AVC bug that prevented users from setting up shared storage on nodes is now fixed. * An access error that occurred when attempting to access a cluster node after its cluster was deleted is now fixed. * IP addresses can now be used to create clusters. * Attempting to configure a fence device no longer results in an AttributeError. * Attempting to create a new fence device to a valid cluster no longer results in a KeyError. * Several minor user interface validation errors have been fixed, such as enforcing cluster name length and fence port, etc. * A browser lock-up that could occur during storage configuration has been fixed. * Virtual service creation now works without error. * The fence_xvm tag is no longer misspelled in the cluster.conf file. * Luci failover forms are complete and working. * Rebooting a fresh cluster install no longer generates an error message. * A bug that prevented failed cluster services from being started is now fixed. * A bug that caused some cluster operations (e.g., node delete) to fail on clusters with mixed-cased cluster names is now fixed. * Global cluster resources can be reused when constructing cluster services. Enhancements in this updated package include: * Users can now access Conga through Internet Explorer 6. * Dead nodes can now be evicted from a cluster. * Shared storage on new clusters is now enabled by default. * The fence user-interface flow is now simpler. * A port number is now shown in ricci error messages. * The kmod-gfs-xen kernel module is now installed when creating a cluster. * Cluster creation status is now shown visually. * User names are now sorted for display. * The fence_xvmd tag can now be added from the dom0 cluster nodes. * The ampersand character (&) can now be used in fence names. * All packaged files are now installed with proper owners and permissions. * New cluster node members are now properly initialized. * Storage operations can now be completed even if an LVM snapshot is present. * Users are now informed via dialog when nodes are rebooted as part of a cluster operation. * Failover domains are now properly listed for virtual services and traditional clustered services. * Luci can now create and distribute keys for fence_xvmd. All Conga users are advised to upgrade to this update, which applies these fixes and enhancements. |
RHSA-2007:0662: httpd security update (Moderate)oval-com.redhat.rhsa-def-20070662 mediumRHSA-2007:0662 CVE-2007-3304
RHSA-2007:0662: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070662 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0662, CVE-2007-3304 |
| Description | The Apache HTTP Server is a popular Web server. The Apache HTTP Server did not verify that a process was an Apache child process before sending it signals. A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service. (CVE-2007-3304). Users of httpd should upgrade to these updated packages, which contain backported patches to correct this issue. Users should restart Apache after installing this update. |
RHSA-2007:0674: perl-Net-DNS security update (Moderate)oval-com.redhat.rhsa-def-20070674 mediumRHSA-2007:0674 CVE-2007-3377 CVE-2007-3409
RHSA-2007:0674: perl-Net-DNS security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070674 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0674, CVE-2007-3377, CVE-2007-3409 |
| Description | Net::DNS is a collection of Perl modules that act as a Domain Name System (DNS) resolver. A flaw was found in the way Net::DNS generated the ID field in a DNS query. This predictable ID field could be used by a remote attacker to return invalid DNS data. (CVE-2007-3377) A denial of service flaw was found in the way Net::DNS parsed certain DNS requests. A malformed response to a DNS request could cause the application using Net::DNS to crash or stop responding. (CVE-2007-3409) Users of Net::DNS should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0675: perl-Net-DNS security update (Moderate)oval-com.redhat.rhsa-def-20070675 mediumRHSA-2007:0675 CVE-2007-3377
RHSA-2007:0675: perl-Net-DNS security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070675 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0675, CVE-2007-3377 |
| Description | Net::DNS is a collection of Perl modules that act as a Domain Name System (DNS) resolver. A flaw was found in the way Net::DNS generated the ID field in a DNS query. This predictable ID field could be used by a remote attacker to return invalid DNS data. (CVE-2007-3377) Users of Net::DNS should upgrade to this updated package, which contains backported patches to correct this issue. |
RHSA-2007:0701: xterm security update (Low)oval-com.redhat.rhsa-def-20070701 lowRHSA-2007:0701 CVE-2007-2797
RHSA-2007:0701: xterm security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070701 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0701, CVE-2007-2797 |
| Description | The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that cannot use the window system directly. A bug was found in the way xterm packages were built that caused the pseudo-terminal device files of the xterm emulated terminals to be owned by the incorrect group. This flaw did not affect Red Hat Enterprise Linux 4 Update 4 and earlier. (CVE-2007-2797) All users of xterm are advised to upgrade to this updated package, which contains a patch to correct this issue. |
RHSA-2007:0703: openssh security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20070703 mediumRHSA-2007:0703 CVE-2006-5052 CVE-2007-3102
RHSA-2007:0703: openssh security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070703 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0703, CVE-2006-5052, CVE-2007-3102 |
| Description | OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way the ssh server wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) A flaw was found in the way the OpenSSH server processes GSSAPI authentication requests. When GSSAPI authentication was enabled in OpenSSH server, a remote attacker may have been able to determine if a username is valid. (CVE-2006-5052) The following bugs were also fixed: * the ssh daemon did not generate audit messages when an ssh session was closed. * GSSAPI authentication sometimes failed on clusters using DNS or load-balancing. * the sftp client and server leaked small amounts of memory in some cases. * the sftp client didn't properly exit and return non-zero status in batch mode when the destination disk drive was full. * when restarting the ssh daemon with the initscript, the ssh daemon was sometimes not restarted successfully because the old running ssh daemon was not properly killed. * with challenge/response authentication enabled, the pam sub-process was not terminated if the user authentication timed out. All users of openssh should upgrade to these updated packages, which contain patches to correct these issues. |
RHSA-2007:0705: kernel security update (Important)oval-com.redhat.rhsa-def-20070705 highRHSA-2007:0705 CVE-2007-1217 CVE-2007-2875 CVE-2007-2876 CVE-2007-2878 CVE-2007-3739 CVE-2007-3740 CVE-2007-3843 CVE-2007-3851
RHSA-2007:0705: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070705 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0705, CVE-2007-1217, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878, CVE-2007-3739, CVE-2007-3740, CVE-2007-3843, CVE-2007-3851 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * a flaw in the DRM driver for Intel graphics cards that allowed a local user to access any part of the main memory. To access the DRM functionality a user must have access to the X server which is granted through the graphical login. This also only affected systems with an Intel 965 or later graphic chipset. (CVE-2007-3851, Important) * a flaw in the VFAT compat ioctl handling on 64-bit systems that allowed a local user to corrupt a kernel_dirent struct and cause a denial of service (system crash). (CVE-2007-2878, Important) * a flaw in the connection tracking support for SCTP that allowed a remote user to cause a denial of service by dereferencing a NULL pointer. (CVE-2007-2876, Important) * flaw in the CIFS filesystem which could cause the umask values of a process to not be honored. This affected CIFS filesystems where the Unix extensions are supported. (CVE-2007-3740, Important) * a flaw in the stack expansion when using the hugetlb kernel on PowerPC systems that allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate) * a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine. (CVE-2007-1217, Moderate) * a flaw in the cpuset support that allowed a local user to obtain sensitive information from kernel memory. To exploit this the cpuset filesystem would have to already be mounted. (CVE-2007-2875, Moderate) * a flaw in the CIFS handling of the mount option "sec=" that didn't enable integrity checking and didn't produce any error message. (CVE-2007-3843, Low) Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to correct these issues. |
RHSA-2007:0709: wireshark security and bug fix update (Low)oval-com.redhat.rhsa-def-20070709 lowRHSA-2007:0709 CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 CVE-2007-3392 CVE-2007-3393
RHSA-2007:0709: wireshark security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070709 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0709, CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393 |
| Description | Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393) Wireshark would interpret certain completion codes incorrectly when dissecting IPMI traffic. Additionally, IPMI 2.0 packets would be reported as malformed IPMI traffic. Users of Wireshark should upgrade to these updated packages containing Wireshark version 0.99.6, which correct these issues. |
RHSA-2007:0710: wireshark security update (Low)oval-com.redhat.rhsa-def-20070710 lowRHSA-2007:0710 CVE-2007-3389 CVE-2007-3390 CVE-2007-3391 CVE-2007-3392 CVE-2007-3393
RHSA-2007:0710: wireshark security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070710 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0710, CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393 |
| Description | Wireshark is a program for monitoring network traffic. Several denial of service bugs were found in Wireshark's HTTP, iSeries, DCP ETSI, SSL, MMS, DHCP and BOOTP protocol dissectors. It was possible for Wireshark to crash or stop responding if it read a malformed packet off the network. (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393) Users of Wireshark and Ethereal should upgrade to these updated packages, containing Wireshark version 0.99.6, which is not vulnerable to these issues. |
RHSA-2007:0720: cups security update (Important)oval-com.redhat.rhsa-def-20070720 highRHSA-2007:0720 CVE-2007-3387
RHSA-2007:0720: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070720 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0720, CVE-2007-3387 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Maurycy Prodeus discovered an integer overflow flaw in the way CUPS processes PDF files. An attacker could create a malicious PDF file that could potentially execute arbitrary code when printed. (CVE-2007-3387) All users of CUPS should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:0721: qt security update (Moderate)oval-com.redhat.rhsa-def-20070721 mediumRHSA-2007:0721 CVE-2007-3388
RHSA-2007:0721: qt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070721 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0721, CVE-2007-3388 |
| Description | Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Several format string flaws were found in Qt error message handling. If an application linked against Qt created an error message from user supplied data in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-3388) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues. Red Hat would like to acknowledge Tim Brown of Portcullis Computer Security and Dirk Mueller for these issues. |
RHSA-2007:0722: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20070722 highRHSA-2007:0722 CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738
RHSA-2007:0722: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070722 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0722, CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way SeaMonkey handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way SeaMonkey cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. |
RHSA-2007:0723: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20070723 mediumRHSA-2007:0723 CVE-2007-3089 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738
RHSA-2007:0723: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070723 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0723, CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way Thunderbird processed certain malformed JavaScript code. A malicious HTML email message containing JavaScript code could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-3089, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. |
RHSA-2007:0724: firefox security update (Critical)oval-com.redhat.rhsa-def-20070724 highRHSA-2007:0724 CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738
RHSA-2007:0724: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070724 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0724, CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. |
RHSA-2007:0729: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20070729 highRHSA-2007:0729 CVE-2007-3387
RHSA-2007:0729: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070729 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0729, CVE-2007-3387 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment including kpdf, a PDF file viewer. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of kdegraphics should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:0730: gpdf security update (Important)oval-com.redhat.rhsa-def-20070730 highRHSA-2007:0730 CVE-2007-3387
RHSA-2007:0730: gpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070730 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0730, CVE-2007-3387 |
| Description | gpdf is a GNOME based viewer for Portable Document Format (PDF) files. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of gpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:0731: tetex security update (Important)oval-com.redhat.rhsa-def-20070731 highRHSA-2007:0731 CVE-2007-3387
RHSA-2007:0731: tetex security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070731 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0731, CVE-2007-3387 |
| Description | TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of TeTeX should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:0732: poppler security update (Important)oval-com.redhat.rhsa-def-20070732 highRHSA-2007:0732 CVE-2007-3387
RHSA-2007:0732: poppler security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070732 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0732, CVE-2007-3387 |
| Description | Poppler is a PDF rendering library, used by applications such as evince. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of poppler should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:0735: xpdf security update (Important)oval-com.redhat.rhsa-def-20070735 highRHSA-2007:0735 CVE-2007-3387
RHSA-2007:0735: xpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070735 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0735, CVE-2007-3387 |
| Description | Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash or potentially execute arbitrary code when opened. (CVE-2007-3387) All users of Xpdf should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:0737: pam security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20070737 mediumRHSA-2007:0737 CVE-2007-1716 CVE-2007-3102
RHSA-2007:0737: pam security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070737 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0737, CVE-2007-1716, CVE-2007-3102 |
| Description | Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. A flaw was found in the way pam_console set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local user. (CVE-2007-1716) A flaw was found in the way the PAM library wrote account names to the audit subsystem. An attacker could inject strings containing parts of audit messages, which could possibly mislead or confuse audit log parsing tools. (CVE-2007-3102) As well, these updated packages fix the following bugs: * the pam_xauth module, which is used for copying the X11 authentication cookie, did not reset the "XAUTHORITY" variable in certain circumstances, causing unnecessary delays when using su command. * when calculating password similarity, pam_cracklib disregarded changes to the last character in passwords when "difok=x" (where "x" is the number of characters required to change) was configured in "/etc/pam.d/system-auth". This resulted in password changes that should have been successful to fail with the following error: BAD PASSWORD: is too similar to the old one This issue has been resolved in these updated packages. * the pam_limits module, which provides setting up system resources limits for user sessions, reset the nice priority of the user session to "0" if it was not configured otherwise in the "/etc/security/limits.conf" configuration file. These updated packages add the following enhancement: * a new PAM module, pam_tally2, which allows accounts to be locked after a maximum number of failed log in attempts. All users of PAM should upgrade to these updated packages, which resolve these issues and add this enhancement. |
RHSA-2007:0740: bind security update (Moderate)oval-com.redhat.rhsa-def-20070740 mediumRHSA-2007:0740 CVE-2007-2926
RHSA-2007:0740: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070740 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0740, CVE-2007-2926 |
| Description | ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was found in the way BIND generates outbound DNS query ids. If an attacker is able to acquire a finite set of query IDs, it becomes possible to accurately predict future query IDs. Future query ID prediction may allow an attacker to conduct a DNS cache poisoning attack, which can result in the DNS server returning incorrect client query data. (CVE-2007-2926) Users of BIND are advised to upgrade to these updated packages, which contain backported patches to correct this issue. |
RHSA-2007:0746: httpd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20070746 mediumRHSA-2007:0746 CVE-2007-3847
RHSA-2007:0746: httpd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070746 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0746, CVE-2007-3847 |
| Description | The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) As well, these updated packages fix the following bugs: * Set-Cookie headers with a status code of 3xx are not forwarded to clients when the "ProxyErrorOverride" directive is enabled. These responses are overridden at the proxy. Only the responses with status codes of 4xx and 5xx are overridden in these updated packages. * the default "/etc/logrotate.d/httpd" script incorrectly invoked the kill command, instead of using the "/sbin/service httpd restart" command. If you configured the httpd PID to be in a location other than "/var/run/httpd.pid", the httpd logs failed to be rotated. This has been resolved in these updated packages. * the "ProxyTimeout" directive was not inherited across virtual host definitions. * the logresolve utility was unable to read lines longer the 1024 bytes. This update adds the following enhancements: * a new configuration option has been added, "ServerTokens Full-Release", which adds the package release to the server version string, which is returned in the "Server" response header. * a new module has been added, mod_version, which allows configuration files to be written containing sections, which are evaluated only if the version of httpd used matches a specified condition. Users of httpd are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. |
RHSA-2007:0747: httpd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20070747 mediumRHSA-2007:0747 CVE-2007-3847
RHSA-2007:0747: httpd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070747 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0747, CVE-2007-3847 |
| Description | The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the Apache HTTP Server mod_proxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker could cause a similar crash if a user could be persuaded to visit a malicious site using the proxy. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-3847) As well, these updated packages fix the following bugs: * the default "/etc/logrotate.d/httpd" script incorrectly invoked the kill command, instead of using the "/sbin/service httpd restart" command. If you configured the httpd PID to be in a location other than "/var/run/httpd.pid", the httpd logs failed to be rotated. This has been resolved in these updated packages. * Set-Cookie headers with a status code of 3xx are not forwarded to clients when the "ProxyErrorOverride" directive is enabled. These responses are overridden at the proxy. Only the responses with status codes of 4xx and 5xx are overridden in these updated packages. * mod_proxy did not correctly handle percent-encoded characters (ie %20) when configured as a reverse proxy. * invalid HTTP status codes could be logged if output filters returned errors. * the "ProxyTimeout" directive was not inherited across virtual host definitions. * in some cases the Content-Length header was dropped from HEAD responses. This resulted in certain sites not working correctly with mod_proxy, such as www.windowsupdate.com. This update adds the following enhancements: * a new configuration option has been added, "ServerTokens Full-Release", which adds the package release to the server version string, which is returned in the "Server" response header. * a new module has been added, mod_version, which allows configuration files to be written containing sections, which are evaluated only if the version of httpd used matches a specified condition. Users of httpd are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. |
RHSA-2007:0765: libgtop2 security update (Moderate)oval-com.redhat.rhsa-def-20070765 mediumRHSA-2007:0765 CVE-2007-0235
RHSA-2007:0765: libgtop2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070765 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0765, CVE-2007-0235 |
| Description | The libgtop2 package contains a library for obtaining information about a running system, such as cpu, memory and disk usage; active processes; and PIDs. A flaw was found in the way libgtop2 handled long filenames mapped into the address space of a process. An attacker could execute arbitrary code on behalf of the user running gnome-system-monitor by executing a process and mapping a file with a specially crafted name into the processes' address space. (CVE-2007-0235) This update also fixes the following bug: * when a version of libgtop2 compiled to run on a 32-bit architecture was used to inspect a process running in 64-bit mode, it failed to report certain information regarding address space mapping correctly. All users of gnome-system-monitor are advised to upgrade to this updated libgtop2 package, which contains backported patches that resolve these issues. |
RHSA-2007:0774: kernel security and bugfix update (Moderate)oval-com.redhat.rhsa-def-20070774 mediumRHSA-2007:0774 CVE-2006-0558 CVE-2007-1217
RHSA-2007:0774: kernel security and bugfix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070774 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0774, CVE-2006-0558, CVE-2007-1217 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the security issues described below: * a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential remote access. Exploitation would require the attacker to be able to send arbitrary frames over the ISDN network to the victim's machine. (CVE-2007-1217, Moderate) * a flaw in the perfmon subsystem on ia64 platforms that allowed a local user to cause a denial of service. (CVE-2006-0558, Moderate) In addition, the following bugs were addressed: * a panic after reloading of the LSI Fusion driver. * a vm performance problem was corrected by balancing inactive page lists. * added a nodirplus option to address NFSv3 performance issues with large directories. * changed the personality handling to disallow personality changes of setuid and setgid binaries. This ensures they keep any randomization and Exec-shield protection. All Red Hat Enterprise Linux 4 users are advised to upgrade their kernels to the packages associated with their machine architectures and configurations as listed in this erratum. |
RHSA-2007:0777: gdm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20070777 mediumRHSA-2007:0777 CVE-2007-3381
RHSA-2007:0777: gdm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070777 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0777, CVE-2007-3381 |
| Description | Gdm (the GNOME Display Manager) is a highly configurable reimplementation of xdm, the X Display Manager. Gdm allows you to log into your system with the X Window System running and supports running several different X sessions on your local machine at the same time. A flaw was found in the way Gdm listens on its unix domain socket. A local user could crash a running X session by writing malicious data to Gdm's unix domain socket. (CVE-2007-3381) All users of gdm should upgrade to this updated package, which contains a backported patch that resolves this issue. Red Hat would like to thank JLANTHEA for reporting this issue. |
RHSA-2007:0779: mailman security and bug fix update (Low)oval-com.redhat.rhsa-def-20070779 lowRHSA-2007:0779 CVE-2006-4624
RHSA-2007:0779: mailman security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20070779 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2007:0779, CVE-2006-4624 |
| Description | Mailman is a program used to help manage email discussion lists. A flaw was found in Mailman. A remote attacker could spoof messages in the error log, and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequence in the URI. (CVE-2006-4624) As well, these updated packages fix the following bugs: * canceling a subscription on the confirm subscription request page caused mailman to crash. * editing the sender filter caused all spam filter rules to be deleted. * the migrate-fhs script was not included. * the mailman init script returned a zero (success) exit code even when an incorrect command was given. For example, the "mailman foo" command returned a zero exit code. In these updated packages the mailmain init script returns the correct exit codes. Users of Mailman are advised to upgrade to these updated packages, which resolve these issues. |
RHSA-2007:0795: cyrus-sasl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20070795 mediumRHSA-2007:0795 CVE-2006-1721
RHSA-2007:0795: cyrus-sasl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070795 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0795, CVE-2006-1721 |
| Description | The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. A bug was found in cyrus-sasl's DIGEST-MD5 authentication mechanism. As part of the DIGEST-MD5 authentication exchange, the client is expected to send a specific set of information to the server. If one of these items (the "realm") was not sent or was malformed, it was possible for a remote unauthenticated attacker to cause a denial of service (segmentation fault) on the server. (CVE-2006-1721) This errata also fixes the following bugs: * the Kerberos 5 library included in Red Hat Enterprise Linux 4 was not thread safe. This update adds functionality which allows it to be used safely in a threaded application. * several memory leak bugs were fixed in cyrus-sasl's DIGEST-MD5 authentication plug-in. * /dev/urandom is now used by default on systems which don't support hwrandom. Previously, dev/random was the default. * cyrus-sasl needs zlib-devel to build properly. This dependency information is now included in the package. Users are advised to upgrade to this updated cyrus-sasl package, which resolves these issues. |
RHSA-2007:0845: libvorbis security update (Important)oval-com.redhat.rhsa-def-20070845 highRHSA-2007:0845 CVE-2007-3106 CVE-2007-4029 CVE-2007-4065 CVE-2007-4066
RHSA-2007:0845: libvorbis security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070845 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0845, CVE-2007-3106, CVE-2007-4029, CVE-2007-4065, CVE-2007-4066 |
| Description | The libvorbis package contains runtime libraries for use in programs that support Ogg Voribs. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Several flaws were found in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash or execute arbitrary code when it was opened. (CVE-2007-3106, CVE-2007-4029, CVE-2007-4065, CVE-2007-4066) Users of libvorbis are advised to upgrade to this updated package, which contains backported patches that resolve these issues. |
RHSA-2007:0848: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20070848 highRHSA-2007:0848 CVE-2007-2834
RHSA-2007:0848: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070848 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0848, CVE-2007-2834 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A heap overflow flaw was found in the TIFF parser. An attacker could create a carefully crafted document containing a malicious TIFF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if opened by a victim. (CVE-2007-2834) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix to correct this issue. |
RHSA-2007:0858: krb5 security update (Important)oval-com.redhat.rhsa-def-20070858 highRHSA-2007:0858 CVE-2007-3999 CVE-2007-4000
RHSA-2007:0858: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070858 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0858, CVE-2007-3999, CVE-2007-4000 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999) Garrett Wollman discovered an uninitialized pointer flaw in kadmind. A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. (CVE-2007-4000) These issues did not affect the versions of Kerberos distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Users of krb5-server are advised to update to these erratum packages which contain backported fixes to correct these issues. |
RHSA-2007:0860: tar security update (Moderate)oval-com.redhat.rhsa-def-20070860 mediumRHSA-2007:0860 CVE-2007-4131
RHSA-2007:0860: tar security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070860 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0860, CVE-2007-4131 |
| Description | The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. (CVE-2007-4131) Red Hat would like to thank Dmitry V. Levin for reporting this issue. Users of tar should upgrade to this updated package, which contains a replacement backported patch to correct this issue. |
RHSA-2007:0871: tomcat security update (Moderate)oval-com.redhat.rhsa-def-20070871 mediumRHSA-2007:0871 CVE-2007-3382 CVE-2007-3385 CVE-2007-3386
RHSA-2007:0871: tomcat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070871 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0871, CVE-2007-3382, CVE-2007-3385, CVE-2007-3386 |
| Description | Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. Tomcat was found treating single quote characters -- ' -- as delimiters in cookies. This could allow remote attackers to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3382). It was reported Tomcat did not properly handle the following character sequence in a cookie: \" (a backslash followed by a double-quote). It was possible remote attackers could use this failure to obtain sensitive information, such as session IDs, for session hijacking attacks (CVE-2007-3385). A cross-site scripting (XSS) vulnerability existed in the Host Manager Servlet. This allowed remote attackers to inject arbitrary HTML and web script via crafted requests (CVE-2007-3386). Users of Tomcat should update to these erratum packages, which contain backported patches and are not vulnerable to these issues. |
RHSA-2007:0873: star security update (Moderate)oval-com.redhat.rhsa-def-20070873 mediumRHSA-2007:0873 CVE-2007-4134
RHSA-2007:0873: star security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070873 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0873, CVE-2007-4134 |
| Description | Star is a tar-like archiver. It saves multiple files into a single tape or disk archive, and can restore individual files from the archive. Star includes multi-volume support, automatic archive format detection and ACL support. A path traversal flaw was discovered in the way star extracted archives. A malicious user could create a tar archive that would cause star to write to arbitrary files to which the user running star had write access. (CVE-2007-4134) Red Hat would like to thank Robert Buchholz for reporting this issue. As well, this update adds the command line argument "-.." to the Red Hat Enterprise Linux 3 version of star. This allows star to extract files containing "/../" in their pathname. Users of star should upgrade to this updated package, which contain backported patches to correct these issues. |
RHSA-2007:0875: mysql security update (Important)oval-com.redhat.rhsa-def-20070875 highRHSA-2007:0875 CVE-2007-3780
RHSA-2007:0875: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070875 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0875, CVE-2007-3780 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was discovered in MySQL's authentication protocol. It is possible for a remote unauthenticated attacker to send a specially crafted authentication request to the MySQL server causing it to crash. (CVE-2007-3780) All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue. |
RHSA-2007:0883: qt security update (Important)oval-com.redhat.rhsa-def-20070883 highRHSA-2007:0883 CVE-2007-0242 CVE-2007-4137
RHSA-2007:0883: qt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070883 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0883, CVE-2007-0242, CVE-2007-4137 |
| Description | Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2007:0890: php security update (Moderate)oval-com.redhat.rhsa-def-20070890 mediumRHSA-2007:0890 CVE-2007-2756 CVE-2007-2872 CVE-2007-3799 CVE-2007-3996 CVE-2007-3998 CVE-2007-4658 CVE-2007-4670
RHSA-2007:0890: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070890 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0890, CVE-2007-2756, CVE-2007-2872, CVE-2007-3799, CVE-2007-3996, CVE-2007-3998, CVE-2007-4658, CVE-2007-4670 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Various integer overflow flaws were found in the PHP gd extension. A script that could be forced to resize images from an untrusted source could possibly allow a remote attacker to execute arbitrary code as the apache user. (CVE-2007-3996) An integer overflow flaw was found in the PHP chunk_split function. If a remote attacker was able to pass arbitrary data to the third argument of chunk_split they could possibly execute arbitrary code as the apache user. Note that it is unusual for a PHP script to use the chunk_script function with a user-supplied third argument. (CVE-2007-2872) A previous security update introduced a bug into PHP session cookie handling. This could allow an attacker to stop a victim from viewing a vulnerable web site if the victim has first visited a malicious web page under the control of the attacker, and that page can set a cookie for the vulnerable web site. (CVE-2007-4670) A flaw was found in the PHP money_format function. If a remote attacker was able to pass arbitrary data to the money_format function this could possibly result in an information leak or denial of service. Note that is is unusual for a PHP script to pass user-supplied data to the money_format function. (CVE-2007-4658) A flaw was found in the PHP wordwrap function. If a remote attacker was able to pass arbitrary data to the wordwrap function this could possibly result in a denial of service. (CVE-2007-3998) A bug was found in PHP session cookie handling. This could allow an attacker to create a cross-site cookie insertion attack if a victim follows an untrusted carefully-crafted URL. (CVE-2007-3799) An infinite-loop flaw was discovered in the PHP gd extension. A script that could be forced to process PNG images from an untrusted source could allow a remote attacker to cause a denial of service. (CVE-2007-2756) Users of PHP should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0892: krb5 security update (Important)oval-com.redhat.rhsa-def-20070892 highRHSA-2007:0892 CVE-2007-4743
RHSA-2007:0892: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070892 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0892, CVE-2007-4743 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. kadmind is the KADM5 administration server. The MIT Kerberos Team discovered a problem with the originally published patch for svc_auth_gss.c (CVE-2007-3999). A remote unauthenticated attacker who can access kadmind could trigger this flaw and cause kadmind to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-4743) This issue did not affect the versions of Kerberos distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Users of krb5-server are advised to update to these erratum packages which contain a corrected backported fix for this issue. |
RHSA-2007:0898: xorg-x11 security update (Moderate)oval-com.redhat.rhsa-def-20070898 mediumRHSA-2007:0898 CVE-2007-4730
RHSA-2007:0898: xorg-x11 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070898 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0898, CVE-2007-4730 |
| Description | X.org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way X.Org's composite extension handles 32 bit color depth windows while running in 16 bit color depth mode. If an X.org server has enabled the composite extension, it may be possible for a malicious authorized client to cause a denial of service (crash) or potentially execute arbitrary code with the privileges of the X.org server. (CVE-2007-4730) Please note this flaw can only be triggered when using a compositing window manager. Red Hat Enterprise Linux 4 does not ship with a compositing window manager. Users of X.org should upgrade to these updated packages, which contain a backported patch and are not vulnerable to these issues. |
RHSA-2007:0905: kdebase security update (Moderate)oval-com.redhat.rhsa-def-20070905 mediumRHSA-2007:0905 CVE-2007-3820 CVE-2007-4224 CVE-2007-4569
RHSA-2007:0905: kdebase security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070905 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0905, CVE-2007-3820, CVE-2007-4224, CVE-2007-4569 |
| Description | The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager. These updated packages address the following vulnerabilities: Kees Huijgen found a flaw in the way KDM handled logins when autologin and "shutdown with password" were enabled. A local user would have been able to login via KDM as any user without requiring a password. (CVE-2007-4569) Two Konqueror address spoofing flaws were discovered. A malicious web site could spoof the Konqueror address bar, tricking a victim into believing the page was from a different site. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0909: kdelibs security update (Moderate)oval-com.redhat.rhsa-def-20070909 mediumRHSA-2007:0909 CVE-2007-0242 CVE-2007-0537 CVE-2007-1308 CVE-2007-1564 CVE-2007-3820 CVE-2007-4224
RHSA-2007:0909: kdelibs security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070909 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0909, CVE-2007-0242, CVE-2007-0537, CVE-2007-1308, CVE-2007-1564, CVE-2007-3820, CVE-2007-4224 |
| Description | The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564) Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0913: nfs-utils-lib security update (Important)oval-com.redhat.rhsa-def-20070913 highRHSA-2007:0913 CVE-2007-3999
RHSA-2007:0913: nfs-utils-lib security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070913 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0913, CVE-2007-3999 |
| Description | The nfs-utils-lib package contains support libraries that are needed by the commands and daemons of the nfs-utils package. Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash. On Red Hat Enterprise Linux 4 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999) Users of nfs-utils-lib are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. |
RHSA-2007:0932: pwlib security update (Moderate)oval-com.redhat.rhsa-def-20070932 mediumRHSA-2007:0932 CVE-2007-4897
RHSA-2007:0932: pwlib security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070932 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0932, CVE-2007-4897 |
| Description | PWLib is a library used to support cross-platform applications. In Red Hat Enterprise Linux 5, the Ekiga teleconferencing application uses PWLib. A memory management flaw was discovered in PWLib. An attacker could use this flaw to crash an application, such as Ekiga, which is linked with pwlib (CVE-2007-4897). Users should upgrade to these updated packages which contain a backported patch to correct this issue. |
RHSA-2007:0933: elinks security update (Moderate)oval-com.redhat.rhsa-def-20070933 mediumRHSA-2007:0933 CVE-2007-5034
RHSA-2007:0933: elinks security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070933 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0933, CVE-2007-5034 |
| Description | ELinks is a text mode Web browser used from the command line that supports rendering modern web pages. An information disclosure flaw was found in the way ELinks passes https POST data to a proxy server. POST data sent via a proxy to an https site is not properly encrypted by ELinks, possibly allowing the disclosure of sensitive information. (CVE-2007-5034) All users of Elinks are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. |
RHSA-2007:0936: kernel security update (Important)oval-com.redhat.rhsa-def-20070936 highRHSA-2007:0936 CVE-2007-4573
RHSA-2007:0936: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070936 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0936, CVE-2007-4573 |
| Description | The Linux kernel handles the basic functions of the operating system. A flaw was found in the IA32 system call emulation provided on AMD64 and Intel 64 platforms. An improperly validated 64-bit value could be stored in the %RAX register, which could trigger an out-of-bounds system call table access. An untrusted local user could exploit this flaw to run code in the kernel (ie a root privilege escalation). (CVE-2007-4573). Red Hat would like to thank Wojciech Purczynski for reporting this issue. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain a backported patch to correct this issue. |
RHSA-2007:0937: kernel security update (Important)oval-com.redhat.rhsa-def-20070937 highRHSA-2007:0937 CVE-2007-4573
RHSA-2007:0937: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070937 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0937, CVE-2007-4573 |
| Description | The Linux kernel handles the basic functions of the operating system. A flaw was found in the IA32 system call emulation provided on AMD64 and Intel 64 platforms. An improperly validated 64-bit value could be stored in the %RAX register, which could trigger an out-of-bounds system call table access. An untrusted local user could exploit this flaw to run code in the kernel (ie a root privilege escalation). (CVE-2007-4573). Red Hat would like to thank Wojciech Purczynski for reporting this issue. Red Hat Enterprise Linux 4 users are advised to upgrade to these packages, which contain a backported patch to correct this issue. |
RHSA-2007:0939: kernel security update (Important)oval-com.redhat.rhsa-def-20070939 highRHSA-2007:0939 CVE-2006-6921 CVE-2007-2878 CVE-2007-3105 CVE-2007-3739 CVE-2007-3740 CVE-2007-3843 CVE-2007-3848 CVE-2007-4308 CVE-2007-4571
RHSA-2007:0939: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070939 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0939, CVE-2006-6921, CVE-2007-2878, CVE-2007-3105, CVE-2007-3739, CVE-2007-3740, CVE-2007-3843, CVE-2007-3848, CVE-2007-4308, CVE-2007-4571 |
| Description | The Linux kernel is the core of the operating system. These updated kernel packages contain fixes for the following security issues: * A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) * A flaw was found in the CIFS file system. This could cause the umask values of a process to not be honored on CIFS file systems where UNIX extensions are supported. (CVE-2007-3740, Important) * A flaw was found in the VFAT compat ioctl handling on 64-bit systems. This allowed a local user to corrupt a kernel_dirent struct and cause a denial of service. (CVE-2007-2878, Important) * A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate) * A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver that should be restricted to privileged users. (CVE-2007-4308, Moderate) * A flaw was found in the stack expansion when using the hugetlb kernel on PowerPC systems. This allowed a local user to cause a denial of service. (CVE-2007-3739, Moderate) * A flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped which could lead to a denial of service. (CVE-2006-6921, Moderate) * A flaw was found in the CIFS file system handling. The mount option "sec=" did not enable integrity checking or produce an error message if used. (CVE-2007-3843, Low) * A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. This flaw could be exploited if the root user raised the default wakeup threshold over the size of the output pool. (CVE-2007-3105, Low) Additionally, the following bugs were fixed: * A flaw was found in the kernel netpoll code, creating a potential deadlock condition. If the xmit_lock for a given network interface is held, and a subsequent netpoll event is generated from within the lock owning context (a console message for example), deadlock on that cpu will result, because the netpoll code will attempt to re-acquire the xmit_lock. The fix is to, in the netpoll code, only attempt to take the lock, and fail if it is already acquired (rather than block on it), and queue the message to be sent for later delivery. Any user of netpoll code in the kernel (netdump or netconsole services), is exposed to this problem, and should resolve the issue by upgrading to this kernel release immediately. * A flaw was found where, under 64-bit mode (x86_64), AMD processors were not able to address greater than a 40-bit physical address space; and Intel processors were only able to address up to a 36-bit physical address space. The fix is to increase the physical addressing for an AMD processor to 48 bits, and an Intel processor to 38 bits. Please see the Red Hat Knowledgebase for more detailed information. * A flaw was found in the xenU kernel that may prevent a paravirtualized guest with more than one CPU from starting when running under an Enterprise Linux 5.1 hypervisor. The fix is to allow your Enterprise Linux 4 Xen SMP guests to boot under a 5.1 hypervisor. Please see the Red Hat Knowledgebase for more detailed information. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2007:0940: kernel security update (Important)oval-com.redhat.rhsa-def-20070940 highRHSA-2007:0940 CVE-2007-3105 CVE-2007-3380 CVE-2007-3513 CVE-2007-3731 CVE-2007-3848 CVE-2007-3850 CVE-2007-4133 CVE-2007-4308 CVE-2007-4574
RHSA-2007:0940: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070940 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0940, CVE-2007-3105, CVE-2007-3380, CVE-2007-3513, CVE-2007-3731, CVE-2007-3848, CVE-2007-3850, CVE-2007-4133, CVE-2007-4308, CVE-2007-4574 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: * A flaw was found in the backported stack unwinder fixes in Red Hat Enterprise Linux 5. On AMD64 and Intel 64 platforms, a local user could trigger this flaw and cause a denial of service. (CVE-2007-4574, Important) * A flaw was found in the handling of process death signals. This allowed a local user to send arbitrary signals to the suid-process executed by that user. A successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. (CVE-2007-3848, Important) * A flaw was found in the Distributed Lock Manager (DLM) in the cluster manager. This allowed a remote user who is able to connect to the DLM port to cause a denial of service. (CVE-2007-3380, Important) * A flaw was found in the aacraid SCSI driver. This allowed a local user to make ioctl calls to the driver which should otherwise be restricted to privileged users. (CVE-2007-4308, Moderate) * A flaw was found in the prio_tree handling of the hugetlb support that allowed a local user to cause a denial of service. This only affected kernels with hugetlb support. (CVE-2007-4133, Moderate) * A flaw was found in the eHCA driver on PowerPC architectures that allowed a local user to access 60k of physical address space. This address space could contain sensitive information. (CVE-2007-3850, Moderate) * A flaw was found in ptrace support that allowed a local user to cause a denial of service via a NULL pointer dereference. (CVE-2007-3731, Moderate) * A flaw was found in the usblcd driver that allowed a local user to cause a denial of service by writing data to the device node. To exploit this issue, write access to the device node was needed. (CVE-2007-3513, Moderate) * A flaw was found in the random number generator implementation that allowed a local user to cause a denial of service or possibly gain privileges. If the root user raised the default wakeup threshold over the size of the output pool, this flaw could be exploited. (CVE-2007-3105, Low) In addition to the security issues described above, several bug fixes preventing possible system crashes and data corruption were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues. |
RHSA-2007:0951: nfs-utils-lib security update (Important)oval-com.redhat.rhsa-def-20070951 highRHSA-2007:0951 CVE-2007-3999 CVE-2007-4135
RHSA-2007:0951: nfs-utils-lib security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070951 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0951, CVE-2007-3999, CVE-2007-4135 |
| Description | The nfs-utils-lib package contains support libraries that are needed by the commands and daemons of the nfs-utils package. The updated nfs-utils package fixes the following vulnerabilities: Tenable Network Security discovered a stack buffer overflow flaw in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash. On Red Hat Enterprise Linux 5 it is not possible to exploit this flaw to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. (CVE-2007-3999) Tony Ernst from SGI has discovered a flaw in the way nfsidmap maps NFSv4 unknown uids. If an unknown user ID is encountered on an NFSv4 mounted filesystem, the files will default to being owned by 'root' rather than 'nobody'. (CVE-2007-4135) Users of nfs-utils-lib are advised to upgrade to this updated package, which contains backported patches to resolve these issues. |
RHSA-2007:0957: opal security update (Moderate)oval-com.redhat.rhsa-def-20070957 mediumRHSA-2007:0957 CVE-2007-4924
RHSA-2007:0957: opal security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070957 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0957, CVE-2007-4924 |
| Description | Open Phone Abstraction Library (opal) is implementation of various telephony and video communication protocols for use over packet based networks. In Red Hat Enterprise Linux 5, the Ekiga application uses opal. A flaw was discovered in the way opal handled certain Session Initiation Protocol (SIP) packets. An attacker could use this flaw to crash an application, such as Ekiga, which is linked with opal. (CVE-2007-4924) Users should upgrade to these updated opal packages which contain a backported patch to correct this issue. |
RHSA-2007:0960: hplip security update (Important)oval-com.redhat.rhsa-def-20070960 highRHSA-2007:0960 CVE-2007-5208
RHSA-2007:0960: hplip security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070960 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0960, CVE-2007-5208 |
| Description | The hplip (Hewlett-Packard Linux Imaging and Printing Project) package provides drivers for HP printers and multi-function peripherals. Kees Cook discovered a flaw in the way the hplip hpssd daemon handled user input. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user. (CVE-2007-5208). On Red Hat Enterprise Linux 5, the SELinux targeted policy for hpssd which is enabled by default, blocks the ability to exploit this issue to run arbitrary code. Users of hplip are advised to upgrade to this updated package, which contains backported patches to resolve this issue. |
RHSA-2007:0961: ruby security update (Moderate)oval-com.redhat.rhsa-def-20070961 mediumRHSA-2007:0961 CVE-2006-6303 CVE-2007-5162 CVE-2007-5770
RHSA-2007:0961: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070961 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0961, CVE-2006-6303, CVE-2007-5162, CVE-2007-5770 |
| Description | Ruby is an interpreted scripting language for object-oriented programming. A flaw was discovered in the way Ruby's CGI module handles certain HTTP requests. If a remote attacker sends a specially crafted request, it is possible to cause the ruby CGI script to enter an infinite loop, possibly causing a denial of service. (CVE-2006-6303) An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770) Users of Ruby should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:0964: openssl security update (Important)oval-com.redhat.rhsa-def-20070964 highRHSA-2007:0964 CVE-2007-3108 CVE-2007-4995 CVE-2007-5135
RHSA-2007:0964: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070964 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0964, CVE-2007-3108, CVE-2007-4995, CVE-2007-5135 |
| Description | OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (UDP for instance). The OpenSSL security team discovered a flaw in DTLS support. An attacker could create a malicious client or server that could trigger a heap overflow. This is possibly exploitable to run arbitrary code, but it has not been verified (CVE-2007-4995). Note that this flaw only affects applications making use of DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer with a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches designed to mitigate these issues. (CVE-2007-3108). Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Please note that the fix for the DTLS flaw involved an overhaul of the DTLS handshake processing which may introduce incompatibilities if a new client is used with an older server. After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. |
RHSA-2007:0965: ruby security update (Moderate)oval-com.redhat.rhsa-def-20070965 mediumRHSA-2007:0965 CVE-2007-5162 CVE-2007-5770
RHSA-2007:0965: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070965 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0965, CVE-2007-5162, CVE-2007-5770 |
| Description | Ruby is an interpreted scripting language for object-oriented programming. An SSL certificate validation flaw was discovered in several Ruby Net modules. The libraries were not checking the requested host name against the common name (CN) in the SSL server certificate, possibly allowing a man in the middle attack. (CVE-2007-5162, CVE-2007-5770) Users of Ruby should upgrade to these updated packages, which contain a backported patch to resolve these issues. |
RHSA-2007:0966: perl security update (Important)oval-com.redhat.rhsa-def-20070966 highRHSA-2007:0966 CVE-2007-5116
RHSA-2007:0966: perl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070966 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0966, CVE-2007-5116 |
| Description | Perl is a high-level programming language commonly used for system administration utilities and Web programming. A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl. (CVE-2007-5116) Users of Perl are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing this issue. |
RHSA-2007:0967: pcre security update (Critical)oval-com.redhat.rhsa-def-20070967 highRHSA-2007:0967 CVE-2007-1659 CVE-2007-1660
RHSA-2007:0967: pcre security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070967 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0967, CVE-2007-1659, CVE-2007-1660 |
| Description | PCRE is a Perl-compatible regular expression library. Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. (CVE-2007-1659, CVE-2007-1660) Users of pcre are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues. |
RHSA-2007:0968: pcre security update (Critical)oval-com.redhat.rhsa-def-20070968 highRHSA-2007:0968 CVE-2007-1660
RHSA-2007:0968: pcre security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070968 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0968, CVE-2007-1660 |
| Description | PCRE is a Perl-compatible regular expression library. Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an application linked against pcre, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. (CVE-2007-1660) Users of pcre are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues. |
RHSA-2007:0969: util-linux security update (Moderate)oval-com.redhat.rhsa-def-20070969 mediumRHSA-2007:0969 CVE-2007-5191
RHSA-2007:0969: util-linux security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070969 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0969, CVE-2007-5191 |
| Description | The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. A flaw was discovered in the way that the mount and umount utilities used the setuid and setgid functions, which could lead to privileges being dropped improperly. A local user could use this flaw to run mount helper applications such as, mount.nfs, with additional privileges (CVE-2007-5191). Users are advised to update to these erratum packages which contain a backported patch to correct this issue. |
RHSA-2007:0975: flac security update (Important)oval-com.redhat.rhsa-def-20070975 highRHSA-2007:0975 CVE-2007-4619 CVE-2007-6277
RHSA-2007:0975: flac security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070975 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0975, CVE-2007-4619, CVE-2007-6277 |
| Description | FLAC is a Free Lossless Audio Codec. The flac package consists of a FLAC encoder and decoder in library form, a program to encode and decode FLAC files, a metadata editor for FLAC files and input plugins for various music players. A security flaw was found in the way flac processed audio data. An attacker could create a carefully crafted FLAC audio file in such a way that it could cause an application linked with flac libraries to crash or execute arbitrary code when it was opened. (CVE-2007-4619) Users of flac are advised to upgrade to this updated package, which contains a backported patch that resolves this issue. |
RHSA-2007:0979: firefox security update (Critical)oval-com.redhat.rhsa-def-20070979 highRHSA-2007:0979 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340
RHSA-2007:0979: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070979 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0979, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the way in which Firefox processed certain malformed web content. A web page containing malicious content could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Firefox sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Firefox generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) All users of Firefox are advised to upgrade to these updated packages, which contain backported patches that correct these issues. |
RHSA-2007:0980: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20070980 highRHSA-2007:0980 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340
RHSA-2007:0980: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20070980 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0980, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way in which SeaMonkey processed certain malformed web content. A web page containing malicious content could cause SeaMonkey to crash or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which SeaMonkey displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the SeaMonkey sftp protocol handler. A malicious web page could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which SeaMonkey generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of SeaMonkey are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. |
RHSA-2007:0981: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20070981 mediumRHSA-2007:0981 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2007-3844 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-5339 CVE-2007-5340
RHSA-2007:0981: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0981, CVE-2007-1095, CVE-2007-2292, CVE-2007-3511, CVE-2007-3844, CVE-2007-5334, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the way in which Thunderbird processed certain malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or potentially execute arbitrary code as the user running Thunderbird. JavaScript support is disabled by default in Thunderbird; these issues are not exploitable unless the user has enabled JavaScript. (CVE-2007-5338, CVE-2007-5339, CVE-2007-5340) Several flaws were found in the way in which Thunderbird displayed malformed HTML mail content. An HTML mail message containing specially-crafted content could potentially trick a user into surrendering sensitive information. (CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334) A flaw was found in the Thunderbird sftp protocol handler. A malicious HTML mail message could access data from a remote sftp site, possibly stealing sensitive user data. (CVE-2007-5337) A request-splitting flaw was found in the way in which Thunderbird generates a digest authentication request. If a user opened a specially-crafted URL, it was possible to perform cross-site scripting attacks, web cache poisoning, or other, similar exploits. (CVE-2007-2292) Users of Thunderbird are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. |
RHSA-2007:0992: libpng security update (Moderate)oval-com.redhat.rhsa-def-20070992 mediumRHSA-2007:0992 CVE-2007-5269
RHSA-2007:0992: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20070992 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:0992, CVE-2007-5269 |
| Description | The libpng package contains a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. Several flaws were discovered in the way libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. (CVE-2007-5269) Users should update to these updated packages which contain a backported patch to correct these issues. |
RHSA-2007:0993: kernel security update (Important)oval-com.redhat.rhsa-def-20070993 highRHSA-2007:0993 CVE-2007-4571 CVE-2007-4997 CVE-2007-5494
RHSA-2007:0993: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20070993 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:0993, CVE-2007-4571, CVE-2007-4997, CVE-2007-5494 |
| Description | The Linux kernel handles the basic functions of the operating system. These new kernel packages contain fixes for the following security issues: A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) A flaw was found in the handling of IEEE 802.11 frames affecting several wireless LAN modules. In certain circumstances, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network and cause a denial of service (kernel crash). (CVE-2007-4997, Important). A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local user who had the ability to read the /proc/driver/snd-page-alloc file could see portions of kernel memory. (CVE-2007-4571, Moderate). In addition to the security issues described above, several bug fixes preventing possible memory corruption, system crashes, SCSI I/O fails, networking drivers performance regression and journaling block device layer issue were also included. Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, which contain backported patches to resolve these issues. Red Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle for reporting the security issues corrected by this update. |
RHSA-2007:1003: openssl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20071003 mediumRHSA-2007:1003 CVE-2007-3108 CVE-2007-5135
RHSA-2007:1003: openssl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1003, CVE-2007-3108, CVE-2007-5135 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, and is also a full-strength general-purpose cryptography library. A flaw was found in the SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer by a single byte (CVE-2007-5135). Few applications make use of this vulnerable function and generally it is used only when applications are compiled for debugging. A number of possible side-channel attacks were discovered affecting OpenSSL. A local attacker could possibly obtain RSA private keys being used on a system. In practice these attacks would be difficult to perform outside of a lab environment. This update contains backported patches to mitigate these issues. (CVE-2007-3108) As well, these updated packages fix the following bugs: * multithreaded applications could cause a segmentation fault or deadlock when calling the random number generator initialization (RAND_poll) in the OpenSSL library, for a large number of threads simultaneously. * in certain circumstances, if an application using the OpenSSL library reused the SSL session cache for multiple purposes (with various parameters of the SSL protocol), the session parameters could be mismatched. * a segmentation fault could occur when a corrupted pkcs12 file was being loaded using the "openssl pkcs12 -in [pkcs12-file]" command, where [pkcs12-file] is the pkcs12 file. Users of OpenSSL should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: After installing this update, users are advised to either restart all services that use OpenSSL or restart their system. |
RHSA-2007:1016: samba security update (Critical)oval-com.redhat.rhsa-def-20071016 highRHSA-2007:1016 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398
RHSA-2007:1016: samba security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20071016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1016, CVE-2007-4138, CVE-2007-4572, CVE-2007-5398 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A buffer overflow flaw was found in the way Samba creates NetBIOS replies. If a Samba server is configured to run as a WINS server, a remote unauthenticated user could cause the Samba server to crash or execute arbitrary code. (CVE-2007-5398) A heap-based buffer overflow flaw was found in the way Samba authenticates users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash. Careful analysis of this flaw has determined that arbitrary code execution is not possible, and under most circumstances will not result in a crash of the Samba server. (CVE-2007-4572) A flaw was found in the way Samba assigned group IDs under certain conditions. If the "winbind nss info" parameter in smb.conf is set to either "sfu" or "rfc2307", Samba users are incorrectly assigned the group ID of 0. (CVE-2007-4138) Red Hat would like to thank Alin Rad Pop of Secunia Research, Rick King, and the Samba developers for responsibly disclosing these issues. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2007:1017: samba security update (Critical)oval-com.redhat.rhsa-def-20071017 highRHSA-2007:1017 CVE-2007-4138 CVE-2007-4572 CVE-2007-5398
RHSA-2007:1017: samba security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20071017 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1017, CVE-2007-4138, CVE-2007-4572, CVE-2007-5398 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A buffer overflow flaw was found in the way Samba creates NetBIOS replies. If a Samba server is configured to run as a WINS server, a remote unauthenticated user could cause the Samba server to crash or execute arbitrary code. (CVE-2007-5398) A heap based buffer overflow flaw was found in the way Samba authenticates users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash. Careful analysis of this flaw has determined that arbitrary code execution is not possible, and under most circumstances will not result in a crash of the Samba server. (CVE-2007-4572) A flaw was found in the way Samba assigned group IDs under certain conditions. If the "winbind nss info" parameter in smb.conf is set to either "sfu" or "rfc2307", Samba users are incorrectly assigned the group ID of 0. (CVE-2007-4138) Red Hat would like to thank Alin Rad Pop of Secunia Research, Rick King, and the Samba developers for responsibly disclosing these issues. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2007:1020: cups security and bug fix update (Important)oval-com.redhat.rhsa-def-20071020 highRHSA-2007:1020 CVE-2007-4351
RHSA-2007:1020: cups security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071020 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1020, CVE-2007-4351 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration does not allow remote hosts to connect to the IPP TCP port. (CVE-2007-4351) Red Hat would like to thank Alin Rad Pop for reporting this issue. All CUPS users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. In addition, the following bugs were fixed: * the CUPS service has been changed to start after sshd, to avoid causing delays when logging in when the system is booted. * the logrotate settings have been adjusted so they do not cause CUPS to reload its configuration. This is to avoid re-printing the current job, which could occur when it was a long-running job. * a bug has been fixed in the handling of the If-Modified-Since: HTTP header. * in the LSPP configuration, labels for labeled jobs did not line-wrap. This has been fixed. * an access check in the LSPP configuration has been made more secure. * the cups-lpd service no longer ignores the "-odocument-format=..." option. * a memory allocation bug has been fixed in cupsd. * support for UNIX domain sockets authentication without passwords has been added. * in the LSPP configuration, a problem that could lead to cupsd crashing has been fixed. * the error handling in the initscript has been improved. * The job-originating-host-name attribute was not correctly set for jobs submitted via the cups-lpd service. This has been fixed. * a problem with parsing IPv6 addresses in the configuration file has been fixed. * a problem that could lead to cupsd crashing when it failed to open a "file:" URI has been fixed. |
RHSA-2007:1021: cups security update (Important)oval-com.redhat.rhsa-def-20071021 highRHSA-2007:1021 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
RHSA-2007:1021: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071021 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1021, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1022: cups security update (Important)oval-com.redhat.rhsa-def-20071022 highRHSA-2007:1022 CVE-2007-4045 CVE-2007-4351 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
RHSA-2007:1022: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071022 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1022, CVE-2007-4045, CVE-2007-4351, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause CUPS to crash or potentially execute arbitrary code when printed. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Alin Rad Pop discovered a flaw in in the way CUPS handles certain IPP tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash. (CVE-2007-4351) A flaw was found in the way CUPS handled SSL negotiation. A remote attacker capable of connecting to the CUPS daemon could cause CUPS to crash. (CVE-2007-4045) All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1024: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20071024 highRHSA-2007:1024 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
RHSA-2007:1024: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071024 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1024, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1025: gpdf security update (Important)oval-com.redhat.rhsa-def-20071025 highRHSA-2007:1025 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
RHSA-2007:1025: gpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071025 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1025, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 |
| Description | gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1026: poppler security update (Important)oval-com.redhat.rhsa-def-20071026 highRHSA-2007:1026 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
RHSA-2007:1026: poppler security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071026 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1026, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 |
| Description | Poppler is a PDF rendering library, used by applications such as evince. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause an application linked with poppler to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1027: tetex security update (Important)oval-com.redhat.rhsa-def-20071027 highRHSA-2007:1027 CVE-2007-4033 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
RHSA-2007:1027: tetex security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071027 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1027, CVE-2007-4033, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 |
| Description | TeTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (dvi) file as output. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) A flaw was found in the t1lib library, used in the handling of Type 1 fonts. An attacker could create a malicious file that would cause TeTeX to crash, or potentially execute arbitrary code when opened. (CVE-2007-4033) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1029: xpdf security update (Important)oval-com.redhat.rhsa-def-20071029 highRHSA-2007:1029 CVE-2007-4352 CVE-2007-5392 CVE-2007-5393
RHSA-2007:1029: xpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071029 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1029, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 |
| Description | Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Alin Rad Pop discovered several flaws in the handling of PDF files. An attacker could create a malicious PDF file that would cause Xpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1037: openldap security and enhancement update (Important)oval-com.redhat.rhsa-def-20071037 highRHSA-2007:1037 CVE-2007-5707
RHSA-2007:1037: openldap security and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071037 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1037, CVE-2007-5707 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. A local or remote attacker could create an LDAP request which could cause a denial of service by crashing slapd. (CVE-2007-5707) In addition, the following feature was added: * OpenLDAP client tools now have new option to configure their bind timeout. All users are advised to upgrade to these updated openldap packages, which contain a backported patch to correct this issue and provide this security enhancement. |
RHSA-2007:1038: openldap security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20071038 mediumRHSA-2007:1038 CVE-2007-5707
RHSA-2007:1038: openldap security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071038 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1038, CVE-2007-5707 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes. An authenticated local or remote attacker could create an LDAP request which could cause a denial of service by crashing slapd. (CVE-2007-5707) In addition, the following feature was added: * OpenLDAP client tools now have new option to configure their bind timeout. All users are advised to upgrade to these updated openldap packages, which contain a backported patch to correct this issue and provide this security enhancement. |
RHSA-2007:1045: net-snmp security update (Moderate)oval-com.redhat.rhsa-def-20071045 mediumRHSA-2007:1045 CVE-2007-5846
RHSA-2007:1045: net-snmp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071045 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1045, CVE-2007-5846 |
| Description | Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was discovered in the way net-snmp handled certain requests. A remote attacker who can connect to the snmpd UDP port (161 by default) could send a malicious packet causing snmpd to crash, resulting in a denial of service. (CVE-2007-5846) All users of net-snmp are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:1048: openoffice.org, hsqldb security update (Moderate)oval-com.redhat.rhsa-def-20071048 mediumRHSA-2007:1048 CVE-2003-0845 CVE-2007-4575
RHSA-2007:1048: openoffice.org, hsqldb security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071048 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1048, CVE-2003-0845, CVE-2007-4575 |
| Description | OpenOffice.org is an office productivity suite. HSQLDB is a Java relational database engine used by OpenOffice.org Base. It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. (CVE-2007-4575) It was discovered that HSQLDB did not have a password set on the 'sa' user. If HSQLDB has been configured as a service, a remote attacker who could connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands. (CVE-2003-0845) Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a service by default, and needs manual configuration in order to work as a service. Users of OpenOffice.org or HSQLDB should update to these errata packages which contain backported patches to correct these issues. |
RHSA-2007:1051: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20071051 highRHSA-2007:1051 CVE-2007-5393
RHSA-2007:1051: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071051 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1051, CVE-2007-5393 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment. This includes kpdf, a PDF file viewer. Alin Rad Pop discovered a flaw in the handling of PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or potentially execute arbitrary code when opened. (CVE-2007-5393) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. |
RHSA-2007:1052: pcre security update (Important)oval-com.redhat.rhsa-def-20071052 highRHSA-2007:1052 CVE-2005-4872 CVE-2006-7227
RHSA-2007:1052: pcre security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071052 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1052, CVE-2005-4872, CVE-2006-7227 |
| Description | PCRE is a Perl-compatible regular expression library. Flaws were found in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may be possible to run arbitrary code as the user running the application. (CVE-2005-4872, CVE-2006-7227) Users of PCRE are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2007:1059: pcre security update (Important)oval-com.redhat.rhsa-def-20071059 highRHSA-2007:1059 CVE-2006-7225 CVE-2006-7226 CVE-2006-7228 CVE-2006-7230
RHSA-2007:1059: pcre security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071059 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1059, CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230 |
| Description | PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. |
RHSA-2007:1068: pcre security update (Important)oval-com.redhat.rhsa-def-20071068 highRHSA-2007:1068 CVE-2006-7225 CVE-2006-7226 CVE-2006-7228 CVE-2006-7230 CVE-2007-1659
RHSA-2007:1068: pcre security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071068 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1068, CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659 |
| Description | PCRE is a Perl-compatible regular expression library. Flaws were discovered in the way PCRE handles certain malformed regular expressions. If an application linked against PCRE, such as Konqueror, parses a malicious regular expression, it may have been possible to run arbitrary code as the user running the application. (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) Users of PCRE are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. Red Hat would like to thank Ludwig Nussel for reporting these issues. |
RHSA-2007:1076: python security update (Moderate)oval-com.redhat.rhsa-def-20071076 mediumRHSA-2007:1076 CVE-2006-7228 CVE-2007-2052 CVE-2007-4965
RHSA-2007:1076: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071076 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1076, CVE-2006-7228, CVE-2007-2052, CVE-2007-4965 |
| Description | Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) Users of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1078: cairo security update (Important)oval-com.redhat.rhsa-def-20071078 highRHSA-2007:1078 CVE-2007-5503
RHSA-2007:1078: cairo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071078 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1078, CVE-2007-5503 |
| Description | Cairo is a vector graphics library designed to provide high-quality display and print output. An integer overflow flaw was found in the way Cairo processes PNG images. If an application linked against Cairo processes a malicious PNG image, it is possible to execute arbitrary code as the user running the application. (CVE-2007-5503) Users of Cairo are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:1082: firefox security update (Critical)oval-com.redhat.rhsa-def-20071082 highRHSA-2007:1082 CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
RHSA-2007:1082: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20071082 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1082, CVE-2007-5947, CVE-2007-5959, CVE-2007-5960 |
| Description | Mozilla Firefox is an open source Web browser. A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. (CVE-2007-5947) Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2007-5959) A race condition existed when Firefox set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960) Users of Firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1083: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20071083 mediumRHSA-2007:1083 CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
RHSA-2007:1083: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071083 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1083, CVE-2007-5947, CVE-2007-5959, CVE-2007-5960 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled the jar: URI scheme. It may be possible for a malicious HTML mail message to leverage this flaw, and conduct a cross-site scripting attack against a user running Thunderbird. (CVE-2007-5947) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2007-5959) A race condition existed when Thunderbird set the "window.location" property when displaying HTML mail content. This flaw could allow a HTML mail message to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960) All users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1084: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20071084 highRHSA-2007:1084 CVE-2007-5947 CVE-2007-5959 CVE-2007-5960
RHSA-2007:1084: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20071084 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1084, CVE-2007-5947, CVE-2007-5959, CVE-2007-5960 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. (CVE-2007-5947) Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2007-5959) A race condition existed when Seamonkey set the "window.location" property for a webpage. This flaw could allow a webpage to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery (CSRF) attack against websites that rely only on the Referer header for protection. (CVE-2007-5960) Users of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1090: openoffice.org2 security update (Moderate)oval-com.redhat.rhsa-def-20071090 mediumRHSA-2007:1090 CVE-2007-4575
RHSA-2007:1090: openoffice.org2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071090 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1090, CVE-2007-4575 |
| Description | OpenOffice.org is an office productivity suite. HSQLDB is the default database engine shipped with OpenOffice.org 2. It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. (CVE-2007-4575) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:1095: htdig security update (Moderate)oval-com.redhat.rhsa-def-20071095 mediumRHSA-2007:1095 CVE-2007-6110
RHSA-2007:1095: htdig security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071095 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1095, CVE-2007-6110 |
| Description | The ht://Dig system is a complete World Wide Web indexing and searching system for a small domain or intranet. A cross-site scripting flaw was discovered in a htdig search page. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause a user's Web browser to execute malicious script in the context of the visited htdig search Web page. (CVE-2007-6110) Users of htdig are advised to upgrade to these updated packages, which contain backported patch to resolve this issue. |
RHSA-2007:1104: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20071104 highRHSA-2007:1104 CVE-2007-4997 CVE-2007-5494
RHSA-2007:1104: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071104 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1104, CVE-2007-4997, CVE-2007-5494 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: A flaw was found in the handling of IEEE 802.11 frames, which affected several wireless LAN modules. In certain situations, a remote attacker could trigger this flaw by sending a malicious packet over a wireless network, causing a denial of service (kernel crash). (CVE-2007-4997, Important) A memory leak was found in the Red Hat Content Accelerator kernel patch. A local user could use this flaw to cause a denial of service (memory exhaustion). (CVE-2007-5494, Important) Additionally, the following bugs were fixed: * when running the "ls -la" command on an NFSv4 mount point, incorrect file attributes, and outdated file size and timestamp information were returned. As well, symbolic links may have been displayed as actual files. * a bug which caused the cmirror write path to appear deadlocked after a successful recovery, which may have caused syncing to hang, has been resolved. * a kernel panic which occurred when manually configuring LCS interfaces on the IBM S/390 has been resolved. * when running a 32-bit binary on a 64-bit system, it was possible to mmap page at address 0 without flag MAP_FIXED set. This has been resolved in these updated packages. * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI interrupt counter in "/proc/interrupts" on systems running an AMD Opteron CPU. This caused systems running NMI Watchdog to restart at regular intervals. * a bug which caused the diskdump utility to run very slowly on devices using Fusion MPT has been resolved. All users are advised to upgrade to these updated packages, which resolve these issues. |
RHSA-2007:1114: samba security and bug fix update (Critical)oval-com.redhat.rhsa-def-20071114 highRHSA-2007:1114 CVE-2007-6015
RHSA-2007:1114: samba security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20071114 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1114, CVE-2007-6015 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A stack buffer overflow flaw was found in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or execute arbitrary code with the permissions of the Samba server. (CVE-2007-6015) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. This update also fixes a regression caused by the fix for CVE-2007-4572, which prevented some clients from being able to properly access shares. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. |
RHSA-2007:1128: autofs security update (Important)oval-com.redhat.rhsa-def-20071128 highRHSA-2007:1128 CVE-2007-5964
RHSA-2007:1128: autofs security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071128 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1128, CVE-2007-5964 |
| Description | The autofs utility controls the operation of the automount daemon, which automatically mounts and unmounts file systems after a period of inactivity. There was a security issue with the default installed configuration of autofs version 5 whereby the entry for the "hosts" map did not specify the "nosuid" mount option. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges. (CVE-2007-5964) Due to the fact that autofs always mounted hosts map entries suid by default, autofs has now been altered to always use the "nosuid" option when mounting from the default hosts map. The "suid" option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the hosts map which corresponds to the /net entry in the default configuration. Users are advised to upgrade to these updated autofs packages, which resolve this issue. Red Hat would like to thank Josh Lange for reporting this issue. |
RHSA-2007:1129: autofs5 security update (Important)oval-com.redhat.rhsa-def-20071129 highRHSA-2007:1129 CVE-2007-5964
RHSA-2007:1129: autofs5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071129 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1129, CVE-2007-5964 |
| Description | The autofs utility controls the operation of the automount daemon, which automatically mounts and unmounts file systems after a period of inactivity. The autofs version 5 package was made available as a technology preview in Red Hat Enterprise Linux version 4.6. There was a security issue with the default installed configuration of autofs version 5 whereby the entry for the "hosts" map did not specify the "nosuid" mount option. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges. (CVE-2007-5964) Due to the fact that autofs version 5 always mounted hosts map entries suid by default, autofs has now been altered to always use the "nosuid" option when mounting from the default hosts map. The "suid" option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the hosts map which corresponds to the /net entry in the default configuration. Users are advised to upgrade to these updated autofs5 packages, which resolve this issue. Red Hat would like to thank Josh Lange for reporting this issue. |
RHSA-2007:1130: squid security update (Moderate)oval-com.redhat.rhsa-def-20071130 mediumRHSA-2007:1130 CVE-2007-6239
RHSA-2007:1130: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071130 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1130, CVE-2007-6239 |
| Description | Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A flaw was found in the way squid stored HTTP headers for cached objects in system memory. An attacker could cause squid to use additional memory, and trigger high CPU usage when processing requests for certain cached objects, possibly leading to a denial of service. (CVE-2007-6239) Users of squid are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:1155: mysql security update (Important)oval-com.redhat.rhsa-def-20071155 highRHSA-2007:1155 CVE-2007-5925 CVE-2007-5969
RHSA-2007:1155: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071155 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1155, CVE-2007-5925, CVE-2007-5969 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. A flaw was found in a way MySQL handled symbolic links when database tables were created with explicit "DATA" and "INDEX DIRECTORY" options. An authenticated user could create a table that would overwrite tables in other databases, causing destruction of data or allowing the user to elevate privileges. (CVE-2007-5969) A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An authenticated user could create a table with spatial indexes, which are not supported by the InnoDB engine, that would cause the mysql daemon to crash when used. This issue only causes a temporary denial of service, as the mysql daemon will be automatically restarted after the crash. (CVE-2007-5925) All mysql users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1165: libexif security update (Moderate)oval-com.redhat.rhsa-def-20071165 mediumRHSA-2007:1165 CVE-2007-6351 CVE-2007-6352
RHSA-2007:1165: libexif security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071165 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1165, CVE-2007-6351, CVE-2007-6352 |
| Description | The libexif packages contain the Exif library. Exif is an image file format specification that enables metadata tags to be added to existing JPEG, TIFF and RIFF files. The Exif library makes it possible to parse an Exif file and read this metadata. An infinite recursion flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to crash. (CVE-2007-6351) An integer overflow flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to execute arbitrary code, or crash. (CVE-2007-6352) Users of libexif are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2007:1166: libexif security update (Moderate)oval-com.redhat.rhsa-def-20071166 mediumRHSA-2007:1166 CVE-2007-6352
RHSA-2007:1166: libexif security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20071166 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2007:1166, CVE-2007-6352 |
| Description | The libexif packages contain the Exif library. Exif is an image file format specification that enables metadata tags to be added to existing JPEG, TIFF and RIFF files. The Exif library makes it possible to parse an Exif file and read this metadata. An integer overflow flaw was found in the way libexif parses Exif image tags. If a victim opens a carefully crafted Exif image file, it could cause the application linked against libexif to execute arbitrary code, or crash. (CVE-2007-6352) Users of libexif are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2007:1176: autofs security update (Important)oval-com.redhat.rhsa-def-20071176 highRHSA-2007:1176 CVE-2007-6285
RHSA-2007:1176: autofs security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071176 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1176, CVE-2007-6285 |
| Description | The autofs utility controls the operation of the automount daemon, which automatically mounts file systems when you use them, and unmounts them when you are not using them. This can include network file systems and CD-ROMs. There was a security issue with the default configuration of autofs version 5, whereby the entry for the "-hosts" map did not specify the "nodev" mount option. A local user with control of a remote NFS server could create special device files on the remote file system, that if mounted using the default "-hosts" map, could allow the user to access important system devices. (CVE-2007-6285) This issue is similar to CVE-2007-5964, which fixed a missing "nosuid" mount option in autofs. Both the "nodev" and "nosuid" options should be enabled to prevent a possible compromise of machine integrity. Due to the fact that autofs always mounted "-hosts" map entries "dev" by default, autofs has now been altered to always use the "nodev" option when mounting from the default "-hosts" map. The "dev" option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the "-hosts" map which corresponds to the "/net" entry in the default configuration. All autofs users are advised to upgrade to these updated packages, which resolve this issue. Red Hat would like to thank Tim Baum for reporting this issue. |
RHSA-2007:1177: autofs5 security update (Important)oval-com.redhat.rhsa-def-20071177 highRHSA-2007:1177 CVE-2007-6285
RHSA-2007:1177: autofs5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20071177 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2007:1177, CVE-2007-6285 |
| Description | The autofs utility controls the operation of the automount daemon, which automatically mounts file systems when you use them, and unmounts them when you are not using them. This can include network file systems and CD-ROMs. The autofs5 packages were made available as a technology preview in Red Hat Enterprise Linux 4.6. There was a security issue with the default configuration of autofs version 5, whereby the entry for the "-hosts" map did not specify the "nodev" mount option. A local user with control of a remote NFS server could create special device files on the remote file system, that if mounted using the default "-hosts" map, could allow the user to access important system devices. (CVE-2007-6285) This issue is similar to CVE-2007-5964, which fixed a missing "nosuid" mount option in autofs. Both the "nodev" and "nosuid" options should be enabled to prevent a possible compromise of machine integrity. Due to the fact that autofs always mounted "-hosts" map entries "dev" by default, autofs has now been altered to always use the "nodev" option when mounting from the default "-hosts" map. The "dev" option must be explicitly given in the master map entry to revert to the old behavior. This change affects only the "-hosts" map which corresponds to the "/net" entry in the default configuration. All autofs5 users are advised to upgrade to these updated packages, which resolve this issue. Red Hat would like to thank Tim Baum for reporting this issue. |
RHSA-2008:0002: tog-pegasus security update (Critical)oval-com.redhat.rhsa-def-20080002 highRHSA-2008:0002 CVE-2008-0003
RHSA-2008:0002: tog-pegasus security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080002 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0002, CVE-2008-0003 |
| Description | The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent DMTF standard that defines a common information model, and communication protocol for monitoring and controlling resources. During a security audit, a stack buffer overflow flaw was found in the PAM authentication code in the OpenPegasus CIM management server. An unauthenticated remote user could trigger this flaw and potentially execute arbitrary code with root privileges. (CVE-2008-0003) Note that the tog-pegasus packages are not installed by default on Red Hat Enterprise Linux. The Red Hat Security Response Team believes that it would be hard to remotely exploit this issue to execute arbitrary code, due to the default SELinux targeted policy on Red Hat Enterprise Linux 4 and 5, and the SELinux memory protection tests enabled by default on Red Hat Enterprise Linux 5. Users of tog-pegasus should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages the tog-pegasus service should be restarted. |
RHSA-2008:0003: e2fsprogs security update (Moderate)oval-com.redhat.rhsa-def-20080003 mediumRHSA-2008:0003 CVE-2007-5497
RHSA-2008:0003: e2fsprogs security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0003, CVE-2007-5497 |
| Description | The e2fsprogs packages contain a number of utilities for creating, checking, modifying, and correcting any inconsistencies in second and third extended (ext2/ext3) file systems. Multiple integer overflow flaws were found in the way e2fsprogs processes file system content. If a victim opens a carefully crafted file system with a program using e2fsprogs, it may be possible to execute arbitrary code with the permissions of the victim. It may be possible to leverage this flaw in a virtualized environment to gain access to other virtualized hosts. (CVE-2007-5497) Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues. Users of e2fsprogs are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. |
RHSA-2008:0006: httpd security update (Moderate)oval-com.redhat.rhsa-def-20080006 mediumRHSA-2008:0006 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2008-0005
RHSA-2008:0006: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080006 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0006, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005 |
| Description | The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the "AddDefaultCharset" directive has been removed from the configuration, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005) Users of Apache httpd should upgrade to these updated packages, which contain backported patches to resolve these issues. Users should restart httpd after installing this update. |
RHSA-2008:0008: httpd security update (Moderate)oval-com.redhat.rhsa-def-20080008 mediumRHSA-2008:0008 CVE-2007-4465 CVE-2007-5000 CVE-2007-6388 CVE-2007-6421 CVE-2007-6422 CVE-2008-0005
RHSA-2008:0008: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080008 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0008, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005 |
| Description | The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imagemap module. On sites where mod_imagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where directory listings are used, and the "AddDefaultCharset" directive has been removed from the configuration, a cross-site scripting attack might have been possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2007-4465) A flaw was found in the mod_status module. On sites where mod_status was enabled and the status pages were publicly available, a cross-site scripting attack was possible. (CVE-2007-6388) A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, a cross-site scripting attack against an authorized user was possible. (CVE-2007-6421) A flaw was found in the mod_proxy_balancer module. On sites where mod_proxy_balancer was enabled, an authorized user could send a carefully crafted request that would cause the Apache child process handling that request to crash. This could lead to a denial of service if using a threaded Multi-Processing Module. (CVE-2007-6422) A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp was enabled and a forward proxy was configured, a cross-site scripting attack was possible against Web browsers which do not correctly derive the response character set following the rules in RFC 2616. (CVE-2008-0005) Users of Apache httpd should upgrade to these updated packages, which contain backported patches to resolve these issues. Users should restart httpd after installing this update. |
RHSA-2008:0030: xorg-x11 security update (Important)oval-com.redhat.rhsa-def-20080030 highRHSA-2008:0030 CVE-2007-4568 CVE-2007-4990 CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429 CVE-2008-0006
RHSA-2008:0030: xorg-x11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080030 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0030, CVE-2007-4568, CVE-2007-4990, CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429, CVE-2008-0006 |
| Description | The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit these issues to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) An integer and heap overflow flaw were found in the X.Org font server, xfs. A user with the ability to connect to the font server could have been able to cause a denial of service (crash), or potentially execute arbitrary code with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0031: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20080031 highRHSA-2008:0031 CVE-2007-5760 CVE-2007-5958 CVE-2007-6427 CVE-2007-6428 CVE-2007-6429
RHSA-2008:0031: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080031 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0031, CVE-2007-5760, CVE-2007-5958, CVE-2007-6427, CVE-2007-6428, CVE-2007-6429 |
| Description | X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM modules. A malicious authorized client could exploit these issues to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6429) A memory corruption flaw was found in the X.Org server's XInput extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-6427) An input validation flaw was found in the X.Org server's XFree86-Misc extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially execute arbitrary code with root privileges on the X.Org server. (CVE-2007-5760) An information disclosure flaw was found in the X.Org server's TOG-CUP extension. A malicious authorized client could exploit this issue to cause a denial of service (crash), or potentially view arbitrary memory content within the X server's address space. (CVE-2007-6428) A flaw was found in the X.Org server's XC-SECURITY extension, that could have allowed a local user to verify the existence of an arbitrary file, even in directories that are not normally accessible to that user. (CVE-2007-5958) Users of xorg-x11-server should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0032: libxml2 security update (Important)oval-com.redhat.rhsa-def-20080032 highRHSA-2008:0032 CVE-2007-6284
RHSA-2008:0032: libxml2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080032 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0032, CVE-2007-6284 |
| Description | The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. (CVE-2007-6284) Red Hat would like to thank the Google Security Team for responsibly disclosing this issue. All users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0038: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20080038 mediumRHSA-2008:0038 CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601
RHSA-2008:0038: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080038 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0038, CVE-2007-3278, CVE-2007-4769, CVE-2007-4772, CVE-2007-6067, CVE-2007-6600, CVE-2007-6601 |
| Description | PostgreSQL is an advanced Object-Relational database management system (DBMS). The postgresql packages include the client programs and libraries needed to access a PostgreSQL DBMS server. Will Drewry discovered multiple flaws in PostgreSQL's regular expression engine. An authenticated attacker could use these flaws to cause a denial of service by causing the PostgreSQL server to crash, enter an infinite loop, or use extensive CPU and memory resources while processing queries containing specially crafted regular expressions. Applications that accept regular expressions from untrusted sources may expose this problem to unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) A privilege escalation flaw was discovered in PostgreSQL. An authenticated attacker could create an index function that would be executed with administrator privileges during database maintenance tasks, such as database vacuuming. (CVE-2007-6600) A privilege escalation flaw was discovered in PostgreSQL's Database Link library (dblink). An authenticated attacker could use dblink to possibly escalate privileges on systems with "trust" or "ident" authentication configured. Please note that dblink functionality is not enabled by default, and can only by enabled by a database administrator on systems with the postgresql-contrib package installed. (CVE-2007-3278, CVE-2007-6601) All postgresql users should upgrade to these updated packages, which include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues. |
RHSA-2008:0042: tomcat security update (Moderate)oval-com.redhat.rhsa-def-20080042 mediumRHSA-2008:0042 CVE-2007-5342 CVE-2007-5461
RHSA-2008:0042: tomcat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080042 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0042, CVE-2007-5342, CVE-2007-5461 |
| Description | Tomcat is a servlet container for Java Servlet and JavaServer Pages technologies. A directory traversal vulnerability existed in the Apache Tomcat webdav servlet. In some configurations it allowed remote authenticated users to read files accessible to the local tomcat process. (CVE-2007-5461) The default security policy in the JULI logging component did not restrict access permissions to files. This could be misused by untrusted web applications to access and write arbitrary files in the context of the tomcat process. (CVE-2007-5342) Users of Tomcat should update to these errata packages, which contain backported patches and are not vulnerable to these issues. |
RHSA-2008:0055: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080055 highRHSA-2008:0055 CVE-2007-4130 CVE-2007-5500 CVE-2007-6063 CVE-2007-6151 CVE-2007-6206 CVE-2007-6694 CVE-2008-0001
RHSA-2008:0055: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080055 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0055, CVE-2007-4130, CVE-2007-5500, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6694, CVE-2008-0001 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages fix the following security issues: A flaw was found in the virtual filesystem (VFS). A local unprivileged user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the implementation of ptrace. A local unprivileged user could trigger this flaw and possibly cause a denial of service (system hang). (CVE-2007-5500, Important) A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled page faults when a CPU used the NUMA method for accessing memory on Itanium architectures. A local unprivileged user could trigger this flaw and cause a denial of service (system panic). (CVE-2007-4130, Important) A possible NULL pointer dereference was found in the chrp_show_cpuinfo function when using the PowerPC architecture. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file. This could potentially grant unauthorized access to sensitive information. (CVE-2007-6206, Moderate) Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-6063, CVE-2007-6151, Moderate) As well, these updated packages fix the following bug: * when moving volumes that contain multiple segments, and a mirror segment is not the first in the mapping table, running the "pvmove /dev/[device] /dev/[device]" command caused a kernel panic. A "kernel: Unable to handle kernel paging request at virtual address [address]" error was logged by syslog. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0058: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20080058 mediumRHSA-2008:0058 CVE-2007-6111 CVE-2007-6112 CVE-2007-6113 CVE-2007-6114 CVE-2007-6115 CVE-2007-6116 CVE-2007-6117 CVE-2007-6118 CVE-2007-6119 CVE-2007-6120 CVE-2007-6121 CVE-2007-6438 CVE-2007-6439 CVE-2007-6441 CVE-2007-6450 CVE-2007-6451
RHSA-2008:0058: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080058 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0058, CVE-2007-6111, CVE-2007-6112, CVE-2007-6113, CVE-2007-6114, CVE-2007-6115, CVE-2007-6116, CVE-2007-6117, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. Wireshark could crash or possibly execute arbitrary code as the user running Wireshark if it read a malformed packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115, CVE-2007-6117) Several denial of service bugs were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off the network. (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451) As well, Wireshark switched from using net-snmp to libsmi, which is included in this errata. Users of wireshark should upgrade to these updated packages, which contain Wireshark version 0.99.7, and resolve these issues. |
RHSA-2008:0061: setroubleshoot security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20080061 mediumRHSA-2008:0061 CVE-2007-5495 CVE-2007-5496
RHSA-2008:0061: setroubleshoot security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080061 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0061, CVE-2007-5495, CVE-2007-5496 |
| Description | The setroubleshoot packages provide tools to help diagnose SELinux problems. When AVC messages occur, an alert is generated that gives information about the problem, and how to create a resolution. A flaw was found in the way sealert wrote diagnostic messages to a temporary file. A local unprivileged user could perform a symbolic link attack, and cause arbitrary files, writable by other users, to be overwritten when a victim runs sealert. (CVE-2007-5495) A flaw was found in the way sealert displayed records from the setroubleshoot database as unescaped HTML. An local unprivileged attacker could cause AVC denial events with carefully crafted process or file names, injecting arbitrary HTML tags into the logs, which could be used as a scripting attack, or to confuse the user running sealert. (CVE-2007-5496) Additionally, the following bugs have been fixed in these update packages: * in certain situations, the sealert process used excessive CPU. These alerts are now capped at a maximum of 30, D-Bus is used instead of polling, threads causing excessive wake-up have been removed, and more robust exception-handling has been added. * different combinations of the sealert '-a', '-l', '-H', and '-v' options did not work as documented. * the SETroubleShoot browser did not allow multiple entries to be deleted. * the SETroubleShoot browser did not display statements that displayed whether SELinux was using Enforcing or Permissive mode, particularly when warning about SELinux preventions. * in certain cases, the SETroubleShoot browser gave incorrect instructions regarding paths, and would not display the full paths to files. * adding an email recipient to the recipients option from the /etc/setroubleshoot/setroubleshoot.cfg file and then generating an SELinux denial caused a traceback error. The recipients option has been removed; email addresses are now managed through the SETroubleShoot browser by navigating to File -> Edit Email Alert List, or by editing the /var/lib/setroubleshoot/email_alert_recipients file. * the setroubleshoot browser incorrectly displayed a period between the httpd_sys_content_t context and the directory path. * on the PowerPC architecture, The get_credentials() function in access_control.py would generate an exception when it called the socket.getsockopt() function. * The code which handles path information has been completely rewritten so that assumptions on path information which were misleading are no longer made. If the path information is not present, it will be presented as "<Unknown>". * setroubleshoot had problems with non-English locales under certain circumstances, possibly causing a python traceback, an sealert window pop-up containing an error, a "RuntimeError: maximum recursion depth exceeded" error after a traceback, or a "UnicodeEncodeError" after a traceback. * sealert ran even when SELinux was disabled, causing "attempt to open server connection failed" errors. Sealert now checks whether SELinux is enabled or disabled. * the database setroubleshoot maintains was world-readable. The setroubleshoot database is now mode 600, and is owned by the root user and group. * setroubleshoot did not validate requests to set AVC filtering options for users. In these updated packages, checks ensure that requests originate from the filter owner. * the previous setroubleshoot packages required a number of GNOME packages and libraries. setroubleshoot has therefore been split into 2 packages: setroubleshoot and setroubleshoot-server. * a bug in decoding the audit field caused an "Input is not proper UTF-8, indicate encoding!" error message. The decoding code has been rewritten. * a file name mismatch in the setroubleshoot init script would cause a failure to shut down. Users of setroubleshoot are advised to upgrade to these updated packages, which resolve these issues. |
RHSA-2008:0064: libXfont security update (Important)oval-com.redhat.rhsa-def-20080064 highRHSA-2008:0064 CVE-2008-0006
RHSA-2008:0064: libXfont security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080064 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0064, CVE-2008-0006 |
| Description | The libXfont package contains the X.Org X11 libXfont runtime library. A heap based buffer overflow flaw was found in the way the X.Org server handled malformed font files. A malicious local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2008-0006) Users of X.Org libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0089: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080089 highRHSA-2008:0089 CVE-2007-3104 CVE-2007-5904 CVE-2007-6206 CVE-2007-6416 CVE-2008-0001
RHSA-2008:0089: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080089 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0089, CVE-2007-3104, CVE-2007-5904, CVE-2007-6206, CVE-2007-6416, CVE-2008-0001 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These new kernel packages fix the following security issues: A flaw was found in the virtual filesystem (VFS). An unprivileged local user could truncate directories to which they had write permission; this could render the contents of the directory inaccessible. (CVE-2008-0001, Important) A flaw was found in the Xen PAL emulation on Intel 64 platforms. A guest Hardware-assisted virtual machine (HVM) could read the arbitrary physical memory of the host system, which could make information available to unauthorized users. (CVE-2007-6416, Important) A flaw was found in the way core dump files were created. If a local user can get a root-owned process to dump a core file into a directory, which the user has write access to, they could gain read access to that core file, potentially containing sensitive information. (CVE-2007-6206, Moderate) A buffer overflow flaw was found in the CIFS virtual file system. A remote,authenticated user could issue a request that could lead to a denial of service. (CVE-2007-5904, Moderate) A flaw was found in the "sysfs_readdir" function. A local user could create a race condition which would cause a denial of service (kernel oops). (CVE-2007-3104, Moderate) As well, these updated packages fix the following bugs: * running the "strace -f" command caused strace to hang, without displaying information about child processes. * unmounting an unresponsive, interruptable NFS mount, for example, one mounted with the "intr" option, may have caused a system crash. * a bug in the s2io.ko driver prevented VLAN devices from being added. Attempting to add a device to a VLAN, for example, running the "vconfig add [device-name] [vlan-id]" command caused vconfig to fail. * tux used an incorrect open flag bit. This caused problems when building packages in a chroot environment, such as mock, which is used by the koji build system. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0090: icu security update (Important)oval-com.redhat.rhsa-def-20080090 highRHSA-2008:0090 CVE-2007-4770 CVE-2007-4771
RHSA-2008:0090: icu security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080090 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0090, CVE-2007-4770, CVE-2007-4771 |
| Description | The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Will Drewry reported multiple flaws in the way libicu processed certain malformed regular expressions. If an application linked against ICU, such as OpenOffice.org, processed a carefully crafted regular expression, it may be possible to execute arbitrary code as the user running the application. (CVE-2007-4770, CVE-2007-4771) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0103: firefox security update (Critical)oval-com.redhat.rhsa-def-20080103 highRHSA-2008:0103 CVE-2008-0412 CVE-2008-0413 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0420 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593
RHSA-2008:0103: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080103 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0103, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed web content. A webpage containing malicious content could cause Firefox to crash, or potentially execute arbitrary code as the user running Firefox. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Firefox displayed malformed web content. A webpage containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Firefox stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way Firefox handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of Firefox. (CVE-2008-0418) A flaw was found in the way Firefox saves certain text files. If a website offers a file of type "plain/text", rather than "text/plain", Firefox will not show future "text/plain" content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of firefox are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0104: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20080104 highRHSA-2008:0104 CVE-2008-0304 CVE-2008-0412 CVE-2008-0413 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0420 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593
RHSA-2008:0104: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080104 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0104, CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the way SeaMonkey processed certain malformed web content. A webpage containing malicious content could cause SeaMonkey to crash, or potentially execute arbitrary code as the user running SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way SeaMonkey displayed malformed web content. A webpage containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) A flaw was found in the way SeaMonkey stored password data. If a user saves login information for a malicious website, it could be possible to corrupt the password database, preventing the user from properly accessing saved password data. (CVE-2008-0417) A flaw was found in the way SeaMonkey handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious website to steal sensitive session data. Note: this flaw does not affect a default installation of SeaMonkey. (CVE-2008-0418) A flaw was found in the way SeaMonkey saves certain text files. If a website offers a file of type "plain/text", rather than "text/plain", SeaMonkey will not show future "text/plain" content to the user in the browser, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of SeaMonkey are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0105: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20080105 highRHSA-2008:0105 CVE-2008-0304 CVE-2008-0412 CVE-2008-0413 CVE-2008-0415 CVE-2008-0418 CVE-2008-0419 CVE-2008-0420 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593
RHSA-2008:0105: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080105 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0105, CVE-2008-0304, CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0418, CVE-2008-0419, CVE-2008-0420, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird processed messages with external-body Multipurpose Internet Message Extensions (MIME) types. A HTML mail message containing malicious content could cause Thunderbird to execute arbitrary code as the user running Thunderbird. (CVE-2008-0304) Several flaws were found in the way Thunderbird processed certain malformed HTML mail content. A HTML mail message containing malicious content could cause Thunderbird to crash, or potentially execute arbitrary code as the user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) Several flaws were found in the way Thunderbird displayed malformed HTML mail content. A HTML mail message containing specially-crafted content could trick a user into surrendering sensitive information. (CVE-2008-0420, CVE-2008-0591, CVE-2008-0593) A flaw was found in the way Thunderbird handles certain chrome URLs. If a user has certain extensions installed, it could allow a malicious HTML mail message to steal sensitive session data. Note: this flaw does not affect a default installation of Thunderbird. (CVE-2008-0418) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way Thunderbird saves certain text files. If a remote site offers a file of type "plain/text", rather than "text/plain", Thunderbird will not show future "text/plain" content to the user, forcing them to save those files locally to view the content. (CVE-2008-0592) Users of thunderbird are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0110: openldap security update (Moderate)oval-com.redhat.rhsa-def-20080110 mediumRHSA-2008:0110 CVE-2007-6698 CVE-2008-0658
RHSA-2008:0110: openldap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080110 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0110, CVE-2007-6698, CVE-2008-0658 |
| Description | OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. These updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2008:0129: kernel security update (Important)oval-com.redhat.rhsa-def-20080129 highRHSA-2008:0129 CVE-2008-0600
RHSA-2008:0129: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080129 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0129, CVE-2008-0600 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. A flaw was found in vmsplice. An unprivileged local user could use this flaw to gain root privileges. (CVE-2008-0600) Red Hat is aware that a public exploit for this issue is available. This issue did not affect the Linux kernels distributed with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0131: netpbm security update (Moderate)oval-com.redhat.rhsa-def-20080131 mediumRHSA-2008:0131 CVE-2008-0554
RHSA-2008:0131: netpbm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080131 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0131, CVE-2008-0554 |
| Description | The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps) and others. The package includes no interactive tools and is primarily used by other programs (eg CGI scripts that manage web-site images). An input validation flaw was discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm. (CVE-2008-0554) All users are advised to upgrade to these updated packages which contain a backported patch which resolves this issue. |
RHSA-2008:0135: tk security update (Moderate)oval-com.redhat.rhsa-def-20080135 mediumRHSA-2008:0135 CVE-2007-5378 CVE-2008-0553
RHSA-2008:0135: tk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0135, CVE-2007-5378, CVE-2008-0553 |
| Description | Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5378) All users are advised to upgrade to these updated packages which contain a backported patches to resolve these issues. |
RHSA-2008:0136: tk security update (Moderate)oval-com.redhat.rhsa-def-20080136 mediumRHSA-2008:0136 CVE-2007-5137 CVE-2008-0553
RHSA-2008:0136: tk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080136 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0136, CVE-2007-5137, CVE-2008-0553 |
| Description | Tk is a graphical toolkit for the Tcl scripting language. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. A specially crafted GIF file could use this to cause a crash or, potentially, execute code with the privileges of the application using the Tk graphical toolkit. (CVE-2008-0553) A buffer overflow flaw was discovered in Tk's animated GIF image handling. An animated GIF containing an initial image smaller than subsequent images could cause a crash or, potentially, execute code with the privileges of the application using the Tk library. (CVE-2007-5137) All users are advised to upgrade to these updated packages which contain a backported patches to resolve these issues. |
RHSA-2008:0145: ImageMagick security update (Moderate)oval-com.redhat.rhsa-def-20080145 mediumRHSA-2008:0145 CVE-2007-1797 CVE-2007-4985 CVE-2007-4986 CVE-2007-4988 CVE-2008-1096 CVE-2008-1097
RHSA-2008:0145: ImageMagick security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080145 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0145, CVE-2007-1797, CVE-2007-4985, CVE-2007-4986, CVE-2007-4988, CVE-2008-1096, CVE-2008-1097 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several heap-based buffer overflow flaws were found in ImageMagick. If a victim opened a specially crafted DCM or XWD file, an attacker could potentially execute arbitrary code on the victim's machine. (CVE-2007-1797) Several denial of service flaws were found in ImageMagick's parsing of XCF and DCM files. Attempting to process a specially-crafted input file in these formats could cause ImageMagick to enter an infinite loop. (CVE-2007-4985) Several integer overflow flaws were found in ImageMagick. If a victim opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4986) An integer overflow flaw was found in ImageMagick's DIB parsing code. If a victim opened a specially-crafted DIB file, an attacker could potentially execute arbitrary code with the privileges of the user running ImageMagick. (CVE-2007-4988) A heap-based buffer overflow flaw was found in the way ImageMagick parsed XCF files. If a specially-crafted XCF image was opened, ImageMagick could be made to overwrite heap memory beyond the bounds of its allocated memory. This could, potentially, allow an attacker to execute arbitrary code on the machine running ImageMagick. (CVE-2008-1096) A heap-based buffer overflow flaw was found in ImageMagick's processing of certain malformed PCX images. If a victim opened a specially-crafted PCX file, an attacker could possibly execute arbitrary code on the victim's machine. (CVE-2008-1097) All users of ImageMagick should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:0146: gd security update (Moderate)oval-com.redhat.rhsa-def-20080146 mediumRHSA-2008:0146 CVE-2006-4484 CVE-2007-0455 CVE-2007-2756 CVE-2007-3472 CVE-2007-3473 CVE-2007-3475 CVE-2007-3476
RHSA-2008:0146: gd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080146 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0146, CVE-2006-4484, CVE-2007-0455, CVE-2007-2756, CVE-2007-3472, CVE-2007-3473, CVE-2007-3475, CVE-2007-3476 |
| Description | The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) An integer overflow was discovered in the gdImageCreateTrueColor() function, leading to incorrect memory allocations. A carefully crafted image could cause a crash or possibly execute code with the privileges of the application using the gd library. (CVE-2007-3472) A buffer over-read flaw was discovered. This could cause a crash in an application using the gd library to render certain strings using a JIS-encoded font. (CVE-2007-0455) A flaw was discovered in the gd PNG image handling code. A truncated PNG image could cause an infinite loop in an application using the gd library. (CVE-2007-2756) A flaw was discovered in the gd X BitMap (XBM) image-handling code. A malformed or truncated XBM image could cause a crash in an application using the gd library. (CVE-2007-3473) Users of gd should upgrade to these updated packages, which contain backported patches which resolve these issues. |
RHSA-2008:0154: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080154 highRHSA-2008:0154 CVE-2006-6921 CVE-2007-5938 CVE-2007-6063 CVE-2007-6207 CVE-2007-6694
RHSA-2008:0154: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080154 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0154, CVE-2006-6921, CVE-2007-5938, CVE-2007-6063, CVE-2007-6207, CVE-2007-6694 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw in the hypervisor for hosts running on Itanium architectures allowed an Intel VTi domain to read arbitrary physical memory from other Intel VTi domains, which could make information available to unauthorized users. (CVE-2007-6207, Important) * two buffer overflow flaws were found in ISDN subsystem. A local unprivileged user could use these flaws to cause a denial of service. (CVE-2007-5938: Important, CVE-2007-6063: Moderate) * a possible NULL pointer dereference was found in the subsystem used for showing CPU information, as used by CHRP systems on PowerPC architectures. This may have allowed a local unprivileged user to cause a denial of service (crash). (CVE-2007-6694, Moderate) * a flaw was found in the handling of zombie processes. A local user could create processes that would not be properly reaped, possibly causing a denial of service. (CVE-2006-6921, Moderate) As well, these updated packages fix the following bugs: * a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out of memory, causing a kernel panic. * on IBM System z architectures, using the IBM Hardware Management Console to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, possibly causing data corruption. * when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium architectures, a bug in the address translation in the hypervisor caused the wrong address to be registered, causing Dom0 to hang. * on Itanium architectures, frequent Corrected Platform Error errors may have caused the hypervisor to hang. * when enabling a CPU without hot plug support, routines for checking the presence of the CPU were missing. The CPU tried to access its own resources, causing a kernel panic. * after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused the HP Array Configuration Utility CLI to become unstable, possibly causing a system hang, or a kernel panic. * a bug in NFS directory caching could have caused different hosts to have different views of NFS directories. * on Itanium architectures, the Corrected Machine Check Interrupt masked hot-added CPUs as disabled. * when running Oracle database software on the Intel 64 and AMD64 architectures, if an SGA larger than 4GB was created, and had hugepages allocated to it, the hugepages were not freed after database shutdown. * in a clustered environment, when two or more NFS clients had the same logical volume mounted, and one of them modified a file on the volume, NULL characters may have been inserted, possibly causing data corruption. These updated packages resolve several severe issues in the lpfc driver: * a system hang after LUN discovery. * a general fault protection, a NULL pointer dereference, or slab corruption could occur while running a debug on the kernel. * the inability to handle kernel paging requests in "lpfc_get_scsi_buf". * erroneous structure references caused certain FC discovery routines to reference and change "lpfc_nodelist" structures, even after they were freed. * the lpfc driver failed to interpret certain fields correctly, causing tape backup software to fail. Tape drives reported "Illegal Request". * the lpfc driver did not clear structures correctly, resulting in SCSI I/Os being rejected by targets, and causing errors. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0155: ghostscript security update (Important)oval-com.redhat.rhsa-def-20080155 highRHSA-2008:0155 CVE-2008-0411
RHSA-2008:0155: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080155 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0155, CVE-2008-0411 |
| Description | Ghostscript is a program for displaying PostScript files, or printing them to non-PostScript printers. Chris Evans from the Google Security Team reported a stack-based buffer overflow flaw in Ghostscript's zseticcspace() function. An attacker could create a malicious PostScript file that would cause Ghostscript to execute arbitrary code when opened. (CVE-2008-0411) These updated packages also fix a bug, which prevented the pxlmono printer driver from producing valid output on Red Hat Enterprise Linux 4. All users of ghostscript are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. |
RHSA-2008:0157: cups security update (Important)oval-com.redhat.rhsa-def-20080157 highRHSA-2008:0157 CVE-2008-0882
RHSA-2008:0157: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080157 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0157, CVE-2008-0882 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. The Internet Printing Protocol (IPP) is a standard network protocol for remote printing, as well as managing print jobs. A flaw was found in the way CUPS handles the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to crash. (CVE-2008-0882) Note: the default configuration of CUPS on Red Hat Enterprise Linux 5 will only accept requests of this type from the local subnet. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 4. All cups users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0159: dbus security update (Moderate)oval-com.redhat.rhsa-def-20080159 mediumRHSA-2008:0159 CVE-2008-0595
RHSA-2008:0159: dbus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080159 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0159, CVE-2008-0595 |
| Description | D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Havoc Pennington discovered a flaw in the way the dbus-daemon applies its security policy. A user with the ability to connect to the dbus-daemon may be able to execute certain method calls they should normally not have permission to access. (CVE-2008-0595) Red Hat does not ship any applications in Red Hat Enterprise Linux 5 that would allow a user to leverage this flaw to elevate their privileges. This flaw does not affect the version of D-Bus shipped in Red Hat Enterprise Linux 4. All users are advised to upgrade to these updated dbus packages, which contain a backported patch and are not vulnerable to this issue. |
RHSA-2008:0161: cups security update (Important)oval-com.redhat.rhsa-def-20080161 highRHSA-2008:0161 CVE-2008-0596 CVE-2008-0597
RHSA-2008:0161: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080161 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0161, CVE-2008-0596, CVE-2008-0597 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. (CVE-2008-0597) A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory. (CVE-2008-0596) These issues were found during the investigation of CVE-2008-0882, which did not affect Red Hat Enterprise Linux 4. Note that the default configuration of CUPS on Red Hat Enterprise Linux 4 allow requests of this type only from the local subnet. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0164: krb5 security and bugfix update (Critical)oval-com.redhat.rhsa-def-20080164 highRHSA-2008:0164 CVE-2007-5901 CVE-2007-5971 CVE-2008-0062 CVE-2008-0063 CVE-2008-0947
RHSA-2008:0164: krb5 security and bugfix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0164, CVE-2007-5901, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063, CVE-2008-0947 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding "v4_mode=none" (without the quotes) to the "[kdcdefaults]" section of /var/kerberos/krb5kdc/kdc.conf. Jeff Altman of Secure Endpoints discovered a flaw in the RPC library as used by MIT Kerberos kadmind server. An unauthenticated remote attacker could use this flaw to crash kadmind or possibly execute arbitrary code. This issue only affected systems with certain resource limits configured and did not affect systems using default resource limits used by Red Hat Enterprise Linux 5. (CVE-2008-0947) Red Hat would like to thank MIT for reporting these issues. Multiple memory management flaws were discovered in the GSSAPI library used by MIT Kerberos. These flaws could possibly result in use of already freed memory or an attempt to free already freed memory blocks (double-free flaw), possibly causing a crash or arbitrary code execution. (CVE-2007-5901, CVE-2007-5971) In addition to the security issues resolved above, the following bugs were also fixed: * delegated krb5 credentials were not properly stored when SPNEGO was the underlying mechanism during GSSAPI authentication. Consequently, applications attempting to copy delegated Kerberos 5 credentials into a credential cache received an "Invalid credential was supplied" message rather than a copy of the delegated credentials. With this update, SPNEGO credentials can be properly searched, allowing applications to copy delegated credentials as expected. * applications can initiate context acceptance (via gss_accept_sec_context) without passing a ret_flags value that would indicate that credentials were delegated. A delegated credential handle should have been returned in such instances. This updated package adds a temp_ret_flag that stores the credential status in the event no other ret_flags value is passed by an application calling gss_accept_sec_context. * kpasswd did not fallback to TCP on receipt of certain errors, or when a packet was too big for UDP. This update corrects this. * when the libkrb5 password-routine generated a set-password or change-password request, incorrect sequence numbers were generated for all requests subsequent to the first request. This caused password change requests to fail if the primary server was unavailable. This updated package corrects this by saving the sequence number value after the AP-REQ data is built and restoring this value before the request is generated. * when a user's password expired, kinit would not prompt that user to change the password, instead simply informing the user their password had expired. This update corrects this behavior: kinit now prompts for a new password to be set when a password has expired. All krb5 users are advised to upgrade to these updated packages, which contain backported fixes to address these vulnerabilities and fix these bugs. |
RHSA-2008:0167: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20080167 mediumRHSA-2008:0167 CVE-2007-5904
RHSA-2008:0167: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080167 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0167, CVE-2007-5904 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. A buffer overflow flaw was found in the CIFS virtual file system. A remote authenticated user could issue a request that could lead to a denial of service. (CVE-2007-5904, Moderate) As well, these updated packages fix the following bugs: * a bug was found in the Linux kernel audit subsystem. When the audit daemon was setup to log the execve system call with a large number of arguments, the kernel could run out out memory while attempting to create audit log messages. This could cause a kernel panic. In these updated packages, large audit messages are split into acceptable sizes, which resolves this issue. * on certain Intel chipsets, it was not possible to load the acpiphp module using the "modprobe acpiphp" command. Because the acpiphp module did not recurse across PCI bridges, hardware detection for PCI hot plug slots failed. In these updated packages, hardware detection works correctly. * on IBM System z architectures that run the IBM z/VM hypervisor, the IBM eServer zSeries HiperSockets network interface (layer 3) allowed ARP packets to be sent and received, even when the "NOARP" flag was set. These ARP packets caused problems for virtual machines. * it was possible for the iounmap function to sleep while holding a lock. This may have caused a deadlock for drivers and other code that uses the iounmap function. In these updated packages, the lock is dropped before the sleep code is called, which resolves this issue. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0175: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20080175 highRHSA-2008:0175 CVE-2007-5745 CVE-2007-5746 CVE-2007-5747 CVE-2008-0320
RHSA-2008:0175: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080175 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0175, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Multiple heap overflows and an integer underflow were found in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-5745, CVE-2007-5747) A heap overflow flaw was found in the EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the malicious EMF image was added to a document or if a document containing the malicious EMF file was opened by a victim. (CVE-2007-5746) A heap overflow flaw was found in the OLE Structured Storage file parser. (OLE Structured Storage is a format used by Microsoft Office documents.) An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2008-0320) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes to correct these issues. |
RHSA-2008:0176: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20080176 highRHSA-2008:0176 CVE-2007-5746 CVE-2008-0320
RHSA-2008:0176: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080176 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0176, CVE-2007-5746, CVE-2008-0320 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. A heap overflow flaw was found in the EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the malicious EMF image was added to a document or if a document containing the malicious EMF file was opened by a victim. (CVE-2007-5746) A heap overflow flaw was found in the OLE Structured Storage file parser. (OLE Structured Storage is a format used by Microsoft Office documents.) An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2008-0320) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes to correct these issues. |
RHSA-2008:0177: evolution security update (Critical)oval-com.redhat.rhsa-def-20080177 highRHSA-2008:0177 CVE-2008-0072
RHSA-2008:0177: evolution security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080177 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0177, CVE-2008-0072 |
| Description | Evolution is the GNOME collection of personal information management (PIM) tools. A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072) All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding and reporting this issue. |
RHSA-2008:0180: krb5 security update (Critical)oval-com.redhat.rhsa-def-20080180 highRHSA-2008:0180 CVE-2007-5971 CVE-2008-0062 CVE-2008-0063
RHSA-2008:0180: krb5 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0180, CVE-2007-5971, CVE-2008-0062, CVE-2008-0063 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other through use of symmetric encryption and a trusted third party, the KDC. A flaw was found in the way the MIT Kerberos Authentication Service and Key Distribution Center server (krb5kdc) handled Kerberos v4 protocol packets. An unauthenticated remote attacker could use this flaw to crash the krb5kdc daemon, disclose portions of its memory, or possibly execute arbitrary code using malformed or truncated Kerberos v4 protocol requests. (CVE-2008-0062, CVE-2008-0063) This issue only affected krb5kdc with Kerberos v4 protocol compatibility enabled, which is the default setting on Red Hat Enterprise Linux 4. Kerberos v4 protocol support can be disabled by adding "v4_mode=none" (without the quotes) to the "[kdcdefaults]" section of /var/kerberos/krb5kdc/kdc.conf. Red Hat would like to thank MIT for reporting these issues. A double-free flaw was discovered in the GSSAPI library used by MIT Kerberos. This flaw could possibly cause a crash of the application using the GSSAPI library. (CVE-2007-5971) All krb5 users are advised to update to these erratum packages which contain backported fixes to correct these issues. |
RHSA-2008:0192: cups security update (Moderate)oval-com.redhat.rhsa-def-20080192 mediumRHSA-2008:0192 CVE-2008-0047 CVE-2008-0053 CVE-2008-1373
RHSA-2008:0192: cups security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080192 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0192, CVE-2008-0047, CVE-2008-0053, CVE-2008-1373 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A heap buffer overflow flaw was found in a CUPS administration interface CGI script. A local attacker able to connect to the IPP port (TCP port 631) could send a malicious request causing the script to crash or, potentially, execute arbitrary code as the "lp" user. Please note: the default CUPS configuration in Red Hat Enterprise Linux 5 does not allow remote connections to the IPP TCP port. (CVE-2008-0047) Red Hat would like to thank "regenrecht" for reporting this issue. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 4. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious GIF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1373) All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0194: xen security and bug fix update (Important)oval-com.redhat.rhsa-def-20080194 highRHSA-2008:0194 CVE-2007-3919 CVE-2007-5730 CVE-2008-0928 CVE-2008-1943 CVE-2008-1944 CVE-2008-2004
RHSA-2008:0194: xen security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080194 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0194, CVE-2007-3919, CVE-2007-5730, CVE-2008-0928, CVE-2008-1943, CVE-2008-1944, CVE-2008-2004 |
| Description | The xen packages contain tools for managing the virtual machine monitor in Red Hat Virtualization. These updated packages fix the following security issues: Daniel P. Berrange discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the format of messages serving to update the contents of the framebuffer. This could allow a malicious user to cause a denial of service, or compromise the privileged domain (Dom0). (CVE-2008-1944) Markus Armbruster discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the frontend's framebuffer description. This could allow a malicious user to cause a denial of service, or to use a specially crafted frontend to compromise the privileged domain (Dom0). (CVE-2008-1943) Chris Wright discovered a security vulnerability in the QEMU block format auto-detection, when running fully-virtualized guests. Such fully-virtualized guests, with a raw formatted disk image, were able to write a header to that disk image describing another format. This could allow such guests to read arbitrary files in their hypervisor's host. (CVE-2008-2004) Ian Jackson discovered a security vulnerability in the QEMU block device drivers backend. A guest operating system could issue a block device request and read or write arbitrary memory locations, which could lead to privilege escalation. (CVE-2008-0928) Tavis Ormandy found that QEMU did not perform adequate sanity-checking of data received via the "net socket listen" option. A malicious local administrator of a guest domain could trigger this flaw to potentially execute arbitrary code outside of the domain. (CVE-2007-5730) Steve Kemp discovered that the xenbaked daemon and the XenMon utility communicated via an insecure temporary file. A malicious local administrator of a guest domain could perform a symbolic link attack, causing arbitrary files to be truncated. (CVE-2007-3919) As well, in the previous xen packages, it was possible for Dom0 to fail to flush data from a fully-virtualized guest to disk, even if the guest explicitly requested the flush. This could cause data integrity problems on the guest. In these updated packages, Dom0 always respects the request to flush to disk. Users of xen are advised to upgrade to these updated packages, which resolve these issues. |
RHSA-2008:0197: gnome-screensaver security update (Moderate)oval-com.redhat.rhsa-def-20080197 mediumRHSA-2008:0197 CVE-2008-0887
RHSA-2008:0197: gnome-screensaver security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0197, CVE-2008-0887 |
| Description | gnome-screensaver is the GNOME project's official screen saver program. A flaw was found in the way gnome-screensaver verified user passwords. When a system used a remote directory service for login credentials, a local attacker able to cause a network outage could cause gnome-screensaver to crash, unlocking the screen. (CVE-2008-0887) Users of gnome-screensaver should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2008:0206: cups security update (Moderate)oval-com.redhat.rhsa-def-20080206 mediumRHSA-2008:0206 CVE-2008-0053 CVE-2008-1373 CVE-2008-1374
RHSA-2008:0206: cups security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0206, CVE-2008-0053, CVE-2008-1373, CVE-2008-1374 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. Two overflows were discovered in the HP-GL/2-to-PostScript filter. An attacker could create a malicious HP-GL/2 file that could possibly execute arbitrary code as the "lp" user if the file is printed. (CVE-2008-0053) A buffer overflow flaw was discovered in the GIF decoding routines used by CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious GIF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1373) It was discovered that the patch used to address CVE-2004-0888 in CUPS packages in Red Hat Enterprise Linux 3 and 4 did not completely resolve the integer overflow in the "pdftops" filter on 64-bit platforms. An attacker could create a malicious PDF file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1374) All cups users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0207: firefox security update (Critical)oval-com.redhat.rhsa-def-20080207 highRHSA-2008:0207 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1241
RHSA-2008:0207: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080207 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0207, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1241 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. |
RHSA-2008:0208: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20080208 highRHSA-2008:0208 CVE-2008-0414 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1241
RHSA-2008:0208: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080208 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0208, CVE-2008-0414, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1241 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of some malformed web content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. A web page containing specially-crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0209: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20080209 mediumRHSA-2008:0209 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236 CVE-2008-1237 CVE-2008-1238 CVE-2008-1241
RHSA-2008:0209: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080209 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0209, CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-1238, CVE-2008-1241 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of some malformed HTML mail content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1233, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237) Several flaws were found in the display of malformed web content. An HTML mail message containing specially-crafted content could, potentially, trick a user into surrendering sensitive information. (CVE-2008-1234, CVE-2008-1238, CVE-2008-1241) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0214: squid security update (Moderate)oval-com.redhat.rhsa-def-20080214 mediumRHSA-2008:0214 CVE-2008-1612
RHSA-2008:0214: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080214 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0214, CVE-2008-1612 |
| Description | Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. A flaw was found in the way squid manipulated HTTP headers for cached objects stored in system memory. An attacker could use this flaw to cause a squid child process to exit. This interrupted existing connections and made proxy services unavailable. Note: the parent squid process started a new child process, so this attack only resulted in a temporary denial of service. (CVE-2008-1612) Users of squid are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0218: gnome-screensaver security update (Moderate)oval-com.redhat.rhsa-def-20080218 mediumRHSA-2008:0218 CVE-2008-0887
RHSA-2008:0218: gnome-screensaver security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080218 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0218, CVE-2008-0887 |
| Description | gnome-screensaver is the GNOME project's official screen saver program. A flaw was found in the way gnome-screensaver verified user passwords. When a system used a remote directory service for login credentials, a local attacker able to cause a network outage could cause gnome-screensaver to crash, unlocking the screen. (CVE-2008-0887) Users of gnome-screensaver should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2008:0222: firefox security update (Critical)oval-com.redhat.rhsa-def-20080222 highRHSA-2008:0222 CVE-2008-1380
RHSA-2008:0222: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080222 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0222, CVE-2008-1380 |
| Description | Mozilla Firefox is an open source Web browser. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-1380) All Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. |
RHSA-2008:0223: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20080223 highRHSA-2008:0223 CVE-2008-1380
RHSA-2008:0223: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080223 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0223, CVE-2008-1380 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-1380) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0224: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20080224 mediumRHSA-2008:0224 CVE-2008-1380
RHSA-2008:0224: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080224 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0224, CVE-2008-1380 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed JavaScript content. An HTML mail message containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-1380) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0233: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080233 highRHSA-2008:0233 CVE-2007-5498 CVE-2008-0007 CVE-2008-1367 CVE-2008-1375 CVE-2008-1619 CVE-2008-1669
RHSA-2008:0233: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080233 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0233, CVE-2007-5498, CVE-2008-0007, CVE-2008-1367, CVE-2008-1375, CVE-2008-1619, CVE-2008-1669 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * a possible hypervisor panic was found in the Linux kernel. A privileged user of a fully virtualized guest could initiate a stress-test File Transfer Protocol (FTP) transfer between the guest and the hypervisor, possibly leading to hypervisor panic. (CVE-2008-1619, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue: * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the absence of sanity-checks was found in the hypervisor block backend driver, when running 32-bit paravirtualized guests on a 64-bit host. The number of blocks to be processed per one request from guest to host, or vice-versa, was not checked for its maximum value, which could have allowed a local privileged user of the guest operating system to cause a denial of service. (CVE-2007-5498, Important) * it was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bugs: * on IBM System z architectures, when running QIOASSIST enabled QDIO devices in an IBM z/VM environment, the output queue stalled under heavy load. This caused network performance to degrade, possibly causing network hangs and outages. * multiple buffer overflows were discovered in the neofb video driver. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * when running Microsoft Windows in a HVM, a bug in vmalloc/vfree caused network performance to degrade. * on certain architectures, a bug in the libATA sata_nv driver may have caused infinite reboots, and an "ata1: CPB flags CMD err flags 0x11" error. * repeatedly hot-plugging a PCI Express card may have caused "Bad DLLP" errors. * a NULL pointer dereference in NFS, which may have caused applications to crash, has been resolved. * when attempting to kexec reboot, either manually or via a panic-triggered kdump, the Unisys ES7000/one hanged after rebooting in the new kernel, after printing the "Memory: 32839688k/33685504k available" line. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0235: speex security update (Important)oval-com.redhat.rhsa-def-20080235 highRHSA-2008:0235 CVE-2008-1686
RHSA-2008:0235: speex security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080235 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0235, CVE-2008-1686 |
| Description | Speex is a patent-free compression format designed especially for speech. The Speex package contains a library for handling Speex files and sample encoder and decoder implementations using this library. The Speex library was found to not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or, possibly, allow arbitrary code execution with the privileges of the application calling the Speex library. (CVE-2008-1686) All users of speex are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0237: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080237 highRHSA-2008:0237 CVE-2005-0504 CVE-2007-6282 CVE-2008-0007 CVE-2008-1375 CVE-2008-1615 CVE-2008-1669
RHSA-2008:0237: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080237 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0237, CVE-2005-0504, CVE-2007-6282, CVE-2008-0007, CVE-2008-1375, CVE-2008-1615, CVE-2008-1669 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * the absence of a protection mechanism when attempting to access a critical section of code has been found in the Linux kernel open file descriptors control mechanism, fcntl. This could allow a local unprivileged user to simultaneously execute code, which would otherwise be protected against parallel execution. As well, a race condition when handling locks in the Linux kernel fcntl functionality, may have allowed a process belonging to a local unprivileged user to gain re-ordered access to the descriptor table. (CVE-2008-1669, Important) * on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important) * the absence of a protection mechanism when attempting to access a critical section of code, as well as a race condition, have been found in the Linux kernel file system event notifier, dnotify. This could allow a local unprivileged user to get inconsistent data, or to send arbitrary signals to arbitrary system processes. (CVE-2008-1375, Important) Red Hat would like to thank Nick Piggin for responsibly disclosing the following issue: * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a kernel crash. (CVE-2008-0007, Important) * the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important) * a flaw in the MOXA serial driver could allow a local unprivileged user to perform privileged operations, such as replacing firmware. (CVE-2005-0504, Important) As well, these updated packages fix the following bugs: * multiple buffer overflows in the neofb driver have been resolved. It was not possible for an unprivileged user to exploit these issues, and as such, they have not been handled as security issues. * a kernel panic, due to inconsistent detection of AGP aperture size, has been resolved. * a race condition in UNIX domain sockets may have caused "recv()" to return zero. In clustered configurations, this may have caused unexpected failovers. * to prevent link storms, network link carrier events were delayed by up to one second, causing unnecessary packet loss. Now, link carrier events are scheduled immediately. * a client-side race on blocking locks caused large time delays on NFS file systems. * in certain situations, the libATA sata_nv driver may have sent commands with duplicate tags, which were rejected by SATA devices. This may have caused infinite reboots. * running the "service network restart" command may have caused networking to fail. * a bug in NFS caused cached information about directories to be stored for too long, causing wrong attributes to be read. * on systems with a large highmem/lowmem ratio, NFS write performance may have been very slow when using small files. * a bug, which caused network hangs when the system clock was wrapped around zero, has been resolved. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0238: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20080238 highRHSA-2008:0238 CVE-2008-1693
RHSA-2008:0238: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080238 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0238, CVE-2008-1693 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment, including kpdf, a PDF file viewer. Kees Cook discovered a flaw in the way kpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause kpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) All kdegraphics users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. |
RHSA-2008:0239: poppler security update (Important)oval-com.redhat.rhsa-def-20080239 highRHSA-2008:0239 CVE-2008-1693
RHSA-2008:0239: poppler security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080239 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0239, CVE-2008-1693 |
| Description | Poppler is a PDF rendering library, used by applications such as Evince. Kees Cook discovered a flaw in the way poppler displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications that use poppler -- such as Evince -- to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) Users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. |
RHSA-2008:0240: xpdf security update (Important)oval-com.redhat.rhsa-def-20080240 highRHSA-2008:0240 CVE-2008-1693
RHSA-2008:0240: xpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080240 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0240, CVE-2008-1693 |
| Description | Xpdf is an X Window System-based viewer for Portable Document Format (PDF) files. Kees Cook discovered a flaw in the way xpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause xpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) Users are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. |
RHSA-2008:0262: gpdf security update (Important)oval-com.redhat.rhsa-def-20080262 highRHSA-2008:0262 CVE-2008-1693
RHSA-2008:0262: gpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080262 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0262, CVE-2008-1693 |
| Description | gpdf is a GNOME-based viewer for Portable Document Format (PDF) files. Kees Cook discovered a flaw in the way gpdf displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause gpdf to crash, or, potentially, execute arbitrary code when opened. (CVE-2008-1693) Users of gpdf are advised to upgrade to this updated package, which contains a backported patch to resolve this issue. |
RHSA-2008:0270: libvorbis security update (Important)oval-com.redhat.rhsa-def-20080270 highRHSA-2008:0270 CVE-2008-1419 CVE-2008-1420 CVE-2008-1423
RHSA-2008:0270: libvorbis security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0270, CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 |
| Description | The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when it was opened. (CVE-2008-1419, CVE-2008-1420, CVE-2008-1423) Moreover, additional OGG file sanity-checks have been added to prevent possible exploitation of similar issues in the future. Users of libvorbis are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0275: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080275 highRHSA-2008:0275 CVE-2007-5093 CVE-2007-6282 CVE-2007-6712 CVE-2008-1615
RHSA-2008:0275: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080275 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0275, CVE-2007-5093, CVE-2007-6282, CVE-2007-6712, CVE-2008-1615 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * on AMD64 architectures, the possibility of a kernel crash was discovered by testing the Linux kernel process-trace ability. This could allow a local unprivileged user to cause a denial of service (kernel crash). (CVE-2008-1615, Important) * on 64-bit architectures, the possibility of a timer-expiration value overflow was found in the Linux kernel high-resolution timers functionality, hrtimer. This could allow a local unprivileged user to setup a large interval value, forcing the timer expiry value to become negative, causing a denial of service (kernel hang). (CVE-2007-6712, Important) * the possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly. (CVE-2007-6282, Important) * a potential denial of service attack was discovered in the Linux kernel PWC USB video driver. A local unprivileged user could use this flaw to bring the kernel USB subsystem into the busy-waiting state, causing a denial of service. (CVE-2007-5093, Low) As well, these updated packages fix the following bugs: * in certain situations, a kernel hang and a possible panic occurred when disabling the cpufreq daemon. This may have prevented system reboots from completing successfully. * continual "softlockup" messages, which occurred on the guest's console after a successful save and restore of a Red Hat Enterprise Linux 5 para-virtualized guest, have been resolved. * in the previous kernel packages, the kernel may not have reclaimed NFS locks after a system reboot. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0287: libxslt security update (Important)oval-com.redhat.rhsa-def-20080287 highRHSA-2008:0287 CVE-2008-1767
RHSA-2008:0287: libxslt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080287 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0287, CVE-2008-1767 |
| Description | libxslt is a C library, based on libxml, for parsing of XML files into other textual formats (eg HTML, plain text and other XML representations of the underlying data). It uses the standard XSLT stylesheet transformation mechanism and, being written in plain ANSI C, is designed to be simple to incorporate into other applications Anthony de Almeida Lopes reported the libxslt library did not properly process long "transformation match" conditions in the XSL stylesheet files. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute and arbitrary code with the privileges of the application using libxslt library to perform XSL transformations. (CVE-2008-1767) All users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0288: samba security update (Critical)oval-com.redhat.rhsa-def-20080288 highRHSA-2008:0288 CVE-2008-1105
RHSA-2008:0288: samba security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080288 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0288, CVE-2008-1105 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was also possible for a remote user to send a specially crafted print request to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0290: samba security and bug fix update (Critical)oval-com.redhat.rhsa-def-20080290 highRHSA-2008:0290 CVE-2008-1105
RHSA-2008:0290: samba security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080290 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0290, CVE-2008-1105 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the way Samba clients handle over-sized packets. If a client connected to a malicious Samba server, it was possible to execute arbitrary code as the Samba client user. It was also possible for a remote user to send a specially crafted print request to a Samba server that could result in the server executing the vulnerable client code, resulting in arbitrary code execution with the permissions of the Samba server. (CVE-2008-1105) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. This update also addresses two issues which prevented Samba from joining certain Windows domains with tightened security policies, and prevented certain signed SMB content from working as expected: * when some Windows® 2000-based domain controllers were set to use mandatory signing, Samba clients would drop the connection because of an error when generating signatures. This presented as a "Server packet had invalid SMB signature" error to the Samba client. This update corrects the signature generation error. * Samba servers using the "net ads join" command to connect to a Windows Server® 2003-based domain would fail with "failed to get schannel session key from server" and "NT_STATUS_ACCESS_DENIED" errors. This update correctly binds to the NETLOGON share, allowing Samba servers to connect to the domain properly. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. |
RHSA-2008:0295: vsftpd security and bug fix update (Low)oval-com.redhat.rhsa-def-20080295 lowRHSA-2008:0295 CVE-2007-5962
RHSA-2008:0295: vsftpd security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20080295 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2008:0295, CVE-2007-5962 |
| Description | The vsftpd package includes a Very Secure File Transfer Protocol (FTP) daemon. A memory leak was discovered in the vsftpd daemon. An attacker who is able to connect to an FTP service, either as an authenticated or anonymous user, could cause vsftpd to allocate all available memory if the "deny_file" option was enabled in vsftpd.conf. (CVE-2007-5962) As well, this updated package fixes following bugs: * a race condition could occur even when the "lock_upload_files" option is set. When uploading two files simultaneously, the result was a combination of the two files. This resulted in uploaded files becoming corrupted. In these updated packages, uploading two files simultaneously will result in a file that is identical to the last uploaded file. * when the "userlist_enable" option is used, failed log in attempts as a result of the user not being in the list of allowed users, or being in the list of denied users, will not be logged. In these updated packages, a new "userlist_log=YES" option can be configured in vsftpd.conf, which will log failed log in attempts in these situations. * vsftpd did not support usernames that started with an underscore or a period character. Usernames starting with an underscore or a period are supported in these updated packages. * using wildcards in conjunction with the "ls" command did not return all the file names it should. For example, if you FTPed into a directory containing three files -- A1, A21 and A11 -- and ran the "ls *1" command, only the file names A1 and A21 were returned. These updated packages use greedier code that continues to speculatively scan for items even after matches have been found. * when the "user_config_dir" option is enabled in vsftpd.conf, and the user-specific configuration file did not exist, the following error occurred after a user entered their password during the log in process: 500 OOPS: reading non-root config file This has been resolved in this updated package. All vsftpd users are advised to upgrade to this updated package, which resolves these issues. |
RHSA-2008:0297: dovecot security and bug fix update (Low)oval-com.redhat.rhsa-def-20080297 lowRHSA-2008:0297 CVE-2007-2231 CVE-2007-4211 CVE-2007-6598 CVE-2008-1199
RHSA-2008:0297: dovecot security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20080297 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2008:0297, CVE-2007-2231, CVE-2007-4211, CVE-2007-6598, CVE-2008-1199 |
| Description | Dovecot is an IMAP server for Linux and UNIX-like systems, primarily written with security in mind. A flaw was discovered in the way Dovecot handled the "mail_extra_groups" option. An authenticated attacker with local shell access could leverage this flaw to read, modify, or delete other users mail that is stored on the mail server. (CVE-2008-1199) This issue did not affect the default Red Hat Enterprise Linux 5 Dovecot configuration. This update adds two new configuration options -- "mail_privileged_group" and "mail_access_groups" -- to minimize the usage of additional privileges. A directory traversal flaw was discovered in Dovecot's zlib plug-in. An authenticated user could use this flaw to view other compressed mailboxes with the permissions of the Dovecot process. (CVE-2007-2231) A flaw was found in the Dovecot ACL plug-in. User with only insert permissions for a mailbox could use the "COPY" and "APPEND" commands to set additional message flags. (CVE-2007-4211) A flaw was found in a way Dovecot cached LDAP query results in certain configurations. This could possibly allow authenticated users to log in as a different user who has the same password. (CVE-2007-6598) As well, this updated package fixes the following bugs: * configuring "userdb" and "passdb" to use LDAP caused Dovecot to hang. A segmentation fault may have occurred. In this updated package, using an LDAP backend for "userdb" and "passdb" no longer causes Dovecot to hang. * the Dovecot "login_process_size" limit was configured for 32-bit systems. On 64-bit systems, when Dovecot was configured to use either IMAP or POP3, the log in processes crashed with out-of-memory errors. Errors such as the following were logged: pop3-login: pop3-login: error while loading shared libraries: libsepol.so.1: failed to map segment from shared object: Cannot allocate memory In this updated package, the "login_process_size" limit is correctly configured on 64-bit systems, which resolves this issue. Note: this updated package upgrades dovecot to version 1.0.7. For further details, refer to the Dovecot changelog: http://koji.fedoraproject.org/koji/buildinfo?buildID=23397 Users of dovecot are advised to upgrade to this updated package, which resolves these issues. |
RHSA-2008:0300: bind security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20080300 mediumRHSA-2008:0300 CVE-2007-6283 CVE-2008-0122
RHSA-2008:0300: bind security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080300 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0300, CVE-2007-6283, CVE-2008-0122 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver
library (routines for applications to use when interfacing with DNS); and
tools for verifying that the DNS server is operating correctly.
It was discovered that the bind packages created the "rndc.key" file with
insecure file permissions. This allowed any local user to read the content
of this file. A local user could use this flaw to control some aspects of
the named daemon by using the rndc utility, for example, stopping the named
daemon. This problem did not affect systems with the bind-chroot package
installed. (CVE-2007-6283)
A buffer overflow flaw was discovered in the "inet_network()" function, as
implemented by libbind. An attacker could use this flaw to crash an
application calling this function, with an argument provided from an
untrusted source. (CVE-2008-0122)
As well, these updated packages fix the following bugs:
* when using an LDAP backend, missing function declarations caused
segmentation faults, due to stripped pointers on machines where pointers
are longer than integers.
* starting named may have resulted in named crashing, due to a race
condition during D-BUS connection initialization. This has been resolved in
these updated packages.
* the named init script returned incorrect error codes, causing the
"status" command to return an incorrect status. In these updated packages,
the named init script is Linux Standard Base (LSB) compliant.
* in these updated packages, the "rndc [command] [zone]" command, where
[command] is an rndc command, and [zone] is the specified zone, will find
the [zone] if the zone is unique to all views.
* the default named log rotation script did not work correctly when using
the bind-chroot package. In these updated packages, installing
bind-chroot creates the symbolic link "/var/log/named.log", which points
to "/var/named/chroot/var/log/named.log", which resolves this issue.
* a previous bind update incorrectly changed the permissions on the
"/etc/openldap/schema/dnszone.schema" file to mode 640, instead of mode
644, which resulted in OpenLDAP not being able to start. In these updated
packages, the permissions are correctly set to mode 644.
* the "checkconfig" parameter was missing in the named usage report. For
example, running the "service named" command did not return "checkconfig"
in the list of available options.
* due to a bug in the named init script not handling the rndc return value
correctly, the "service named stop" and "service named restart" commands
failed on certain systems.
* the bind-chroot spec file printed errors when running the "%pre" and
"%post" sections. Errors such as the following occurred:
Locating //etc/named.conf failed:
[FAILED]
This has been resolved in these updated packages.
* installing the bind-chroot package creates a "/dev/random" file in the
chroot environment; however, the "/dev/random" file had an incorrect
SELinux label. Starting named resulted in an 'avc: denied { getattr } for
pid=[pid] comm="named" path="/dev/random"' error being logged. The
"/dev/random" file has the correct SELinux label in these updated packages.
* in certain situations, running the "bind +trace" command resulted in
random segmentation faults.
As well, these updated packages add the following enhancements:
* support has been added for GSS-TSIG (RFC 3645).
* the "named.root" file has been updated to reflect the new address for
L.ROOT-SERVERS.NET.
* updates BIND to the latest 9.3 maintenance release.
All users of bind are advised to upgrade to these updated packages, which
resolve these issues and add these enhancements.
|
RHSA-2008:0364: mysql security and bug fix update (Low)oval-com.redhat.rhsa-def-20080364 lowRHSA-2008:0364 CVE-2006-0903 CVE-2006-4031 CVE-2006-4227 CVE-2006-7232 CVE-2007-1420 CVE-2007-2583 CVE-2007-2691 CVE-2007-2692 CVE-2007-3781 CVE-2007-3782
RHSA-2008:0364: mysql security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20080364 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2008:0364, CVE-2006-0903, CVE-2006-4031, CVE-2006-4227, CVE-2006-7232, CVE-2007-1420, CVE-2007-2583, CVE-2007-2691, CVE-2007-2692, CVE-2007-3781, CVE-2007-3782 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
client/server implementation consisting of a server daemon (mysqld), and
many different client programs and libraries.
MySQL did not require privileges such as "SELECT" for the source table in a
"CREATE TABLE LIKE" statement. An authenticated user could obtain sensitive
information, such as the table structure. (CVE-2007-3781)
A flaw was discovered in MySQL that allowed an authenticated user to gain
update privileges for a table in another database, via a view that refers
to the external table. (CVE-2007-3782)
MySQL did not require the "DROP" privilege for "RENAME TABLE" statements.
An authenticated user could use this flaw to rename arbitrary tables.
(CVE-2007-2691)
A flaw was discovered in the mysql_change_db function when returning from
SQL SECURITY INVOKER stored routines. An authenticated user could use this
flaw to gain database privileges. (CVE-2007-2692)
MySQL allowed an authenticated user to bypass logging mechanisms via SQL
queries that contain the NULL character, which were not properly handled by
the mysql_real_query function. (CVE-2006-0903)
MySQL allowed an authenticated user to access a table through a previously
created MERGE table, even after the user's privileges were revoked from
the original table, which might violate intended security policy. This is
addressed by allowing the MERGE storage engine to be disabled, which can
be done by running mysqld with the "--skip-merge" option. (CVE-2006-4031)
MySQL evaluated arguments in the wrong security context, which allowed an
authenticated user to gain privileges through a routine that had been made
available using "GRANT EXECUTE". (CVE-2006-4227)
Multiple flaws in MySQL allowed an authenticated user to cause the MySQL
daemon to crash via crafted SQL queries. This only caused a temporary
denial of service, as the MySQL daemon is automatically restarted after the
crash. (CVE-2006-7232, CVE-2007-1420, CVE-2007-2583)
As well, these updated packages fix the following bugs:
* a separate counter was used for "insert delayed" statements, which caused
rows to be discarded. In these updated packages, "insert delayed"
statements no longer use a separate counter, which resolves this issue.
* due to a bug in the Native POSIX Thread Library, in certain situations,
"flush tables" caused a deadlock on tables that had a read lock. The mysqld
daemon had to be killed forcefully. Now, "COND_refresh" has been replaced
with "COND_global_read_lock", which resolves this issue.
* mysqld crashed if a query for an unsigned column type contained a
negative value for a "WHERE [column] NOT IN" subquery.
* in master and slave server situations, specifying "on duplicate key
update" for "insert" statements did not update slave servers.
* in the mysql client, empty strings were displayed as "NULL". For
example, running "insert into [table-name] values (' ');" resulted in a
"NULL" entry being displayed when querying the table using "select * from
[table-name];".
* a bug in the optimizer code resulted in certain queries executing much
slower than expected.
* on 64-bit PowerPC architectures, MySQL did not calculate the thread stack
size correctly, which could have caused MySQL to crash when overly-complex
queries were used.
Note: these updated packages upgrade MySQL to version 5.0.45. For a full
list of bug fixes and enhancements, refer to the MySQL release notes:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0.html
All mysql users are advised to upgrade to these updated packages, which
resolve these issues.
|
RHSA-2008:0389: nss_ldap security and bug fix update (Low)oval-com.redhat.rhsa-def-20080389 lowRHSA-2008:0389 CVE-2007-5794
RHSA-2008:0389: nss_ldap security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20080389 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2008:0389, CVE-2007-5794 |
| Description | The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap module is a plug-in which allows applications to retrieve information about users and groups from a directory server. The pam_ldap module allows PAM-aware applications to use a directory server to verify user passwords. A race condition was discovered in nss_ldap which affected certain applications which make LDAP connections, such as Dovecot. This could cause nss_ldap to answer a request for information about one user with information about a different user. (CVE-2007-5794) In addition, these updated packages fix the following bugs: * a build error prevented the nss_ldap module from being able to use DNS to discover the location of a directory server. For example, when the /etc/nsswitch.conf configuration file was configured to use "ldap", but no "host" or "uri" option was configured in the /etc/ldap.conf configuration file, no directory server was contacted, and no results were returned. * the "port" option in the /etc/ldap.conf configuration file on client machines was ignored. For example, if a directory server which you were attempting to use was listening on a non-default port (i.e. not ports 389 or 636), it was only possible to use that directory server by including the port number in the "uri" option. In this updated package, the "port" option works as expected. * pam_ldap failed to change an expired password if it had to follow a referral to do so, which could occur, for example, when using a slave directory server in a replicated environment. An error such as the following occurred after entering a new password: "LDAP password information update failed: Can't contact LDAP server Insufficient 'write' privilege to the 'userPassword' attribute" This has been resolved in this updated package. * when the "pam_password exop_send_old" password-change method was configured in the /etc/ldap.conf configuration file, a logic error in the pam_ldap module caused client machines to attempt to change a user's password twice. First, the pam_ldap module attempted to change the password using the "exop" request, and then again using an LDAP modify request. * on Red Hat Enterprise Linux 5.1, rebuilding nss_ldap-253-5.el5 when the krb5-*-1.6.1-17.el5 packages were installed failed due to an error such as the following: + /builddir/build/SOURCES/dlopen.sh ./nss_ldap-253/nss_ldap.so dlopen() of "././nss_ldap-253/nss_ldap.so" failed: ./././nss_ldap-253/nss_ldap.so: undefined symbol: request_key error: Bad exit status from /var/tmp/rpm-tmp.62652 (%build) The missing libraries have been added, which resolves this issue. When recursively enumerating the set of members in a given group, the module would allocate insufficient space for storing the set of member names if the group itself contained other groups, thus corrupting the heap. This update includes a backported fix for this bug. Users of nss_ldap should upgrade to these updated packages, which contain backported patches to correct this issue and fix these bugs. |
RHSA-2008:0485: compiz security update (Low)oval-com.redhat.rhsa-def-20080485 lowRHSA-2008:0485 CVE-2007-3920
RHSA-2008:0485: compiz security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20080485 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2008:0485, CVE-2007-3920 |
| Description | Compiz is an OpenGL-based window and compositing manager. Most screen savers create a top-level fullscreen window to cover the desktop, and grab the input with that window. Compiz has an option to un-redirect that window, but in some cases, this breaks the grab and compromises the locked screen. (CVE-2007-3920) Users of compiz are advised to upgrade to these updated packages, which remove this option to resolve this issue. |
RHSA-2008:0486: nfs-utils security update (Moderate)oval-com.redhat.rhsa-def-20080486 mediumRHSA-2008:0486 CVE-2008-1376
RHSA-2008:0486: nfs-utils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080486 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0486, CVE-2008-1376 |
| Description | The nfs-utils package provides a daemon for the kernel NFS server and related tools. A flaw was found in the nfs-utils package build. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2008-1376) Users of nfs-utils are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0489: gnutls security update (Critical)oval-com.redhat.rhsa-def-20080489 highRHSA-2008:0489 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950
RHSA-2008:0489: gnutls security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080489 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0489, CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 |
| Description | The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 5 includes applications, such as CUPS, that would be directly vulnerable to any such an exploit, however. Consequently, we have assigned it critical severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues. |
RHSA-2008:0492: gnutls security update (Important)oval-com.redhat.rhsa-def-20080492 highRHSA-2008:0492 CVE-2008-1948 CVE-2008-1949 CVE-2008-1950
RHSA-2008:0492: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080492 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0492, CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 |
| Description | The GnuTLS Library provides support for cryptographic algorithms and protocols such as TLS. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. Flaws were found in the way GnuTLS handles malicious client connections. A malicious remote client could send a specially crafted request to a service using GnuTLS that could cause the service to crash. (CVE-2008-1948, CVE-2008-1949, CVE-2008-1950) We believe it is possible to leverage the flaw CVE-2008-1948 to execute arbitrary code but have been unable to prove this at the time of releasing this advisory. Red Hat Enterprise Linux 4 does not ship with any applications directly affected by this flaw. Third-party software which runs on Red Hat Enterprise Linux 4 could, however, be affected by this vulnerability. Consequently, we have assigned it important severity. Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects these issues. |
RHSA-2008:0497: sblim security update (Important)oval-com.redhat.rhsa-def-20080497 highRHSA-2008:0497 CVE-2008-1951
RHSA-2008:0497: sblim security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080497 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0497, CVE-2008-1951 |
| Description | SBLIM stands for Standards-Based Linux Instrumentation for Manageability. It consists of a set of standards-based, Web-Based Enterprise Management (WBEM) modules that use the Common Information Model (CIM) standard to gather and provide systems management information, events, and methods to local or networked consumers via a CIM object services broker using the CMPI (Common Manageability Programming Interface) standard. This package provides a set of core providers and development tools for systems management applications. It was discovered that certain sblim libraries had an RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. This RPATH pointed to a sub-directory of a world-writable, temporary directory. A local user could create a file with the same name as a library required by sblim (such as libc.so) and place it in the directory defined in the RPATH. This file could then execute arbitrary code with the privileges of the user running an application that used sblim (eg tog-pegasus). (CVE-2008-1951) Users are advised to upgrade to these updated sblim packages, which resolve this issue. |
RHSA-2008:0498: cups security update (Moderate)oval-com.redhat.rhsa-def-20080498 mediumRHSA-2008:0498 CVE-2008-1722
RHSA-2008:0498: cups security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080498 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0498, CVE-2008-1722 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An integer overflow flaw leading to a heap buffer overflow was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious PNG file that could possibly execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-1722) All CUPS users are advised to upgrade to these updated packages, which contain backported patch to resolve this issue. |
RHSA-2008:0503: xorg-x11 security update (Important)oval-com.redhat.rhsa-def-20080503 highRHSA-2008:0503 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361
RHSA-2008:0503: xorg-x11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080503 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0503, CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361 |
| Description | The xorg-x11 packages contain X.Org, an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org's Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-1377) Multiple integer overflow flaws were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361) An input validation flaw was discovered in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory. This could result in the sensitive data of other users of the X.org server being disclosed. (CVE-2008-1379) Users of xorg-x11 should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0504: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20080504 highRHSA-2008:0504 CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362
RHSA-2008:0504: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080504 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0504, CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362 |
| Description | X.Org is an open source implementation of the X Window System. It provides basic low-level functionality that full-fledged graphical user interfaces are designed upon. An input validation flaw was discovered in X.org's Security and Record extensions. A malicious authorized client could exploit this issue to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-1377) Multiple integer overflow flaws were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or, potentially, execute arbitrary code with root privileges on the X.Org server. (CVE-2008-2360, CVE-2008-2361, CVE-2008-2362) An input validation flaw was discovered in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory. This could result in the sensitive data of other users of the X.org server being disclosed. (CVE-2008-1379) Users of xorg-x11-server should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0508: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080508 highRHSA-2008:0508 CVE-2008-0598 CVE-2008-1367 CVE-2008-2365 CVE-2008-2729
RHSA-2008:0508: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080508 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0508, CVE-2008-0598, CVE-2008-1367, CVE-2008-2365, CVE-2008-2729 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) * Alexey Dobriyan discovered a race condition in the Linux kernel process-tracing system call, ptrace. A local unprivileged user could use this flaw to cause a denial of service (kernel hang). (CVE-2008-2365, Important) * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * It was discovered that the Linux kernel handled string operations in the opposite way to the GNU Compiler Collection (GCC). This could allow a local unprivileged user to cause memory corruption. (CVE-2008-1367, Low) As well, these updated packages fix the following bug: * On systems with a large number of CPUs (more than 16), multiple applications calling the "times()" system call may have caused a system hang. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0514: evolution security update (Important)oval-com.redhat.rhsa-def-20080514 highRHSA-2008:0514 CVE-2008-1108 CVE-2008-1109
RHSA-2008:0514: evolution security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080514 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0514, CVE-2008-1108, CVE-2008-1109 |
| Description | Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of "text/calendar") to be displayed as part of the e-mail message, is enabled by default. A heap-based buffer overflow flaw was found in the way Evolution parsed iCalendar attachments with an overly long "DESCRIPTION" property string. If a user responded to a carefully crafted iCalendar attachment in a particular way, arbitrary code could be executed as the user running Evolution. (CVE-2008-1109). The particular response required to trigger this vulnerability was as follows: 1. Receive the carefully crafted iCalendar attachment. 2. Accept the associated meeting. 3. Open the calender the meeting was in. 4. Reply to the sender. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing these issues. All Evolution users should upgrade to these updated packages, which contain backported patches which resolves these issues. |
RHSA-2008:0515: evolution28 security update (Important)oval-com.redhat.rhsa-def-20080515 highRHSA-2008:0515 CVE-2008-1108 CVE-2008-1109
RHSA-2008:0515: evolution28 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080515 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0515, CVE-2008-1108, CVE-2008-1109 |
| Description | Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Note: the Itip Formatter plug-in, which allows calendar information (attachments with a MIME type of "text/calendar") to be displayed as part of the e-mail message, is enabled by default. A heap-based buffer overflow flaw was found in the way Evolution parsed iCalendar attachments with an overly long "DESCRIPTION" property string. If a user responded to a carefully crafted iCalendar attachment in a particular way, arbitrary code could be executed as the user running Evolution. (CVE-2008-1109). The particular response required to trigger this vulnerability was as follows: 1. Receive the carefully crafted iCalendar attachment. 2. Accept the associated meeting. 3. Open the calender the meeting was in. 4. Reply to the sender. Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing these issues. All Evolution users should upgrade to these updated packages, which contain backported patches which resolves these issues. |
RHSA-2008:0516: evolution security update (Critical)oval-com.redhat.rhsa-def-20080516 highRHSA-2008:0516 CVE-2008-1108
RHSA-2008:0516: evolution security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080516 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0516, CVE-2008-1108 |
| Description | Evolution is the integrated collection of e-mail, calendaring, contact management, communications and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue. All users of Evolution should upgrade to these updated packages, which contains a backported patch which resolves this issue. |
RHSA-2008:0519: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080519 highRHSA-2008:0519 CVE-2008-0598 CVE-2008-2358 CVE-2008-2729
RHSA-2008:0519: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080519 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0519, CVE-2008-0598, CVE-2008-2358, CVE-2008-2729 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * A security flaw was found in the Linux kernel memory copy routines, when running on certain AMD64 systems. If an unsuccessful attempt to copy kernel memory from source to destination memory locations occurred, the copy routines did not zero the content at the destination memory location. This could allow a local unprivileged user to view potentially sensitive data. (CVE-2008-2729, Important) * Tavis Ormandy discovered a deficiency in the Linux kernel 32-bit and 64-bit emulation. This could allow a local unprivileged user to prepare and run a specially crafted binary, which would use this deficiency to leak uninitialized and potentially sensitive data. (CVE-2008-0598, Important) * Brandon Edwards discovered a missing length validation check in the Linux kernel DCCP module reconciliation feature. This could allow a local unprivileged user to cause a heap overflow, gaining privileges for arbitrary code execution. (CVE-2008-2358, Moderate) As well, these updated packages fix the following bug: * Due to a regression, "gettimeofday" may have gone backwards on certain x86 hardware. This issue was quite dangerous for time-sensitive systems, such as those used for transaction systems and databases, and may have caused applications to produce incorrect results, or even crash. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0522: perl security update (Important)oval-com.redhat.rhsa-def-20080522 highRHSA-2008:0522 CVE-2008-1927
RHSA-2008:0522: perl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080522 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0522, CVE-2008-1927 |
| Description | Perl is a high-level programming language commonly used for system administration utilities and Web programming. A flaw was found in Perl's regular expression engine. A specially crafted regular expression with Unicode characters could trigger a buffer overflow, causing Perl to crash, or possibly execute arbitrary code with the privileges of the user running Perl. (CVE-2008-1927) Users of perl are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0529: net-snmp security update (Moderate)oval-com.redhat.rhsa-def-20080529 mediumRHSA-2008:0529 CVE-2008-0960 CVE-2008-2292
RHSA-2008:0529: net-snmp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080529 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0529, CVE-2008-0960, CVE-2008-2292 |
| Description | The Simple Network Management Protocol (SNMP) is a protocol used for network management. A flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could use this flaw to spoof an authenticated SNMPv3 packet. (CVE-2008-0960) A buffer overflow was found in the Perl bindings for Net-SNMP. This could be exploited if an attacker could convince an application using the Net-SNMP Perl module to connect to a malicious SNMP agent. (CVE-2008-2292) All users of net-snmp should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0533: bind security update (Important)oval-com.redhat.rhsa-def-20080533 highRHSA-2008:0533 CVE-2008-1447
RHSA-2008:0533: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080533 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0533, CVE-2008-1447 |
| Description | ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. The DNS protocol protects against spoofing attacks by requiring an attacker to predict both the DNS transaction ID and UDP source port of a request. In recent years, a number of papers have found problems with DNS implementations which make it easier for an attacker to perform DNS cache-poisoning attacks. Previous versions of BIND did not use randomized UDP source ports. If an attacker was able to predict the random DNS transaction ID, this could make DNS cache-poisoning attacks easier. In order to provide more resilience, BIND has been updated to use a range of random UDP source ports. (CVE-2008-1447) Note: This errata also updates SELinux policy on Red Hat Enterprise Linux 4 and 5 to allow BIND to use random UDP source ports. Users of BIND are advised to upgrade to these updated packages, which contain a backported patch to add this functionality. Red Hat would like to thank Dan Kaminsky for reporting this issue. |
RHSA-2008:0537: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20080537 highRHSA-2008:0537 CVE-2008-2152
RHSA-2008:0537: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080537 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0537, CVE-2008-2152 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Sean Larsson found a heap overflow flaw in the OpenOffice memory allocator. If a carefully crafted file was opened by a victim, an attacker could use the flaw to crash OpenOffice.org or, possibly, execute arbitrary code. (CVE-2008-2152) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix to correct this issue. |
RHSA-2008:0538: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20080538 highRHSA-2008:0538 CVE-2008-2152 CVE-2008-2366
RHSA-2008:0538: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080538 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0538, CVE-2008-2152, CVE-2008-2366 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Sean Larsson found a heap overflow flaw in the OpenOffice memory allocator. If a carefully crafted file was opened by a victim, an attacker could use the flaw to crash OpenOffice.org or, possibly, execute arbitrary code. (CVE-2008-2152) It was discovered that certain libraries in the Red Hat Enterprise Linux 3 and 4 openoffice.org packages had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user able to convince another user to run OpenOffice in an attacker-controlled directory, could run arbitrary code with the privileges of the victim. (CVE-2008-2366) All users of openoffice.org are advised to upgrade to these updated packages, which contain backported fixes which correct these issues. |
RHSA-2008:0544: php security update (Moderate)oval-com.redhat.rhsa-def-20080544 mediumRHSA-2008:0544 CVE-2007-4782 CVE-2007-5898 CVE-2007-5899 CVE-2008-2051 CVE-2008-2107 CVE-2008-2108
RHSA-2008:0544: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080544 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0544, CVE-2007-4782, CVE-2007-5898, CVE-2007-5899, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external web sites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user's session ID would be included in the form data passed to that URL. (CVE-2007-5899) It was discovered that PHP fnmatch() function did not restrict the length of the string argument. An attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted input data. (CVE-2007-4782) It was discovered that PHP did not properly seed its pseudo-random number generator used by functions such as rand() and mt_rand(), possibly allowing an attacker to easily predict the generated pseudo-random values. (CVE-2008-2107, CVE-2008-2108) Users of PHP should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:0545: php security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20080545 mediumRHSA-2008:0545 CVE-2007-4782 CVE-2007-5898 CVE-2007-5899 CVE-2008-2051 CVE-2008-2107 CVE-2008-2108
RHSA-2008:0545: php security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080545 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0545, CVE-2007-4782, CVE-2007-5898, CVE-2007-5899, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. It was discovered that the PHP escapeshellcmd() function did not properly escape multi-byte characters which are not valid in the locale used by the script. This could allow an attacker to bypass quoting restrictions imposed by escapeshellcmd() and execute arbitrary commands if the PHP script was using certain locales. Scripts using the default UTF-8 locale are not affected by this issue. (CVE-2008-2051) The PHP functions htmlentities() and htmlspecialchars() did not properly recognize partial multi-byte sequences. Certain sequences of bytes could be passed through these functions without being correctly HTML-escaped. Depending on the browser being used, an attacker could use this flaw to conduct cross-site scripting attacks. (CVE-2007-5898) A PHP script which used the transparent session ID configuration option, or which used the output_add_rewrite_var() function, could leak session identifiers to external web sites. If a page included an HTML form with an ACTION attribute referencing a non-local URL, the user's session ID would be included in the form data passed to that URL. (CVE-2007-5899) It was discovered that the PHP fnmatch() function did not restrict the length of the string argument. An attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted input data. (CVE-2007-4782) It was discovered that PHP did not properly seed its pseudo-random number generator used by functions such as rand() and mt_rand(), possibly allowing an attacker to easily predict the generated pseudo-random values. (CVE-2008-2107, CVE-2008-2108) As well, these updated packages fix the following bug: * after 2008-01-01, when using PEAR version 1.3.6 or older, it was not possible to use the PHP Extension and Application Repository (PEAR) to upgrade or install packages. In these updated packages, PEAR has been upgraded to version 1.4.9, which restores support for the current pear.php.net update server. The following changes were made to the PEAR packages included in php-pear: Console_Getopt and Archive_Tar are now included by default, and XML_RPC has been upgraded to version 1.5.0. All php users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0547: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20080547 highRHSA-2008:0547 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811
RHSA-2008:0547: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080547 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0547, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed web content was displayed. A web page containing specially-crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by SeaMonkey. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way SeaMonkey escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running SeaMonkey. (CVE-2008-2808) A flaw was found in the way SeaMonkey displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0549: firefox security update (Critical)oval-com.redhat.rhsa-def-20080549 highRHSA-2008:0549 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811
RHSA-2008:0549: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080549 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0549, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 |
| Description | Mozilla Firefox is an open source Web browser. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed web content was displayed. A web page containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808) A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) All Mozilla Firefox users should upgrade to this updated package, which contains backported patches that correct these issues. |
RHSA-2008:0556: freetype security update (Important)oval-com.redhat.rhsa-def-20080556 highRHSA-2008:0556 CVE-2008-1806 CVE-2008-1807 CVE-2008-1808
RHSA-2008:0556: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080556 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0556, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files, as well as efficiently load, hint and render individual glyphs. Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. (CVE-2008-1806, CVE-2008-1807, CVE-2008-1808) Note: the flaw in FreeType's TrueType Font (TTF) font-file format parser, covered by CVE-2008-1808, did not affect the freetype packages as shipped in Red Hat Enterprise Linux 3, 4, and 5, as they are not compiled with TTF Byte Code Interpreter (BCI) support. Users of freetype should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0561: ruby security update (Moderate)oval-com.redhat.rhsa-def-20080561 mediumRHSA-2008:0561 CVE-2008-2376 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726
RHSA-2008:0561: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080561 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0561, CVE-2008-2376, CVE-2008-2662, CVE-2008-2663, CVE-2008-2664, CVE-2008-2725, CVE-2008-2726 |
| Description | Ruby is an interpreted scripting language for quick and easy object-oriented programming. Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. (CVE-2008-2376, CVE-2008-2662, CVE-2008-2663, CVE-2008-2725, CVE-2008-2726) It was discovered that Ruby used the alloca() memory allocation function in the format (%) method of the String class without properly restricting maximum string length. An attacker could use this flaw to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using long, untrusted strings as format strings. (CVE-2008-2664) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of Ruby should upgrade to these updated packages, which contain a backported patch to resolve these issues. |
RHSA-2008:0569: firefox security update (Critical)oval-com.redhat.rhsa-def-20080569 highRHSA-2008:0569 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811
RHSA-2008:0569: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080569 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0569, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 |
| Description | Mozilla Firefox is an open source Web browser. Multiple flaws were found in the processing of malformed JavaScript content. A web page containing such malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed web content was displayed. A web page containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Firefox. A web page containing malicious content could cause Firefox to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Firefox. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Firefox escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Firefox. (CVE-2008-2808) A flaw was found in the way Firefox displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) All Mozilla Firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. |
RHSA-2008:0575: rdesktop security update (Moderate)oval-com.redhat.rhsa-def-20080575 mediumRHSA-2008:0575 CVE-2008-1801 CVE-2008-1803
RHSA-2008:0575: rdesktop security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080575 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0575, CVE-2008-1801, CVE-2008-1803 |
| Description | rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow and integer signedness issue were discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803) Users of rdesktop should upgrade to these updated packages, which contain a backported patches to resolve these issues. |
RHSA-2008:0580: vim security update (Moderate)oval-com.redhat.rhsa-def-20080580 mediumRHSA-2008:0580 CVE-2007-2953 CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-4101 CVE-2008-6235
RHSA-2008:0580: vim security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0580, CVE-2007-2953, CVE-2008-2712, CVE-2008-3074, CVE-2008-3075, CVE-2008-4101, CVE-2008-6235 |
| Description | Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) Multiple security flaws were found in netrw.vim, the Vim plug-in providing file reading and writing over the network. If a user opened a specially crafted file or directory with the netrw plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3076) A security flaw was found in zip.vim, the Vim plug-in that handles ZIP archive browsing. If a user opened a ZIP archive using the zip.vim plug-in, it could result in arbitrary code execution as the user running Vim. (CVE-2008-3075) A security flaw was found in tar.vim, the Vim plug-in which handles TAR archive browsing. If a user opened a TAR archive using the tar.vim plug-in, it could result in arbitrary code execution as the user runnin Vim. (CVE-2008-3074) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:0581: bluez-libs and bluez-utils security update (Moderate)oval-com.redhat.rhsa-def-20080581 mediumRHSA-2008:0581 CVE-2008-2374
RHSA-2008:0581: bluez-libs and bluez-utils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080581 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0581, CVE-2008-2374 |
| Description | The bluez-libs package contains libraries for use in Bluetooth applications. The bluez-utils package contains Bluetooth daemons and utilities. An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX® socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. (CVE-2008-2374) Users of bluez-libs and bluez-utils are advised to upgrade to these updated packages, which contains a backported patch to correct this issue. |
RHSA-2008:0583: openldap security update (Important)oval-com.redhat.rhsa-def-20080583 highRHSA-2008:0583 CVE-2008-2952
RHSA-2008:0583: openldap security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080583 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0583, CVE-2008-2952 |
| Description | OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols for accessing directory services. A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon. (CVE-2008-2952) Users of openldap should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2008:0584: pidgin security and bug fix update (Important)oval-com.redhat.rhsa-def-20080584 highRHSA-2008:0584 CVE-2008-2927
RHSA-2008:0584: pidgin security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080584 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0584, CVE-2008-2927 |
| Description | Pidgin is a multi-protocol Internet Messaging client. An integer overflow flaw was found in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2008-2927) Note: the default Pidgin privacy setting only allows messages from users in the buddy list. This prevents arbitrary MSN users from exploiting this flaw. This update also addresses the following bug: * when attempting to connect to the ICQ network, Pidgin would fail to connect, present an alert saying the "The client version you are using is too old", and de-activate the ICQ account. This update restores Pidgin's ability to connect to the ICQ network. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0597: firefox security update (Critical)oval-com.redhat.rhsa-def-20080597 highRHSA-2008:0597 CVE-2008-2785 CVE-2008-2933 CVE-2008-3198
RHSA-2008:0597: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080597 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0597, CVE-2008-2785, CVE-2008-2933, CVE-2008-3198 |
| Description | Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious web site could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) All firefox users should upgrade to these updated packages, which contain Firefox 3.0.1 that corrects these issues. |
RHSA-2008:0598: firefox security update (Critical)oval-com.redhat.rhsa-def-20080598 highRHSA-2008:0598 CVE-2008-2785 CVE-2008-2933
RHSA-2008:0598: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080598 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0598, CVE-2008-2785, CVE-2008-2933 |
| Description | Mozilla Firefox is an open source Web browser. An integer overflow flaw was found in the way Firefox displayed certain web content. A malicious web site could cause Firefox to crash, or execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-2785) A flaw was found in the way Firefox handled certain command line URLs. If another application passed Firefox a malformed URL, it could result in Firefox executing local malicious content with chrome privileges. (CVE-2008-2933) All firefox users should upgrade to this updated package, which contains backported patches that correct these issues. |
RHSA-2008:0599: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20080599 highRHSA-2008:0599 CVE-2008-2785
RHSA-2008:0599: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080599 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0599, CVE-2008-2785 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. An integer overflow flaw was found in the way SeaMonkey displayed certain web content. A malicious web site could cause SeaMonkey to crash or execute arbitrary code with the permissions of the user running SeaMonkey. (CVE-2008-2785) All seamonkey users should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0607: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080607 highRHSA-2008:0607 CVE-2008-2136
RHSA-2008:0607: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080607 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0607, CVE-2008-2136 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issue: * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) As well, these updated packages fix the following bugs: * a possible kernel hang on hugemem systems, due to a bug in NFS, which may have caused systems to become unresponsive, has been resolved. * an inappropriate exit condition occurred in the architecture-specific "mmap()" realization, which fell into an infinite loop under certain conditions. On 64-bit systems, this issue may have manifested itself to users as a soft lockup, or process hangs. * due to a bug in hardware initialization in the "ohci_hcd" kernel module, the kernel may have failed with a NULL pointer dereference. On 64-bit PowerPC systems, this may have caused booting to fail, and drop to xmon. On other platforms, a kernel oops occurred. * due to insufficient locks in task termination code, a panic may have occurred in the "sys_times()" system call on SMP machines. Red Hat Enterprise Linux 4 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0612: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080612 highRHSA-2008:0612 CVE-2008-1294 CVE-2008-2136 CVE-2008-2812
RHSA-2008:0612: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080612 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0612, CVE-2008-1294, CVE-2008-2136, CVE-2008-2812 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2136, Important) * a flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. (CVE-2008-1294, Moderate) * multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. (CVE-2008-2812, Moderate) These updated packages fix the following bugs: * the GNU libc stub resolver is a minimal resolver that works with Domain Name System (DNS) servers to satisfy requests from applications for names. The GNU libc stub resolver did not specify a source UDP port, and therefore used predictable port numbers. This could have made DNS spoofing attacks easier. The Linux kernel has been updated to implement random UDP source ports where none are specified by an application. This allows applications, such as those using the GNU libc stub resolver, to use random UDP source ports, helping to make DNS spoofing attacks harder. * when using certain hardware, a bug in UART_BUG_TXEN may have caused incorrect hardware detection, causing data flow to "/dev/ttyS1" to hang. * a 50-75% drop in NFS server rewrite performance, compared to Red Hat Enterprise Linux 4.6, has been resolved. * due a bug in the fast userspace mutex code, while one thread fetched a pointer, another thread may have removed it, causing the first thread to fetch the wrong pointer, possibly causing a system crash. * on certain Hitachi hardware, removing the "uhci_hcd" module caused a kernel oops, and the following error: BUG: warning at arch/ia64/kernel/iosapic.c:1001/iosapic_unregister_intr() Even after the "uhci_hcd" module was reloaded, there was no access to USB devices. As well, on systems that have legacy interrupts, "acpi_unregister_gsi" incorrectly called "iosapci_unregister_intr()", causing warning messages to be logged. * when a page was mapped with mmap(), and "PROT_WRITE" was the only "prot" argument, the first read of that page caused a segmentation fault. If the page was read after it was written to, no fault occurred. This was incompatible with the Red Hat Enterprise Linux 4 behavior. * due to a NULL pointer dereference in powernowk8_init(), a panic may have occurred. * certain error conditions handled by the bonding sysfs interface could have left rtnl_lock() unbalanced, either by locking and returning without unlocking, or by unlocking when it did not lock, possibly causing a "kernel: RTNL: assertion failed at net/core/fib_rules.c" error. * the kernel currently expects a maximum of six Machine Check Exception (MCE) banks to be exposed by a CPU. Certain CPUs have 7 or more, which may have caused the MCE to be incorrectly reported. * a race condition in UNIX domain sockets may have caused recv() to return zero. For clusters, this may have caused unexpected failovers. * msgrcv() frequently returned an incorrect "ERESTARTNOHAND (514)" error number. * on certain Intel Itanium-based systems, when kdump was configured to halt the system after a dump operation, after the "System halted." output, the kernel continued to output endless "soft lockup" messages. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0616: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20080616 mediumRHSA-2008:0616 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811
RHSA-2008:0616: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080616 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0616, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the processing of malformed JavaScript content. An HTML mail containing such malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2801, CVE-2008-2802, CVE-2008-2803) Several flaws were found in the processing of malformed HTML content. An HTML mail containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2811) Several flaws were found in the way malformed HTML content was displayed. An HTML mail containing specially-crafted content could, potentially, trick a Thunderbird user into surrendering sensitive information. (CVE-2008-2800) Two local file disclosure flaws were found in Thunderbird. An HTML mail containing malicious content could cause Thunderbird to reveal the contents of a local file to a remote attacker. (CVE-2008-2805, CVE-2008-2810) A flaw was found in the way a malformed .properties file was processed by Thunderbird. A malicious extension could read uninitialized memory, possibly leaking sensitive data to the extension. (CVE-2008-2807) A flaw was found in the way Thunderbird escaped a listing of local file names. If a user could be tricked into listing a local directory containing malicious file names, arbitrary JavaScript could be run with the permissions of the user running Thunderbird. (CVE-2008-2808) A flaw was found in the way Thunderbird displayed information about self-signed certificates. It was possible for a self-signed certificate to contain multiple alternate name entries, which were not all displayed to the user, allowing them to mistakenly extend trust to an unknown site. (CVE-2008-2809) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0617: vim security update (Moderate)oval-com.redhat.rhsa-def-20080617 mediumRHSA-2008:0617 CVE-2007-2953 CVE-2008-2712 CVE-2008-3432 CVE-2008-4101
RHSA-2008:0617: vim security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080617 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0617, CVE-2007-2953, CVE-2008-2712, CVE-2008-3432, CVE-2008-4101 |
| Description | Vim (Visual editor IMproved) is an updated and improved version of the vi editor. Several input sanitization flaws were found in Vim's keyword and tag handling. If Vim looked up a document's maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101) A heap-based overflow flaw was discovered in Vim's expansion of file name patterns with shell wildcards. An attacker could create a specially-crafted file or directory name that, when opened by Vim, caused the application to crash or, possibly, execute arbitrary code. (CVE-2008-3432) Several input sanitization flaws were found in various Vim system functions. If a user opened a specially crafted file, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-2712) Ulf Härnhammar, of Secunia Research, discovered a format string flaw in Vim's help tag processor. If a user was tricked into executing the "helptags" command on malicious data, arbitrary code could be executed with the permissions of the user running Vim. (CVE-2007-2953) All Vim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:0648: tomcat security update (Important)oval-com.redhat.rhsa-def-20080648 highRHSA-2008:0648 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2008-2938
RHSA-2008:0648: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080648 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0648, CVE-2008-1232, CVE-2008-1947, CVE-2008-2370, CVE-2008-2938 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A cross-site scripting vulnerability was discovered in the HttpServletResponse.sendError() method. A remote attacker could inject arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232) An additional cross-site scripting vulnerability was discovered in the host manager application. A remote attacker could inject arbitrary web script or HTML via the hostname parameter. (CVE-2008-1947) A traversal vulnerability was discovered when using a RequestDispatcher in combination with a servlet or JSP. A remote attacker could utilize a specially-crafted request parameter to access protected web resources. (CVE-2008-2370) An additional traversal vulnerability was discovered when the "allowLinking" and "URIencoding" settings were activated. A remote attacker could use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process. (CVE-2008-2938) Users of tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0649: libxslt security update (Moderate)oval-com.redhat.rhsa-def-20080649 mediumRHSA-2008:0649 CVE-2008-2935
RHSA-2008:0649: libxslt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080649 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0649, CVE-2008-2935 |
| Description | libxslt is a library for transforming XML files into other XML files using the standard XSLT stylesheet transformation mechanism. A heap buffer overflow flaw was discovered in the RC4 libxslt library extension. An attacker could create a malicious XSL file that would cause a crash, or, possibly, execute arbitrary code with the privileges of the application using the libxslt library to perform XSL transformations on untrusted XSL style sheets. (CVE-2008-2935) Red Hat would like to thank Chris Evans for reporting this vulnerability. All libxslt users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0665: Updated kernel packages for Red Hat Enterprise Linux 4.7 (Moderate)oval-com.redhat.rhsa-def-20080665 mediumRHSA-2008:0665 CVE-2006-4145 CVE-2008-2812
RHSA-2008:0665: Updated kernel packages for Red Hat Enterprise Linux 4.7 (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080665 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0665, CVE-2006-4145, CVE-2008-2812 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Kernel Feature Support: * iostat displays I/O performance for partitions * I/O task accounting added to getrusage(), allowing comprehensive core statistics * page cache pages count added to show_mem() output * tux O_ATOMICLOOKUP flag removed from the open() system call: replaced with O_CLOEXEC * the kernel now exports process limit information to /proc/[PID]/limits * implement udp_poll() to reduce likelihood of false positives returned from select() * the TCP_RTO_MIN parameter can now be configured to a maximum of 3000 milliseconds. This is configured using "ip route" * update CIFS to version 1.50 Added Features: * nfs.enable_ino64 boot command line parameter: enable and disable 32-bit inode numbers when using NFS * tick "divider" kernel boot parameter: reduce CPU overhead, and increase efficiency at the cost of lowering timing accuracy * /proc/sys/vm/nfs-writeback-lowmem-only tunable parameter: resolve NFS read performance * /proc/sys/vm/write-mapped tunable option, allowing the option of faster NFS reads * support for Large Receive Offload as a networking module * core dump masking, allowing a core dump process to skip the shared memory segments of a process Virtualization: * para-virtualized network and block device drivers, to increase fully-virtualized guest performance * support for more than three VNIF numbers per guest domain Platform Support: * AMD ATI SB800 SATA controller, AMD ATI SB600 and SB700 40-pin IDE cable * 64-bit DMA support on AMD ATI SB700 * PCI device IDs to support Intel ICH10 * /dev/msr[0-n] device files * powernow-k8 as a module * SLB shadow buffer support for IBM POWER6 systems * support for CPU frequencies greater than 32-bit on IBM POWER5, IBM POWER6 * floating point load and store handler for IBM POWER6 Added Drivers and Updates: * ixgbe 1.1.18, for the Intel 82598 10GB ethernet controller * bnx2x 1.40.22, for network adapters on the Broadcom 5710 chipset * dm-hp-sw 1.0.0, for HP Active/Standby * zfcp version and bug fixes * qdio to fix FCP/SCSI write I/O expiring on LPARs * cio bug fixes * eHEA latest upstream, and netdump and netconsole support * ipr driver support for dual SAS RAID controllers * correct CPU cache info and SATA support for Intel Tolapai * i5000_edac support for Intel 5000 chipsets * i3000_edac support for Intel 3000 and 3010 chipsets * add i2c_piix4 module on 64-bit systems to support AMD ATI SB600, 700 and 800 * i2c-i801 support for Intel Tolapai * qla4xxx: 5.01.01-d2 to 5.01.02-d4-rhel4.7-00 * qla2xxx: 8.01.07-d4 to 8.01.07-d4-rhel4.7-02 * cciss: 2.6.16 to 2.6.20 * mptfusion: 3.02.99.00rh to 3.12.19.00rh * lpfc:0: 8.0.16.34 to 8.0.16.40 * megaraid_sas: 00.00.03.13 to 00.00.03.18-rh1 * stex: 3.0.0.1 to 3.6.0101.2 * arcmsr: 1.20.00.13 to 1.20.00.15.rh4u7 * aacraid: 1.1-5[2441] to 1.1.5[2455] Miscellaneous Updates: * OFED 1.3 support * wacom driver to add support for Cintiq 20WSX, Wacom Intuos3 12x19, 12x12 and 4x6 tablets * sata_svw driver to support Broadcom HT-1100 chipsets * libata to un-blacklist Hitachi drives to enable NCQ * ide driver allows command line option to disable ide drivers * psmouse support for cortps protocol These updated packages fix the following security issues: * NULL pointer access due to missing checks for terminal validity. (CVE-2008-2812, Moderate) * a security flaw was found in the Linux kernel Universal Disk Format file system. (CVE-2006-4145, Low) For further details, refer to the latest Red Hat Enterprise Linux 4.7 release notes: redhat.com/docs/manuals/enterprise |
RHSA-2008:0680: vsftpd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20080680 mediumRHSA-2008:0680 CVE-2008-2375
RHSA-2008:0680: vsftpd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080680 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0680, CVE-2008-2375 |
| Description | vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux and Unix-like systems. The version of vsftpd as shipped in Red Hat Enterprise Linux 4 when used in combination with Pluggable Authentication Modules (PAM) had a memory leak on an invalid authentication attempt. Since vsftpd prior to version 2.0.5 allows any number of invalid attempts on the same connection this memory leak could lead to an eventual DoS. (CVE-2008-2375) This update mitigates this security issue by including a backported patch which terminates a session after a given number of failed log in attempts. The default number of attempts is 3 and this can be configured using the "max_login_fails" directive. This package also addresses the following bugs: * when uploading unique files, a bug in vsftpd caused the file to be saved with a suffix '.1' even when no previous file with that name existed. This issues is resolved in this package. * when vsftpd was run through the init script, it was possible for the init script to print an 'OK' message, even though the vsftpd may not have started. The init script no longer produces a false verification with this update. * vsftpd only supported usernames with a maximum length of 32 characters. The updated package now supports usernames up to 128 characters long. * a system flaw meant vsftpd output could become dependent on the timing or sequence of other events, even when the "lock_upload_files" option was set. If a file, filename.ext, was being uploaded and a second transfer of the file, filename.ext, was started before the first transfer was finished, the resultant uploaded file was a corrupt concatenation of the latter upload and the tail of the earlier upload. With this updated package, vsftpd allows the earlier upload to complete before overwriting with the latter upload, fixing the issue. * the 'lock_upload_files' option was not documented in the manual page. A new manual page describing this option is included in this package. * vsftpd did not support usernames that started with an underscore or a period character. These special characters are now allowed at the beginning of a username. * when storing a unique file, vsftpd could cause an error for some clients. This is rectified in this package. * vsftpd init script was found to not be Linux Standards Base compliant. This update corrects their exit codes to conform to the standard. All vsftpd users are advised to upgrade to this updated package, which resolves these issues. |
RHSA-2008:0715: nss_ldap security and bug fix update (Low)oval-com.redhat.rhsa-def-20080715 lowRHSA-2008:0715 CVE-2007-5794
RHSA-2008:0715: nss_ldap security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20080715 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2008:0715, CVE-2007-5794 |
| Description | The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap module is a plug-in which allows applications to retrieve information about users and groups from a directory server. The pam_ldap module allows PAM-aware applications to use a directory server to verify user passwords. A race condition was discovered in nss_ldap, which affected certain applications that make LDAP connections, such as Dovecot. This could cause nss_ldap to answer a request for information about one user with the information about a different user. (CVE-2007-5794) As well, this updated package fixes the following bugs: * in certain situations, on Itanium(R) architectures, when an application performed an LDAP lookup for a highly populated group, for example, containing more than 150 members, the application crashed, or may have caused a segmentation fault. As well, this issue may have caused commands, such as "ls", to return a "ber_free_buf: Assertion" error. * when an application enumerated members of a netgroup, the nss_ldap module returned a successful status result and the netgroup name, even when the netgroup did not exist. This behavior was not consistent with other modules. In this updated package, nss_ldap no longer returns a successful status when the netgroup does not exist. * in master and slave server environments, with systems that were configured to use a read-only directory server, if user log in attempts were denied because their passwords had expired, and users attempted to immediately change their passwords, the replication server returned an LDAP referral, instructing the pam_ldap module to resissue its request to a different server; however, the pam_ldap module failed to do so. In these situations, an error such as the following occurred: LDAP password information update failed: Can't contact LDAP server Insufficient 'write' privilege to the 'userPassword' attribute of entry [entry] In this updated package, password changes are allowed when binding against a slave server, which resolves this issue. * when a system used a directory server for naming information, and "nss_initgroups_ignoreusers root" was configured in "/etc/ldap.conf", dbus-daemon-1 would hang. Running the "service messagebus start" command did not start the service, and it did not fail, which would stop the boot process if it was not cancelled. As well, this updated package upgrades nss_ldap to the version as shipped with Red Hat Enterprise Linux 5. Users of nss_ldap are advised to upgrade to this updated package, which resolves these issues. |
RHSA-2008:0725: rdesktop security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20080725 mediumRHSA-2008:0725 CVE-2008-1801
RHSA-2008:0725: rdesktop security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080725 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0725, CVE-2008-1801 |
| Description | rdesktop is an open source client for Microsoft Windows NT Terminal Server and Microsoft Windows 2000 and 2003 Terminal Services, capable of natively using the Remote Desktop Protocol (RDP) to present the user's NT desktop. No additional server extensions are required. An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code. (CVE-2008-1801) Additionally, the following bug was fixed: A missing command line option caused rdesktop to fail when using the krdc remote desktop utility. Using krdc to connect to a terminal server resulted in errors such as the following: The version of rdesktop you are using ([version]) is too old: rdesktop [version] or greater is required. A working patch for rdesktop [version] can be found in KDE CVS. In this updated package, krdc successfully connects to terminal servers. Users of rdesktop should upgrade to these updated packages, which contain a backported patches to resolve these issues. |
RHSA-2008:0768: mysql security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20080768 mediumRHSA-2008:0768 CVE-2006-3469 CVE-2006-4031 CVE-2007-2691 CVE-2008-2079
RHSA-2008:0768: mysql security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080768 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0768, CVE-2006-3469, CVE-2006-4031, CVE-2007-2691, CVE-2008-2079 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld), and many different client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: this attack does not work on existing tables. An attacker can only elevate their access to another user's tables as the tables are created. As well, the names of these created tables need to be predicted correctly for this attack to succeed. (CVE-2008-2079) MySQL did not require the "DROP" privilege for "RENAME TABLE" statements. An authenticated user could use this flaw to rename arbitrary tables. (CVE-2007-2691) MySQL allowed an authenticated user to access a table through a previously created MERGE table, even after the user's privileges were revoked from the original table, which might violate intended security policy. This is addressed by allowing the MERGE storage engine to be disabled, which can be done by running mysqld with the "--skip-merge" option. (CVE-2006-4031) A flaw in MySQL allowed an authenticated user to cause the MySQL daemon to crash via crafted SQL queries. This only caused a temporary denial of service, as the MySQL daemon is automatically restarted after the crash. (CVE-2006-3469) As well, these updated packages fix the following bugs: * in the previous mysql packages, if a column name was referenced more than once in an "ORDER BY" section of a query, a segmentation fault occurred. * when MySQL failed to start, the init script returned a successful (0) exit code. When using the Red Hat Cluster Suite, this may have caused cluster services to report a successful start, even when MySQL failed to start. In these updated packages, the init script returns the correct exit codes, which resolves this issue. * it was possible to use the mysqld_safe command to specify invalid port numbers (higher than 65536), causing invalid ports to be created, and, in some cases, a "port number definition: unsigned short" error. In these updated packages, when an invalid port number is specified, the default port number is used. * when setting "myisam_repair_threads > 1", any repair set the index cardinality to "1", regardless of the table size. * the MySQL init script no longer runs "chmod -R" on the entire database directory tree during every startup. * when running "mysqldump" with the MySQL 4.0 compatibility mode option, "--compatible=mysql40", mysqldump created dumps that omitted the "auto_increment" field. As well, the MySQL init script now uses more reliable methods for determining parameters, such as the data directory location. Note: these updated packages upgrade MySQL to version 4.1.22. For a full list of bug fixes and enhancements, refer to the MySQL release notes: http://dev.mysql.com/doc/refman/4.1/en/news-4-1-22.html All mysql users are advised to upgrade to these updated packages, which resolve these issues and add this enhancement. |
RHSA-2008:0780: coreutils security update (Low)oval-com.redhat.rhsa-def-20080780 lowRHSA-2008:0780 CVE-2008-1946
RHSA-2008:0780: coreutils security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20080780 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2008:0780, CVE-2008-1946 |
| Description | The coreutils package contains the core GNU utilities. It is the combination of the old GNU fileutils, sh-utils, and textutils packages. The coreutils packages were found to not use the pam_succeed_if Pluggable Authentication Module (PAM) correctly in the configuration file for the "su" command. Any local user could use this command to change to a locked or expired user account if the target account's password was known to the user running "su". These updated packages, correctly, only allow the root user to switch to locked or expired accounts using "su". (CVE-2008-1946) All users of coreutils are advised to upgrade to this updated package, which resolve this issue. |
RHSA-2008:0789: dnsmasq security update (Moderate)oval-com.redhat.rhsa-def-20080789 mediumRHSA-2008:0789 CVE-2008-1447
RHSA-2008:0789: dnsmasq security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080789 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0789, CVE-2008-1447 |
| Description | Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. (CVE-2008-1447) All dnsmasq users are advised to upgrade to this updated package, that upgrades dnsmasq to version 2.45, which resolves this issue. |
RHSA-2008:0815: yum-rhn-plugin security update (Moderate)oval-com.redhat.rhsa-def-20080815 mediumRHSA-2008:0815 CVE-2008-3270
RHSA-2008:0815: yum-rhn-plugin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080815 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0815, CVE-2008-3270 |
| Description | The yum-rhn-plugin provides support for yum to securely access a Red Hat Network (RHN) server for software updates. It was discovered that yum-rhn-plugin did not verify the SSL certificate for all communication with a Red Hat Network server. An attacker able to redirect the network communication between a victim and an RHN server could use this flaw to provide malicious repository metadata. This metadata could be used to block the victim from receiving specific security updates. (CVE-2008-3270) This flaw did not allow an attacker to install malicious packages. Package signatures were verified and only packages signed with a trusted Red Hat GPG key were installed. Red Hat would like to thank Justin Cappos and Justin Samuel for discussing various package update mechanism flaws which led to our discovery of this issue. Users of yum-rhn-plugin are advised to upgrade to this updated packages, which resolves this issue. |
RHSA-2008:0818: hplip security update (Moderate)oval-com.redhat.rhsa-def-20080818 mediumRHSA-2008:0818 CVE-2008-2940 CVE-2008-2941
RHSA-2008:0818: hplip security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080818 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0818, CVE-2008-2940, CVE-2008-2941 |
| Description | The hplip (Hewlett-Packard Linux Imaging and Printing) packages provide drivers for Hewlett-Packard printers and multifunction peripherals. A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially-crafted packets to trigger alert mails, which are sent by the root account. (CVE-2008-2940) A flaw was discovered in the hpssd message parser. By sending specially-crafted packets, a local attacker could cause a denial of service, stopping the hpssd process. (CVE-2008-2941) Users of hplip should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:0835: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20080835 highRHSA-2008:0835 CVE-2008-3282
RHSA-2008:0835: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080835 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0835, CVE-2008-3282 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. A numeric truncation error was found in the OpenOffice.org memory allocator. If a carefully crafted file was opened by a victim, an attacker could use this flaw to crash OpenOffice.org or, possibly, execute arbitrary code. (CVE-2008-3282) All users of openoffice.org are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2008:0836: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20080836 mediumRHSA-2008:0836 CVE-2008-3281
RHSA-2008:0836: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080836 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0836, CVE-2008-3281 |
| Description | The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. (CVE-2008-3281) Red Hat would like to thank Andreas Solberg for responsibly disclosing this issue. All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0839: postfix security update (Moderate)oval-com.redhat.rhsa-def-20080839 mediumRHSA-2008:0839 CVE-2008-2936
RHSA-2008:0839: postfix security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080839 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0839, CVE-2008-2936 |
| Description | Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. (CVE-2008-2936) Red Hat would like to thank Sebastian Krahmer for responsibly disclosing this issue. All users of postfix should upgrade to these updated packages, which contain a backported patch that resolves this issue. |
RHSA-2008:0847: libtiff security and bug fix update (Important)oval-com.redhat.rhsa-def-20080847 highRHSA-2008:0847 CVE-2008-2327
RHSA-2008:0847: libtiff security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080847 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0847, CVE-2008-2327 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. (CVE-2008-2327) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. Additionally, these updated packages fix the following bug: * the libtiff packages included manual pages for the sgi2tiff and tiffsv commands, which are not included in these packages. These extraneous manual pages were removed. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0848: libtiff security and bug fix update (Important)oval-com.redhat.rhsa-def-20080848 highRHSA-2008:0848 CVE-2006-2193 CVE-2008-2327
RHSA-2008:0848: libtiff security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080848 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0848, CVE-2006-2193, CVE-2008-2327 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple uses of uninitialized values were discovered in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked with libtiff to crash or, possibly, execute arbitrary code. (CVE-2008-2327) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue. A buffer overflow flaw was discovered in the tiff2pdf conversion program distributed with libtiff. An attacker could create a TIFF file containing UTF-8 characters that would, when converted to PDF format, cause tiff2pdf to crash, or, possibly, execute arbitrary code. (CVE-2006-2193) Additionally, these updated packages fix the following bug: * the libtiff packages included manual pages for the sgi2tiff and tiffsv commands, which are not included in these packages. These extraneous manual pages were removed. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0849: ipsec-tools security update (Important)oval-com.redhat.rhsa-def-20080849 highRHSA-2008:0849 CVE-2008-3651 CVE-2008-3652
RHSA-2008:0849: ipsec-tools security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080849 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0849, CVE-2008-3651, CVE-2008-3652 |
| Description | The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. (CVE-2008-3651, CVE-2008-3652) Users of ipsec-tools should upgrade to this updated package, which contains backported patches that resolve these issues. |
RHSA-2008:0855: openssh security update (Critical)oval-com.redhat.rhsa-def-20080855 highRHSA-2008:0855 CVE-2007-4752 CVE-2008-3844
RHSA-2008:0855: openssh security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080855 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0855, CVE-2007-4752, CVE-2008-3844 |
| Description | OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. Last week Red Hat detected an intrusion on certain of its computer systems and took immediate action. While the investigation into the intrusion is on-going, our initial focus was to review and test the distribution channel we use with our customers, Red Hat Network (RHN) and its associated security measures. Based on these efforts, we remain highly confident that our systems and processes prevented the intrusion from compromising RHN or the content distributed via RHN and accordingly believe that customers who keep their systems updated using Red Hat Network are not at risk. We are issuing this alert primarily for those who may obtain Red Hat binary packages via channels other than those of official Red Hat subscribers. In connection with the incident, the intruder was able to sign a small number of OpenSSH packages relating only to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only). As a precautionary measure, we are releasing an updated version of these packages, and have published a list of the tampered packages and how to detect them at http://www.redhat.com/security/data/openssh-blacklist.html To reiterate, our processes and efforts to date indicate that packages obtained by Red Hat Enterprise Linux subscribers via Red Hat Network are not at risk. These packages also fix a low severity flaw in the way ssh handles X11 cookies when creating X11 forwarding connections. When ssh was unable to create untrusted cookie, ssh used a trusted cookie instead, possibly allowing the administrative user of a untrusted remote server, or untrusted application run on the remote server, to gain unintended access to a users local X server. (CVE-2007-4752) |
RHSA-2008:0879: firefox security update (Critical)oval-com.redhat.rhsa-def-20080879 highRHSA-2008:0879 CVE-2008-3837 CVE-2008-4058 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068
RHSA-2008:0879: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080879 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0879, CVE-2008-3837, CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064, CVE-2008-4065, CVE-2008-4067, CVE-2008-4068 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4063, CVE-2008-4064) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-4067, CVE-2008-4068) A flaw was found in the way Firefox handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw was found in Firefox that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.2. You can find a link to the Mozilla advisories in the References section. All firefox users should upgrade to this updated package, which contains backported patches that correct these issues. |
RHSA-2008:0882: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20080882 highRHSA-2008:0882 CVE-2008-0016 CVE-2008-3835 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069
RHSA-2008:0882: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080882 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0882, CVE-2008-0016, CVE-2008-3835, CVE-2008-3837, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069 |
| Description | SeaMonkey is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) Several flaws were found in the way malformed web content was displayed. A web page containing specially crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068, CVE-2008-4069) A flaw was found in the way SeaMonkey handles mouse click events. A web page containing specially crafted JavaScript code could move the content window while a mouse-button was pressed, causing any item under the pointer to be dragged. This could, potentially, cause the user to perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw was found in SeaMonkey that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0884: libxml2 security update (Important)oval-com.redhat.rhsa-def-20080884 highRHSA-2008:0884 CVE-2008-3529
RHSA-2008:0884: libxml2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080884 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0884, CVE-2008-3529 |
| Description | The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A heap-based buffer overflow flaw was found in the way libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-3529) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0885: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080885 highRHSA-2008:0885 CVE-2007-6417 CVE-2007-6716 CVE-2008-2931 CVE-2008-3272 CVE-2008-3275
RHSA-2008:0885: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080885 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0885, CVE-2007-6417, CVE-2007-6716, CVE-2008-2931, CVE-2008-3272, CVE-2008-3275 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a missing capability check was found in the Linux kernel do_change_type routine. This could allow a local unprivileged user to gain privileged access or cause a denial of service. (CVE-2008-2931, Important) * a flaw was found in the Linux kernel Direct-IO implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important) * Tobias Klein reported a missing check in the Linux kernel Open Sound System (OSS) implementation. This deficiency could lead to a possible information leak. (CVE-2008-3272, Moderate) * a deficiency was found in the Linux kernel virtual filesystem (VFS) implementation. This could allow a local unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) * a flaw was found in the Linux kernel tmpfs implementation. This could allow a local unprivileged user to read sensitive information from the kernel. (CVE-2007-6417, Moderate) Bug fixes: * when copying a small IPoIB packet from the original skb it was received in to a new, smaller skb, all fields in the new skb were not initialized. This may have caused a kernel oops. * previously, data may have been written beyond the end of an array, causing memory corruption on certain systems, resulting in hypervisor crashes during context switching. * a kernel crash may have occurred on heavily-used Samba servers after 24 to 48 hours of use. * under heavy memory pressure, pages may have been swapped out from under the SGI Altix XPMEM driver, causing silent data corruption in the kernel. * the ixgbe driver is untested, but support was advertised for the Intel 82598 network card. If this card was present when the ixgbe driver was loaded, a NULL pointer dereference and a panic occurred. * on certain systems, if multiple InfiniBand queue pairs simultaneously fell into an error state, an overrun may have occurred, stopping traffic. * with bridging, when forward delay was set to zero, setting an interface to the forwarding state was delayed by one or possibly two timers, depending on whether STP was enabled. This may have caused long delays in moving an interface to the forwarding state. This issue caused packet loss when migrating virtual machines, preventing them from being migrated without interrupting applications. * on certain multinode systems, IPMI device nodes were created in reverse order of where they physically resided. * process hangs may have occurred while accessing application data files via asynchronous direct I/O system calls. * on systems with heavy lock traffic, a possible deadlock may have caused anything requiring locks over NFS to stop, or be very slow. Errors such as "lockd: server [IP] not responding, timed out" were logged on client systems. * unexpected removals of USB devices may have caused a NULL pointer dereference in kobject_get_path. * on Itanium-based systems, repeatedly creating and destroying Windows guests may have caused Dom0 to crash, due to the "XENMEM_add_to_physmap" hypercall, used by para-virtualized drivers on HVM, being SMP-unsafe. * when using an MD software RAID, crashes may have occurred when devices were removed or changed while being iterated through. Correct locking is now used. * break requests had no effect when using "Serial Over Lan" with the Intel 82571 network card. This issue may have caused log in problems. * on Itanium-based systems, module_free() referred the first parameter before checking it was valid. This may have caused a kernel panic when exiting SystemTap. Red Hat Enterprise Linux 5 users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0890: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20080890 mediumRHSA-2008:0890 CVE-2008-1070 CVE-2008-1071 CVE-2008-1072 CVE-2008-1561 CVE-2008-1562 CVE-2008-1563 CVE-2008-3137 CVE-2008-3138 CVE-2008-3141 CVE-2008-3145 CVE-2008-3146 CVE-2008-3932 CVE-2008-3933 CVE-2008-3934
RHSA-2008:0890: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080890 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0890, CVE-2008-1070, CVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141, CVE-2008-3145, CVE-2008-3146, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-3146) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-1070, CVE-2008-1071, CVE-2008-1072, CVE-2008-1561, CVE-2008-1562, CVE-2008-1563, CVE-2008-3137, CVE-2008-3138, CVE-2008-3141, CVE-2008-3145, CVE-2008-3932, CVE-2008-3933, CVE-2008-3934) Additionally, this update changes the default Pluggable Authentication Modules (PAM) configuration to always prompt for the root password before each start of Wireshark. This avoids unintentionally running Wireshark with root privileges. Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.3, and resolve these issues. |
RHSA-2008:0892: xen security and bug fix update (Important)oval-com.redhat.rhsa-def-20080892 highRHSA-2008:0892 CVE-2008-1945 CVE-2008-1952
RHSA-2008:0892: xen security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080892 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0892, CVE-2008-1945, CVE-2008-1952 |
| Description | The xen packages contain tools for managing the virtual machine monitor in Red Hat Virtualization. It was discovered that the hypervisor's para-virtualized framebuffer (PVFB) backend failed to validate the frontend's framebuffer description properly. This could allow a privileged user in the unprivileged domain (DomU) to cause a denial of service, or, possibly, elevate privileges to the privileged domain (Dom0). (CVE-2008-1952) A flaw was found in the QEMU block format auto-detection, when running fully-virtualized guests and using Qemu images written on removable media (USB storage, 3.5" disks). Privileged users of such fully-virtualized guests (DomU), with a raw-formatted disk image, were able to write a header to that disk image describing another format. This could allow such guests to read arbitrary files in their hypervisor's host (Dom0). (CVE-2008-1945) Additionally, the following bug is addressed in this update: * The qcow-create command terminated when invoked due to glibc bounds checking on the realpath() function. Users of xen are advised to upgrade to these updated packages, which resolve these security issues and fix this bug. |
RHSA-2008:0893: bzip2 security update (Moderate)oval-com.redhat.rhsa-def-20080893 mediumRHSA-2008:0893 CVE-2008-1372
RHSA-2008:0893: bzip2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080893 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0893, CVE-2008-1372 |
| Description | Bzip2 is a freely available, high-quality data compressor. It provides both stand-alone compression and decompression utilities, as well as a shared library for use with other programs. A buffer over-read flaw was discovered in the bzip2 decompression routine. This issue could cause an application linked against the libbz2 library to crash when decompressing malformed archives. (CVE-2008-1372) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0897: ruby security update (Moderate)oval-com.redhat.rhsa-def-20080897 mediumRHSA-2008:0897 CVE-2008-1145 CVE-2008-3443 CVE-2008-3655 CVE-2008-3656 CVE-2008-3657 CVE-2008-3790 CVE-2008-3905
RHSA-2008:0897: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080897 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0897, CVE-2008-1145, CVE-2008-3443, CVE-2008-3655, CVE-2008-3656, CVE-2008-3657, CVE-2008-3790, CVE-2008-3905 |
| Description | Ruby is an interpreted scripting language for quick and easy object-oriented programming. The Ruby DNS resolver library, resolv.rb, used predictable transaction IDs and a fixed source port when sending DNS requests. A remote attacker could use this flaw to spoof a malicious reply to a DNS query. (CVE-2008-3905) Ruby's XML document parsing module (REXML) was prone to a denial of service attack via XML documents with large XML entity definitions recursion. A specially-crafted XML file could cause a Ruby application using the REXML module to use an excessive amount of CPU and memory. (CVE-2008-3790) An insufficient "taintness" check flaw was discovered in Ruby's DL module, which provides direct access to the C language functions. An attacker could use this flaw to bypass intended safe-level restrictions by calling external C functions with the arguments from an untrusted tainted inputs. (CVE-2008-3657) A denial of service flaw was discovered in WEBrick, Ruby's HTTP server toolkit. A remote attacker could send a specially-crafted HTTP request to a WEBrick server that would cause the server to use an excessive amount of CPU time. (CVE-2008-3656) A number of flaws were found in the safe-level restrictions in Ruby. It was possible for an attacker to create a carefully crafted malicious script that can allow the bypass of certain safe-level restrictions. (CVE-2008-3655) A denial of service flaw was found in Ruby's regular expression engine. If a Ruby script tried to process a large amount of data via a regular expression, it could cause Ruby to enter an infinite-loop and crash. (CVE-2008-3443) Users of ruby should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0907: pam_krb5 security update (Moderate)oval-com.redhat.rhsa-def-20080907 mediumRHSA-2008:0907 CVE-2008-3825
RHSA-2008:0907: pam_krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080907 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0907, CVE-2008-3825 |
| Description | The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time. A flaw was found in the pam_krb5 "existing_ticket" configuration option. If a system is configured to use an existing credential cache via the "existing_ticket" option, it may be possible for a local user to gain elevated privileges by using a different, local user's credential cache. (CVE-2008-3825) Red Hat would like to thank Stéphane Bertin for responsibly disclosing this issue. Users of pam_krb5 should upgrade to this updated package, which contains a backported patch to resolve this issue. |
RHSA-2008:0908: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20080908 mediumRHSA-2008:0908 CVE-2008-0016 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070
RHSA-2008:0908: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080908 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0908, CVE-2008-0016, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062) Several flaws were found in the way malformed HTML mail content was displayed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-3835, CVE-2008-4067, CVE-2008-4068) A flaw was found in Thunderbird that caused certain characters to be stripped from JavaScript code. This flaw could allow malicious JavaScript to bypass or evade script filters. (CVE-2008-4065, CVE-2008-4066) Note: JavaScript support is disabled by default in Thunderbird; the above issue is not exploitable unless JavaScript is enabled. A heap based buffer overflow flaw was found in the handling of cancelled newsgroup messages. If the user cancels a specially crafted newsgroup message it could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-4070) All Thunderbird users should upgrade to these updated packages, which resolve these issues. |
RHSA-2008:0937: cups security update (Important)oval-com.redhat.rhsa-def-20080937 highRHSA-2008:0937 CVE-2008-3639 CVE-2008-3640 CVE-2008-3641
RHSA-2008:0937: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080937 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0937, CVE-2008-3639, CVE-2008-3640, CVE-2008-3641 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. A buffer overflow flaw was discovered in the SGI image format decoding routines used by the CUPS image converting filter "imagetops". An attacker could create a malicious SGI image file that could, possibly, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-3639) An integer overflow flaw leading to a heap buffer overflow was discovered in the Text-to-PostScript "texttops" filter. An attacker could create a malicious text file that could, possibly, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-3640) An insufficient buffer bounds checking flaw was discovered in the HP-GL/2-to-PostScript "hpgltops" filter. An attacker could create a malicious HP-GL/2 file that could, possibly, execute arbitrary code as the "lp" user if the file was printed. (CVE-2008-3641) Red Hat would like to thank regenrecht for reporting these issues. All CUPS users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0939: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20080939 highRHSA-2008:0939 CVE-2008-2237 CVE-2008-2238
RHSA-2008:0939: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080939 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0939, CVE-2008-2237, CVE-2008-2238 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. SureRun Security Team discovered an integer overflow flaw leading to a heap buffer overflow in the Windows Metafile (WMF) image format parser. An attacker could create a carefully crafted document containing a malicious WMF file that could cause OpenOffice.org to crash, or, possibly, execute arbitrary code if opened by a victim. (CVE-2008-2237) Multiple integer overflow flaws were found in the Enhanced Windows Metafile (EMF) parser. An attacker could create a carefully crafted document containing a malicious EMF file that could cause OpenOffice.org to crash, or, possibly, execute arbitrary code if opened by a victim. (CVE-2008-2238) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches that correct these issues. |
RHSA-2008:0946: ed security update (Moderate)oval-com.redhat.rhsa-def-20080946 mediumRHSA-2008:0946 CVE-2008-3916
RHSA-2008:0946: ed security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080946 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0946, CVE-2008-3916 |
| Description | ed is a line-oriented text editor, used to create, display, and modify text files (both interactively and via shell scripts). A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially-crafted name that could possibly execute an arbitrary code when opened in the ed editor. (CVE-2008-3916) Users of ed should upgrade to this updated package, which contains a backported patch to resolve this issue. |
RHSA-2008:0957: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080957 highRHSA-2008:0957 CVE-2006-5755 CVE-2007-5907 CVE-2008-2372 CVE-2008-3276 CVE-2008-3527 CVE-2008-3833 CVE-2008-4210 CVE-2008-4302
RHSA-2008:0957: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080957 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0957, CVE-2006-5755, CVE-2007-5907, CVE-2008-2372, CVE-2008-3276, CVE-2008-3527, CVE-2008-3833, CVE-2008-4210, CVE-2008-4302 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * the Xen implementation did not prevent applications running in a para-virtualized guest from modifying CR4 TSC. This could cause a local denial of service. (CVE-2007-5907, Important) * Tavis Ormandy reported missing boundary checks in the Virtual Dynamic Shared Objects (vDSO) implementation. This could allow a local unprivileged user to cause a denial of service or escalate privileges. (CVE-2008-3527, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could allow a local unprivileged user to obtain access to privileged information. (CVE-2008-4210, CVE-2008-3833, Important) * a flaw was found in the Linux kernel splice implementation. This could cause a local denial of service when there is a certain failure in the add_to_page_cache_lru() function. (CVE-2008-4302, Important) * a flaw was found in the Linux kernel when running on AMD64 systems. During a context switch, EFLAGS were being neither saved nor restored. This could allow a local unprivileged user to cause a denial of service. (CVE-2006-5755, Low) * a flaw was found in the Linux kernel virtual memory implementation. This could allow a local unprivileged user to cause a denial of service. (CVE-2008-2372, Low) * an integer overflow was discovered in the Linux kernel Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. By default, remote DCCP is blocked by SELinux. (CVE-2008-3276, Low) In addition, these updated packages fix the following bugs: * random32() seeding has been improved. * in a multi-core environment, a race between the QP async event-handler and the destro_qp() function could occur. This led to unpredictable results during invalid memory access, which could lead to a kernel crash. * a format string was omitted in the call to the request_module() function. * a stack overflow caused by an infinite recursion bug in the binfmt_misc kernel module was corrected. * the ata_scsi_rbuf_get() and ata_scsi_rbuf_put() functions now check for scatterlist usage before calling kmap_atomic(). * a sentinel NUL byte was added to the device_write() function to ensure that lspace.name is NUL-terminated. * in the character device driver, a range_is_allowed() check was added to the read_mem() and write_mem() functions. It was possible for an illegitimate application to bypass these checks, and access /dev/mem beyond the 1M limit by calling mmap_mem() instead. Also, the parameters of range_is_allowed() were changed to cleanly handle greater than 32-bits of physical address on 32-bit architectures. * some of the newer Nehalem-based systems declare their CPU DSDT entries as type "Alias". During boot, this caused an "Error attaching device data" message to be logged. * the evtchn event channel device lacked locks and memory barriers. This has led to xenstore becoming unresponsive on the Itanium® architecture. * sending of gratuitous ARP packets in the Xen frontend network driver is now delayed until the backend signals that its carrier status has been processed by the stack. * on forcedeth devices, whenever setting ethtool parameters for link speed, the device could stop receiving interrupts. * the CIFS 'forcedirectio' option did not allow text to be appended to files. * the gettimeofday() function returned a backwards time on Intel® 64. * residual-count corrections during UNDERRUN handling were added to the qla2xxx driver. * the fix for a small quirk was removed for certain Adaptec controllers for which it caused problems. * the "xm trigger init" command caused a domain panic if a userland application was running on a guest on the Intel® 64 architecture. Users of kernel should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:0965: lynx security update (Important)oval-com.redhat.rhsa-def-20080965 highRHSA-2008:0965 CVE-2006-7234 CVE-2008-4690
RHSA-2008:0965: lynx security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080965 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0965, CVE-2006-7234, CVE-2008-4690 |
| Description | Lynx is a text-based Web browser. An arbitrary command execution flaw was found in the Lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL that could execute arbitrary code as the user running Lynx in the non-default "Advanced" user mode. (CVE-2008-4690) Note: In these updated lynx packages, Lynx will always prompt users before loading a "lynxcgi:" URI. Additionally, the default lynx.cfg configuration file now marks all "lynxcgi:" URIs as untrusted by default. A flaw was found in a way Lynx handled ".mailcap" and ".mime.types" configuration files. Files in the browser's current working directory were opened before those in the user's home directory. A local attacker, able to convince a user to run Lynx in a directory under their control, could possibly execute arbitrary commands as the user running Lynx. (CVE-2006-7234) All users of Lynx are advised to upgrade to this updated package, which contains backported patches correcting these issues. |
RHSA-2008:0967: httpd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20080967 mediumRHSA-2008:0967 CVE-2008-2364 CVE-2008-2939
RHSA-2008:0967: httpd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080967 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0967, CVE-2008-2364, CVE-2008-2939 |
| Description | The Apache HTTP Server is a popular Web server. A flaw was found in the mod_proxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. (CVE-2008-2364) A flaw was found in the mod_proxy_ftp Apache module. If Apache was configured to support FTP-over-HTTP proxying, a remote attacker could have performed a cross-site scripting attack. (CVE-2008-2939) In addition, these updated packages fix a bug found in the handling of the "ProxyRemoteMatch" directive in the Red Hat Enterprise Linux 4 httpd packages. This bug is not present in the Red Hat Enterprise Linux 3 or Red Hat Enterprise Linux 5 packages. Users of httpd should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:0971: net-snmp security update (Important)oval-com.redhat.rhsa-def-20080971 highRHSA-2008:0971 CVE-2008-4309
RHSA-2008:0971: net-snmp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080971 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0971, CVE-2008-4309 |
| Description | The Simple Network Management Protocol (SNMP) is a protocol used for network management. A denial-of-service flaw was found in the way Net-SNMP processes SNMP GETBULK requests. A remote attacker who issued a specially-crafted request could cause the snmpd server to crash. (CVE-2008-4309) Note: An attacker must have read access to the SNMP server in order to exploit this flaw. In the default configuration, the community name "public" grants read-only access. In production deployments, it is recommended to change this default community name. All users of net-snmp should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2008:0972: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20080972 highRHSA-2008:0972 CVE-2007-5093 CVE-2007-6716 CVE-2008-1514 CVE-2008-3272 CVE-2008-3528 CVE-2008-4210
RHSA-2008:0972: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080972 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0972, CVE-2007-5093, CVE-2007-6716, CVE-2008-1514, CVE-2008-3272, CVE-2008-3528, CVE-2008-4210 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * a flaw was found in the Linux kernel's Direct-IO implementation. This could have allowed a local unprivileged user to cause a denial of service. (CVE-2007-6716, Important) * when running ptrace in 31-bit mode on an IBM S/390 or IBM System z kernel, a local unprivileged user could cause a denial of service by reading from or writing into a padding area in the user_regs_struct32 structure. (CVE-2008-1514, Important) * the do_truncate() and generic_file_splice_write() functions did not clear the setuid and setgid bits. This could have allowed a local unprivileged user to obtain access to privileged information. (CVE-2008-4210, Important) * Tobias Klein reported a missing check in the Linux kernel's Open Sound System (OSS) implementation. This deficiency could have led to an information leak. (CVE-2008-3272, Moderate) * a potential denial of service attack was discovered in the Linux kernel's PWC USB video driver. A local unprivileged user could have used this flaw to bring the kernel USB subsystem into the busy-waiting state. (CVE-2007-5093, Low) * the ext2 and ext3 file systems code failed to properly handle corrupted data structures, leading to a possible local denial of service issue when read or write operations were performed. (CVE-2008-3528, Low) In addition, these updated packages fix the following bugs: * when using the CIFS "forcedirectio" option, appending to an open file on a CIFS share resulted in that file being overwritten with the data to be appended. * a kernel panic occurred when a device with PCI ID 8086:10c8 was present on a system with a loaded ixgbe driver. * due to an aacraid driver regression, the kernel failed to boot when trying to load the aacraid driver and printed the following error message: "aac_srb: aac_fib_send failed with status: 8195". * due to an mpt driver regression, when RAID 1 was configured on Primergy systems with an LSI SCSI IME 53C1020/1030 controller, the kernel panicked during boot. * the mpt driver produced a large number of extraneous debugging messages when performing a "Host reset" operation. * due to a regression in the sym driver, the kernel panicked when a SCSI hot swap was performed using MCP18 hardware. * all cores on a multi-core system now scale their frequencies in accordance with the policy set by the system's CPU frequency governor. * the netdump subsystem suffered from several stability issues. These are addressed in this updated kernel. * under certain conditions, the ext3 file system reported a negative count of used blocks. * reading /proc/self/mem incorrectly returned "Invalid argument" instead of "input/output error" due to a regression. * under certain conditions, the kernel panicked when a USB device was removed while the system was busy accessing the device. * a race condition in the kernel could have led to a kernel crash during the creation of a new process. All Red Hat Enterprise Linux 4 Users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:0976: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20080976 mediumRHSA-2008:0976 CVE-2008-5012 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052
RHSA-2008:0976: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080976 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0976, CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024, CVE-2008-5052 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5024) All Thunderbird users should upgrade to these updated packages, which resolve these issues. |
RHSA-2008:0977: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20080977 highRHSA-2008:0977 CVE-2008-0017 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 CVE-2008-5052
RHSA-2008:0977: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080977 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0977, CVE-2008-0017, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024, CVE-2008-5052 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially-crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2008:0978: firefox security update (Critical)oval-com.redhat.rhsa-def-20080978 highRHSA-2008:0978 CVE-2008-0017 CVE-2008-5014 CVE-2008-5015 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024 CVE-2008-5052
RHSA-2008:0978: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20080978 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0978, CVE-2008-0017, CVE-2008-5014, CVE-2008-5015, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024, CVE-2008-5052 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the way malformed content was processed. A web site containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found in the way Firefox opened "file:" URIs. If a file: URI was loaded in the same tab as a chrome or privileged "about:" page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.4. You can find a link to the Mozilla advisories in the References section. All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. |
RHSA-2008:0981: ruby security update (Moderate)oval-com.redhat.rhsa-def-20080981 mediumRHSA-2008:0981 CVE-2008-4310
RHSA-2008:0981: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0981, CVE-2008-4310 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. Vincent Danen reported, that Red Hat Security Advisory RHSA-2008:0897 did not properly address a denial of service flaw in the WEBrick (Ruby HTTP server toolkit), known as CVE-2008-3656. This flaw allowed a remote attacker to send a specially-crafted HTTP request to a WEBrick server that would cause the server to use excessive CPU time. This update properly addresses this flaw. (CVE-2008-4310) All Ruby users should upgrade to these updated packages, which contain a correct patch that resolves this issue. |
RHSA-2008:0982: gnutls security update (Moderate)oval-com.redhat.rhsa-def-20080982 mediumRHSA-2008:0982 CVE-2008-4989
RHSA-2008:0982: gnutls security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20080982 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:0982, CVE-2008-4989 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). Martin von Gagern discovered a flaw in the way GnuTLS verified certificate chains provided by a server. A malicious server could use this flaw to spoof its identity by tricking client applications using the GnuTLS library to trust invalid certificates. (CVE-2008-4989) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue. |
RHSA-2008:0988: libxml2 security update (Important)oval-com.redhat.rhsa-def-20080988 highRHSA-2008:0988 CVE-2008-4225 CVE-2008-4226
RHSA-2008:0988: libxml2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20080988 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:0988, CVE-2008-4225, CVE-2008-4226 |
| Description | libxml2 is a library for parsing and manipulating XML files. It includes support for reading, modifying, and writing XML and HTML files. An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226) A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225) Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting these issues. Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:1001: tog-pegasus security update (Important)oval-com.redhat.rhsa-def-20081001 highRHSA-2008:1001 CVE-2008-4313 CVE-2008-4315
RHSA-2008:1001: tog-pegasus security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20081001 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:1001, CVE-2008-4313, CVE-2008-4315 |
| Description | The tog-pegasus packages provide OpenPegasus Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent Distributed Management Task Force (DMTF) standard that defines a common information model and communication protocol for monitoring and controlling resources. Red Hat defines additional security enhancements for OpenGroup Pegasus WBEM services in addition to those defined by the upstream OpenGroup Pegasus release. For details regarding these enhancements, refer to the file "README.RedHat.Security", included in the Red Hat tog-pegasus package. After re-basing to version 2.7.0 of the OpenGroup Pegasus code, these additional security enhancements were no longer being applied. As a consequence, access to OpenPegasus WBEM services was not restricted to the dedicated users as described in README.RedHat.Security. An attacker able to authenticate using a valid user account could use this flaw to send requests to WBEM services. (CVE-2008-4313) Note: default SELinux policy prevents tog-pegasus from modifying system files. This flaw's impact depends on whether or not tog-pegasus is confined by SELinux, and on any additional CMPI providers installed and enabled on a particular system. Failed authentication attempts against the OpenPegasus CIM server were not logged to the system log as documented in README.RedHat.Security. An attacker could use this flaw to perform password guessing attacks against a user account without leaving traces in the system log. (CVE-2008-4315) All tog-pegasus users are advised to upgrade to these updated packages, which contain patches to correct these issues. |
RHSA-2008:1016: enscript security update (Moderate)oval-com.redhat.rhsa-def-20081016 mediumRHSA-2008:1016 CVE-2008-3863 CVE-2008-4306
RHSA-2008:1016: enscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20081016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:1016, CVE-2008-3863, CVE-2008-4306 |
| Description | GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Two buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the "special escapes" option (-e or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306) All users of enscript should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:1017: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20081017 highRHSA-2008:1017 CVE-2008-3831 CVE-2008-4554 CVE-2008-4576
RHSA-2008:1017: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20081017 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:1017, CVE-2008-3831, CVE-2008-4554, CVE-2008-4576 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * Olaf Kirch reported a flaw in the i915 kernel driver. This flaw could, potentially, lead to local privilege escalation. Note: the flaw only affects systems based on the Intel G33 Express Chipset and newer. (CVE-2008-3831, Important) * Miklos Szeredi reported a missing check for files opened with O_APPEND in the sys_splice(). This could allow a local, unprivileged user to bypass the append-only file restrictions. (CVE-2008-4554, Important) * a deficiency was found in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. This could lead to a possible denial of service if one end of a SCTP connection did not support the AUTH extension. (CVE-2008-4576, Important) In addition, these updated packages fix the following bugs: * on Itanium® systems, when a multithreaded program was traced using the command "strace -f", messages such as PANIC: attached pid 10740 exited PANIC: handle_group_exit: 10740 leader 10721 ... will be displayed, and after which the trace would stop. With these updated packages, "strace -f" command no longer results in these error messages, and strace terminates normally after tracing all threads. * on big-endian systems such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255. * when using an NFSv4 file system, accessing the same file with two separate processes simultaneously resulted in the NFS client process becoming unresponsive. * on AMD64 and Intel® 64 hypervisor-enabled systems, when a syscall correctly returned '-1' in code compiled on Red Hat Enterprise Linux 5, the same code, when run with the strace utility, would incorrectly return an invalid return value. This has been fixed: on AMD64 and Intel® 64 hypervisor-enabled systems, syscalls in compiled code return the same, correct values as syscalls run with strace. * on the Itanium® architecture, fully-virtualized guest domains created using more than 64 GB of memory caused other guest domains not to receive interrupts. This caused soft lockups on other guests. All guest domains are now able to receive interrupts regardless of their allotted memory. * when user-space used SIGIO notification, which was not disabled before closing a file descriptor and was then re-enabled in a different process, an attempt by the kernel to dereference a stale pointer led to a kernel crash. With this fix, such a situation no longer causes a kernel crash. * modifications to certain pages made through a memory-mapped region could have been lost in cases when the NFS client needed to invalidate the page cache for that particular memory-mapped file. * fully-virtualized Windows® guests became unresponsive due to the vIOSAPIC component being multiprocessor-unsafe. With this fix, vIOSAPIC is multiprocessor-safe and Windows guests do not become unresponsive. * on certain systems, keyboard controllers could not withstand continuous requests to switch keyboard LEDs on or off. This resulted in some or all key presses not being registered by the system. * on the Itanium® architecture, setting the "vm.nr_hugepages" sysctl parameter caused a kernel stack overflow resulting in a kernel panic, and possibly stack corruption. With this fix, setting vm.nr_hugepages works correctly. * hugepages allow the Linux kernel to utilize the multiple page size capabilities of modern hardware architectures. In certain configurations, systems with large amounts of memory could fail to allocate most of this memory for hugepages even if it was free. This could result, for example, in database restart failures. Users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:1021: enscript security update (Moderate)oval-com.redhat.rhsa-def-20081021 mediumRHSA-2008:1021 CVE-2008-3863 CVE-2008-4306 CVE-2008-5078
RHSA-2008:1021: enscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20081021 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:1021, CVE-2008-3863, CVE-2008-4306, CVE-2008-5078 |
| Description | GNU enscript converts ASCII files to PostScript(R) language files and spools the generated output to a specified printer or saves it to a file. Enscript can be extended to handle different output media and includes options for customizing printouts. Several buffer overflow flaws were found in GNU enscript. An attacker could craft an ASCII file in such a way that it could execute arbitrary commands if the file was opened with enscript with the "special escapes" option (-e or --escapes) enabled. (CVE-2008-3863, CVE-2008-4306, CVE-2008-5078) All users of enscript should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2008:1023: pidgin security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20081023 mediumRHSA-2008:1023 CVE-2008-2955 CVE-2008-2957 CVE-2008-3532
RHSA-2008:1023: pidgin security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20081023 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:1023, CVE-2008-2955, CVE-2008-2957, CVE-2008-3532 |
| Description | Pidgin is a multi-protocol Internet Messaging client. A denial-of-service flaw was found in Pidgin's MSN protocol handler. If a remote user was able to send, and the Pidgin user accepted, a carefully-crafted file request, it could result in Pidgin crashing. (CVE-2008-2955) A denial-of-service flaw was found in Pidgin's Universal Plug and Play (UPnP) request handling. A malicious UPnP server could send a request to Pidgin, causing it to download an excessive amount of data, consuming all available memory or disk space. (CVE-2008-2957) A flaw was found in the way Pidgin handled SSL certificates. The NSS SSL implementation in Pidgin did not properly verify the authenticity of SSL certificates. This could have resulted in users unknowingly connecting to a malicious SSL service. (CVE-2008-3532) In addition, this update upgrades pidgin from version 2.3.1 to version 2.5.2, with many additional stability and functionality fixes from the Pidgin Project. Note: the Secure Internet Live Conferencing (SILC) chat network protocol has recently changed, affecting all versions of pidgin shipped with Red Hat Enterprise Linux. Pidgin cannot currently connect to the latest version of the SILC server (1.1.14): it fails to properly exchange keys during initial login. This update does not correct this. Red Hat Bugzilla #474212 (linked to in the References section) has more information. Note: after the errata packages are installed, Pidgin must be restarted for the update to take effect. All Pidgin users should upgrade to these updated packages, which contains Pidgin version 2.5.2 and resolves these issues. |
RHSA-2008:1029: cups security update (Moderate)oval-com.redhat.rhsa-def-20081029 mediumRHSA-2008:1029 CVE-2008-5183
RHSA-2008:1029: cups security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20081029 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2008:1029, CVE-2008-5183 |
| Description | The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A null pointer dereference flaw was found in the way CUPS handled subscriptions for printing job completion notifications. A local user could use this flaw to crash the CUPS daemon by submitting a large number of printing jobs requiring mail notification on completion, leading to a denial of service. (CVE-2008-5183) Users of cups should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2008:1036: firefox security update (Critical)oval-com.redhat.rhsa-def-20081036 highRHSA-2008:1036 CVE-2008-5500 CVE-2008-5501 CVE-2008-5502 CVE-2008-5505 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5510 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513
RHSA-2008:1036: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20081036 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:1036, CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5505, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5510, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5506, CVE-2008-5507) A flaw was found in the way Firefox stored attributes in XML User Interface Language (XUL) elements. A web site could use this flaw to track users across browser sessions, even if users did not allow the site to store cookies in the victim's browser. (CVE-2008-5505) A flaw was found in the way malformed URLs were processed by Firefox. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) A flaw was found in Firefox's CSS parser. A malicious web page could inject NULL characters into a CSS input string, possibly bypassing an application's script sanitization routines. (CVE-2008-5510) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.5. You can find a link to the Mozilla advisories in the References section. Note: after the errata packages are installed, Firefox must be restarted for the update to take effect. All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues. |
RHSA-2008:1037: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20081037 highRHSA-2008:1037 CVE-2008-5500 CVE-2008-5501 CVE-2008-5502 CVE-2008-5503 CVE-2008-5504 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513
RHSA-2008:1037: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20081037 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2008:1037, CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5503, CVE-2008-5504, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5504, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) A flaw was found in the way malformed URLs were processed by SeaMonkey. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) Note: after the errata packages are installed, SeaMonkey must be restarted for the update to take effect. All SeaMonkey users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2009:0002: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20090002 mediumRHSA-2009:0002 CVE-2008-5500 CVE-2008-5501 CVE-2008-5502 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2008-5513
RHSA-2009:0002: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090002 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0002, CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5503, CVE-2008-5506, CVE-2008-5507, CVE-2008-5508, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512, CVE-2008-5513) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2008-5503, CVE-2008-5506, CVE-2008-5507) Note: JavaScript support is disabled by default in Thunderbird; the above issues are not exploitable unless JavaScript is enabled. A flaw was found in the way malformed URLs were processed by Thunderbird. This flaw could prevent various URL sanitization mechanisms from properly parsing a malicious URL. (CVE-2008-5508) All Thunderbird users should upgrade to these updated packages, which resolve these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2009:0003: xen security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20090003 mediumRHSA-2009:0003 CVE-2008-4405 CVE-2008-4993
RHSA-2009:0003: xen security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0003, CVE-2008-4405, CVE-2008-4993 |
| Description | The xen packages contain the Xen tools and management daemons needed to manage virtual machines running on Red Hat Enterprise Linux. Xen was found to allow unprivileged DomU domains to overwrite xenstore values which should only be changeable by the privileged Dom0 domain. An attacker controlling a DomU domain could, potentially, use this flaw to kill arbitrary processes in Dom0 or trick a Dom0 user into accessing the text console of a different domain running on the same host. This update makes certain parts of the xenstore tree read-only to the unprivileged DomU domains. (CVE-2008-4405) It was discovered that the qemu-dm.debug script created a temporary file in /tmp in an insecure way. A local attacker in Dom0 could, potentially, use this flaw to overwrite arbitrary files via a symlink attack. Note: This script is not needed in production deployments and therefore was removed and is not shipped with updated xen packages. (CVE-2008-4993) This update also fixes the following bug: * xen calculates its running time by adding the hypervisor's up-time to the hypervisor's boot-time record. In live migrations of para-virtualized guests, however, the guest would over-write the new hypervisor's boot-time record with the boot-time of the previous hypervisor. This caused time-dependent processes on the guests to fail (for example, crond would fail to start cron jobs). With this update, the new hypervisor's boot-time record is no longer over-written during live migrations. All xen users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. The Xen host must be restarted for the update to take effect. |
RHSA-2009:0004: openssl security update (Important)oval-com.redhat.rhsa-def-20090004 highRHSA-2009:0004 CVE-2008-5077
RHSA-2009:0004: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090004 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0004, CVE-2008-5077 |
| Description | OpenSSL is a toolkit that implements Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength, general purpose, cryptography library. The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a "man in the middle" attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation. (CVE-2008-5077) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all running OpenSSL client applications must be restarted, or the system rebooted. |
RHSA-2009:0005: gnome-vfs, gnome-vfs2 security update (Moderate)oval-com.redhat.rhsa-def-20090005 mediumRHSA-2009:0005 CVE-2005-0706
RHSA-2009:0005: gnome-vfs, gnome-vfs2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090005 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0005, CVE-2005-0706 |
| Description | GNOME VFS is the GNOME virtual file system. It provides a modular architecture and ships with several modules that implement support for various local and remote file systems as well as numerous protocols, including HTTP, FTP, and others. A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine. (CVE-2005-0706) Users of gnome-vfs and gnome-vfs2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running GNOME sessions must be restarted for the update to take effect. |
RHSA-2009:0008: dbus security update (Moderate)oval-com.redhat.rhsa-def-20090008 mediumRHSA-2009:0008 CVE-2008-3834
RHSA-2009:0008: dbus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090008 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0008, CVE-2008-3834 |
| Description | D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial-of-service flaw was discovered in the system for sending messages between applications. A local user could send a message with a malformed signature to the bus causing the bus (and, consequently, any process using libdbus to receive messages) to abort. (CVE-2008-3834) All users are advised to upgrade to these updated dbus packages, which contain backported patch which resolve this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using libdbus library must be restarted, or the system rebooted. |
RHSA-2009:0010: squirrelmail security update (Moderate)oval-com.redhat.rhsa-def-20090010 mediumRHSA-2009:0010 CVE-2008-2379 CVE-2008-3663
RHSA-2009:0010: squirrelmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090010 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0010, CVE-2008-2379, CVE-2008-3663 |
| Description | SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. Ivan Markovic discovered a cross-site scripting (XSS) flaw in SquirrelMail caused by insufficient HTML mail sanitization. A remote attacker could send a specially-crafted HTML mail or attachment that could cause a user's Web browser to execute a malicious script in the context of the SquirrelMail session when that email or attachment was opened by the user. (CVE-2008-2379) It was discovered that SquirrelMail allowed cookies over insecure connections (ie did not restrict cookies to HTTPS connections). An attacker who controlled the communication channel between a user and the SquirrelMail server, or who was able to sniff the user's network communication, could use this flaw to obtain the user's session cookie, if a user made an HTTP request to the server. (CVE-2008-3663) Note: After applying this update, all session cookies set for SquirrelMail sessions started over HTTPS connections will have the "secure" flag set. That is, browsers will only send such cookies over an HTTPS connection. If needed, you can revert to the previous behavior by setting the configuration option "$only_secure_cookies" to "false" in SquirrelMail's /etc/squirrelmail/config.php configuration file. Users of squirrelmail should upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2009:0011: lcms security update (Moderate)oval-com.redhat.rhsa-def-20090011 mediumRHSA-2009:0011 CVE-2008-5316 CVE-2008-5317
RHSA-2009:0011: lcms security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090011 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0011, CVE-2008-5316, CVE-2008-5317 |
| Description | Little Color Management System (LittleCMS, or simply "lcms") is a small-footprint, speed-optimized open source color management engine. Multiple insufficient input validation flaws were discovered in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened. (CVE-2008-5316, CVE-2008-5317) Users of lcms should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using lcms library must be restarted for the update to take effect. |
RHSA-2009:0012: netpbm security update (Moderate)oval-com.redhat.rhsa-def-20090012 mediumRHSA-2009:0012 CVE-2007-2721 CVE-2008-3520
RHSA-2009:0012: netpbm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090012 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0012, CVE-2007-2721, CVE-2008-3520 |
| Description | The netpbm package contains a library of functions for editing and converting between various graphics file formats, including .pbm (portable bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable pixmaps), and others. An input validation flaw and multiple integer overflows were discovered in the JasPer library providing support for JPEG-2000 image format and used in the jpeg2ktopam and pamtojpeg2k converters. An attacker could create a carefully-crafted JPEG file which could cause jpeg2ktopam to crash or, possibly, execute arbitrary code as the user running jpeg2ktopam. (CVE-2007-2721, CVE-2008-3520) All users are advised to upgrade to these updated packages which contain backported patches which resolve these issues. |
RHSA-2009:0013: avahi security update (Moderate)oval-com.redhat.rhsa-def-20090013 mediumRHSA-2009:0013 CVE-2008-5081
RHSA-2009:0013: avahi security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090013 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0013, CVE-2008-5081 |
| Description | Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zeroconf Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, see printers to print to, and find shared files on other computers. Hugo Dias discovered a denial of service flaw in avahi-daemon. A remote attacker on the same local area network (LAN) could send a specially-crafted mDNS (Multicast DNS) packet that would cause avahi-daemon to exit unexpectedly due to a failed assertion check. (CVE-2008-5081) All users are advised to upgrade to these updated packages, which contain a backported patch which resolves this issue. After installing the update, avahi-daemon will be restarted automatically. |
RHSA-2009:0014: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20090014 highRHSA-2009:0014 CVE-2008-3275 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5029 CVE-2008-5300 CVE-2008-5702
RHSA-2009:0014: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090014 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0014, CVE-2008-3275, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5300, CVE-2008-5702 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues: * the sendmsg() function in the Linux kernel did not block during UNIX socket garbage collection. This could, potentially, lead to a local denial of service. (CVE-2008-5300, Important) * when fput() was called to close a socket, the __scm_destroy() function in the Linux kernel could make indirect recursive calls to itself. This could, potentially, lead to a local denial of service. (CVE-2008-5029, Important) * a deficiency was found in the Linux kernel virtual file system (VFS) implementation. This could allow a local, unprivileged user to make a series of file creations within deleted directories, possibly causing a denial of service. (CVE-2008-3275, Moderate) * a buffer underflow flaw was found in the Linux kernel IB700 SBC watchdog timer driver. This deficiency could lead to a possible information leak. By default, the "/dev/watchdog" device is accessible only to the root user. (CVE-2008-5702, Low) * the hfs and hfsplus file systems code failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low) * a flaw was found in the hfsplus file system implementation. This could, potentially, lead to a local denial of service when write operations were performed. (CVE-2008-4934, Low) This update also fixes the following bugs: * when running Red Hat Enterprise Linux 4.6 and 4.7 on some systems running Intel® CPUs, the cpuspeed daemon did not run, preventing the CPU speed from being changed, such as not being reduced to an idle state when not in use. * mmap() could be used to gain access to beyond the first megabyte of RAM, due to insufficient checks in the Linux kernel code. Checks have been added to prevent this. * attempting to turn keyboard LEDs on and off rapidly on keyboards with slow keyboard controllers, may have caused key presses to fail. * after migrating a hypervisor guest, the MAC address table was not updated, causing packet loss and preventing network connections to the guest. Now, a gratuitous ARP request is sent after migration. This refreshes the ARP caches, minimizing network downtime. * writing crash dumps with diskdump may have caused a kernel panic on Non-Uniform Memory Access (NUMA) systems with certain memory configurations. * on big-endian systems, such as PowerPC, the getsockopt() function incorrectly returned 0 depending on the parameters passed to it when the time to live (TTL) value equaled 255, possibly causing memory corruption and application crashes. * a problem in the kernel packages provided by the RHSA-2008:0508 advisory caused the Linux kernel's built-in memory copy procedure to return the wrong error code after recovering from a page fault on AMD64 and Intel 64 systems. This may have caused other Linux kernel functions to return wrong error codes. * a divide-by-zero bug in the Linux kernel process scheduler, which may have caused kernel panics on certain systems, has been resolved. * the netconsole kernel module caused the Linux kernel to hang when slave interfaces of bonded network interfaces were started, resulting in a system hang or kernel panic when restarting the network. * the "/proc/xen/" directory existed even if systems were not running Red Hat Virtualization. This may have caused problems for third-party software that checks virtualization-ability based on the existence of "/proc/xen/". Note: this update will remove the "/proc/xen/" directory on systems not running Red Hat Virtualization. All Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2009:0018: xterm security update (Important)oval-com.redhat.rhsa-def-20090018 highRHSA-2009:0018 CVE-2008-2383
RHSA-2009:0018: xterm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090018 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0018, CVE-2008-2383 |
| Description | The xterm program is a terminal emulator for the X Window System. A flaw was found in the xterm handling of Device Control Request Status String (DECRQSS) escape sequences. An attacker could create a malicious text file (or log entry, if unfiltered) that could run arbitrary commands if read by a victim inside an xterm window. (CVE-2008-2383) All xterm users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. All running instances of xterm must be restarted for the update to take effect. |
RHSA-2009:0020: bind security update (Moderate)oval-com.redhat.rhsa-def-20090020 mediumRHSA-2009:0020 CVE-2009-0025
RHSA-2009:0020: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090020 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0020, CVE-2009-0025 |
| Description | BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. (CVE-2009-0025) For users of Red Hat Enterprise Linux 3 this update also addresses a bug which can cause BIND to occasionally exit with an assertion failure. All BIND users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, BIND daemon will be restarted automatically. |
RHSA-2009:0046: ntp security update (Moderate)oval-com.redhat.rhsa-def-20090046 mediumRHSA-2009:0046 CVE-2009-0021
RHSA-2009:0046: ntp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090046 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0046, CVE-2009-0021 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. (CVE-2009-0021) Note: This issue only affects systems that have enabled NTP authentication. By default, NTP authentication is not enabled. All ntp users are advised to upgrade to the updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically. |
RHSA-2009:0057: squirrelmail security update (Important)oval-com.redhat.rhsa-def-20090057 highRHSA-2009:0057 CVE-2009-0030 CVE-2009-1580
RHSA-2009:0057: squirrelmail security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090057 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0057, CVE-2009-0030, CVE-2009-1580 |
| Description | SquirrelMail is an easy-to-configure, standards-based, webmail package written in PHP. It includes built-in PHP support for the IMAP and SMTP protocols, and pure HTML 4.0 page-rendering (with no JavaScript required) for maximum browser-compatibility, strong MIME support, address books, and folder manipulation. The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions. (CVE-2009-0030) SquirrelMail users should upgrade to this updated package, which contains a patch to correct this issue. As well, all users who used affected versions of SquirrelMail should review their preferences. |
RHSA-2009:0205: dovecot security and bug fix update (Low)oval-com.redhat.rhsa-def-20090205 lowRHSA-2009:0205 CVE-2008-4577 CVE-2008-4870
RHSA-2009:0205: dovecot security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20090205 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:0205, CVE-2008-4577, CVE-2008-4870 |
| Description | Dovecot is an IMAP server for Linux and UNIX-like systems, primarily
written with security in mind.
A flaw was found in Dovecot's ACL plug-in. The ACL plug-in treated negative
access rights as positive rights, which could allow an attacker to bypass
intended access restrictions. (CVE-2008-4577)
A password disclosure flaw was found with Dovecot's configuration file. If
a system had the "ssl_key_password" option defined, any local user could
view the SSL key password. (CVE-2008-4870)
Note: This flaw did not allow the attacker to acquire the contents of the
SSL key. The password has no value without the key file which arbitrary
users should not have read access to.
To better protect even this value, however, the dovecot.conf file now
supports the "!include_try" directive. The ssl_key_password option should
be moved from dovecot.conf to a new file owned by, and only readable and
writable by, root (ie 0600). This file should be referenced from
dovecot.conf by setting the "!include_try [/path/to/password/file]" option.
Additionally, this update addresses the following bugs:
* the dovecot init script -- /etc/rc.d/init.d/dovecot -- did not check if
the dovecot binary or configuration files existed. It also used the wrong
pid file for checking the dovecot service's status. This update includes a
new init script that corrects these errors.
* the %files section of the dovecot spec file did not include "%dir
%{ssldir}/private". As a consequence, the /etc/pki/private/ directory was
not owned by dovecot. (Note: files inside /etc/pki/private/ were and are
owned by dovecot.) With this update, the missing line has been added to the
spec file, and the noted directory is now owned by dovecot.
* in some previously released versions of dovecot, the authentication
process accepted (and passed along un-escaped) passwords containing
characters that had special meaning to dovecot's internal protocols. This
updated release prevents such passwords from being passed back, instead
returning the error, "Attempted login with password having illegal chars".
Note: dovecot versions previously shipped with Red Hat Enterprise Linux 5
did not allow this behavior. This update addresses the issue above but said
issue was only present in versions of dovecot not previously included with
Red Hat Enterprise Linux 5.
Users of dovecot are advised to upgrade to this updated package, which
addresses these vulnerabilities and resolves these issues.
|
RHSA-2009:0225: Red Hat Enterprise Linux 5.3 kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20090225 highRHSA-2009:0225 CVE-2008-5029 CVE-2008-5079 CVE-2008-5182 CVE-2008-5300
RHSA-2009:0225: Red Hat Enterprise Linux 5.3 kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090225 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0225, CVE-2008-5029, CVE-2008-5079, CVE-2008-5182, CVE-2008-5300 |
| Description | The Linux kernel (the core of the Linux operating system)
These updated packages contain 730 bug fixes and enhancements for the Linux
kernel. Space precludes a detailed description of each of these changes in
this advisory and users are therefore directed to the release notes for Red
Hat Enterprise Linux 5.3 for information on 97 of the most significant of
these changes.
Details of three security-related bug fixes are set out below, along with
notes on other broad categories of change not covered in the release notes.
For more detailed information on specific bug fixes or enhancements, please
consult the Bugzilla numbers listed in this advisory.
* when fput() was called to close a socket, the __scm_destroy() function
in the Linux kernel could make indirect recursive calls to itself. This
could, potentially, lead to a denial of service issue. (CVE-2008-5029,
Important)
* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A
local, unprivileged user could use the flaw to listen on the same socket
more than once, possibly causing a denial of service. (CVE-2008-5079,
Important)
* a race condition was found in the Linux kernel "inotify" watch removal
and umount implementation. This could allow a local, unprivileged user
to cause a privilege escalation or a denial of service. (CVE-2008-5182,
Important)
* Bug fixes and enhancements are provided for:
* support for specific NICs, including products from the following
manufacturers:
Broadcom
Chelsio
Cisco
Intel
Marvell
NetXen
Realtek
Sun
* Fiber Channel support, including support for Qlogic qla2xxx,
qla4xxx, and qla84xx HBAs and the FCoE, FCP, and zFCP protocols.
* support for various CPUs, including:
AMD Opteron processors with 45 nm SOI ("Shanghai")
AMD Turion Ultra processors
Cell processors
Intel Core i7 processors
* Xen support, including issues specific to the IA64 platform, systems
using AMD processors, and Dell Optiplex GX280 systems
* ext3, ext4, GFS2, NFS, and SPUFS
* Infiniband (including eHCA, eHEA, and IPoIB) support
* common I/O (CIO), direct I/O (DIO), and queued direct I/O (qdio) support
* the kernel distributed lock manager (DLM)
* hardware issues with: SCSI, IEEE 1394 (FireWire), RAID (including issues
specific to Adaptec controllers), SATA (including NCQ), PCI, audio, serial
connections, tape-drives, and USB
* ACPI, some of a general nature and some related to specific hardware
including: certain Lenovo Thinkpad notebooks, HP DC7700 systems, and
certain machines based on Intel Centrino processor technology.
* CIFS, including Kerberos support and a tech-preview of DFS support
* networking support, including IPv6, PPPoE, and IPSec
* support for Intel chipsets, including:
Intel Cantiga chipsets
Intel Eagle Lake chipsets
Intel i915 chipsets
Intel i965 chipsets
Intel Ibex Peak chipsets
Intel chipsets offering QuickPath Interconnects (QPI)
* device mapping issues, including some in device mapper itself
* various issues specific to IA64 and PPC
* CCISS, including support for Compaq SMART Array controllers P711m and
P712m and other new hardware
* various issues affecting specific HP systems, including:
DL785G5
XW4800
XW8600
XW8600
XW9400
* IOMMU support, including specific
issues with AMD and IBM Calgary hardware
* the audit subsystem
* DASD support
* iSCSI support, including issues specific to Chelsio T3 adapters
* LVM issues
* SCTP management information base (MIB) support
* issues with: autofs, kdump, kobject_add, libata, lpar, ptrace, and utrace
* IBM Power platforms using Enhanced I/O Error Handling (EEH)
* EDAC issues for AMD K8 and Intel i5000
* ALSA, including support for new hardware
* futex support
* hugepage support
* Intelligent Platform Management Interface (IPMI) support
* issues affecting NEC/Stratus servers
* OFED support
* SELinux
* various Virtio issues
All users are advised to upgrade to these updated packages, which resolve
these issues and add these enhancements.
|
RHSA-2009:0256: firefox security update (Critical)oval-com.redhat.rhsa-def-20090256 highRHSA-2009:0256 CVE-2009-0352 CVE-2009-0353 CVE-2009-0354 CVE-2009-0355 CVE-2009-0356 CVE-2009-0357 CVE-2009-0358
RHSA-2009:0256: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20090256 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0256, CVE-2009-0352, CVE-2009-0353, CVE-2009-0354, CVE-2009-0355, CVE-2009-0356, CVE-2009-0357, CVE-2009-0358 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0356) Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0354, CVE-2009-0355) A flaw was found in the way Firefox treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) A flaw was found in the way Firefox treated certain HTTP page caching directives. A local attacker could steal the contents of sensitive pages which the page author did not intend to be cached. (CVE-2009-0358) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.6. You can find a link to the Mozilla advisories in the References section. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.6, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2009:0257: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20090257 highRHSA-2009:0257 CVE-2009-0352 CVE-2009-0353 CVE-2009-0355 CVE-2009-0357
RHSA-2009:0257: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20090257 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0257, CVE-2009-0352, CVE-2009-0353, CVE-2009-0355, CVE-2009-0357 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0352, CVE-2009-0353) A flaw was found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a SeaMonkey user into uploading a local file. (CVE-2009-0355) A flaw was found in the way SeaMonkey treated HTTPOnly cookies. An attacker able to execute arbitrary JavaScript on a target site using HTTPOnly cookies may be able to use this flaw to steal the cookie. (CVE-2009-0357) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:0258: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20090258 mediumRHSA-2009:0258 CVE-2009-0352 CVE-2009-0353 CVE-2009-0355 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776
RHSA-2009:0258: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090258 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0258, CVE-2009-0352, CVE-2009-0353, CVE-2009-0355, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2009:0259: mod_auth_mysql security update (Moderate)oval-com.redhat.rhsa-def-20090259 mediumRHSA-2009:0259 CVE-2008-2384
RHSA-2009:0259: mod_auth_mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090259 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0259, CVE-2008-2384 |
| Description | The mod_auth_mysql package includes an extension module for the Apache HTTP Server which can be used to implement web user authentication against a MySQL database. A flaw was found in the way mod_auth_mysql escaped certain multibyte-encoded strings. If mod_auth_mysql was configured to use a multibyte character set that allowed a backslash '\' as part of the character encodings, a remote attacker could inject arbitrary SQL commands into a login request. (CVE-2008-2384) Note: This flaw only affected non-default installations where AuthMySQLCharacterSet is configured to use one of the affected multibyte character sets. Installations that did not use the AuthMySQLCharacterSet configuration option were not vulnerable to this flaw. All mod_auth_mysql users are advised to upgrade to the updated package, which contains a backported patch to resolve this issue. After installing the update, the httpd daemon must be restarted for the fix to take effect. |
RHSA-2009:0261: vnc security update (Moderate)oval-com.redhat.rhsa-def-20090261 mediumRHSA-2009:0261 CVE-2008-4770
RHSA-2009:0261: vnc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090261 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0261, CVE-2008-4770 |
| Description | Virtual Network Computing (VNC) is a remote display system which allows you to view a computer's "desktop" environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. An insufficient input validation flaw was discovered in the VNC client application, vncviewer. If an attacker could convince a victim to connect to a malicious VNC server, or when an attacker was able to connect to vncviewer running in the "listen" mode, the attacker could cause the victim's vncviewer to crash or, possibly, execute arbitrary code. (CVE-2008-4770) Users of vncviewer should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all running instances of vncviewer must be restarted after the update is installed. |
RHSA-2009:0264: kernel security update (Important)oval-com.redhat.rhsa-def-20090264 highRHSA-2009:0264 CVE-2008-4933 CVE-2008-4934 CVE-2008-5025 CVE-2008-5713 CVE-2009-0031 CVE-2009-0065
RHSA-2009:0264: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090264 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0264, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5713, CVE-2009-0031, CVE-2009-0065 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update addresses the following security issues: * a memory leak in keyctl handling. A local user could use this flaw to deplete kernel memory, eventually leading to a denial of service. (CVE-2009-0031, Important) * a buffer overflow in the Linux kernel Partial Reliable Stream Control Transmission Protocol (PR-SCTP) implementation. This could, potentially, lead to a denial of service if a Forward-TSN chunk is received with a large stream ID. (CVE-2009-0065, Important) * a flaw when handling heavy network traffic on an SMP system with many cores. An attacker who could send a large amount of network traffic could create a denial of service. (CVE-2008-5713, Important) * the code for the HFS and HFS Plus (HFS+) file systems failed to properly handle corrupted data structures. This could, potentially, lead to a local denial of service. (CVE-2008-4933, CVE-2008-5025, Low) * a flaw was found in the HFS Plus (HFS+) file system implementation. This could, potentially, lead to a local denial of service when write operations are performed. (CVE-2008-4934, Low) In addition, these updated packages fix the following bugs: * when using the nfsd daemon in a clustered setup, kernel panics appeared seemingly at random. These panics were caused by a race condition in the device-mapper mirror target. * the clock_gettime(CLOCK_THREAD_CPUTIME_ID, ) syscall returned a smaller timespec value than the result of previous clock_gettime() function execution, which resulted in a negative, and nonsensical, elapsed time value. * nfs_create_rpc_client was called with a "flavor" parameter which was usually ignored and ended up unconditionally creating the RPC client with an AUTH_UNIX flavor. This caused problems on AUTH_GSS mounts when the credentials needed to be refreshed. The credops did not match the authorization type, which resulted in the credops dereferencing an incorrect part of the AUTH_UNIX rpc_auth struct. * when copy_user_c terminated prematurely due to reading beyond the end of the user buffer and the kernel jumped to the exception table entry, the rsi register was not cleared. This resulted in exiting back to user code with garbage in the rsi register. * the hexdump data in s390dbf traces was incomplete. The length of the data traced was incorrect and the SAN payload was read from a different place then it was written to. * when using connected mode (CM) in IPoIB on ehca2 hardware, it was not possible to transmit any data. * when an application called fork() and pthread_create() many times and, at some point, a thread forked a child and then attempted to call the setpgid() function, then this function failed and returned and ESRCH error value. Users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: for this update to take effect, the system must be rebooted. |
RHSA-2009:0267: sudo security update (Moderate)oval-com.redhat.rhsa-def-20090267 mediumRHSA-2009:0267 CVE-2009-0034
RHSA-2009:0267: sudo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090267 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0267, CVE-2009-0034 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging. A flaw was discovered in a way sudo handled group specifications in "run as" lists in the sudoers configuration file. If sudo configuration allowed a user to run commands as any user of some group and the user was also a member of that group, sudo incorrectly allowed them to run defined commands with the privileges of any system user. This gave the user unintended privileges. (CVE-2009-0034) Users of sudo should update to this updated package, which contains a backported patch to resolve this issue. |
RHSA-2009:0270: gstreamer-plugins security update (Important)oval-com.redhat.rhsa-def-20090270 highRHSA-2009:0270 CVE-2009-0397
RHSA-2009:0270: gstreamer-plugins security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0270, CVE-2009-0397 |
| Description | The gstreamer-plugins package contains plugins used by the GStreamer streaming-media framework to support a wide variety of media types. A heap buffer overflow was found in the GStreamer's QuickTime media file format decoding plug-in. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim. (CVE-2009-0397) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using GStreamer (such as rhythmbox) must be restarted for the changes to take effect. |
RHSA-2009:0271: gstreamer-plugins-good security update (Important)oval-com.redhat.rhsa-def-20090271 highRHSA-2009:0271 CVE-2009-0386 CVE-2009-0387 CVE-2009-0397
RHSA-2009:0271: gstreamer-plugins-good security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090271 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0271, CVE-2009-0386, CVE-2009-0387, CVE-2009-0397 |
| Description | GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, GStreamer plug-ins of good quality released under the LGPL license. Multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim. (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397) All users of gstreamer-plugins-good are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as totem or rhythmbox) must be restarted for the changes to take effect. |
RHSA-2009:0296: icu security update (Moderate)oval-com.redhat.rhsa-def-20090296 mediumRHSA-2009:0296 CVE-2008-1036
RHSA-2009:0296: icu security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090296 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0296, CVE-2008-1036 |
| Description | The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. A flaw was found in the way ICU processed certain, invalid, encoded data. If an application used ICU to decode malformed, multibyte, character data, it may have been possible to bypass certain content protection mechanisms, or display information in a manner misleading to the user. (CVE-2008-1036) All users of icu should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2009:0313: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20090313 mediumRHSA-2009:0313 CVE-2008-4680 CVE-2008-4681 CVE-2008-4682 CVE-2008-4683 CVE-2008-4684 CVE-2008-4685 CVE-2008-5285 CVE-2008-6472 CVE-2009-0599 CVE-2009-0600
RHSA-2009:0313: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090313 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0313, CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4683, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2008-6472, CVE-2009-0599, CVE-2009-0600 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malformed dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2008-4683, CVE-2009-0599) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malformed dump file. (CVE-2008-4680, CVE-2008-4681, CVE-2008-4682, CVE-2008-4684, CVE-2008-4685, CVE-2008-5285, CVE-2009-0600) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.6, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2009:0315: firefox security update (Critical)oval-com.redhat.rhsa-def-20090315 highRHSA-2009:0315 CVE-2009-0040 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776 CVE-2009-0777
RHSA-2009:0315: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20090315 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0315, CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777 |
| Description | Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2009:0325: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20090325 highRHSA-2009:0325 CVE-2009-0040 CVE-2009-0772 CVE-2009-0774 CVE-2009-0775 CVE-2009-0776
RHSA-2009:0325: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20090325 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0325, CVE-2009-0040, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0040, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) A flaw was found in the way malformed content was processed. A website containing specially-crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2009-0776) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:0326: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20090326 highRHSA-2009:0326 CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778
RHSA-2009:0326: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090326 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0326, CVE-2008-3528, CVE-2008-5700, CVE-2009-0028, CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676, CVE-2009-0778 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * memory leaks were found on some error paths in the icmp_send() function in the Linux kernel. This could, potentially, cause the network connectivity to cease. (CVE-2009-0778, Important) * Chris Evans reported a deficiency in the clone() system call when called with the CLONE_PARENT flag. This flaw permits the caller (the parent process) to indicate an arbitrary signal it wants to receive when its child process exits. This could lead to a denial of service of the parent process. (CVE-2009-0028, Moderate) * an off-by-one underflow flaw was found in the eCryptfs subsystem. This could potentially cause a local denial of service when the readlink() function returned an error. (CVE-2009-0269, Moderate) * a deficiency was found in the Remote BIOS Update (RBU) driver for Dell systems. This could allow a local, unprivileged user to cause a denial of service by reading zero bytes from the image_type or packet_size files in "/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Moderate) * an inverted logic flaw was found in the SysKonnect FDDI PCI adapter driver, allowing driver statistics to be reset only when the CAP_NET_ADMIN capability was absent (local, unprivileged users could reset driver statistics). (CVE-2009-0675, Moderate) * the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure. (CVE-2009-0676, Moderate) * the ext2 and ext3 file system code failed to properly handle corrupted data structures, leading to a possible local denial of service when read or write operations were performed on a specially-crafted file system. (CVE-2008-3528, Low) * a deficiency was found in the libATA implementation. This could, potentially, lead to a local denial of service. Note: by default, the "/dev/sg*" devices are accessible only to the root user. (CVE-2008-5700, Low) Bug fixes: * a bug in aic94xx may have caused kernel panics during boot on some systems with certain SATA disks. (BZ#485909) * a word endianness problem in the qla2xx driver on PowerPC-based machines may have corrupted flash-based devices. (BZ#485908) * a memory leak in pipe() may have caused a system deadlock. The workaround in Section 1.5, Known Issues, of the Red Hat Enterprise Linux 5.3 Release Notes Updates, which involved manually allocating extra file descriptors to processes calling do_pipe, is no longer necessary. (BZ#481576) * CPU soft-lockups in the network rate estimator. (BZ#481746) * bugs in the ixgbe driver caused it to function unreliably on some systems with 16 or more CPU cores. (BZ#483210) * the iwl4965 driver may have caused a kernel panic. (BZ#483206) * a bug caused NFS attributes to not update for some long-lived NFS mounted file systems. (BZ#483201) * unmounting a GFS2 file system may have caused a panic. (BZ#485910) * a bug in ptrace() may have caused a panic when single stepping a target. (BZ#487394) * on some 64-bit systems, notsc was incorrectly set at boot, causing slow gettimeofday() calls. (BZ#488239) * do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#490433) * scaling problems caused performance problems for LAPI applications. (BZ#489457) * a panic may have occurred on systems using certain Intel WiFi Link 5000 products when booting with the RF Kill switch on. (BZ#489846) * the TSC is invariant with C/P/T states, and always runs at constant frequency from now on. (BZ#489310) All users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:0329: freetype security update (Important)oval-com.redhat.rhsa-def-20090329 highRHSA-2009:0329 CVE-2006-1861 CVE-2007-2754 CVE-2008-1808 CVE-2009-0946
RHSA-2009:0329: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090329 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0329, CVE-2006-1861, CVE-2007-2754, CVE-2008-1808, CVE-2009-0946 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Chris Evans discovered multiple integer overflow flaws in the FreeType font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2006-1861) An integer overflow flaw was found in the way the FreeType font engine processed TrueType® Font (TTF) files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2007-2754) A flaw was discovered in the FreeType TTF font-file format parser when the TrueType virtual machine Byte Code Interpreter (BCI) is enabled. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2008-1808) The CVE-2008-1808 flaw did not affect the freetype packages as distributed in Red Hat Enterprise Linux 3 and 4, as they are not compiled with TrueType BCI support. A fix for this flaw has been included in this update as users may choose to recompile the freetype packages in order to enable TrueType BCI support. Red Hat does not, however, provide support for modified and recompiled packages. Note: For the FreeType 2 font engine, the CVE-2006-1861, CVE-2007-2754, and CVE-2008-1808 flaws were addressed via RHSA-2006:0500, RHSA-2007:0403, and RHSA-2008:0556 respectively. This update provides corresponding updates for the FreeType 1 font engine, included in the freetype packages distributed in Red Hat Enterprise Linux 3 and 4. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2009:0331: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20090331 highRHSA-2009:0331 CVE-2008-5700 CVE-2009-0031 CVE-2009-0065 CVE-2009-0322
RHSA-2009:0331: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090331 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0331, CVE-2008-5700, CVE-2009-0031, CVE-2009-0065, CVE-2009-0322 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update addresses the following security issues:
* a buffer overflow was found in the Linux kernel Partial Reliable Stream
Control Transmission Protocol (PR-SCTP) implementation. This could,
potentially, lead to a denial of service if a Forward-TSN chunk is received
with a large stream ID. (CVE-2009-0065, Important)
* a memory leak was found in keyctl handling. A local, unprivileged user
could use this flaw to deplete kernel memory, eventually leading to a
denial of service. (CVE-2009-0031, Important)
* a deficiency was found in the Remote BIOS Update (RBU) driver for Dell
systems. This could allow a local, unprivileged user to cause a denial of
service by reading zero bytes from the image_type or packet_size file in
"/sys/devices/platform/dell_rbu/". (CVE-2009-0322, Important)
* a deficiency was found in the libATA implementation. This could,
potentially, lead to a denial of service. Note: by default, "/dev/sg*"
devices are accessible only to the root user. (CVE-2008-5700, Low)
This update also fixes the following bugs:
* when the hypervisor changed a page table entry (pte) mapping from
read-only to writable via a make_writable hypercall, accessing the changed
page immediately following the change caused a spurious page fault. When
trying to install a para-virtualized Red Hat Enterprise Linux 4 guest on a
Red Hat Enterprise Linux 5.3 dom0 host, this fault crashed the installer
with a kernel backtrace. With this update, the "spurious" page fault is
handled properly. (BZ#483748)
* net_rx_action could detect its cpu poll_list as non-empty, but have that
same list reduced to empty by the poll_napi path. This resulted in garbage
data being returned when net_rx_action calls list_entry, which subsequently
resulted in several possible crash conditions. The race condition in the
network code which caused this has been fixed. (BZ#475970, BZ#479681,
BZ#480741)
* a misplaced memory barrier at unlock_buffer() could lead to a concurrent
h_refcounter update which produced a reference counter leak and, later, a
double free in ext3_xattr_release_block(). Consequent to the double free,
ext3 reported an error
ext3_free_blocks_sb: bit already cleared for block [block number]
and mounted itself as read-only. With this update, the memory barrier is
now placed before the buffer head lock bit, forcing the write order and
preventing the double free. (BZ#476533)
* when the iptables module was unloaded, it was assumed the correct entry
for removal had been found if "wrapper->ops->pf" matched the value passed
in by "reg->pf". If several ops ranges were registered against the same
protocol family, however, (which was likely if you had both ip_conntrack
and ip_contrack_* loaded) this assumption could lead to NULL list pointers
and cause a kernel panic. With this update, "wrapper->ops" is matched to
pointer values "reg", which ensures the correct entry is removed and
results in no NULL list pointers. (BZ#477147)
* when the pidmap page (used for tracking process ids, pids) incremented to
an even page (ie the second, fourth, sixth, etc. pidmap page), the
alloc_pidmap() routine skipped the page. This resulted in "holes" in the
allocated pids. For example, after pid 32767, you would expect 32768 to be
allocated. If the page skipping behavior presented, however, the pid
allocated after 32767 was 65536. With this update, alloc_pidmap() no longer
skips alternate pidmap pages and allocated pid holes no longer occur. This
fix also corrects an error which allowed pid_max to be set higher than the
pid_max limit has been corrected. (BZ#479182)
All Red Hat Enterprise Linux 4 users should upgrade to these updated
packages, which contain backported patches to resolve these issues. The
system must be rebooted for this update to take effect.
|
RHSA-2009:0333: libpng security update (Moderate)oval-com.redhat.rhsa-def-20090333 mediumRHSA-2009:0333 CVE-2008-1382 CVE-2009-0040
RHSA-2009:0333: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090333 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0333, CVE-2008-1382, CVE-2009-0040 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) A flaw was discovered in the way libpng handled PNG images containing "unknown" chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. (CVE-2008-1382) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. |
RHSA-2009:0336: glib2 security update (Moderate)oval-com.redhat.rhsa-def-20090336 mediumRHSA-2009:0336 CVE-2008-4316
RHSA-2009:0336: glib2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090336 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0336, CVE-2008-4316 |
| Description | GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME. It provides data structure handling for C, portability wrappers, and interfaces for such runtime functionality as an event loop, threads, dynamic loading, and an object system. Diego Pettenò discovered multiple integer overflows causing heap-based buffer overflows in GLib's Base64 encoding and decoding functions. An attacker could use these flaws to crash an application using GLib's Base64 functions to encode or decode large, untrusted inputs, or, possibly, execute arbitrary code as the user running the application. (CVE-2008-4316) Note: No application shipped with Red Hat Enterprise Linux 5 uses the affected functions. Third-party applications may, however, be affected. All users of glib2 should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2009:0337: php security update (Moderate)oval-com.redhat.rhsa-def-20090337 mediumRHSA-2009:0337 CVE-2008-3658 CVE-2008-3660 CVE-2008-5498 CVE-2008-5557 CVE-2009-0754
RHSA-2009:0337: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090337 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0337, CVE-2008-3658, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2009-0754 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-5557) A flaw was found in the handling of the "mbstring.func_overload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754) A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658) A flaw was found in the way PHP handled certain file extensions when running in FastCGI mode. If the PHP interpreter was being executed via FastCGI, a remote attacker could create a request which would cause the PHP interpreter to crash. (CVE-2008-3660) A memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the "background color" argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498) All php users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. The httpd web server must be restarted for the changes to take effect. |
RHSA-2009:0338: php security update (Moderate)oval-com.redhat.rhsa-def-20090338 mediumRHSA-2009:0338 CVE-2008-3658 CVE-2008-3660 CVE-2008-5498 CVE-2008-5557 CVE-2008-5814 CVE-2009-0754
RHSA-2009:0338: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090338 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0338, CVE-2008-3658, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5814, CVE-2009-0754 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A heap-based buffer overflow flaw was found in PHP's mbstring extension. A remote attacker able to pass arbitrary input to a PHP script using mbstring conversion functions could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-5557) A flaw was found in the handling of the "mbstring.func_overload" configuration setting. A value set for one virtual host, or in a user's .htaccess file, was incorrectly applied to other virtual hosts on the same server, causing the handling of multibyte character strings to not work correctly. (CVE-2009-0754) A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP script allowed a remote attacker to load a carefully crafted font file, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2008-3658) A flaw was found in the way PHP handled certain file extensions when running in FastCGI mode. If the PHP interpreter was being executed via FastCGI, a remote attacker could create a request which would cause the PHP interpreter to crash. (CVE-2008-3660) A memory disclosure flaw was found in the PHP gd extension's imagerotate function. A remote attacker able to pass arbitrary values as the "background color" argument of the function could, possibly, view portions of the PHP interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was found in a way PHP reported errors for invalid cookies. If the PHP interpreter had "display_errors" enabled, a remote attacker able to set a specially-crafted cookie on a victim's system could possibly inject arbitrary HTML into an error message generated by PHP. (CVE-2008-5814) All php users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. The httpd web server must be restarted for the changes to take effect. |
RHSA-2009:0339: lcms security update (Moderate)oval-com.redhat.rhsa-def-20090339 mediumRHSA-2009:0339 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733
RHSA-2009:0339: lcms security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090339 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0339, CVE-2009-0581, CVE-2009-0723, CVE-2009-0733 |
| Description | Little Color Management System (LittleCMS, or simply "lcms") is a small-footprint, speed-optimized open source color management engine. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened by a victim. (CVE-2009-0723, CVE-2009-0733) A memory leak flaw was found in LittleCMS. An application using LittleCMS could use excessive amount of memory, and possibly crash after using all available memory, if used to open specially-crafted images. (CVE-2009-0581) Red Hat would like to thank Chris Evans from the Google Security Team for reporting these issues. All users of LittleCMS should install these updated packages, which upgrade LittleCMS to version 1.18. All running applications using the lcms library must be restarted for the update to take effect. |
RHSA-2009:0341: curl security update (Moderate)oval-com.redhat.rhsa-def-20090341 mediumRHSA-2009:0341 CVE-2009-0037
RHSA-2009:0341: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090341 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0341, CVE-2009-0037 |
| Description | cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. David Kierznowski discovered a flaw in libcurl where it would not differentiate between different target URLs when handling automatic redirects. This caused libcurl to follow any new URL that it understood, including the "file://" URL type. This could allow a remote server to force a local libcurl-using application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2009-0037) Note: Applications using libcurl that are expected to follow redirects to "file://" protocol must now explicitly call curl_easy_setopt(3) and set the newly introduced CURLOPT_REDIR_PROTOCOLS option as required. cURL users should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libcurl must be restarted for the update to take effect. |
RHSA-2009:0344: libsoup security update (Moderate)oval-com.redhat.rhsa-def-20090344 mediumRHSA-2009:0344 CVE-2009-0585
RHSA-2009:0344: libsoup security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090344 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0344, CVE-2009-0585 |
| Description | libsoup is an HTTP client/library implementation for GNOME written in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. An integer overflow flaw which caused a heap-based buffer overflow was discovered in libsoup's Base64 encoding routine. An attacker could use this flaw to crash, or, possibly, execute arbitrary code. This arbitrary code would execute with the privileges of the application using libsoup's Base64 routine to encode large, untrusted inputs. (CVE-2009-0585) All users of libsoup and evolution28-libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the affected library function (such as Evolution configured to connect to the GroupWise back-end) must be restarted for the update to take effect. |
RHSA-2009:0345: ghostscript security update (Moderate)oval-com.redhat.rhsa-def-20090345 mediumRHSA-2009:0345 CVE-2009-0583 CVE-2009-0584
RHSA-2009:0345: ghostscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090345 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0345, CVE-2009-0583, CVE-2009-0584 |
| Description | Ghostscript is a set of software that provides a PostScript(TM) interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images which could cause Ghostscript to crash, or, potentially, execute arbitrary code when opened by the victim. (CVE-2009-0583, CVE-2009-0584) All users of ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2009:0352: gstreamer-plugins-base security update (Moderate)oval-com.redhat.rhsa-def-20090352 mediumRHSA-2009:0352 CVE-2009-0586
RHSA-2009:0352: gstreamer-plugins-base security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090352 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0352, CVE-2009-0586 |
| Description | GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins. An integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker could create a carefully-crafted Vorbis file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if opened by a victim. (CVE-2009-0586) All users of gstreamer-plugins-base are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all applications using GStreamer (such as Totem or Rhythmbox) must be restarted for the changes to take effect. |
RHSA-2009:0354: evolution-data-server security update (Moderate)oval-com.redhat.rhsa-def-20090354 mediumRHSA-2009:0354 CVE-2009-0547 CVE-2009-0582 CVE-2009-0587
RHSA-2009:0354: evolution-data-server security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090354 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0354, CVE-2009-0547, CVE-2009-0582, CVE-2009-0587 |
| Description | Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution Data Server did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that Evolution Data Server did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause an application using Evolution Data Server to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by Evolution Data Server. This could cause an application using Evolution Data Server to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution-data-server and evolution28-evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Evolution Data Server and applications using it (such as Evolution) must be restarted for the update to take effect. |
RHSA-2009:0355: evolution and evolution-data-server security update (Moderate)oval-com.redhat.rhsa-def-20090355 mediumRHSA-2009:0355 CVE-2009-0547 CVE-2009-0582 CVE-2009-0587
RHSA-2009:0355: evolution and evolution-data-server security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090355 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0355, CVE-2009-0547, CVE-2009-0582, CVE-2009-0587 |
| Description | Evolution is the integrated collection of e-mail, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. Evolution Data Server provides a unified back-end for applications which interact with contacts, task and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. Evolution did not properly check the Secure/Multipurpose Internet Mail Extensions (S/MIME) signatures used for public key encryption and signing of e-mail messages. An attacker could use this flaw to spoof a signature by modifying the text of the e-mail message displayed to the user. (CVE-2009-0547) It was discovered that evolution did not properly validate NTLM (NT LAN Manager) authentication challenge packets. A malicious server using NTLM authentication could cause evolution to disclose portions of its memory or crash during user authentication. (CVE-2009-0582) Multiple integer overflow flaws which could cause heap-based buffer overflows were found in the Base64 encoding routines used by evolution and evolution-data-server. This could cause evolution, or an application using evolution-data-server, to crash, or, possibly, execute an arbitrary code when large untrusted data blocks were Base64-encoded. (CVE-2009-0587) All users of evolution and evolution-data-server are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of evolution and evolution-data-server must be restarted for the update to take effect. |
RHSA-2009:0361: NetworkManager security update (Moderate)oval-com.redhat.rhsa-def-20090361 mediumRHSA-2009:0361 CVE-2009-0365 CVE-2009-0578
RHSA-2009:0361: NetworkManager security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090361 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0361, CVE-2009-0365, CVE-2009-0578 |
| Description | NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365) A potential denial of service flaw was found in NetworkManager's D-Bus interface. A local user could leverage this flaw to modify local connection settings, preventing the system's network connection from functioning properly. (CVE-2009-0578) Red Hat would like to thank Ludwig Nussel for reporting these flaws responsibly. Users of NetworkManager should upgrade to these updated packages which contain backported patches to correct these issues. |
RHSA-2009:0362: NetworkManager security update (Moderate)oval-com.redhat.rhsa-def-20090362 mediumRHSA-2009:0362 CVE-2009-0365
RHSA-2009:0362: NetworkManager security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090362 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0362, CVE-2009-0365 |
| Description | NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365) Red Hat would like to thank Ludwig Nussel for responsibly reporting this flaw. NetworkManager users should upgrade to these updated packages, which contain a backported patch that corrects this issue. |
RHSA-2009:0373: systemtap security update (Moderate)oval-com.redhat.rhsa-def-20090373 mediumRHSA-2009:0373 CVE-2009-0784
RHSA-2009:0373: systemtap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090373 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0373, CVE-2009-0784 |
| Description | SystemTap is an instrumentation infrastructure for systems running version 2.6 of the Linux kernel. SystemTap scripts can collect system operations data, greatly simplifying information gathering. Collected data can then assist in performance measuring, functional testing, and performance and function problem diagnosis. A race condition was discovered in SystemTap that could allow users in the stapusr group to elevate privileges to that of members of the stapdev group (and hence root), bypassing directory confinement restrictions and allowing them to insert arbitrary SystemTap kernel modules. (CVE-2009-0784) Note: This issue was only exploitable if another SystemTap kernel module was placed in the "systemtap/" module directory for the currently running kernel. Red Hat would like to thank Erik Sjölund for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2009:0377: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20090377 highRHSA-2009:0377 CVE-2006-2426 CVE-2009-0581 CVE-2009-0723 CVE-2009-0733 CVE-2009-0793 CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1101 CVE-2009-1102
RHSA-2009:0377: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090377 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0377, CVE-2006-2426, CVE-2009-0581, CVE-2009-0723, CVE-2009-0733, CVE-2009-0793, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1101, CVE-2009-1102 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way that the Java Virtual Machine (JVM) handled temporary font files. A malicious applet could use this flaw to use large amounts of disk space, causing a denial of service. (CVE-2006-2426) A memory leak flaw was found in LittleCMS (embedded in OpenJDK). An application using color profiles could use excessive amounts of memory, and possibly crash after using all available memory, if used to open specially-crafted images. (CVE-2009-0581) Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in the way LittleCMS handled color profiles. An attacker could use these flaws to create a specially-crafted image file which could cause a Java application to crash or, possibly, execute arbitrary code when opened. (CVE-2009-0723, CVE-2009-0733) A null pointer dereference flaw was found in LittleCMS. An application using color profiles could crash while converting a specially-crafted image file. (CVE-2009-0793) A flaw in the Java API for XML Web Services (JAX-WS) service endpoint handling could allow a remote attacker to cause a denial of service on the server application hosting the JAX-WS service endpoint. (CVE-2009-1101) A flaw in the way the Java Runtime Environment initialized LDAP connections could allow a remote, authenticated user to cause a denial of service on the LDAP service. (CVE-2009-1093) A flaw in the Java Runtime Environment LDAP client could allow malicious data from an LDAP server to cause arbitrary code to be loaded and then run on an LDAP client. (CVE-2009-1094) Several buffer overflow flaws were found in the Java Runtime Environment unpack200 functionality. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet. (CVE-2009-1095, CVE-2009-1096) A flaw in the Java Runtime Environment Virtual Machine code generation functionality could allow untrusted applets to extend their privileges. An untrusted applet could extend its privileges, allowing it to read and write local files, as well as execute local applications with the privileges of the user running the applet. (CVE-2009-1102) A buffer overflow flaw was found in the splash screen processing. A remote attacker could extend privileges to read and write local files, as well as to execute local applications with the privileges of the user running the java process. (CVE-2009-1097) A buffer overflow flaw was found in how GIF images were processed. A remote attacker could extend privileges to read and write local files, as well as execute local applications with the privileges of the user running the java process. (CVE-2009-1098) Note: The flaws concerning applets in this advisory, CVE-2009-1095, CVE-2009-1096, and CVE-2009-1102, can only be triggered in java-1.6.0-openjdk by calling the "appletviewer" application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2009:0382: libvirt security update (Moderate)oval-com.redhat.rhsa-def-20090382 mediumRHSA-2009:0382 CVE-2008-5086 CVE-2009-0036
RHSA-2009:0382: libvirt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090382 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0382, CVE-2008-5086, CVE-2009-0036 |
| Description | libvirt is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. libvirt also provides tools for remotely managing virtualized systems. The libvirtd daemon was discovered to not properly check user connection permissions before performing certain privileged actions, such as requesting migration of an unprivileged guest domain to another system. A local user able to establish a read-only connection to libvirtd could use this flaw to perform actions that should be restricted to read-write connections. (CVE-2008-5086) libvirt_proxy, a setuid helper application allowing non-privileged users to communicate with the hypervisor, was discovered to not properly validate user requests. Local users could use this flaw to cause a stack-based buffer overflow in libvirt_proxy, possibly allowing them to run arbitrary code with root privileges. (CVE-2009-0036) All users are advised to upgrade to these updated packages, which contain backported patches which resolve these issues. After installing the update, libvirtd must be restarted manually (for example, by issuing a "service libvirtd restart" command), and guest systems rebooted, for this change to take effect. |
RHSA-2009:0397: firefox security update (Critical)oval-com.redhat.rhsa-def-20090397 highRHSA-2009:0397 CVE-2009-1044 CVE-2009-1169
RHSA-2009:0397: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20090397 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0397, CVE-2009-1044, CVE-2009-1169 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL garbage collection events. A remote attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1044) For technical details regarding these flaws, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this errata. Firefox users should upgrade to these updated packages, which resolve these issues. For Red Hat Enterprise Linux 4, they contain backported patches to the firefox package. For Red Hat Enterprise Linux 5, they contain backported patches to the xulrunner packages. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2009:0398: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20090398 highRHSA-2009:0398 CVE-2009-1044 CVE-2009-1169
RHSA-2009:0398: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20090398 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0398, CVE-2009-1044, CVE-2009-1169 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A memory corruption flaw was discovered in the way SeaMonkey handles XML files containing an XSLT transform. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1169) A flaw was discovered in the way SeaMonkey handles certain XUL garbage collection events. A remote attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1044) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:0402: openswan security update (Important)oval-com.redhat.rhsa-def-20090402 highRHSA-2009:0402 CVE-2008-4190 CVE-2009-0790
RHSA-2009:0402: openswan security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090402 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0402, CVE-2008-4190, CVE-2009-0790 |
| Description | Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Gerd v. Egidy discovered a flaw in the Dead Peer Detection (DPD) in Openswan's pluto IKE daemon. A remote attacker could use a malicious DPD packet to crash the pluto daemon. (CVE-2009-0790) It was discovered that Openswan's livetest script created temporary files in an insecure manner. A local attacker could use this flaw to overwrite arbitrary files owned by the user running the script. (CVE-2008-4190) Note: The livetest script is an incomplete feature and was not automatically executed by any other script distributed with Openswan, or intended to be used at all, as was documented in its man page. In these updated packages, the script only prints an informative message and exits immediately when run. All users of openswan are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the ipsec service will be restarted automatically. |
RHSA-2009:0408: krb5 security update (Important)oval-com.redhat.rhsa-def-20090408 highRHSA-2009:0408 CVE-2009-0844 CVE-2009-0845 CVE-2009-0846
RHSA-2009:0408: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090408 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0408, CVE-2009-0844, CVE-2009-0845, CVE-2009-0846 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). The Generic Security Service Application Program Interface (GSS-API) definition provides security services to callers (protocols) in a generic fashion. The Simple and Protected GSS-API Negotiation (SPNEGO) mechanism is used by GSS-API peers to choose from a common set of security mechanisms. An input validation flaw was found in the ASN.1 (Abstract Syntax Notation One) decoder used by MIT Kerberos. A remote attacker could use this flaw to crash a network service using the MIT Kerberos library, such as kadmind or krb5kdc, by causing it to dereference or free an uninitialized pointer. (CVE-2009-0846) Multiple input validation flaws were found in the MIT Kerberos GSS-API library's implementation of the SPNEGO mechanism. A remote attacker could use these flaws to crash any network service utilizing the MIT Kerberos GSS-API library to authenticate users or, possibly, leak portions of the service's memory. (CVE-2009-0844, CVE-2009-0845) All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. All running services using the MIT Kerberos libraries must be restarted for the update to take effect. |
RHSA-2009:0409: krb5 security update (Important)oval-com.redhat.rhsa-def-20090409 highRHSA-2009:0409 CVE-2009-0846
RHSA-2009:0409: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090409 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0409, CVE-2009-0846 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). An input validation flaw was found in the ASN.1 (Abstract Syntax Notation One) decoder used by MIT Kerberos. A remote attacker could use this flaw to crash a network service using the MIT Kerberos library, such as kadmind or krb5kdc, by causing it to dereference or free an uninitialized pointer. (CVE-2009-0846) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running services using the MIT Kerberos libraries must be restarted for the update to take effect. |
RHSA-2009:0411: device-mapper-multipath security update (Moderate)oval-com.redhat.rhsa-def-20090411 mediumRHSA-2009:0411 CVE-2009-0115
RHSA-2009:0411: device-mapper-multipath security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090411 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0411, CVE-2009-0115 |
| Description | The device-mapper multipath packages provide tools to manage multipath devices by issuing instructions to the device-mapper multipath kernel module, and by managing the creation and removal of partitions for device-mapper devices. It was discovered that the multipathd daemon set incorrect permissions on the socket used to communicate with command line clients. An unprivileged, local user could use this flaw to send commands to multipathd, resulting in access disruptions to storage devices accessible via multiple paths and, possibly, file system corruption on these devices. (CVE-2009-0115) Users of device-mapper-multipath are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. The multipathd service must be restarted for the changes to take effect. Important: the version of the multipathd daemon in Red Hat Enterprise Linux 5 has a known issue which may cause a machine to become unresponsive when the multipathd service is stopped. This issue is tracked in the Bugzilla bug #494582; a link is provided in the References section of this erratum. Until this issue is resolved, we recommend restarting the multipathd service by issuing the following commands in sequence: # killall -KILL multipathd # service multipathd restart |
RHSA-2009:0420: ghostscript security update (Moderate)oval-com.redhat.rhsa-def-20090420 mediumRHSA-2009:0420 CVE-2007-6725 CVE-2009-0792
RHSA-2009:0420: ghostscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090420 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0420, CVE-2007-6725, CVE-2009-0792 |
| Description | Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible integer overflow flaws in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0792) A missing boundary check was found in Ghostscript's CCITTFax decoding filter. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2007-6725) Users of ghostscript are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2009:0421: ghostscript security update (Moderate)oval-com.redhat.rhsa-def-20090421 mediumRHSA-2009:0421 CVE-2007-6725 CVE-2008-6679 CVE-2009-0196 CVE-2009-0792
RHSA-2009:0421: ghostscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090421 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0421, CVE-2007-6725, CVE-2008-6679, CVE-2009-0196, CVE-2009-0792 |
| Description | Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. It was discovered that the Red Hat Security Advisory RHSA-2009:0345 did not address all possible integer overflow flaws in Ghostscript's International Color Consortium Format library (icclib). Using specially-crafted ICC profiles, an attacker could create a malicious PostScript or PDF file with embedded images that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0792) A buffer overflow flaw and multiple missing boundary checks were found in Ghostscript. An attacker could create a specially-crafted PostScript or PDF file that could cause Ghostscript to crash or, potentially, execute arbitrary code when opened. (CVE-2008-6679, CVE-2007-6725, CVE-2009-0196) Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly reporting the CVE-2009-0196 flaw. Users of ghostscript are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2009:0427: udev security update (Important)oval-com.redhat.rhsa-def-20090427 highRHSA-2009:0427 CVE-2009-1185
RHSA-2009:0427: udev security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090427 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0427, CVE-2009-1185 |
| Description | udev provides a user-space API and implements a dynamic device directory, providing only the devices present on the system. udev replaces devfs in order to provide greater hot plug functionality. Netlink is a datagram oriented service, used to transfer information between kernel modules and user-space processes. It was discovered that udev did not properly check the origin of Netlink messages. A local attacker could use this flaw to gain root privileges via a crafted Netlink message sent to udev, causing it to create a world-writable block device file for an existing system block device (for example, the root file system). (CVE-2009-1185) Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw. Users of udev are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the udevd daemon will be restarted automatically. |
RHSA-2009:0429: cups security update (Important)oval-com.redhat.rhsa-def-20090429 highRHSA-2009:0429 CVE-2009-0146 CVE-2009-0147 CVE-2009-0163 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183
RHSA-2009:0429: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090429 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0429, CVE-2009-0146, CVE-2009-0147, CVE-2009-0163, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183 |
| Description | The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. Multiple integer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0147, CVE-2009-1179) Multiple buffer overflow flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in the CUPS JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0800) An integer overflow flaw, leading to a heap-based buffer overflow, was discovered in the Tagged Image File Format (TIFF) decoding routines used by the CUPS image-converting filters, "imagetops" and "imagetoraster". An attacker could create a malicious TIFF file that could, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0163) Multiple denial of service flaws were found in the CUPS JBIG2 decoder. An attacker could create a malicious PDF file that would cause CUPS to crash when printed. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) Red Hat would like to thank Aaron Sigel, Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. |
RHSA-2009:0430: xpdf security update (Important)oval-com.redhat.rhsa-def-20090430 highRHSA-2009:0430 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183
RHSA-2009:0430: xpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090430 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0430, CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183 |
| Description | Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179) Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0800) Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. An attacker could create a malicious PDF that would cause Xpdf to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws. Users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2009:0431: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20090431 highRHSA-2009:0431 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183
RHSA-2009:0431: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090431 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0431, CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179) Multiple buffer overflow flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in KPDF's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0800) Multiple denial of service flaws were found in KPDF's JBIG2 decoder. An attacker could create a malicious PDF that would cause KPDF to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws. Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2009:0436: firefox security update (Critical)oval-com.redhat.rhsa-def-20090436 highRHSA-2009:0436 CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1310 CVE-2009-1311 CVE-2009-1312
RHSA-2009:0436: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20090436 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0436, CVE-2009-0652, CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305) Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1312) A flaw was found in the way Firefox saved certain web pages to a local file. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.9. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.9, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2009:0437: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20090437 highRHSA-2009:0437 CVE-2009-0652 CVE-2009-1303 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312
RHSA-2009:0437: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20090437 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0437, CVE-2009-0652, CVE-2009-1303, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1311, CVE-2009-1312 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1303, CVE-2009-1305) Several flaws were found in the way malformed web content was processed. A web page containing malicious content could execute arbitrary JavaScript in the context of the site, possibly presenting misleading data to a user, or stealing sensitive information such as login credentials. (CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1312) A flaw was found in the way SeaMonkey saved certain web pages to a local file. If a user saved the inner frame of a web page containing POST data, the POST data could be revealed to the inner frame, possibly surrendering sensitive information such as login credentials. (CVE-2009-1311) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:0444: giflib security update (Important)oval-com.redhat.rhsa-def-20090444 highRHSA-2009:0444 CVE-2005-2974 CVE-2005-3350
RHSA-2009:0444: giflib security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090444 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0444, CVE-2005-2974, CVE-2005-3350 |
| Description | The giflib packages contain a shared library of functions for loading and saving GIF image files. This library is API and ABI compatible with libungif, the library that supported uncompressed GIF image files while the Unisys LZW patent was in effect. Several flaws were discovered in the way giflib decodes GIF images. An attacker could create a carefully crafted GIF image that could cause an application using giflib to crash or, possibly, execute arbitrary code when opened by a victim. (CVE-2005-2974, CVE-2005-3350) All users of giflib are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications using giflib must be restarted for the update to take effect. |
RHSA-2009:0449: firefox security update (Critical)oval-com.redhat.rhsa-def-20090449 highRHSA-2009:0449 CVE-2009-1313
RHSA-2009:0449: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20090449 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0449, CVE-2009-1313 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1313) For technical details regarding this flaw, refer to the Mozilla security advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.10, which corrects this issue. After installing the update, Firefox must be restarted for the change to take effect. |
RHSA-2009:0457: libwmf security update (Moderate)oval-com.redhat.rhsa-def-20090457 mediumRHSA-2009:0457 CVE-2009-1364
RHSA-2009:0457: libwmf security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090457 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0457, CVE-2009-1364 |
| Description | libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. A pointer use-after-free flaw was found in the GD graphics library embedded in libwmf. An attacker could create a specially-crafted WMF file that would cause an application using libwmf to crash or, potentially, execute arbitrary code as the user running the application when opened by a victim. (CVE-2009-1364) Note: This flaw is specific to the GD graphics library embedded in libwmf. It does not affect the GD graphics library from the "gd" packages, or applications using it. Red Hat would like to thank Tavis Ormandy of the Google Security Team for responsibly reporting this flaw. All users of libwmf are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using libwmf must be restarted for the update to take effect. |
RHSA-2009:0458: gpdf security update (Important)oval-com.redhat.rhsa-def-20090458 highRHSA-2009:0458 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-3606
RHSA-2009:0458: gpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090458 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0458, CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-3606 |
| Description | GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179) Multiple buffer overflow flaws were found in GPdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in GPdf's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in GPdf's JBIG2 decoder. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0800) Multiple denial of service flaws were found in GPdf's JBIG2 decoder. An attacker could create a malicious PDF that would cause GPdf to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws. Users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2009:0459: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20090459 highRHSA-2009:0459 CVE-2008-4307 CVE-2009-0028 CVE-2009-0676 CVE-2009-0834
RHSA-2009:0459: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0459, CVE-2008-4307, CVE-2009-0028, CVE-2009-0676, CVE-2009-0834 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important) * a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the "syscall" number or arguments. (CVE-2009-0834, Important) * Chris Evans reported a deficiency in the Linux kernel signals implementation. The clone() system call permits the caller to indicate the signal it wants to receive when its child exits. When clone() is called with the CLONE_PARENT flag, it permits the caller to clone a new child that shares the same parent as itself, enabling the indicated signal to be sent to the caller's parent (instead of the caller), even if the caller's parent has different real and effective user IDs. This could lead to a denial of service of the parent. (CVE-2009-0028, Moderate) * the sock_getsockopt() function in the Linux kernel did not properly initialize a data structure that can be directly returned to user-space when the getsockopt() function is called with SO_BSDCOMPAT optname set. This flaw could possibly lead to memory disclosure. (CVE-2009-0676, Moderate) Bug fixes: * a kernel crash may have occurred for Red Hat Enterprise Linux 4.7 guests if their guest configuration file specified "vif = [ "type=ioemu" ]". This crash only occurred when starting guests via the "xm create" command. (BZ#477146) * a bug in IO-APIC NMI watchdog may have prevented Red Hat Enterprise Linux 4.7 from being installed on HP ProLiant DL580 G5 systems. Hangs during installation and "NMI received for unknown reason [xx]" errors may have occurred. (BZ#479184) * a kernel deadlock on some systems when using netdump through a network interface that uses the igb driver. (BZ#480579) * a possible kernel hang in sys_ptrace() on the Itanium® architecture, possibly triggered by tracing a threaded process with strace. (BZ#484904) * the RHSA-2008:0665 errata only fixed the known problem with the LSI Logic LSI53C1030 Ultra320 SCSI controller, for tape devices. Read commands sent to tape devices may have received incorrect data. This issue may have led to data corruption. This update includes a fix for all types of devices. (BZ#487399) * a missing memory barrier caused a race condition in the AIO subsystem between the read_events() and aio_complete() functions. This may have caused a thread in read_events() to sleep indefinitely, possibly causing an application hang. (BZ#489935) * due to a lack of synchronization in the NFS client code, modifications to some pages (for files on an NFS mounted file system) made through a region of memory mapped by mmap() may be lost if the NFS client invalidates its page cache for particular files. (BZ#490119) * a NULL pointer dereference in the megaraid_mbox driver caused a system crash on some systems. (BZ#493420) * the ext3_symlink() function in the ext3 file system code used an illegal __GFP_FS allocation inside some transactions. This may have resulted in a kernel panic and "Assertion failure" errors. (BZ#493422) * do_machine_check() cleared all Machine Check Exception (MCE) status registers, preventing the BIOS from using them to determine the cause of certain panics and errors. (BZ#494915) * a bug prevented NMI watchdog from initializing on HP ProLiant DL580 G5 systems. (BZ#497330) This update contains backported patches to fix these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:0473: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20090473 highRHSA-2009:0473 CVE-2008-4307 CVE-2009-0787 CVE-2009-0834 CVE-2009-1336 CVE-2009-1337
RHSA-2009:0473: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090473 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0473, CVE-2008-4307, CVE-2009-0787, CVE-2009-0834, CVE-2009-1336, CVE-2009-1337 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a logic error was found in the do_setlk() function of the Linux kernel Network File System (NFS) implementation. If a signal interrupted a lock request, the local POSIX lock was incorrectly created. This could cause a denial of service on the NFS server if a file descriptor was closed before its corresponding lock request returned. (CVE-2008-4307, Important) * a deficiency was found in the Linux kernel system call auditing implementation on 64-bit systems. This could allow a local, unprivileged user to circumvent a system call audit configuration, if that configuration filtered based on the "syscall" number or arguments. (CVE-2009-0834, Important) * the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important) * a flaw was found in the ecryptfs_write_metadata_to_contents() function of the Linux kernel eCryptfs implementation. On systems with a 4096 byte page-size, this flaw may have caused 4096 bytes of uninitialized kernel memory to be written into the eCryptfs file headers, leading to an information leak. Note: Encrypted files created on systems running the vulnerable version of eCryptfs may contain leaked data in the eCryptfs file headers. This update does not remove any leaked data. Refer to the Knowledgebase article in the References section for further information. (CVE-2009-0787, Moderate) * the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate) This update also fixes the following bugs: * the enic driver (Cisco 10G Ethernet) did not operate under virtualization. (BZ#472474) * network interfaces using the IBM eHEA Ethernet device driver could not be successfully configured under low-memory conditions. (BZ#487035) * bonding with the "arp_validate=3" option may have prevented fail overs. (BZ#488064) * when running under virtualization, the acpi-cpufreq module wrote "Domain attempted WRMSR" errors to the dmesg log. (BZ#488928) * NFS clients may have experienced deadlocks during unmount. (BZ#488929) * the ixgbe driver double counted the number of received bytes and packets. (BZ#489459) * the Wacom Intuos3 Lens Cursor device did not work correctly with the Wacom Intuos3 12x12 tablet. (BZ#489460) * on the Itanium® architecture, nanosleep() caused commands which used it, such as sleep and usleep, to sleep for one second more than expected. (BZ#490434) * a panic and corruption of slab cache data structures occurred on 64-bit PowerPC systems when clvmd was running. (BZ#491677) * the NONSTOP_TSC feature did not perform correctly on the Intel® microarchitecture (Nehalem) when running in 32-bit mode. (BZ#493356) * keyboards may not have functioned on IBM eServer System p machines after a certain point during installation or afterward. (BZ#494293) * using Device Mapper Multipathing with the qla2xxx driver resulted in frequent path failures. (BZ#495635) * if the hypervisor was booted with the dom0_max_vcpus parameter set to less than the actual number of CPUs in the system, and the cpuspeed service was started, the hypervisor could crash. (BZ#495931) * using Openswan to provide an IPsec virtual private network eventually resulted in a CPU soft lockup and a system crash. (BZ#496044) * it was possible for posix_locks_deadlock() to enter an infinite loop (under the BKL), causing a system hang. (BZ#496842) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:0474: acpid security update (Moderate)oval-com.redhat.rhsa-def-20090474 mediumRHSA-2009:0474 CVE-2009-0798
RHSA-2009:0474: acpid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090474 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0474, CVE-2009-0798 |
| Description | acpid is a daemon that dispatches ACPI (Advanced Configuration and Power Interface) events to user-space programs. Anthony de Almeida Lopes of Outpost24 AB reported a denial of service flaw in the acpid daemon's error handling. If an attacker could exhaust the sockets open to acpid, the daemon would enter an infinite loop, consuming most CPU resources and preventing acpid from communicating with legitimate processes. (CVE-2009-0798) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2009:0476: pango security update (Important)oval-com.redhat.rhsa-def-20090476 highRHSA-2009:0476 CVE-2009-1194
RHSA-2009:0476: pango security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090476 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0476, CVE-2009-1194 |
| Description | Pango is a library used for the layout and rendering of internationalized text. Will Drewry discovered an integer overflow flaw in Pango's pango_glyph_string_set_size() function. If an attacker is able to pass an arbitrarily long string to Pango, it may be possible to execute arbitrary code with the permissions of the application calling Pango. (CVE-2009-1194) pango and evolution28-pango users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. Note: Restarting the X server closes all open applications and logs you out of your session. |
RHSA-2009:0479: perl-DBD-Pg security update (Moderate)oval-com.redhat.rhsa-def-20090479 mediumRHSA-2009:0479 CVE-2009-0663 CVE-2009-1341
RHSA-2009:0479: perl-DBD-Pg security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090479 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0479, CVE-2009-0663, CVE-2009-1341 |
| Description | Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the pg_getline function implementation. If the pg_getline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. (CVE-2009-0663) Note: After installing this update, pg_getline may return more data than specified by its second argument, as this argument will be ignored. This is consistent with current upstream behavior. Previously, the length limit (the second argument) was not enforced, allowing a buffer overflow. A memory leak flaw was found in the function performing the de-quoting of BYTEA type values acquired from a database. An attacker able to cause an application using perl-DBD-Pg to perform a large number of SQL queries returning BYTEA records, could cause the application to use excessive amounts of memory or, possibly, crash. (CVE-2009-1341) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains backported patches to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect. |
RHSA-2009:0480: poppler security update (Important)oval-com.redhat.rhsa-def-20090480 highRHSA-2009:0480 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0791 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-1187 CVE-2009-1188 CVE-2009-3604 CVE-2009-3606
RHSA-2009:0480: poppler security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20090480 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:0480, CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0195, CVE-2009-0791, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-1187, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0147, CVE-2009-1179, CVE-2009-1187, CVE-2009-1188) Multiple buffer overflow flaws were found in poppler's JBIG2 decoder. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in poppler's JBIG2 decoder that could lead to the freeing of arbitrary memory. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in poppler's JBIG2 decoder. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0800) Multiple denial of service flaws were found in poppler's JBIG2 decoder. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash when opened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, and Will Dormann of the CERT/CC for responsibly reporting these flaws. Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2009:0955: nfs-utils security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20090955 mediumRHSA-2009:0955 CVE-2008-1376
RHSA-2009:0955: nfs-utils security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20090955 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:0955, CVE-2008-1376 |
| Description | The nfs-utils package provides a daemon for the kernel NFS server and related tools, which provides a much higher level of performance than the traditional Linux NFS server used by most users. A flaw was found in the nfs-utils package provided by RHBA-2008:0742. The nfs-utils package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2008-1376) This update also includes the following bug fixes: * the "nfsstat" command now displays correct statistics. In previous versions, performing more than 2^31 RPC calls could cause the "nfsstat" command to incorrectly display the number of calls as "negative". This was because "nfsstat" printed statistics from /proc/net/rpc/* files as signed integers; with this version of nfs-utils, "nfsstat" now reads and prints these statistics as unsigned integers. (BZ#404831) * imapd upcalls now support zero-length reads and perform extra bounds checking in gssd and svcgssd. This fixes a bug in previous versions that could cause the rpc.imapd daemon to hang when communicating with the kernel, which would halt any ID translation services. (BZ#448710) * tcp_wrappers supported in nfs-utils now allows proper application of hosts access rules defined in /etc/hosts.allow and /etc/hosts.deny. (BZ#494585) * the nfs init script did not check whether SECURE_NFS was set to "yes" before starting, stopping, or querying rpc.svcgssd. On systems where SECURE_NFS was not set to "yes", the nfs init script could not start the rpc.svcgssd daemon at the "service nfs start" command because the rpcsvcssd init script would check the status of SECURE_NFS before starting the daemon. However, at the "service nfs stop" or "service nfs restart" commands, nfs init script would attempt to stop rpc.svcgssd and then report a failure because the daemon was not running in the first place. These error messages may have misled end-users into believing that there was a genuine problem with their NFS configuration. This version of nfs-utils contains a fix backported from Red Hat Enterprise Linux 5. nfs-utils now checks the status of SECURE_NFS before the nfs init script attempts to start, query or stop rpc.svcgssd and therefore, the irrelevant error messages seen previously will not appear. (BZ#470423) * the nfs init script is now fully compliant with Linux Standard Base Core specifications. This update fixes a bug that prevented "/etc/init.d/nfs start" from exiting properly if NFS was already running. (BZ#474570) * /var/lib/nfs/statd/sm is now created with the proper user and group whenever rpc.statd is called. In previous versions, some thread stack conditions could incorrectly prevent rpc.statd from creating the /var/lib/nfs/statd/sm file, which could cause "service nfslock start" to fail. (BZ#479376) All users of nfs-utils should upgrade to this updated package, which resolves these issues. |
RHSA-2009:0981: util-linux security and bug fix update (Low)oval-com.redhat.rhsa-def-20090981 lowRHSA-2009:0981 CVE-2008-1926
RHSA-2009:0981: util-linux security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20090981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:0981, CVE-2008-1926 |
| Description | The util-linux package contains a collection of basic system utilities, such as fdisk and mount. A log injection attack was found in util-linux when logging log in attempts via the audit subsystem of the Linux kernel. A remote attacker could use this flaw to modify certain parts of logged events, possibly hiding their activities on a system. (CVE-2008-1926) This updated package also fixes the following bugs: * partitions created by VMware ESX™ were not included in the list of recognized file systems used by fdisk. Consequently, if VMware ESX was installed, "fdisk -l" returned "Unknown" for these partitions. With this update, information regarding the VMKcore and VMFS partitions has been added to the file systems list. On systems running VMware ESX, "fdisk -l" now lists information about these partitions as expected. (BZ#447264) * if a username was not set, the login command would fail with a Segmentation fault. With this update, login lets the audit system handle NULL usernames (it sends an AUDIT_USER_LOGIN message to the audit system in the event there is no username set). (BZ#456213) * the nfs(5) man page listed version 2 as the default. This is incorrect: unless otherwise specified, the NFS client uses NFS version 3. The man page has been corrected. (BZ#458539) * in certain situations, backgrounded NFS mounts died shortly after being backgrounded when the mount command was executed by the initlog command, which, for example, would occur when running an init script, such as running the "service netfs start" command. In these situations, running the "ps -ef" command showed backgrounded NFS mounts disappearing shortly after being backgrounded. In this updated package, backgrounded mount processes detach from the controlling terminal, which resolves this issue. (BZ#461488) * if a new partition's starting cylinder was beyond one terabyte, fdisk could not create the partition. This has been fixed. (BZ#471372) * in rare cases "mount -a" ignored fstab order and tried to re-mount file systems on mpath devices. With this update, mount honors fstab order even in the rare cases reported. (BZ#472186) * the "mount --move" command moved a file system's mount point as expected (for example, /proc/mounts showed the changed mount point as expected) but did not update /etc/mtab properly. With this update, the "mount --move" command gathers all necessary information about the old mount point, copies it to the new mount point and then deletes the old point, ensuring /etc/mtab is updated properly. (BZ#485004) Util-linux users are advised to upgrade to this updated package, which addresses this vulnerability and resolves these issues. |
RHSA-2009:1024: Red Hat Enterprise Linux 4.8 kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091024 highRHSA-2009:1024 CVE-2009-1336 CVE-2009-1337
RHSA-2009:1024: Red Hat Enterprise Linux 4.8 kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091024 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1024, CVE-2009-1336, CVE-2009-1337 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: * the exit_notify() function in the Linux kernel did not properly reset the exit signal if a process executed a set user ID (setuid) application before exiting. This could allow a local, unprivileged user to elevate their privileges. (CVE-2009-1337, Important) * the Linux kernel implementation of the Network File System (NFS) did not properly initialize the file name limit in the nfs_server data structure. This flaw could possibly lead to a denial of service on a client mounting an NFS share. (CVE-2009-1336, Moderate) Bug Fixes and Enhancements: Kernel Feature Support: * added a new allowable value to "/proc/sys/kernel/wake_balance" to allow the scheduler to run the thread on any available CPU rather than scheduling it on the optimal CPU. * added "max_writeback_pages" tunable parameter to /proc/sys/vm/ to allow the maximum number of modified pages kupdate writes to disk, per iteration per run. * added "swap_token_timeout" tunable parameter to /proc/sys/vm/ to provide a valid hold time for the swap out protection token. * added diskdump support to sata_svw driver. * limited physical memory to 64GB for 32-bit kernels running on systems with more than 64GB of physical memory to prevent boot failures. * improved reliability of autofs. * added support for 'rdattr_error' in NFSv4 readdir requests. * fixed various short packet handling issues for NFSv4 readdir and sunrpc. * fixed several CIFS bugs. Networking and IPv6 Enablement: * added router solicitation support. * enforced sg requires tx csum in ethtool. Platform Support: x86, AMD64, Intel 64, IBM System z * added support for a new Intel chipset. * added initialization vendor info in boot_cpu_data. * added support for N_Port ID Virtualization (NPIV) for IBM System z guests using zFCP. * added HDMI support for some AMD and ATI chipsets. * updated HDA driver in ALSA to latest upstream as of 2008-07-22. * added support for affected_cpus for cpufreq. * removed polling timer from i8042. * fixed PM-Timer when using the ASUS A8V Deluxe motherboard. * backported usbfs_mutex in usbfs. 64-bit PowerPC: * updated eHEA driver from version 0078-04 to 0078-08. * updated logging of checksum errors in the eHEA driver. Network Driver Updates: * updated forcedeth driver to latest upstream version 0.61. * fixed various e1000 issues when using Intel ESB2 hardware. * updated e1000e driver to upstream version 0.3.3.3-k6. * updated igb to upstream version 1.2.45-k2. * updated tg3 to upstream version 3.96. * updated ixgbe to upstream version 1.3.18-k4. * updated bnx2 to upstream version 1.7.9. * updated bnx2x to upstream version 1.45.23. * fixed bugs and added enhancements for the NetXen NX2031 and NX3031 products. * updated Realtek r8169 driver to support newer network chipsets. All variants of RTL810x/RTL8168(9) are now supported. Storage Driver Updates: * fixed various SCSI issues. Also, the SCSI sd driver now calls the revalidate_disk wrapper. * fixed a dmraid reduced I/O delay bug in certain configurations. * removed quirk aac_quirk_scsi_32 for some aacraid controllers. * updated FCP driver on IBM System z systems with support for point-to-point connections. * updated lpfc to version 8.0.16.46. * updated megaraid_sas to version 4.01-RH1. * updated MPT Fusion driver to version 3.12.29.00rh. * updated qla2xxx firmware to 4.06.01 for 4GB/s and 8GB/s adapters. * updated qla2xxx driver to version 8.02.09.00.04.08-d. * fixed sata_nv in libsata to disable ADMA mode by default. Miscellaneous Updates: * upgraded OpenFabrics Alliance Enterprise Distribution (OFED) to version 1.4. * added driver support and fixes for various Wacom tablets. Users should install this update, which resolves these issues and adds these enhancements. |
RHSA-2009:1036: ipsec-tools security update (Important)oval-com.redhat.rhsa-def-20091036 highRHSA-2009:1036 CVE-2009-1574 CVE-2009-1632
RHSA-2009:1036: ipsec-tools security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091036 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1036, CVE-2009-1574, CVE-2009-1632 |
| Description | The ipsec-tools package is used in conjunction with the IPsec functionality in the Linux kernel and includes racoon, an IKEv1 keying daemon. A denial of service flaw was found in the ipsec-tools racoon daemon. An unauthenticated, remote attacker could trigger a NULL pointer dereference that could cause the racoon daemon to crash. (CVE-2009-1574) Multiple memory leak flaws were found in the ipsec-tools racoon daemon. If a remote attacker is able to make multiple connection attempts to the racoon daemon, it was possible to cause the racoon daemon to consume all available memory. (CVE-2009-1632) Users of ipsec-tools should upgrade to this updated package, which contains backported patches to correct these issues. Users must restart the racoon daemon for this update to take effect. |
RHSA-2009:1039: ntp security update (Important)oval-com.redhat.rhsa-def-20091039 highRHSA-2009:1039 CVE-2009-0159 CVE-2009-1252
RHSA-2009:1039: ntp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091039 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1039, CVE-2009-0159, CVE-2009-1252 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd. (CVE-2009-1252) Note: NTP authentication is not enabled by default. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq. (CVE-2009-0159) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will be restarted automatically. |
RHSA-2009:1040: ntp security update (Critical)oval-com.redhat.rhsa-def-20091040 highRHSA-2009:1040 CVE-2009-0159 CVE-2009-1252
RHSA-2009:1040: ntp security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091040 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1040, CVE-2009-0159, CVE-2009-1252 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user. (CVE-2009-1252) Note: NTP authentication is not enabled by default. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command. (CVE-2009-0159) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will be restarted automatically. |
RHSA-2009:1060: pidgin security update (Important)oval-com.redhat.rhsa-def-20091060 highRHSA-2009:1060 CVE-2009-1373 CVE-2009-1374 CVE-2009-1375 CVE-2009-1376
RHSA-2009:1060: pidgin security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091060 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1060, CVE-2009-1373, CVE-2009-1374, CVE-2009-1375, CVE-2009-1376 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A buffer overflow flaw was found in the way Pidgin initiates file transfers when using the Extensible Messaging and Presence Protocol (XMPP). If a Pidgin client initiates a file transfer, and the remote target sends a malformed response, it could cause Pidgin to crash or, potentially, execute arbitrary code with the permissions of the user running Pidgin. This flaw only affects accounts using XMPP, such as Jabber and Google Talk. (CVE-2009-1373) A denial of service flaw was found in Pidgin's QQ protocol decryption handler. When the QQ protocol decrypts packet information, heap data can be overwritten, possibly causing Pidgin to crash. (CVE-2009-1374) A flaw was found in the way Pidgin's PurpleCircBuffer object is expanded. If the buffer is full when more data arrives, the data stored in this buffer becomes corrupted. This corrupted data could result in confusing or misleading data being presented to the user, or possibly crash Pidgin. (CVE-2009-1375) It was discovered that on 32-bit platforms, the Red Hat Security Advisory RHSA-2008:0584 provided an incomplete fix for the integer overflow flaw affecting Pidgin's MSN protocol handler. If a Pidgin client receives a specially-crafted MSN message, it may be possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-1376) Note: By default, when using an MSN account, only users on your buddy list can send you messages. This prevents arbitrary MSN users from exploiting this flaw. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2009:1061: freetype security update (Important)oval-com.redhat.rhsa-def-20091061 highRHSA-2009:1061 CVE-2009-0946
RHSA-2009:1061: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091061 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1061, CVE-2009-0946 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. Tavis Ormandy of the Google Security Team discovered several integer overflow flaws in the FreeType 2 font engine. If a user loaded a carefully-crafted font file with an application linked against FreeType 2, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0946) Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2009:1066: squirrelmail security update (Important)oval-com.redhat.rhsa-def-20091066 highRHSA-2009:1066 CVE-2009-1578 CVE-2009-1579 CVE-2009-1581
RHSA-2009:1066: squirrelmail security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091066 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1066, CVE-2009-1578, CVE-2009-1579, CVE-2009-1581 |
| Description | SquirrelMail is a standards-based webmail package written in PHP. A server-side code injection flaw was found in the SquirrelMail "map_yp_alias" function. If SquirrelMail was configured to retrieve a user's IMAP server address from a Network Information Service (NIS) server via the "map_yp_alias" function, an unauthenticated, remote attacker using a specially-crafted username could use this flaw to execute arbitrary code with the privileges of the web server. (CVE-2009-1579) Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. An attacker could construct a carefully crafted URL, which once visited by an unsuspecting user, could cause the user's web browser to execute malicious script in the context of the visited SquirrelMail web page. (CVE-2009-1578) It was discovered that SquirrelMail did not properly sanitize Cascading Style Sheets (CSS) directives used in HTML mail. A remote attacker could send a specially-crafted email that could place mail content above SquirrelMail's controls, possibly allowing phishing and cross-site scripting attacks. (CVE-2009-1581) Users of squirrelmail should upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2009:1075: httpd security update (Moderate)oval-com.redhat.rhsa-def-20091075 mediumRHSA-2009:1075 CVE-2008-1678 CVE-2009-1195
RHSA-2009:1075: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091075 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1075, CVE-2008-1678, CVE-2009-1195 |
| Description | The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678) Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5 prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e version. A flaw was found in the handling of the "Options" and "AllowOverride" directives. In configurations using the "AllowOverride" directive with certain "Options=" arguments, local users were not restricted from executing commands from a Server-Side-Include script as intended. (CVE-2009-1195) All httpd users should upgrade to these updated packages, which contain backported patches to resolve these issues. Users must restart httpd for this update to take effect. |
RHSA-2009:1082: cups security update (Important)oval-com.redhat.rhsa-def-20091082 highRHSA-2009:1082 CVE-2009-0949
RHSA-2009:1082: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091082 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1082, CVE-2009-0949 |
| Description | The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially-crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2009:1083: cups security update (Important)oval-com.redhat.rhsa-def-20091083 highRHSA-2009:1083 CVE-2009-0791 CVE-2009-0949 CVE-2009-1196
RHSA-2009:1083: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091083 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1083, CVE-2009-0791, CVE-2009-0949, CVE-2009-1196 |
| Description | The Common UNIX® Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS "pdftops" filter converts Portable Document Format (PDF) files to PostScript. "pdftops" is based on Xpdf and the CUPS imaging library. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially-crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS "pdftops" filter. An attacker could create a malicious PDF file that would cause "pdftops" to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-0791) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting the CVE-2009-0949 flaw, and Swen van Brussel for reporting the CVE-2009-1196 flaw. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2009:1095: firefox security update (Critical)oval-com.redhat.rhsa-def-20091095 highRHSA-2009:1095 CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841
RHSA-2009:1095: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091095 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1095, CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1834, CVE-2009-1835, CVE-2009-1836, CVE-2009-1837, CVE-2009-1838, CVE-2009-1839, CVE-2009-1840, CVE-2009-1841 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838, CVE-2009-1841) Multiple flaws were found in the processing of malformed, local file content. If a user loaded malicious, local content via the file:// URL, it was possible for that content to access other local data. (CVE-2009-1835, CVE-2009-1839) A script, privilege elevation flaw was found in the way Firefox loaded XML User Interface Language (XUL) scripts. Firefox and certain add-ons could load malicious content when certain policy checks did not happen. (CVE-2009-1840) A flaw was found in the way Firefox displayed certain Unicode characters in International Domain Names (IDN). If an IDN contained invalid characters, they may have been displayed as spaces, making it appear to the user that they were visiting a trusted site. (CVE-2009-1834) A flaw was found in the way Firefox handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Firefox instance that is using a proxy server, they may be able to steal sensitive information from the site the user is visiting. (CVE-2009-1836) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.11. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.11, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2009:1096: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20091096 highRHSA-2009:1096 CVE-2009-1392 CVE-2009-1833 CVE-2009-1835 CVE-2009-1838 CVE-2009-1841
RHSA-2009:1096: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091096 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1096, CVE-2009-1392, CVE-2009-1833, CVE-2009-1835, CVE-2009-1838, CVE-2009-1841 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-1392, CVE-2009-1833, CVE-2009-1838, CVE-2009-1841) A flaw was found in the processing of malformed, local file content. If a user loaded malicious, local content via the file:// URL, it was possible for that content to access other local data. (CVE-2009-1835) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:1100: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20091100 mediumRHSA-2009:1100 CVE-2009-1210 CVE-2009-1268 CVE-2009-1269 CVE-2009-1829
RHSA-2009:1100: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091100 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1100, CVE-2009-1210, CVE-2009-1268, CVE-2009-1269, CVE-2009-1829 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A format string flaw was found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-1210) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-1268, CVE-2009-1269, CVE-2009-1829) Users of wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.8, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2009:1101: cscope security update (Moderate)oval-com.redhat.rhsa-def-20091101 mediumRHSA-2009:1101 CVE-2004-2541 CVE-2006-4262 CVE-2009-0148 CVE-2009-1577
RHSA-2009:1101: cscope security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091101 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1101, CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577 |
| Description | cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541, CVE-2006-4262, CVE-2009-0148, CVE-2009-1577) All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect. |
RHSA-2009:1102: cscope security update (Moderate)oval-com.redhat.rhsa-def-20091102 mediumRHSA-2009:1102 CVE-2004-2541 CVE-2009-0148
RHSA-2009:1102: cscope security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091102 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1102, CVE-2004-2541, CVE-2009-0148 |
| Description | cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541, CVE-2009-0148) All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect. |
RHSA-2009:1106: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091106 highRHSA-2009:1106 CVE-2009-1072 CVE-2009-1192 CVE-2009-1439 CVE-2009-1630 CVE-2009-1633 CVE-2009-1758 CVE-2009-3238
RHSA-2009:1106: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091106 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1106, CVE-2009-1072, CVE-2009-1192, CVE-2009-1439, CVE-2009-1630, CVE-2009-1633, CVE-2009-1758, CVE-2009-3238 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. (CVE-2009-1439, CVE-2009-1633, Important) * the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users. This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate) * Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations. This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems. (CVE-2009-1630, Moderate) * a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel. (CVE-2009-1758, Moderate) * a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak. (CVE-2009-1192, Low) Bug fixes: * a race in the NFS client between destroying cached access rights and unmounting an NFS file system could have caused a system crash. "Busy inodes" messages may have been logged. (BZ#498653) * nanosleep() could sleep several milliseconds less than the specified time on Intel Itanium®-based systems. (BZ#500349) * LEDs for disk drives in AHCI mode may have displayed a fault state when there were no faults. (BZ#500120) * ptrace_do_wait() reported tasks were stopped each time the process doing the trace called wait(), instead of reporting it once. (BZ#486945) * epoll_wait() may have caused a system lockup and problems for applications. (BZ#497322) * missing capabilities could possibly allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented. (BZ#497271) * on NFS mounted file systems, heavy write loads may have blocked nfs_getattr() for long periods, causing commands that use stat(2), such as ls, to hang. (BZ#486926) * in rare circumstances, if an application performed multiple O_DIRECT reads per virtual memory page and also performed fork(2), the buffer storing the result of the I/O may have ended up with invalid data. (BZ#486921) * when using GFS2, gfs2_quotad may have entered an uninterpretable sleep state. (BZ#501742) * with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned. (BZ#499783) * the "-fwrapv" flag was added to the gcc build options to prevent gcc from optimizing away wrapping. (BZ#501751) * a kernel panic when enabling and disabling iSCSI paths. (BZ#502916) * using the Broadcom NetXtreme BCM5704 network device with the tg3 driver caused high system load and very bad performance. (BZ#502837) * "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes able to use the ptrace() call on a given process; however, certain information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used to reconstruct memory maps. (BZ#499546) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:1107: apr-util security update (Moderate)oval-com.redhat.rhsa-def-20091107 mediumRHSA-2009:1107 CVE-2009-0023 CVE-2009-1955 CVE-2009-1956
RHSA-2009:1107: apr-util security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091107 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1107, CVE-2009-0023, CVE-2009-1955, CVE-2009-1956 |
| Description | apr-util is a utility library used with the Apache Portable Runtime (APR). It aims to provide a free library of C data structures and routines. This library contains additional utility interfaces for APR; including support for XML, LDAP, database interfaces, URI parsing, and more. An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments. An attacker could provide a specially-crafted string as input for the formatted output conversion routine, which could, on big-endian platforms, potentially lead to the disclosure of sensitive information or a denial of service (application crash). (CVE-2009-1956) Note: The CVE-2009-1956 flaw only affects big-endian platforms, such as the IBM S/390 and PowerPC. It does not affect users using the apr-util package on little-endian platforms, due to their different organization of byte ordering used to represent particular data. A denial of service flaw was found in the apr-util Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine. (CVE-2009-1955) A heap-based underwrite flaw was found in the way apr-util created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine. (CVE-2009-0023) All apr-util users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the Apache Portable Runtime library, such as httpd, must be restarted for this update to take effect. |
RHSA-2009:1116: cyrus-imapd security update (Important)oval-com.redhat.rhsa-def-20091116 highRHSA-2009:1116 CVE-2009-0688
RHSA-2009:1116: cyrus-imapd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091116 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1116, CVE-2009-0688 |
| Description | The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library (cyrus-sasl) does not always reliably terminate output from the sasl_encode64() function used by programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on this function's output being properly terminated. Under certain conditions, improperly terminated output from sasl_encode64() could, potentially, cause cyrus-imapd to crash, disclose portions of its memory, or lead to SASL authentication failures. (CVE-2009-0688) Users of cyrus-imapd are advised to upgrade to these updated packages, which resolve this issue. After installing the update, cyrus-imapd will be restarted automatically. |
RHSA-2009:1122: icu security update (Moderate)oval-com.redhat.rhsa-def-20091122 mediumRHSA-2009:1122 CVE-2009-0153
RHSA-2009:1122: icu security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091122 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1122, CVE-2009-0153 |
| Description | The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. A flaw was found in the way ICU processed certain, invalid byte sequences during Unicode conversion. If an application used ICU to decode malformed, multibyte character data, it may have been possible to bypass certain content protection mechanisms, or display information in a manner misleading to the user. (CVE-2009-0153) All users of icu should upgrade to these updated packages, which contain backported patches to resolve this issue. |
RHSA-2009:1123: gstreamer-plugins-good security update (Moderate)oval-com.redhat.rhsa-def-20091123 mediumRHSA-2009:1123 CVE-2009-1932
RHSA-2009:1123: gstreamer-plugins-good security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091123 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1123, CVE-2009-1932 |
| Description | GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, good quality GStreamer plug-ins. Multiple integer overflow flaws, that could lead to a buffer overflow, were found in the GStreamer Good Plug-ins PNG decoding handler. An attacker could create a specially-crafted PNG file that would cause an application using the GStreamer Good Plug-ins library to crash or, potentially, execute arbitrary code as the user running the application when parsed. (CVE-2009-1932) All users of gstreamer-plugins-good are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, all applications using GStreamer Good Plug-ins (such as some media playing applications) must be restarted for the changes to take effect. |
RHSA-2009:1125: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20091125 mediumRHSA-2009:1125 CVE-2009-1303 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1309 CVE-2009-1392 CVE-2009-1833 CVE-2009-1838 CVE-2009-2210
RHSA-2009:1125: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091125 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1125, CVE-2009-1303, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1309, CVE-2009-1392, CVE-2009-1833, CVE-2009-1838, CVE-2009-2210 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1309) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2009:1126: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20091126 mediumRHSA-2009:1126 CVE-2009-1303 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1392 CVE-2009-1833 CVE-2009-1836 CVE-2009-1838 CVE-2009-2210
RHSA-2009:1126: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091126 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1126, CVE-2009-1303, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1392, CVE-2009-1833, CVE-2009-1836, CVE-2009-1838, CVE-2009-2210 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-1392, CVE-2009-1303, CVE-2009-1305, CVE-2009-1833, CVE-2009-1838) Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. (CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309) A flaw was found in the way Thunderbird handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Thunderbird instance that is using a proxy server, they may be able to steal sensitive information from the site Thunderbird is displaying. (CVE-2009-1836) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2009:1127: kdelibs security update (Critical)oval-com.redhat.rhsa-def-20091127 highRHSA-2009:1127 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
RHSA-2009:1127: kdelibs security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091127 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1127, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698 |
| Description | The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS "style" attribute. A remote attacker could create a specially-crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) A flaw was found in the way the KDE HTML parser handled content for the HTML "head" element. A remote attacker could create a specially-crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1690) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the KDE JavaScript garbage collector handled memory allocation requests. A remote attacker could create a specially-crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1687) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2009:1130: kdegraphics security update (Critical)oval-com.redhat.rhsa-def-20091130 highRHSA-2009:1130 CVE-2009-0945 CVE-2009-1709
RHSA-2009:1130: kdegraphics security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091130 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1130, CVE-2009-0945, CVE-2009-1709 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment (KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe vector images. KSVG is a framework aimed at implementing the latest W3C SVG specifications. A use-after-free flaw was found in the KDE KSVG animation element implementation. A remote attacker could create a specially-crafted SVG image, which once opened by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1709) A NULL pointer dereference flaw was found in the KDE, KSVG SVGList interface implementation. A remote attacker could create a specially-crafted SVG image, which once opened by an unsuspecting user, would cause memory corruption, leading to a denial of service (Konqueror crash). (CVE-2009-0945) All users of kdegraphics should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2009:1132: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091132 highRHSA-2009:1132 CVE-2009-1072 CVE-2009-1192 CVE-2009-1385 CVE-2009-1630 CVE-2009-1758
RHSA-2009:1132: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091132 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1132, CVE-2009-1072, CVE-2009-1192, CVE-2009-1385, CVE-2009-1630, CVE-2009-1758 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially-crafted packet that would cause a denial of service. (CVE-2009-1385, Important) * the Linux kernel Network File System daemon (nfsd) implementation did not drop the CAP_MKNOD capability when handling requests from local, unprivileged users. This flaw could possibly lead to an information leak or privilege escalation. (CVE-2009-1072, Moderate) * Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations. This could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems. (CVE-2009-1630, Moderate) * a missing check was found in the hypervisor_callback() function in the Linux kernel provided by the kernel-xen package. This could cause a denial of service of a 32-bit guest if an application running in that guest accesses a certain memory location in the kernel. (CVE-2009-1758, Moderate) * a flaw was found in the AGPGART driver. The agp_generic_alloc_page() and agp_generic_alloc_pages() functions did not zero out the memory pages they allocate, which may later be available to user-space processes. This flaw could possibly lead to an information leak. (CVE-2009-1192, Low) These updated packages also fix the following bugs: * "/proc/[pid]/maps" and "/proc/[pid]/smaps" can only be read by processes able to use the ptrace() call on a given process; however, certain information from "/proc/[pid]/stat" and "/proc/[pid]/wchan" could be used to reconstruct memory maps, making it possible to bypass the Address Space Layout Randomization (ASLR) security feature. This update addresses this issue. (BZ#499549) * in some situations, the link count was not decreased when renaming unused files on NFS mounted file systems. This may have resulted in poor performance. With this update, the link count is decreased in these situations, the same as is done for other file operations, such as unlink and rmdir. (BZ#501802) * tcp_ack() cleared the probes_out variable even if there were outstanding packets. When low TCP keepalive intervals were used, this bug may have caused problems, such as connections terminating, when using remote tools such as rsh and rlogin. (BZ#501754) * off-by-one errors in the time normalization code could have caused clock_gettime() to return one billion nanoseconds, rather than adding an extra second. This bug could have caused the name service cache daemon (nscd) to consume excessive CPU resources. (BZ#501800) * a system panic could occur when one thread read "/proc/bus/input/devices" while another was removing a device. With this update, a mutex has been added to protect the input_dev_list and input_handler_list variables, which resolves this issue. (BZ#501804) * using netdump may have caused a kernel deadlock on some systems. (BZ#504565) * the file system mask, which lists capabilities for users with a file system user ID (fsuid) of 0, was missing the CAP_MKNOD and CAP_LINUX_IMMUTABLE capabilities. This could, potentially, allow users with an fsuid other than 0 to perform actions on some file system types that would otherwise be prevented. This update adds these capabilities. (BZ#497269) All Red Hat Enterprise Linux 4 users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The system must be rebooted for this update to take effect. |
RHSA-2009:1134: seamonkey security update (Important)oval-com.redhat.rhsa-def-20091134 highRHSA-2009:1134 CVE-2009-2210
RHSA-2009:1134: seamonkey security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091134 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1134, CVE-2009-2210 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way that SeaMonkey parsed malformed HTML mail messages. If a user opened a specially-crafted HTML mail message, it could cause SeaMonkey to crash or, possibly, to execute arbitrary code as the user running SeaMonkey. (CVE-2009-2210) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:1136: dhcp security update (Critical)oval-com.redhat.rhsa-def-20091136 highRHSA-2009:1136 CVE-2009-0692
RHSA-2009:1136: dhcp security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091136 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1136, CVE-2009-0692 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The Mandriva Linux Engineering Team discovered a stack-based buffer overflow flaw in the ISC DHCP client. If the DHCP client were to receive a malicious DHCP response, it could crash or execute arbitrary code with the permissions of the client (root). (CVE-2009-0692) Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2009:1138: openswan security update (Important)oval-com.redhat.rhsa-def-20091138 highRHSA-2009:1138 CVE-2009-2185
RHSA-2009:1138: openswan security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091138 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1138, CVE-2009-2185 |
| Description | Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted network is encrypted by the IPsec gateway machine, and decrypted by the gateway at the other end of the tunnel. The resulting tunnel is a virtual private network (VPN). Multiple insufficient input validation flaws were found in the way Openswan's pluto IKE daemon processed some fields of X.509 certificates. A remote attacker could provide a specially-crafted X.509 certificate that would crash the pluto daemon. (CVE-2009-2185) All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the ipsec service will be restarted automatically. |
RHSA-2009:1139: pidgin security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20091139 mediumRHSA-2009:1139 CVE-2009-1889
RHSA-2009:1139: pidgin security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091139 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1139, CVE-2009-1889 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for CommunicAtion in Realtime (OSCAR) protocol is used by the AOL ICQ and AIM instant messaging systems. A denial of service flaw was found in the Pidgin OSCAR protocol implementation. If a remote ICQ user sent a web message to a local Pidgin user using this protocol, it would cause excessive memory usage, leading to a denial of service (Pidgin crash). (CVE-2009-1889) These updated packages also fix the following bug: * the Yahoo! Messenger Protocol changed, making it incompatible (and unusable) with Pidgin versions prior to 2.5.7. This update provides Pidgin 2.5.8, which implements version 16 of the Yahoo! Messenger Protocol, which resolves this issue. Note: These packages upgrade Pidgin to version 2.5.8. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog All Pidgin users should upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2009:1140: ruby security update (Moderate)oval-com.redhat.rhsa-def-20091140 mediumRHSA-2009:1140 CVE-2007-1558 CVE-2009-0642 CVE-2009-1904
RHSA-2009:1140: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091140 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1140, CVE-2007-1558, CVE-2009-0642, CVE-2009-1904 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way the Ruby POP module processed certain APOP authentication requests. By sending certain responses when the Ruby APOP module attempted to authenticate using APOP against a POP server, a remote attacker could, potentially, acquire certain portions of a user's authentication credentials. (CVE-2007-1558) It was discovered that Ruby did not properly check the return value when verifying X.509 certificates. This could, potentially, allow a remote attacker to present an invalid X.509 certificate, and have Ruby treat it as valid. (CVE-2009-0642) A flaw was found in the way Ruby converted BigDecimal objects to Float numbers. If an attacker were able to provide certain input for the BigDecimal object converter, they could crash an application using this class. (CVE-2009-1904) All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2009:1148: httpd security update (Important)oval-com.redhat.rhsa-def-20091148 highRHSA-2009:1148 CVE-2009-1890 CVE-2009-1891
RHSA-2009:1148: httpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091148 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1148, CVE-2009-1890, CVE-2009-1891 |
| Description | The Apache HTTP Server is a popular Web server. A denial of service flaw was found in the Apache mod_proxy module when it was used as a reverse proxy. A remote attacker could use this flaw to force a proxy process to consume large amounts of CPU time. (CVE-2009-1890) A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2009:1159: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20091159 mediumRHSA-2009:1159 CVE-2009-2285 CVE-2009-2347
RHSA-2009:1159: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091159 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1159, CVE-2009-2285, CVE-2009-2347 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Several integer overflow flaws, leading to heap-based buffer overflows, were found in various libtiff color space conversion tools. An attacker could create a specially-crafted TIFF file, which once opened by an unsuspecting user, would cause the conversion tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool. (CVE-2009-2347) A buffer underwrite flaw was found in libtiff's Lempel-Ziv-Welch (LZW) compression algorithm decoder. An attacker could create a specially-crafted LZW-encoded TIFF file, which once opened by an unsuspecting user, would cause an application linked with libtiff to access an out-of-bounds memory location, leading to a denial of service (application crash). (CVE-2009-2285) The CVE-2009-2347 flaws were discovered by Tielei Wang from ICST-ERCIS, Peking University. All libtiff users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all applications linked with the libtiff library (such as Konqueror) must be restarted for the update to take effect. |
RHSA-2009:1162: firefox security update (Critical)oval-com.redhat.rhsa-def-20091162 highRHSA-2009:1162 CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472 CVE-2009-2664
RHSA-2009:1162: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091162 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1162, CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2470, CVE-2009-2471, CVE-2009-2472, CVE-2009-2664 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464, CVE-2009-2465, CVE-2009-2466, CVE-2009-2467, CVE-2009-2469, CVE-2009-2471) Several flaws were found in the way Firefox handles malformed JavaScript code. A website containing malicious content could launch a cross-site scripting (XSS) attack or execute arbitrary JavaScript with the permissions of another website. (CVE-2009-2472) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.12. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2009:1163: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20091163 highRHSA-2009:1163 CVE-2009-2462 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470
RHSA-2009:1163: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1163, CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-2470 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:1164: tomcat security update (Important)oval-com.redhat.rhsa-def-20091164 highRHSA-2009:1164 CVE-2007-5333 CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783
RHSA-2009:1164: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1164, CVE-2007-5333, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the Red Hat Security Advisory RHSA-2007:0871 did not address all possible flaws in the way Tomcat handles certain characters and character sequences in cookie values. A remote attacker could use this flaw to obtain sensitive information, such as session IDs, and then use this information for session hijacking attacks. (CVE-2007-5333) Note: The fix for the CVE-2007-5333 flaw changes the default cookie processing behavior: with this update, version 0 cookies that contain values that must be quoted to be valid are automatically changed to version 1 cookies. To reactivate the previous, but insecure behavior, add the following entry to the "/etc/tomcat5/catalina.properties" file: org.apache.tomcat.util.http.ServerCookie.VERSION_SWITCH=false It was discovered that request dispatchers did not properly normalize user requests that have trailing query strings, allowing remote attackers to send specially-crafted requests that would cause an information leak. (CVE-2008-5515) A flaw was found in the way the Tomcat AJP (Apache JServ Protocol) connector processes AJP connections. An attacker could use this flaw to send specially-crafted requests that would cause a temporary denial of service. (CVE-2009-0033) It was discovered that the error checking methods of certain authentication classes did not have sufficient error checking, allowing remote attackers to enumerate (via brute force methods) usernames registered with applications running on Tomcat when FORM-based authentication was used. (CVE-2009-0580) A cross-site scripting (XSS) flaw was found in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the "time" parameter. (CVE-2009-0781) It was discovered that web applications containing their own XML parsers could replace the XML parser Tomcat uses to parse configuration files. A malicious web application running on a Tomcat instance could read or, potentially, modify the configuration and XML-based data of other web applications deployed on the same Tomcat instance. (CVE-2009-0783) Users of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2009:1176: python security update (Moderate)oval-com.redhat.rhsa-def-20091176 mediumRHSA-2009:1176 CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031
RHSA-2009:1176: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091176 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1176, CVE-2007-2052, CVE-2007-4965, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144, CVE-2008-4864, CVE-2008-5031 |
| Description | Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887) Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031) Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2007-4965, CVE-2008-4864) Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144) Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143) An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1721) A flaw was discovered in the strxfrm() function of the Python locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Red Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-2315 issue. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2009:1177: python security update (Moderate)oval-com.redhat.rhsa-def-20091177 mediumRHSA-2009:1177 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031
RHSA-2009:1177: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091177 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1177, CVE-2008-1679, CVE-2008-1721, CVE-2008-1887, CVE-2008-2315, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144, CVE-2008-4864, CVE-2008-5031 |
| Description | Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887) Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031) Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864) Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144) Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143) An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1721) Red Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2009:1179: bind security update (Important)oval-com.redhat.rhsa-def-20091179 highRHSA-2009:1179 CVE-2009-0696
RHSA-2009:1179: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091179 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1179, CVE-2009-0696 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. (CVE-2009-0696) Note: even if named is not configured for dynamic updates, receiving such a specially-crafted dynamic update packet could still cause named to exit unexpectedly. All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2009:1180: bind security and bug fix update (Important)oval-com.redhat.rhsa-def-20091180 highRHSA-2009:1180 CVE-2009-0696
RHSA-2009:1180: bind security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1180, CVE-2009-0696 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion failure. (CVE-2009-0696) Note: even if named is not configured for dynamic updates, receiving such a specially-crafted dynamic update packet could still cause named to exit unexpectedly. This update also fixes the following bug: * when running on a system receiving a large number of (greater than 4,000) DNS requests per second, the named DNS nameserver became unresponsive, and the named service had to be restarted in order for it to continue serving requests. This was caused by a deadlock occurring between two threads that led to the inability of named to continue to service requests. This deadlock has been resolved with these updated packages so that named no longer becomes unresponsive under heavy load. (BZ#512668) All BIND users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2009:1184: nspr and nss security and bug fix update (Critical)oval-com.redhat.rhsa-def-20091184 highRHSA-2009:1184 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409
RHSA-2009:1184: nspr and nss security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091184 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1184, CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 |
| Description | Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) These version upgrades also provide a fix for the following bug: * SSL client authentication failed against an Apache server when it was using the mod_nss module and configured for NSSOCSP. On the client side, the user agent received an error message that referenced "Error Code: -12271" and stated that establishing an encrypted connection had failed because the certificate had been rejected by the host. On the server side, the nss_error_log under /var/log/httpd/ contained the following message: [error] Re-negotiation handshake failed: Not accepted by client!? Also, /var/log/httpd/error_log contained this error: SSL Library Error: -8071 The OCSP server experienced an internal error With these updated packages, the dependency problem which caused this failure has been resolved so that SSL client authentication with an Apache web server using mod_nss which is configured for NSSOCSP succeeds as expected. Note that if the presented client certificate is expired, then access is denied, the user agent is presented with an error message about the invalid certificate, and the OCSP queries are seen in the OCSP responder. Also, similar OCSP status verification happens for SSL server certificates used in Apache upon instance start or restart. (BZ#508027) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues. |
RHSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical)oval-com.redhat.rhsa-def-20091186 highRHSA-2009:1186 CVE-2009-2404 CVE-2009-2408 CVE-2009-2409
RHSA-2009:1186: nspr and nss security, bug fix, and enhancement update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091186 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1186, CVE-2009-2404, CVE-2009-2408, CVE-2009-2409 |
| Description | Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. These updated packages upgrade NSS from the previous version, 3.12.2, to a prerelease of version 3.12.4. The version of NSPR has also been upgraded from 4.7.3 to 4.7.4. Moxie Marlinspike reported a heap overflow flaw in a regular expression parser in the NSS library used by browsers such as Mozilla Firefox to match common names in certificates. A malicious website could present a carefully-crafted certificate in such a way as to trigger the heap overflow, leading to a crash or, possibly, arbitrary code execution with the permissions of the user running the browser. (CVE-2009-2404) Note: in order to exploit this issue without further user interaction in Firefox, the carefully-crafted certificate would need to be signed by a Certificate Authority trusted by Firefox, otherwise Firefox presents the victim with a warning that the certificate is untrusted. Only if the user then accepts the certificate will the overflow take place. Dan Kaminsky discovered flaws in the way browsers such as Firefox handle NULL characters in a certificate. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by Firefox, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Firefox into accepting it by mistake. (CVE-2009-2408) Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409) All users of nspr and nss are advised to upgrade to these updated packages, which resolve these issues and add an enhancement. |
RHSA-2009:1193: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091193 highRHSA-2009:1193 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407
RHSA-2009:1193: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091193 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1193, CVE-2007-5966, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * the possibility of a timeout value overflow was found in the Linux kernel high-resolution timers functionality, hrtimers. This could allow a local, unprivileged user to execute arbitrary code, or cause a denial of service (kernel panic). (CVE-2007-5966, Important) * a flaw was found in the Intel PRO/1000 network driver in the Linux kernel. Frames with sizes near the MTU of an interface may be split across multiple hardware receive descriptors. Receipt of such a frame could leak through a validation check, leading to a corruption of the length check. A remote attacker could use this flaw to send a specially-crafted packet that would cause a denial of service or code execution. (CVE-2009-1385, Important) * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than could be handled, which could lead to a remote denial of service or code execution. (CVE-2009-1389, Important) * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2009-1895, Important) * Ramon de Carvalho Valle reported two flaws in the Linux kernel eCryptfs implementation. A local attacker with permissions to perform an eCryptfs mount could modify the metadata of the files in that eCrypfts mount to cause a buffer overflow, leading to a denial of service or privilege escalation. (CVE-2009-2406, CVE-2009-2407, Important) * Konstantin Khlebnikov discovered a race condition in the ptrace implementation in the Linux kernel. This race condition can occur when the process tracing and the process being traced participate in a core dump. A local, unprivileged user could use this flaw to trigger a deadlock, resulting in a partial denial of service. (CVE-2009-1388, Moderate) Bug fixes (see References below for a link to more detailed notes): * possible dom0 crash when a Xen para-virtualized guest was installed while another para-virtualized guest was rebooting. (BZ#497812) * no directory removal audit record if the directory and its subtree were recursively watched by an audit rule. (BZ#507561) * running "echo 1 > /proc/sys/vm/drop_caches" under high memory load could cause a kernel panic. (BZ#503692) * on 32-bit systems, core dumps for some multithreaded applications did not include all thread information. (BZ#505322) * a stack buffer used by get_event_name() was too small for nul terminator sprintf() writes. This could lead to an invalid pointer or kernel panic. (BZ#506906) * when using the aic94xx driver, systems with SATA drives may not boot due to a libsas bug. (BZ#506029) * Wacom Cintiq 21UX and Intuos stylus buttons were handled incorrectly when moved away from and back to these tablets. (BZ#508275) * CPU "soft lockup" messages and possibe system hangs on systems with certain Broadcom network devices and running the Linux kernel from the kernel-xen package. (BZ#503689) * on 64-bit PowerPC, getitimer() failed for programs using the ITIMER_REAL timer that were also compiled for 64-bit systems. This caused such programs to abort. (BZ#510018) * write operations could be blocked even when using O_NONBLOCK. (BZ#510239) * the "pci=nomsi" option was required for installing and booting Red Hat Enterprise Linux 5.2 on systems with VIA VT3364 chipsets. (BZ#507529) * shutting down, destroying, or migrating Xen guests with large amounts of memory could cause other guests to be temporarily unresponsive. (BZ#512311) Users should upgrade to these updated packages, which contain backported patches to correct these issues. Systems must be rebooted for this update to take effect. |
RHSA-2009:1201: java-1.6.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20091201 highRHSA-2009:1201 CVE-2009-0217 CVE-2009-2475 CVE-2009-2476 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2674 CVE-2009-2675 CVE-2009-2689 CVE-2009-2690
RHSA-2009:1201: java-1.6.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091201 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1201, CVE-2009-0217, CVE-2009-2475, CVE-2009-2476, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, CVE-2009-2689, CVE-2009-2690 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the XML Digital Signature implementation in the JRE handled HMAC-based XML signatures. An attacker could use this flaw to create a crafted signature that could allow them to bypass authentication, or trick a user, applet, or application into accepting untrusted content. (CVE-2009-0217) Several potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-2475) It was discovered that OpenType checks can be bypassed. This could allow a rogue application to bypass access restrictions by acquiring references to privileged objects through finalizer resurrection. (CVE-2009-2476) A denial of service flaw was found in the way the JRE processes XML. A remote attacker could use this flaw to supply crafted XML that would lead to a denial of service. (CVE-2009-2625) A flaw was found in the JRE audio system. An untrusted applet or application could use this flaw to gain read access to restricted System properties. (CVE-2009-2670) Two flaws were found in the JRE proxy implementation. An untrusted applet or application could use these flaws to discover the usernames of users running applets and applications, or obtain web browser cookies and use them for session hijacking attacks. (CVE-2009-2671, CVE-2009-2672) An additional flaw was found in the proxy mechanism implementation. This flaw allowed an untrusted applet or application to bypass access restrictions and communicate using non-authorized socket or URL connections to hosts other than the origin host. (CVE-2009-2673) An integer overflow flaw was found in the way the JRE processes JPEG images. An untrusted application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the application. (CVE-2009-2674) An integer overflow flaw was found in the JRE unpack200 functionality. An untrusted applet or application could extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-2675) It was discovered that JDK13Services grants unnecessary privileges to certain object types. This could be misused by an untrusted applet or application to use otherwise restricted functionality. (CVE-2009-2689) An information disclosure flaw was found in the way private Java variables were handled. An untrusted applet or application could use this flaw to obtain information from variables that would otherwise be private. (CVE-2009-2690) Note: The flaws concerning applets in this advisory, CVE-2009-2475, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2689, and CVE-2009-2690, can only be triggered in java-1.6.0-openjdk by calling the "appletviewer" application. This update also fixes the following bug: * the EVR in the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux allowed the java-1.6.0-openjdk package from the EPEL repository to take precedence (appear newer). Users using java-1.6.0-openjdk from EPEL would not have received security updates since October 2008. This update prevents the packages from EPEL from taking precedence. (BZ#499079) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2009:1203: subversion security update (Important)oval-com.redhat.rhsa-def-20091203 highRHSA-2009:1203 CVE-2009-2411
RHSA-2009:1203: subversion security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091203 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1203, CVE-2009-2411 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Matt Lewis, of Google, reported multiple heap overflow flaws in Subversion (server and client) when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution. (CVE-2009-2411) All Subversion users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. |
RHSA-2009:1204: apr and apr-util security update (Moderate)oval-com.redhat.rhsa-def-20091204 mediumRHSA-2009:1204 CVE-2009-2412
RHSA-2009:1204: apr and apr-util security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091204 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1204, CVE-2009-2412 |
| Description | The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It aims to provide a free library of C data structures and routines. apr-util is a utility library used with APR. This library provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially-crafted request for memory allocation, which would lead to a denial of service (application crash) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. (CVE-2009-2412) All apr and apr-util users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. |
RHSA-2009:1206: libxml and libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20091206 mediumRHSA-2009:1206 CVE-2009-2414 CVE-2009-2416
RHSA-2009:1206: libxml and libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1206, CVE-2009-2414, CVE-2009-2416 |
| Description | libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw was found in the way libxml processes the root XML document element definition in a DTD. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2414) Multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. A remote attacker could provide a specially-crafted XML file, which once opened by a local, unsuspecting user, would lead to denial of service (application crash). (CVE-2009-2416) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. For Red Hat Enterprise Linux 3, they contain backported patches for the libxml and libxml2 packages. For Red Hat Enterprise Linux 4 and 5, they contain backported patches for the libxml2 packages. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2009:1209: curl security update (Moderate)oval-com.redhat.rhsa-def-20091209 mediumRHSA-2009:1209 CVE-2009-2417
RHSA-2009:1209: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091209 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1209, CVE-2009-2417 |
| Description | cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Scott Cantor reported that cURL is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse cURL into accepting it by mistake. (CVE-2009-2417) cURL users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications using libcurl must be restarted for the update to take effect. |
RHSA-2009:1211: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091211 highRHSA-2009:1211 CVE-2009-1389 CVE-2009-1439 CVE-2009-1633
RHSA-2009:1211: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091211 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1211, CVE-2009-1389, CVE-2009-1439, CVE-2009-1633 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * Michael Tokarev reported a flaw in the Realtek r8169 Ethernet driver in the Linux kernel. This driver allowed interfaces using this driver to receive frames larger than what could be handled. This could lead to a remote denial of service or code execution. (CVE-2009-1389, Important) * a buffer overflow flaw was found in the CIFSTCon() function of the Linux kernel Common Internet File System (CIFS) implementation. When mounting a CIFS share, a malicious server could send an overly-long string to the client, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. (CVE-2009-1439, Important) * several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings. CIFS clients convert Unicode strings sent by a server to their local character sets, and then write those strings into memory. If a malicious server sent a long enough string, it could write past the end of the target memory region and corrupt other memory areas, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. (CVE-2009-1633, Important) These updated packages also fix the following bugs: * when using network bonding in the "balance-tlb" or "balance-alb" mode, the primary setting for the primary slave device was lost when said device was brought down (ifdown). Bringing the slave interface back up (ifup) did not restore the primary setting (the device was not made the active slave). (BZ#507563) * a bug in timer_interrupt() may have caused the system time to move up to two days or more into the future, or to be delayed for several minutes. This bug only affected Intel 64 and AMD64 systems that have the High Precision Event Timer (HPET) enabled in the BIOS, and could have caused problems for applications that require timing to be accurate. (BZ#508835) * a race condition was resolved in the Linux kernel block layer between show_partition() and rescan_partitions(). This could have caused a NULL pointer dereference in show_partition(), leading to a system crash (kernel panic). This issue was most likely to occur on systems running monitoring software that regularly scanned hard disk partitions, or from repeatedly running commands that probe for partition information. (BZ#512310) * previously, the Stratus memory tracker missed certain modified pages. With this update, information about the type of page (small page or huge page) is passed to the Stratus memory tracker, which resolves this issue. The fix for this issue does not affect systems that do not use memory tracking. (BZ#513182) * a bug may have caused a system crash when using the cciss driver, due to an uninitialized kernel structure. A reported case of this issue occurred after issuing consecutive SCSI TUR commands (sg_turs sends SCSI test-unit-ready commands in a loop). (BZ#513189) * a bug in the SCSI implementation caused "Aborted Command - internal target failure" errors to be sent to Device-Mapper Multipath, without retries, resulting in Device-Mapper Multipath marking the path as failed and making a path group switch. With this update, all errors that return a sense key in the SCSI mid layer (including "Aborted Command - internal target failure") are retried. (BZ#514007) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:1218: pidgin security update (Critical)oval-com.redhat.rhsa-def-20091218 highRHSA-2009:1218 CVE-2009-2694
RHSA-2009:1218: pidgin security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091218 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1218, CVE-2009-2694 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Federico Muttis of Core Security Technologies discovered a flaw in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin. (CVE-2009-2694) Note: Users can change their privacy settings to only allow messages from users on their buddy list to limit the impact of this flaw. These packages upgrade Pidgin to version 2.5.9. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog All Pidgin users should upgrade to these updated packages, which resolve this issue. Pidgin must be restarted for this update to take effect. |
RHSA-2009:1219: libvorbis security update (Important)oval-com.redhat.rhsa-def-20091219 highRHSA-2009:1219 CVE-2009-2663
RHSA-2009:1219: libvorbis security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091219 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1219, CVE-2009-2663 |
| Description | The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. An insufficient input validation flaw was found in the way libvorbis processes the codec file headers (static mode headers and encoding books) of the Ogg Vorbis audio file format (Ogg). A remote attacker could provide a specially-crafted Ogg file that would cause a denial of service (memory corruption and application crash) or, potentially, execute arbitrary code with the privileges of an application using the libvorbis library when opened by a victim. (CVE-2009-2663) Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2009:1222: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091222 highRHSA-2009:1222 CVE-2009-2692 CVE-2009-2698
RHSA-2009:1222: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091222 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1222, CVE-2009-2692, CVE-2009-2698 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. These updated packages also fix the following bug: * in the dlm code, a socket was allocated in tcp_connect_to_sock(), but was not freed in the error exit path. This bug led to a memory leak and an unresponsive system. A reported case of this bug occurred after running "cman_tool kill -n [nodename]". (BZ#515432) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:1223: kernel security update (Important)oval-com.redhat.rhsa-def-20091223 highRHSA-2009:1223 CVE-2009-2692 CVE-2009-2698
RHSA-2009:1223: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091223 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1223, CVE-2009-2692, CVE-2009-2698 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw was found in the SOCKOPS_WRAP macro in the Linux kernel. This macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2692, Important) * a flaw was found in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2698, Important) Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google Security Team for responsibly reporting these flaws. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:1232: gnutls security update (Moderate)oval-com.redhat.rhsa-def-20091232 mediumRHSA-2009:1232 CVE-2009-2730
RHSA-2009:1232: gnutls security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091232 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1232, CVE-2009-2730 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue. |
RHSA-2009:1238: dnsmasq security update (Important)oval-com.redhat.rhsa-def-20091238 highRHSA-2009:1238 CVE-2009-2957 CVE-2009-2958
RHSA-2009:1238: dnsmasq security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091238 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1238, CVE-2009-2957, CVE-2009-2958 |
| Description | Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCP server. Core Security Technologies discovered a heap overflow flaw in dnsmasq when the TFTP service is enabled (the "--enable-tftp" command line option, or by enabling "enable-tftp" in "/etc/dnsmasq.conf"). If the configured tftp-root is sufficiently long, and a remote user sends a request that sends a long file name, dnsmasq could crash or, possibly, execute arbitrary code with the privileges of the dnsmasq service (usually the unprivileged "nobody" user). (CVE-2009-2957) A NULL pointer dereference flaw was discovered in dnsmasq when the TFTP service is enabled. This flaw could allow a malicious TFTP client to crash the dnsmasq service. (CVE-2009-2958) Note: The default tftp-root is "/var/ftpd", which is short enough to make it difficult to exploit the CVE-2009-2957 issue; if a longer directory name is used, arbitrary code execution may be possible. As well, the dnsmasq package distributed by Red Hat does not have TFTP support enabled by default. All users of dnsmasq should upgrade to this updated package, which contains a backported patch to correct these issues. After installing the updated package, the dnsmasq service must be restarted for the update to take effect. |
RHSA-2009:1243: Red Hat Enterprise Linux 5.4 kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091243 highRHSA-2009:1243 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848
RHSA-2009:1243: Red Hat Enterprise Linux 5.4 kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091243 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1243, CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) * a flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by performing a resize operation on a specially-crafted ext4 file system. (CVE-2009-0745, Low) * multiple flaws were found in the ext4 file system code. A local attacker could use these flaws to cause a denial of service by mounting a specially-crafted ext4 file system. (CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.4 Release Notes for information on the most significant of these changes: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, see the kernel chapter in the Red Hat Enterprise Linux 5.4 Technical Notes: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2009:1278: lftp security and bug fix update (Low)oval-com.redhat.rhsa-def-20091278 lowRHSA-2009:1278 CVE-2007-2348
RHSA-2009:1278: lftp security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20091278 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:1278, CVE-2007-2348 |
| Description | LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like bash, it has job control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind. It was discovered that lftp did not properly escape shell metacharacters when generating shell scripts using the "mirror --script" command. A mirroring script generated to download files from a malicious FTP server could allow an attacker controlling the FTP server to run an arbitrary command as the user running lftp. (CVE-2007-2348) This update also fixes the following bugs: * when using the "mirror" or "get" commands with the "-c" option, lftp did not check for some specific conditions that could result in the program becoming unresponsive, hanging and the command not completing. For example, when waiting for a directory listing, if lftp received a "226" message, denoting an empty directory, it previously ignored the message and kept waiting. With this update, these conditions are properly checked for and lftp no longer hangs when "-c" is used with "mirror" or "get". (BZ#422881) * when using the "put", "mput" or "reput" commands over a Secure FTP (SFTP) connection, specifying the "-c" option sometimes resulted in corrupted files of incorrect size. With this update, using these commands over SFTP with the "-c" option works as expected, and transferred files are no longer corrupted in the transfer process. (BZ#434294) * previously, LFTP linked to the OpenSSL library. OpenSSL's license is, however, incompatible with LFTP's GNU GPL license and LFTP does not include an exception allowing OpenSSL linking. With this update, LFTP links to the GnuTLS (GNU Transport Layer Security) library, which is released under the GNU LGPL license. Like OpenSSL, GnuTLS implements the SSL and TLS protocols, so functionality has not changed. (BZ#458777) * running "help mirror" from within lftp only presented a sub-set of the available options compared to the full list presented in the man page. With this update, running "help mirror" in lftp presents the same list of mirror options as is available in the Commands section of the lftp man page. (BZ#461922) * LFTP imports gnu-lib from upstream. Subsequent to gnu-lib switching from GNU GPLv2 to GNU GPLv3, the LFTP license was internally inconsistent, with LFTP licensed as GNU GPLv2 but portions of the package apparently licensed as GNU GPLv3 because of changes made by the gnu-lib import. With this update, LFTP itself switches to GNU GPLv3, resolving the inconsistency. (BZ#468858) * when the "ls" command was used within lftp to present a directory listing on a remote system connected to via HTTP, file names containing spaces were presented incorrectly. This update corrects this behavior. (BZ#504591) * the default alias "edit" did not define a default editor. If EDITOR was not set in advance by the system, lftp attempted to execute "~/.lftp/edit.tmp.$$" (which failed because the file is not set to executable). The edit alias also did not support tab-completion of file names and incorrectly interpreted file names containing spaces. The updated package defines a default editor (vi) in the absence of a system-defined EDITOR. The edit alias now also supports tab-completion and handles file names containing spaces correctly for both downloading and uploading. (BZ#504594) Note: This update upgrades LFTP from version 3.7.3 to upstream version 3.7.11, which incorporates a number of further bug fixes to those noted above. For details regarding these fixes, refer to the "/usr/share/doc/lftp-3.7.11/NEWS" file after installing this update. (BZ#308721) All LFTP users are advised to upgrade to this updated package, which resolves these issues. |
RHSA-2009:1287: openssh security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20091287 lowRHSA-2009:1287 CVE-2008-5161
RHSA-2009:1287: openssh security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20091287 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:1287, CVE-2008-5161 |
| Description | OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH communication. This update helps mitigate this attack: OpenSSH clients and servers now prefer CTR mode ciphers to CBC mode, and the OpenSSH server now reads SSH packets up to their full possible length when corruption is detected, rather than reporting errors early, reducing the possibility of successful plain text recovery. (CVE-2008-5161) This update also fixes the following bug: * the ssh client hung when trying to close a session in which a background process still held tty file descriptors open. With this update, this so-called "hang on exit" error no longer occurs and the ssh client closes the session immediately. (BZ#454812) In addition, this update adds the following enhancements: * the SFTP server can now chroot users to various directories, including a user's home directory, after log in. A new configuration option -- ChrootDirectory -- has been added to "/etc/ssh/sshd_config" for setting this up (the default is not to chroot users). Details regarding configuring this new option are in the sshd_config(5) manual page. (BZ#440240) * the executables which are part of the OpenSSH FIPS module which is being validated will check their integrity and report their FIPS mode status to the system log or to the terminal. (BZ#467268, BZ#492363) All OpenSSH users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues and add these enhancements. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. |
RHSA-2009:1289: mysql security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20091289 mediumRHSA-2009:1289 CVE-2008-2079 CVE-2008-3963 CVE-2008-4456 CVE-2009-2446
RHSA-2009:1289: mysql security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091289 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1289, CVE-2008-2079, CVE-2008-3963, CVE-2008-4456, CVE-2009-2446 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. MySQL did not correctly check directories used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. Using this flaw, an authenticated attacker could elevate their access privileges to tables created by other database users. Note: This attack does not work on existing tables. An attacker can only elevate their access to another user's tables as the tables are created. As well, the names of these created tables need to be predicted correctly for this attack to succeed. (CVE-2008-2079) A flaw was found in the way MySQL handles an empty bit-string literal. A remote, authenticated attacker could crash the MySQL server daemon (mysqld) if they used an empty bit-string literal in an SQL statement. This issue only caused a temporary denial of service, as the MySQL daemon was automatically restarted after the crash. (CVE-2008-3963) An insufficient HTML entities quoting flaw was found in the mysql command line client's HTML output mode. If an attacker was able to inject arbitrary HTML tags into data stored in a MySQL database, which was later retrieved using the mysql command line client and its HTML output mode, they could perform a cross-site scripting (XSS) attack against victims viewing the HTML output in a web browser. (CVE-2008-4456) Multiple format string flaws were found in the way the MySQL server logs user commands when creating and deleting databases. A remote, authenticated attacker with permissions to CREATE and DROP databases could use these flaws to formulate a specifically-crafted SQL command that would cause a temporary denial of service (open connections to mysqld are terminated). (CVE-2009-2446) Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld "--log" command line option or the "log" option in "/etc/my.cnf") must be enabled. This logging is not enabled by default. This update also fixes multiple bugs. Details regarding these bugs can be found in the Red Hat Enterprise Linux 5.4 Technical Notes. You can find a link to the Technical Notes in the References section of this errata. Note: These updated packages upgrade MySQL to version 5.0.77 to incorporate numerous upstream bug fixes. Details of these changes are found in the following MySQL Release Notes: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-77.html All MySQL users are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2009:1307: ecryptfs-utils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20091307 lowRHSA-2009:1307 CVE-2008-5188
RHSA-2009:1307: ecryptfs-utils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20091307 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:1307, CVE-2008-5188 |
| Description | eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5.4. These updated ecryptfs-utils packages have been upgraded to upstream version 75, which provides a number of bug fixes and enhancements over the previous version. In addition, these packages provide a graphical program to help configure and use eCryptfs. To start this program, run the command: ecryptfs-mount-helper-gui Important: the syntax of certain eCryptfs mount options has changed. Users who were previously using the initial Technology Preview release of ecryptfs-utils are advised to refer to the ecryptfs(7) man page, and to update any affected mount scripts and /etc/fstab entries for eCryptfs file systems. A disclosure flaw was found in the way the "ecryptfs-setup-private" script passed passphrases to the "ecryptfs-wrap-passphrase" and "ecryptfs-add-passphrase" commands as command line arguments. A local user could obtain the passphrases of other users who were running the script from the process listing. (CVE-2008-5188) These updated packages provide various enhancements, including a mount helper and supporting libraries to perform key management and mounting functions. Notable enhancements include: * a new package, ecryptfs-utils-gui, has been added to this update. This package depends on the pygtk2 and pygtk2-libglade packages and provides the eCryptfs Mount Helper GUI program. To install the GUI, first install ecryptfs-utils and then issue the following command: yum install ecryptfs-utils-gui (BZ#500997) * the "ecryptfs-rewrite-file" utility is now more intelligent when dealing with non-existent files and with filtering special files such as the "." directory. In addition, the progress output from "ecryptfs-rewrite-file" has been improved and is now more explicit about the success status of each target. (BZ#500813) * descriptions of the "verbose" flag and the "verbosity=[x]" option, where [x] is either 0 or 1, were missing from a number of eCryptfs manual pages, and have been added. Refer to the eCryptfs man pages for important information regarding using the verbose and/or verbosity options. (BZ#470444) These updated packages also fix the following bugs: * mounting a directory using the eCryptfs mount helper with an RSA key that was too small did not allow the eCryptfs mount helper to encrypt the entire key. When this situation occurred, the mount helper did not display an error message alerting the user to the fact that the key size was too small, possibly leading to corrupted files. The eCryptfs mount helper now refuses RSA keys which are to small to encrypt the eCryptfs key. (BZ#499175) * when standard input was redirected from /dev/null or was unavailable, attempting to mount a directory with the eCryptfs mount helper caused it to become unresponsive and eventually crash, or an "invalid value" error message, depending on if the "--verbosity=[value]" option was provided as an argument, and, if so, its value. With these updated packages, attempting to mount a directory using "mount.ecryptfs" under the same conditions results in either the mount helper attempting to use default values (if "verbosity=0" is supplied), or an "invalid value" error message (instead of the mount helper hanging) if standard input is redirected and "--verbosity=1" is supplied, or that option is omitted entirely. (BZ#499367) * attempting to use the eCryptfs mount helper with an OpenSSL key when the keyring did not contain enough space for the key resulted in an unhelpful error message. The user is now alerted when this situation occurs. (BZ#501460) * the eCryptfs mount helper no longer fails upon receiving an incorrect or empty answer to "yes/no" questions. (BZ#466210) Users are advised to upgrade to these updated ecryptfs-utils packages, which resolve these issues and add these enhancements. |
RHSA-2009:1321: nfs-utils security and bug fix update (Low)oval-com.redhat.rhsa-def-20091321 lowRHSA-2009:1321 CVE-2008-4552
RHSA-2009:1321: nfs-utils security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20091321 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:1321, CVE-2008-4552 |
| Description | The nfs-utils package provides a daemon for the kernel NFS server and related tools. It was discovered that nfs-utils did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. (CVE-2008-4552) This updated package also fixes the following bugs: * the "LOCKD_TCPPORT" and "LOCKD_UDPPORT" options in "/etc/sysconfig/nfs" were not honored: the lockd daemon continued to use random ports. With this update, these options are honored. (BZ#434795) * it was not possible to mount NFS file systems from a system that has the "/etc/" directory mounted on a read-only file system (this could occur on systems with an NFS-mounted root file system). With this update, it is possible to mount NFS file systems from a system that has "/etc/" mounted on a read-only file system. (BZ#450646) * arguments specified by "STATDARG=" in "/etc/sysconfig/nfs" were removed by the nfslock init script, meaning the arguments specified were never passed to rpc.statd. With this update, the nfslock init script no longer removes these arguments. (BZ#459591) * when mounting an NFS file system from a host not specified in the NFS server's "/etc/exports" file, a misleading "unknown host" error was logged on the server (the hostname lookup did not fail). With this update, a clearer error message is provided for these situations. (BZ#463578) * the nhfsstone benchmark utility did not work with NFS version 3 and 4. This update adds support to nhfsstone for NFS version 3 and 4. The new nhfsstone "-2", "-3", and "-4" options are used to select an NFS version (similar to nfsstat(8)). (BZ#465933) * the exportfs(8) manual page contained a spelling mistake, "djando", in the EXAMPLES section. (BZ#474848) * in some situations the NFS server incorrectly refused mounts to hosts that had a host alias in a NIS netgroup. (BZ#478952) * in some situations the NFS client used its cache, rather than using the latest version of a file or directory from a given export. This update adds a new mount option, "lookupcache=", which allows the NFS client to control how it caches files and directories. Note: The Red Hat Enterprise Linux 5.4 kernel update (the fourth regular update) must be installed in order to use the "lookupcache=" option. Also, "lookupcache=" is currently only available for NFS version 3. Support for NFS version 4 may be introduced in future Red Hat Enterprise Linux 5 updates. Refer to Red Hat Bugzilla #511312 for further information. (BZ#489335) Users of nfs-utils should upgrade to this updated package, which contains backported patches to correct these issues. After installing this update, the nfs service will be restarted automatically. |
RHSA-2009:1335: openssl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20091335 mediumRHSA-2009:1335 CVE-2006-7250 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387
RHSA-2009:1335: openssl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091335 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1335, CVE-2006-7250, CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength general purpose cryptography library. Datagram TLS (DTLS) is a protocol based on TLS that is capable of securing datagram transport (for example, UDP). Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer dereference. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387) Note: These flaws only affect applications that use DTLS. Red Hat does not ship any DTLS client or server applications in Red Hat Enterprise Linux. An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially-crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example. These updated packages also fix the following bugs: * "openssl smime -verify -in" verifies the signature of the input file and the "-verify" switch expects a signed or encrypted input file. Previously, running openssl on an S/MIME file that was not encrypted or signed caused openssl to segfault. With this update, the input file is now checked for a signature or encryption. Consequently, openssl now returns an error and quits when attempting to verify an unencrypted or unsigned S/MIME file. (BZ#472440) * when generating RSA keys, pairwise tests were called even in non-FIPS mode. This prevented small keys from being generated. With this update, generating keys in non-FIPS mode no longer calls the pairwise tests and keys as small as 32-bits can be generated in this mode. Note: In FIPS mode, pairwise tests are still called and keys generated in this mode must still be 1024-bits or larger. (BZ#479817) As well, these updated packages add the following enhancements: * both the libcrypto and libssl shared libraries, which are part of the OpenSSL FIPS module, are now checked for integrity on initialization of FIPS mode. (BZ#475798) * an issuing Certificate Authority (CA) allows multiple certificate templates to inherit the CA's Common Name (CN). Because this CN is used as a unique identifier, each template had to have its own Certificate Revocation List (CRL). With this update, multiple CRLs with the same subject name can now be stored in a X509_STORE structure, with their signature field being used to distinguish between them. (BZ#457134) * the fipscheck library is no longer needed for rebuilding the openssl source RPM. (BZ#475798) OpenSSL users should upgrade to these updated packages, which resolve these issues and add these enhancements. |
RHSA-2009:1337: gfs2-utils security and bug fix update (Low)oval-com.redhat.rhsa-def-20091337 lowRHSA-2009:1337 CVE-2008-6552
RHSA-2009:1337: gfs2-utils security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20091337 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:1337, CVE-2008-6552 |
| Description | The gfs2-utils package provides the user-space tools necessary to mount, create, maintain, and test GFS2 file systems. Multiple insecure temporary file use flaws were discovered in GFS2 user level utilities. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-6552) This update also fixes the following bugs: * gfs2_fsck now properly detects and repairs problems with sequence numbers on GFS2 file systems. * GFS2 user utilities now use the file system UUID. * gfs2_grow now properly updates the file system size during operation. * gfs2_fsck now returns the proper exit codes. * gfs2_convert now properly frees blocks when removing free blocks up to height 2. * the gfs2_fsck manual page has been renamed to fsck.gfs2 to match current standards. * the 'gfs2_tool df' command now provides human-readable output. * mounting GFS2 file systems with the noatime or noquota option now works properly. * new capabilities have been added to the gfs2_edit tool to help in testing and debugging GFS and GFS2 issues. * the 'gfs2_tool df' command no longer segfaults on file systems with a block size other than 4k. * the gfs2_grow manual page no longer references the '-r' option, which has been removed. * the 'gfs2_tool unfreeze' command no longer hangs during use. * gfs2_convert no longer corrupts file systems when converting from GFS to GFS2. * gfs2_fsck no longer segfaults when encountering a block which is listed as both a data and stuffed directory inode. * gfs2_fsck can now fix file systems even if the journal is already locked for use. * a GFS2 file system's metadata is now properly copied with 'gfs2_edit savemeta' and 'gfs2_edit restoremeta'. * the gfs2_edit savemeta function now properly saves blocks of type 2. * 'gfs2_convert -vy' now works properly on the PowerPC architecture. * when mounting a GFS2 file system as '/', mount_gfs2 no longer fails after being unable to find the file system in '/proc/mounts'. * gfs2_fsck no longer segfaults when fixing 'EA leaf block type' problems. All gfs2-utils users should upgrade to this updated package, which resolves these issues. |
RHSA-2009:1339: rgmanager security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20091339 lowRHSA-2009:1339 CVE-2008-6552
RHSA-2009:1339: rgmanager security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20091339 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:1339, CVE-2008-6552 |
| Description | The rgmanager package contains the Red Hat Resource Group Manager, which provides high availability for critical server applications in the event of system downtime. Multiple insecure temporary file use flaws were discovered in rgmanager and various resource scripts run by rgmanager. A local attacker could use these flaws to overwrite an arbitrary file writable by the rgmanager process (i.e. user root) with the output of rgmanager or a resource agent via a symbolic link attack. (CVE-2008-6552) This update also fixes the following bugs: * clulog now accepts '-' as the first character in messages. * if expire_time is 0, max_restarts is no longer ignored. * the SAP resource agents included in the rgmanager package shipped with Red Hat Enterprise Linux 5.3 were outdated. This update includes the most recent SAP resource agents and, consequently, improves SAP failover support. * empty PID files no longer cause resource start failures. * recovery policy of type 'restart' now works properly when using a resource based on ra-skelet.sh. * samba.sh has been updated to kill the PID listed in the proper PID file. * handling of the '-F' option has been improved to fix issues causing rgmanager to crash if no members of a restricted failover domain were online. * the number of simultaneous status checks can now be limited to prevent load spikes. * forking and cloning during status checks has been optimized to reduce load spikes. * rg_test no longer hangs when run with large cluster configuration files. * when rgmanager is used with a restricted failover domain it will no longer occasionally segfault when some nodes are offline during a failover event. * virtual machine guests no longer restart after a cluster.conf update. * nfsclient.sh no longer leaves temporary files after running. * extra checks from the Oracle agents have been removed. * vm.sh now uses libvirt. * users can now define an explicit service processing order when central_processing is enabled. * virtual machine guests can no longer start on 2 nodes at the same time. * in some cases a successfully migrated virtual machine guest could restart when the cluster.conf file was updated. * incorrect reporting of a service being started when it was not started has been addressed. As well, this update adds the following enhancements: * a startup_wait option has been added to the MySQL resource agent. * services can now be prioritized. * rgmanager now checks to see if it has been killed by the OOM killer and if so, reboots the node. Users of rgmanager are advised to upgrade to this updated package, which resolves these issues and adds these enhancements. |
RHSA-2009:1341: cman security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20091341 lowRHSA-2009:1341 CVE-2008-4579 CVE-2008-6552
RHSA-2009:1341: cman security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20091341 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:1341, CVE-2008-4579, CVE-2008-6552 |
| Description | The Cluster Manager (cman) utility provides services for managing a Linux cluster. Multiple insecure temporary file use flaws were found in fence_apc_snmp and ccs_tool. A local attacker could use these flaws to overwrite an arbitrary file writable by a victim running those utilities (typically root) with the output of the utilities via a symbolic link attack. (CVE-2008-4579, CVE-2008-6552) Bug fixes: * a buffer could overflow if cluster.conf had more than 52 entries per block inside the <cman> block. The limit is now 1024. * the output of the group_tool dump subcommands were NULL padded. * using device="" instead of label="" no longer causes qdiskd to incorrectly exit. * the IPMI fencing agent has been modified to time out after 10 seconds. It is also now possible to specify a different timeout value with the '-t' option. * the IPMI fencing agent now allows punctuation in passwords. * quickly starting and stopping the cman service no longer causes the cluster membership to become inconsistent across the cluster. * an issue with lock syncing caused 'receive_own from' errors to be logged to '/var/log/messages'. * an issue which caused gfs_controld to segfault when mounting hundreds of file systems has been fixed. * the LPAR fencing agent now properly reports status when an LPAR is in Open Firmware mode. * the LPAR fencing agent now works properly with systems using the Integrated Virtualization Manager (IVM). * the APC SNMP fencing agent now properly recognizes outletStatusOn and outletStatusOff return codes from the SNMP agent. * the WTI fencing agent can now connect to fencing devices with no password. * the rps-10 fencing agent now properly performs a reboot when run with no options. * the IPMI fencing agent now supports different cipher types with the '-C' option. * qdisk now properly scans devices and partitions. * cman now checks to see if a new node has state to prevent killing the first node during cluster setup. * 'service qdiskd start' now works properly. * the McData fence agent now works properly with the McData Sphereon 4500 Fabric Switch. * the Egenera fence agent can now specify an SSH login name. * the APC fence agent now works with non-admin accounts when using the 3.5.x firmware. * fence_xvmd now tries two methods to reboot a virtual machine. * connections to OpenAIS are now allowed from unprivileged CPG clients with the user and group of 'ais'. * groupd no longer allows the default fence domain to be '0', which previously caused rgmanager to hang. Now, rgmanager no longer hangs. * the RSA fence agent now supports SSH enabled RSA II devices. * the DRAC fence agent now works with the Integrated Dell Remote Access Controller (iDRAC) on Dell PowerEdge M600 blade servers. * fixed a memory leak in cman. * qdisk now displays a warning if more than one label is found with the same name. * the DRAC5 fencing agent now shows proper usage instructions for the '-D' option. * cman no longer uses the wrong node name when getnameinfo() fails. * the SCSI fence agent now verifies that sg_persist is installed. * the DRAC5 fencing agent now properly handles modulename. * QDisk now logs warning messages if it appears its I/O to shared storage is hung. * fence_apc no longer fails with a pexpect exception. * removing a node from the cluster using 'cman_tool leave remove' now properly reduces the expected_votes and quorum. * a semaphore leak in cman has been fixed. * 'cman_tool nodes -F name' no longer segfaults when a node is out of membership. Enhancements: * support for: ePowerSwitch 8+ and LPAR/HMC v3 devices, Cisco MDS 9124 and MDS 9134 SAN switches, the virsh fencing agent, and broadcast communication with cman. * fence_scsi limitations added to fence_scsi man page. Users of cman are advised to upgrade to these updated packages, which resolve these issues and add these enhancements. |
RHSA-2009:1364: gdm security and bug fix update (Low)oval-com.redhat.rhsa-def-20091364 lowRHSA-2009:1364 CVE-2009-2697
RHSA-2009:1364: gdm security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20091364 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2009:1364, CVE-2009-2697 |
| Description | The GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time. A flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2009-2697) This update also fixes the following bugs: * the GDM Reference Manual is now included with the gdm packages. The gdm-docs package installs this document in HTML format in "/usr/share/doc/". (BZ#196054) * GDM appeared in English on systems using Telugu (te_IN). With this update, GDM has been localized in te_IN. (BZ#226931) * the Ctrl+Alt+Backspace sequence resets the X server when in runlevel 5. In previous releases, however, repeated use of this sequence prevented GDM from starting the X server as part of the reset process. This was because GDM sometimes did not notice the X server shutdown properly and would subsequently fail to complete the reset process. This update contains an added check to explicitly notify GDM whenever the X server is terminated, ensuring that resets are executed reliably. (BZ#441971) * the "gdm" user is now part of the "audio" group by default. This enables audio support at the login screen. (BZ#458331) * the gui/modules/dwellmouselistener.c source code contained incorrect XInput code that prevented tablet devices from working properly. This update removes the errant code, ensuring that tablet devices work as expected. (BZ#473262) * a bug in the XOpenDevice() function prevented the X server from starting whenever a device defined in "/etc/X11/xorg.conf" was not actually plugged in. This update wraps XOpenDevice() in the gdk_error_trap_pop() and gdk_error_trap_push() functions, which resolves this bug. This ensures that the X server can start properly even when devices defined in "/etc/X11/xorg.conf" are not plugged in. (BZ#474588) All users should upgrade to these updated packages, which resolve these issues. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM. |
RHSA-2009:1426: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20091426 highRHSA-2009:1426 CVE-2009-0200 CVE-2009-0201
RHSA-2009:1426: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091426 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1426, CVE-2009-0200, CVE-2009-0201 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially-crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2009:1427: fetchmail security update (Moderate)oval-com.redhat.rhsa-def-20091427 mediumRHSA-2009:1427 CVE-2007-4565 CVE-2008-2711 CVE-2009-2666
RHSA-2009:1427: fetchmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091427 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1427, CVE-2007-4565, CVE-2008-2711, CVE-2009-2666 |
| Description | Fetchmail is a remote mail retrieval and forwarding utility intended for
use over on-demand TCP/IP links, such as SLIP and PPP connections.
It was discovered that fetchmail is affected by the previously published
"null prefix attack", caused by incorrect handling of NULL characters in
X.509 certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker could
use the certificate during a man-in-the-middle attack and potentially
confuse fetchmail into accepting it by mistake. (CVE-2009-2666)
A flaw was found in the way fetchmail handles rejections from a remote SMTP
server when sending warning mail to the postmaster. If fetchmail sent a
warning mail to the postmaster of an SMTP server and that SMTP server
rejected it, fetchmail could crash. (CVE-2007-4565)
A flaw was found in fetchmail. When fetchmail is run in double verbose
mode ("-v -v"), it could crash upon receiving certain, malformed mail
messages with long headers. A remote attacker could use this flaw to cause
a denial of service if fetchmail was also running in daemon mode ("-d").
(CVE-2008-2711)
Note: when using SSL-enabled services, it is recommended that the fetchmail
"--sslcertck" option be used to enforce strict SSL certificate checking.
All fetchmail users should upgrade to this updated package, which contains
backported patches to correct these issues. If fetchmail is running in
daemon mode, it must be restarted for this update to take effect (use the
"fetchmail --quit" command to stop the fetchmail process).
|
RHSA-2009:1428: xmlsec1 security update (Moderate)oval-com.redhat.rhsa-def-20091428 mediumRHSA-2009:1428 CVE-2009-0217
RHSA-2009:1428: xmlsec1 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091428 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1428, CVE-2009-0217 |
| Description | The XML Security Library is a C library based on libxml2 and OpenSSL. It implements the XML Signature Syntax and Processing and XML Encryption Syntax and Processing standards. HMAC is used for message authentication using cryptographic hash functions. The HMAC algorithm allows the hash output to be truncated (as documented in RFC 2104). A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. (CVE-2009-0217) Users of xmlsec1 should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications that use the XML Security Library must be restarted for the update to take effect. |
RHSA-2009:1430: firefox security update (Critical)oval-com.redhat.rhsa-def-20091430 highRHSA-2009:1430 CVE-2009-2654 CVE-2009-3070 CVE-2009-3071 CVE-2009-3072 CVE-2009-3074 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3078 CVE-2009-3079
RHSA-2009:1430: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091430 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1430, CVE-2009-2654, CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3078, CVE-2009-3079 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075) A use-after-free flaw was found in Firefox. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3077) A flaw was found in the way Firefox handles malformed JavaScript. A website with an object containing malicious JavaScript could execute that JavaScript with the privileges of the user running Firefox. (CVE-2009-3079) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3076) A flaw was found in the way Firefox displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) A flaw was found in the way Firefox displays certain Unicode characters. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-3078) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.14. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.14, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2009:1431: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20091431 highRHSA-2009:1431 CVE-2009-2654 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077
RHSA-2009:1431: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091431 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1431, CVE-2009-2654, CVE-2009-3072, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3072, CVE-2009-3075) A use-after-free flaw was found in SeaMonkey. An attacker could use this flaw to crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3077) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing a trusted site or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3076) A flaw was found in the way SeaMonkey displays the address bar when window.open() is called in a certain way. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2009-2654) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:1438: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091438 highRHSA-2009:1438 CVE-2009-1883 CVE-2009-1895 CVE-2009-2847 CVE-2009-2848 CVE-2009-3238
RHSA-2009:1438: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091438 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1438, CVE-2009-1883, CVE-2009-1895, CVE-2009-2847, CVE-2009-2848, CVE-2009-3238 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security issues: * the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags were not cleared when a setuid or setgid program was executed. A local, unprivileged user could use this flaw to bypass the mmap_min_addr protection mechanism and perform a NULL pointer dereference attack, or bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2009-1895, Important) * it was discovered that, when executing a new process, the clear_child_tid pointer in the Linux kernel is not cleared. If this pointer points to a writable portion of the memory of the new program, the kernel could corrupt four bytes of memory, possibly leading to a local denial of service or privilege escalation. (CVE-2009-2848, Important) * Solar Designer reported a missing capability check in the z90crypt driver in the Linux kernel. This missing check could allow a local user with an effective user ID (euid) of 0 to bypass intended capability restrictions. (CVE-2009-1883, Moderate) * a flaw was found in the way the do_sigaltstack() function in the Linux kernel copies the stack_t structure to user-space. On 64-bit machines, this flaw could lead to a four-byte information leak. (CVE-2009-2847, Moderate) Bug fixes: * the gcc flag "-fno-delete-null-pointer-checks" was added to the kernel build options. This prevents gcc from optimizing out NULL pointer checks after the first use of a pointer. NULL pointer bugs are often exploited by attackers. Keeping these checks is a safety measure. (BZ#517964) * the Emulex LPFC driver has been updated to version 8.0.16.47, which fixes a memory leak that caused memory allocation failures and system hangs. (BZ#513192) * an error in the MPT Fusion driver makefile caused CSMI ioctls to not work with Serial Attached SCSI devices. (BZ#516184) * this update adds the mmap_min_addr tunable and restriction checks to help prevent unprivileged users from creating new memory mappings below the minimum address. This can help prevent the exploitation of NULL pointer deference bugs. Note that mmap_min_addr is set to zero (disabled) by default for backwards compatibility. (BZ#517904) * time-outs resulted in I/O errors being logged to "/var/log/messages" when running "mt erase" on tape drives using certain LSI MegaRAID SAS adapters, preventing the command from completing. The megaraid_sas driver's timeout value is now set to the OS layer value. (BZ#517965) * a locking issue caused the qla2xxx ioctl module to hang after encountering errors. This locking issue has been corrected. This ioctl module is used by the QLogic SAN management tools, such as SANsurfer and scli. (BZ#519428) * when a RAID 1 array that uses the mptscsi driver and the LSI 1030 controller became degraded, the whole array was detected as being offline, which could cause kernel panics at boot or data loss. (BZ#517295) * on 32-bit architectures, if a file was held open and frequently written for more than 25 days, it was possible that the kernel would stop flushing those writes to storage. (BZ#515255) * a memory allocation bug in ib_mthca prevented the driver from loading if it was loaded with large values for the "num_mpt=" and "num_mtt=" options. See Kbase link below for details. (BZ#518707) * with this update, get_random_int() is more random and no longer uses a common seed value, reducing the possibility of predicting the values returned. See Kbase link below for details. (BZ#519692) * a bug in __ptrace_unlink() caused it to create deadlocked and unkillable processes. See Kbase link below for details. (BZ#519446) * previously, multiple threads using the fcntl() F_SETLK command to synchronize file access caused a deadlock in posix_locks_deadlock(). This could cause a system hang. (BZ#519429) Users should upgrade to these updated packages, which contain backported patches to correct these issues. Reboot the system for this update to take effect. |
RHSA-2009:1451: freeradius security update (Moderate)oval-com.redhat.rhsa-def-20091451 mediumRHSA-2009:1451 CVE-2009-3111
RHSA-2009:1451: freeradius security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091451 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1451, CVE-2009-3111 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. An input validation flaw was discovered in the way FreeRADIUS decoded specific RADIUS attributes from RADIUS packets. A remote attacker could use this flaw to crash the RADIUS daemon (radiusd) via a specially-crafted RADIUS packet. (CVE-2009-3111) Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. |
RHSA-2009:1452: neon security update (Moderate)oval-com.redhat.rhsa-def-20091452 mediumRHSA-2009:1452 CVE-2009-2473 CVE-2009-2474
RHSA-2009:1452: neon security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091452 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1452, CVE-2009-2473, CVE-2009-2474 |
| Description | neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections, proxy servers, basic, digest and Kerberos authentication, and has complete SSL support. It was discovered that neon is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse an application using the neon library into accepting it by mistake. (CVE-2009-2474) A denial of service flaw was found in the neon Extensible Markup Language (XML) parser. A remote attacker (malicious DAV server) could provide a specially-crafted XML document that would cause excessive memory and CPU consumption if an application using the neon XML parser was tricked into processing it. (CVE-2009-2473) All neon users should upgrade to these updated packages, which contain backported patches to correct these issues. Applications using the neon HTTP and WebDAV client library, such as cadaver, must be restarted for this update to take effect. |
RHSA-2009:1453: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20091453 mediumRHSA-2009:1453 CVE-2009-2703 CVE-2009-3026 CVE-2009-3083 CVE-2009-3085
RHSA-2009:1453: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091453 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1453, CVE-2009-2703, CVE-2009-3026, CVE-2009-3083, CVE-2009-3085 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Info/Query (IQ) is an Extensible Messaging and Presence Protocol (XMPP) specific request-response mechanism. A NULL pointer dereference flaw was found in the way the Pidgin XMPP protocol plug-in processes IQ error responses when trying to fetch a custom smiley. A remote client could send a specially-crafted IQ error response that would crash Pidgin. (CVE-2009-3085) A NULL pointer dereference flaw was found in the way the Pidgin IRC protocol plug-in handles IRC topics. A malicious IRC server could send a specially-crafted IRC TOPIC message, which once received by Pidgin, would lead to a denial of service (Pidgin crash). (CVE-2009-2703) It was discovered that, when connecting to certain, very old Jabber servers via XMPP, Pidgin may ignore the "Require SSL/TLS" setting. In these situations, a non-encrypted connection is established rather than the connection failing, causing the user to believe they are using an encrypted connection when they are not, leading to sensitive information disclosure (session sniffing). (CVE-2009-3026) A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in handles improper MSNSLP invitations. A remote attacker could send a specially-crafted MSNSLP invitation request, which once accepted by a valid Pidgin user, would lead to a denial of service (Pidgin crash). (CVE-2009-3083) These packages upgrade Pidgin to version 2.6.2. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog All Pidgin users should upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2009:1455: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20091455 mediumRHSA-2009:1455 CVE-2009-2849
RHSA-2009:1455: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091455 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1455, CVE-2009-2849 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security fix:
* a NULL pointer dereference flaw was found in the Multiple Devices (md)
driver in the Linux kernel. If the "suspend_lo" or "suspend_hi" file on the
sysfs file system ("/sys/") is modified when the disk array is inactive, it
could lead to a local denial of service or privilege escalation. Note: By
default, only the root user can write to the files noted above.
(CVE-2009-2849, Moderate)
Bug fixes:
* a bug in nlm_lookup_host() could lead to un-reclaimed file system locks,
resulting in umount failing & NFS service relocation issues for clusters.
(BZ#517967)
* a bug in the sky2 driver prevented the phy from being reset properly on
some hardware when it hung, preventing a link from coming back up.
(BZ#517976)
* disabling MSI-X for qla2xxx also disabled MSI interrupts. (BZ#519782)
* performance issues with reads when using the qlge driver on PowerPC
systems. A system hang could also occur during reboot. (BZ#519783)
* unreliable time keeping for Red Hat Enterprise Linux virtual machines.
The KVM pvclock code is now used to detect/correct lost ticks. (BZ#520685)
* /proc/cpuinfo was missing flags for new features in supported processors,
possibly preventing the operating system & applications from getting the
best performance. (BZ#520686)
* reading/writing with a serial loopback device on a certain IBM system did
not work unless booted with "pnpacpi=off". (BZ#520905)
* mlx4_core failed to load on systems with more than 32 CPUs. (BZ#520906)
* on big-endian platforms, interfaces using the mlx4_en driver & Large
Receive Offload (LRO) did not handle VLAN traffic properly (a segmentation
fault in the VLAN stack in the kernel occurred). (BZ#520908)
* due to a lock being held for a long time, some systems may have
experienced "BUG: soft lockup" messages under heavy load. (BZ#520919)
* incorrect APIC timer calibration may have caused a system hang during
boot, as well as the system time becoming faster or slower. A warning is
now provided. (BZ#521238)
* a Fibre Channel device re-scan via 'echo "---" > /sys/class/scsi_host/
host[x]/scan' may not complete after hot adding a drive, leading to soft
lockups ("BUG: soft lockup detected"). (BZ#521239)
* the Broadcom BCM5761 network device could not to be initialized
properly; therefore, the associated interface could not obtain an IP
address via DHCP or be assigned one manually. (BZ#521241)
* when a process attempted to read from a page that had first been accessed
by writing to part of it (via write(2)), the NFS client needed to flush the
modified portion of the page out to the server, & then read the entire page
back in. This flush caused performance issues. (BZ#521244)
* a kernel panic when using bnx2x devices & LRO in a bridge. A warning is
now provided to disable LRO in these situations. (BZ#522636)
* the scsi_dh_rdac driver was updated to recognize the Sun StorageTek
Flexline 380. (BZ#523237)
* in FIPS mode, random number generators are required to not return the
first block of random data they generate, but rather save it to seed the
repetition check. This update brings the random number generator into
conformance. (BZ#523289)
* an option to disable/enable the use of the first random block is now
provided to bring ansi_cprng into compliance with FIPS-140 continuous test
requirements. (BZ#523290)
* running the SAP Linux Certification Suite in a KVM guest caused severe
SAP kernel errors, causing it to exit. (BZ#524150)
* attempting to 'online' a CPU for a KVM guest via sysfs caused a system
crash. (BZ#524151)
* when using KVM, pvclock returned bogus wallclock values. (BZ#524152)
* the clock could go backwards when using the vsyscall infrastructure.
(BZ#524527)
See References for KBase links re BZ#519782 & BZ#520906.
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. Reboot the system for this update to take
effect.
|
RHSA-2009:1459: cyrus-imapd security update (Important)oval-com.redhat.rhsa-def-20091459 highRHSA-2009:1459 CVE-2009-2632 CVE-2009-3235
RHSA-2009:1459: cyrus-imapd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1459, CVE-2009-2632, CVE-2009-3235 |
| Description | The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. Multiple buffer overflow flaws were found in the Cyrus IMAP Sieve implementation. An authenticated user able to create Sieve mail filtering rules could use these flaws to execute arbitrary code with the privileges of the Cyrus IMAP server user. (CVE-2009-2632, CVE-2009-3235) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, cyrus-imapd will be restarted automatically. |
RHSA-2009:1463: newt security update (Moderate)oval-com.redhat.rhsa-def-20091463 mediumRHSA-2009:1463 CVE-2009-2905
RHSA-2009:1463: newt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091463 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1463, CVE-2009-2905 |
| Description | Newt is a programming library for color text mode, widget-based user interfaces. Newt can be used to add stacked windows, entry widgets, checkboxes, radio buttons, labels, plain text fields, scrollbars, and so on, to text mode user interfaces. A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially-crafted text dialog box display request (direct or via a custom application), leading to a denial of service (application crash) or, potentially, arbitrary code execution with the privileges of the user running the application using the newt library. (CVE-2009-2905) Users of newt should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all applications using the newt library must be restarted for the update to take effect. |
RHSA-2009:1465: kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20091465 highRHSA-2009:1465 CVE-2009-3290
RHSA-2009:1465: kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091465 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1465, CVE-2009-3290 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. The kvm_emulate_hypercall() implementation was missing a check for the Current Privilege Level (CPL). A local, unprivileged user in a virtual machine could use this flaw to cause a local denial of service or escalate their privileges within that virtual machine. (CVE-2009-3290) This update also fixes the following bugs: * non-maskable interrupts (NMI) were not supported on systems with AMD processors. As a consequence, Windows Server 2008 R2 guests running with more than one virtual CPU assigned on systems with AMD processors would hang at the Windows shut down screen when a restart was attempted. This update adds support for NMI filtering on systems with AMD processors, allowing clean restarts of Windows Server 2008 R2 guests running with multiple virtual CPUs. (BZ#520694) * significant performance issues for guests running 64-bit editions of Windows. This update improves performance for guests running 64-bit editions of Windows. (BZ#521793) * Windows guests may have experienced time drift. (BZ#521794) * removing the Red Hat VirtIO Ethernet Adapter from a guest running Windows Server 2008 R2 caused KVM to crash. With this update, device removal should not cause this issue. (BZ#524557) All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update takes effect. |
RHSA-2009:1470: openssh security update (Moderate)oval-com.redhat.rhsa-def-20091470 mediumRHSA-2009:1470 CVE-2009-2904
RHSA-2009:1470: openssh security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091470 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1470, CVE-2009-2904 |
| Description | OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A Red Hat specific patch used in the openssh packages as shipped in Red Hat Enterprise Linux 5.4 (RHSA-2009:1287) loosened certain ownership requirements for directories used as arguments for the ChrootDirectory configuration options. A malicious user that also has or previously had non-chroot shell access to a system could possibly use this flaw to escalate their privileges and run commands as any system user. (CVE-2009-2904) All OpenSSH users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. |
RHSA-2009:1471: elinks security update (Important)oval-com.redhat.rhsa-def-20091471 highRHSA-2009:1471 CVE-2007-2027 CVE-2008-7224
RHSA-2009:1471: elinks security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091471 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1471, CVE-2007-2027, CVE-2008-7224 |
| Description | ELinks is a text-based Web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A remote attacker could use this flaw to create a specially-crafted HTML file that would cause ELinks to crash or, possibly, execute arbitrary code when rendered. (CVE-2008-7224) It was discovered that ELinks tried to load translation files using relative paths. A local attacker able to trick a victim into running ELinks in a folder containing specially-crafted translation files could use this flaw to confuse the victim via incorrect translations, or cause ELinks to crash and possibly execute arbitrary code via embedded formatting sequences in translated messages. (CVE-2007-2027) All ELinks users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. |
RHSA-2009:1472: xen security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20091472 mediumRHSA-2009:1472 CVE-2009-3525
RHSA-2009:1472: xen security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091472 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1472, CVE-2009-3525 |
| Description | Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the "password" option in the grub.conf file for para-virtualized guests. Users with access to a guest's console could use this flaw to bypass intended access restrictions and boot the guest with arbitrary kernel boot options, allowing them to get root privileges in the guest's operating system. With this update, pyGrub correctly honors the "password" option in grub.conf for para-virtualized guests. (CVE-2009-3525) This update also fixes the following bugs: * rebooting para-virtualized guests sometimes caused those guests to crash due to a race condition in the xend node control daemon. This update fixes this race condition so that rebooting guests no longer potentially causes them to crash and fail to reboot. (BZ#525141) * due to a race condition in the xend daemon, a guest could disappear from the list of running guests following a reboot, even though the guest rebooted successfully and was running. This update fixes this race condition so that guests always reappear in the guest list following a reboot. (BZ#525143) * attempting to use PCI pass-through to para-virtualized guests on certain kernels failed with a "Function not implemented" error message. As a result, users requiring PCI pass-through on para-virtualized guests were not able to update the xen packages without also updating the kernel and thus requiring a reboot. These updated packages enable PCI pass-through for para-virtualized guests so that users do not need to upgrade the kernel in order to take advantage of PCI pass-through functionality. (BZ#525149) All Xen users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the xend service must be restarted for this update to take effect. |
RHSA-2009:1484: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20091484 mediumRHSA-2009:1484 CVE-2009-0922 CVE-2009-3230
RHSA-2009:1484: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091484 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1484, CVE-2009-0922, CVE-2009-3230 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). It was discovered that the upstream patch for CVE-2007-6600 included in the Red Hat Security Advisory RHSA-2008:0038 did not include protection against misuse of the RESET ROLE and RESET SESSION AUTHORIZATION commands. An authenticated user could use this flaw to install malicious code that would later execute with superuser privileges. (CVE-2009-3230) A flaw was found in the way PostgreSQL handled encoding conversion. A remote, authenticated user could trigger an encoding conversion failure, possibly leading to a temporary denial of service. Note: To exploit this issue, a locale and client encoding for which specific messages fail to translate must be selected (the availability of these is determined by an administrator-defined locale setting). (CVE-2009-0922) Note: For Red Hat Enterprise Linux 4, this update upgrades PostgreSQL to version 7.4.26. For Red Hat Enterprise Linux 5, this update upgrades PostgreSQL to version 8.1.18. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/7.4/static/release.html http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users should upgrade to these updated packages, which resolve these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2009:1490: squirrelmail security update (Moderate)oval-com.redhat.rhsa-def-20091490 mediumRHSA-2009:1490 CVE-2009-2964
RHSA-2009:1490: squirrelmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091490 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1490, CVE-2009-2964 |
| Description | SquirrelMail is a standards-based webmail package written in PHP. Form submissions in SquirrelMail did not implement protection against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker tricked a user into visiting a malicious web page, the attacker could hijack that user's authentication, inject malicious content into that user's preferences, or possibly send mail without that user's permission. (CVE-2009-2964) Users of SquirrelMail should upgrade to this updated package, which contains a backported patch to correct these issues. |
RHSA-2009:1501: xpdf security update (Important)oval-com.redhat.rhsa-def-20091501 highRHSA-2009:1501 CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609
RHSA-2009:1501: xpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091501 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1501, CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609 |
| Description | Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in Xpdf. An attacker could create a malicious PDF file that would cause Xpdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues. |
RHSA-2009:1502: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20091502 highRHSA-2009:1502 CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609
RHSA-2009:1502: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091502 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1502, CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. |
RHSA-2009:1503: gpdf security update (Important)oval-com.redhat.rhsa-def-20091503 highRHSA-2009:1503 CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3608 CVE-2009-3609
RHSA-2009:1503: gpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091503 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1503, CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609 |
| Description | GPdf is a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in GPdf. An attacker could create a malicious PDF file that would cause GPdf to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to this updated package, which contains a backported patch to correct these issues. |
RHSA-2009:1504: poppler security and bug fix update (Important)oval-com.redhat.rhsa-def-20091504 highRHSA-2009:1504 CVE-2009-3603 CVE-2009-3608 CVE-2009-3609
RHSA-2009:1504: poppler security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091504 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1504, CVE-2009-3603, CVE-2009-3608, CVE-2009-3609 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Multiple integer overflow flaws were found in poppler. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2009-3603, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608 issue. This update also corrects a regression introduced in the previous poppler security update, RHSA-2009:0480, that prevented poppler from rendering certain PDF documents correctly. (BZ#528147) Users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2009:1512: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20091512 highRHSA-2009:1512 CVE-2009-0791 CVE-2009-1188 CVE-2009-3604 CVE-2009-3608 CVE-2009-3609
RHSA-2009:1512: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1512, CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Multiple integer overflow flaws were found in KPDF. An attacker could create a malicious PDF file that would cause KPDF to crash or, potentially, execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188, CVE-2009-3604, CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604 issue, and Chris Rohlf for reporting the CVE-2009-3608 issue. Users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. |
RHSA-2009:1513: cups security update (Moderate)oval-com.redhat.rhsa-def-20091513 mediumRHSA-2009:1513 CVE-2009-3608 CVE-2009-3609
RHSA-2009:1513: cups security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091513 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1513, CVE-2009-3608, CVE-2009-3609 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS "pdftops" filter converts Portable Document Format (PDF) files to PostScript. Two integer overflow flaws were found in the CUPS "pdftops" filter. An attacker could create a malicious PDF file that would cause "pdftops" to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2009-3608, CVE-2009-3609) Red Hat would like to thank Chris Rohlf for reporting the CVE-2009-3608 issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. |
RHSA-2009:1522: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20091522 mediumRHSA-2009:1522 CVE-2005-4881 CVE-2009-3228 CVE-2009-3612
RHSA-2009:1522: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091522 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1522, CVE-2005-4881, CVE-2009-3228, CVE-2009-3612 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * multiple, missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks. (CVE-2005-4881, CVE-2009-3228, Moderate) This update also fixes the following bugs: * a packet duplication issue was fixed via the RHSA-2008:0665 update; however, the fix introduced a problem for systems using network bonding: Backup slaves were unable to receive ARP packets. When using network bonding in the "active-backup" mode and with the "arp_validate=3" option, the bonding driver considered such backup slaves as being down (since they were not receiving ARP packets), preventing successful failover to these devices. (BZ#519384) * due to insufficient memory barriers in the network code, a process sleeping in select() may have missed notifications about new data. In rare cases, this bug may have caused a process to sleep forever. (BZ#519386) * the driver version number in the ata_piix driver was not changed between Red Hat Enterprise Linux 4.7 and Red Hat Enterprise Linux 4.8, even though changes had been made between these releases. This could have prevented the driver from loading on systems that check driver versions, as this driver appeared older than it was. (BZ#519389) * a bug in nlm_lookup_host() could have led to un-reclaimed locks on file systems, resulting in the umount command failing. This bug could have also prevented NFS services from being relocated correctly in clustered environments. (BZ#519656) * the data buffer ethtool_get_strings() allocated, for the igb driver, was smaller than the amount of data that was copied in igb_get_strings(), because of a miscalculation in IGB_QUEUE_STATS_LEN, resulting in memory corruption. This bug could have led to a kernel panic. (BZ#522738) * in some circumstances, write operations to a particular TTY device opened by more than one user (eg, one opened it as /dev/console and the other opened it as /dev/ttyS0) were blocked. If one user opened the TTY terminal without setting the O_NONBLOCK flag, this user's write operations were suspended if the output buffer was full or if a STOP (Ctrl-S) signal was sent. As well, because the O_NONBLOCK flag was not respected, Write operations for user terminals opened with the O_NONBLOCK flag set were also blocked. This update re-implements TTY locks, ensuring O_NONBLOCK works as expected, even if it a STOP signal is sent from another terminal. (BZ#523930) * a deadlock was found in the cciss driver. In rare cases, this caused an NMI lockup during boot. Messages such as "cciss: controller cciss[x] failed, stopping." and "cciss[x]: controller not responding." may have been displayed on the console. (BZ#525725) * on 64-bit PowerPC systems, a rollover bug in the ibmveth driver could have caused a kernel panic. In a reported case, this panic occurred on a system with a large uptime and under heavy network load. (BZ#527225) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:1529: samba security update (Moderate)oval-com.redhat.rhsa-def-20091529 mediumRHSA-2009:1529 CVE-2009-1888 CVE-2009-2813 CVE-2009-2906 CVE-2009-2948
RHSA-2009:1529: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091529 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1529, CVE-2009-1888, CVE-2009-2813, CVE-2009-2906, CVE-2009-2948 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A denial of service flaw was found in the Samba smbd daemon. An authenticated, remote user could send a specially-crafted response that would cause an smbd child process to enter an infinite loop. An authenticated, remote user could use this flaw to exhaust system resources by opening multiple CIFS sessions. (CVE-2009-2906) An uninitialized data access flaw was discovered in the smbd daemon when using the non-default "dos filemode" configuration option in "smb.conf". An authenticated, remote user with write access to a file could possibly use this flaw to change an access control list for that file, even when such access should have been denied. (CVE-2009-1888) A flaw was discovered in the way Samba handled users without a home directory set in the back-end password database (e.g. "/etc/passwd"). If a share for the home directory of such a user was created (e.g. using the automated "[homes]" share), any user able to access that share could see the whole file system, possibly bypassing intended access restrictions. (CVE-2009-2813) The mount.cifs program printed CIFS passwords as part of its debug output when running in verbose mode. When mount.cifs had the setuid bit set, a local, unprivileged user could use this flaw to disclose passwords from a file that would otherwise be inaccessible to that user. Note: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. This flaw only affected systems where the setuid bit was manually set by an administrator. (CVE-2009-2948) Users of Samba should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2009:1530: firefox security update (Critical)oval-com.redhat.rhsa-def-20091530 highRHSA-2009:1530 CVE-2009-0689 CVE-2009-1563 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382 CVE-2009-3384
RHSA-2009:1530: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091530 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1530, CVE-2009-0689, CVE-2009-1563, CVE-2009-3274, CVE-2009-3370, CVE-2009-3372, CVE-2009-3373, CVE-2009-3374, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, CVE-2009-3382, CVE-2009-3384 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR). A flaw was found in the way Firefox handles form history. A malicious web page could steal saved form data by synthesizing input events, causing the browser to auto-fill form fields (which could then be read by an attacker). (CVE-2009-3370) A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local attacker knows the name of a file Firefox is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3372) A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3373) A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines. A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-1563) A flaw was found in the way Firefox handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way Firefox displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3374, CVE-2009-3380, CVE-2009-3382) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2009:1531: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20091531 highRHSA-2009:1531 CVE-2009-0689 CVE-2009-1563 CVE-2009-3274 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3384 CVE-2009-3385
RHSA-2009:1531: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091531 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1531, CVE-2009-0689, CVE-2009-1563, CVE-2009-3274, CVE-2009-3375, CVE-2009-3376, CVE-2009-3380, CVE-2009-3384, CVE-2009-3385 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey creates temporary file names for downloaded files. If a local attacker knows the name of a file SeaMonkey is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A heap-based buffer overflow flaw was found in the SeaMonkey string to floating point conversion routines. A web page containing malicious JavaScript could crash SeaMonkey or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1563) A flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-origin policy. (CVE-2009-3375) A flaw was found in the way SeaMonkey displays a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differs from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that differs from what the user expected. (CVE-2009-3376) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3380) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:1536: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20091536 mediumRHSA-2009:1536 CVE-2009-3615
RHSA-2009:1536: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091536 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1536, CVE-2009-3615 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The AOL Open System for Communication in Realtime (OSCAR) protocol is used by the AOL ICQ and AIM instant messaging systems. An invalid pointer dereference bug was found in the way the Pidgin OSCAR protocol implementation processed lists of contacts. A remote attacker could send a specially-crafted contact list to a user running Pidgin, causing Pidgin to crash. (CVE-2009-3615) These packages upgrade Pidgin to version 2.6.3. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog All Pidgin users should upgrade to these updated packages, which correct this issue. Pidgin must be restarted for this update to take effect. |
RHSA-2009:1541: kernel security update (Important)oval-com.redhat.rhsa-def-20091541 highRHSA-2009:1541 CVE-2009-3547
RHSA-2009:1541: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091541 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1541, CVE-2009-3547 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important) Users should upgrade to these updated packages, which contain a backported patch to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:1548: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091548 highRHSA-2009:1548 CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613
RHSA-2009:1548: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091548 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1548, CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a system with SELinux enforced was more permissive in allowing local users in the unconfined_t domain to map low memory areas even if the mmap_min_addr restriction was enabled. This could aid in the local exploitation of NULL pointer dereference bugs. (CVE-2009-2695, Important) * a NULL pointer dereference flaw was found in the eCryptfs implementation in the Linux kernel. A local attacker could use this flaw to cause a local denial of service or escalate their privileges. (CVE-2009-2908, Important) * a flaw was found in the NFSv4 implementation. The kernel would do an unnecessary permission check after creating a file. This check would usually fail and leave the file with the permission bits set to random values. Note: This is a server-side only issue. (CVE-2009-3286, Important) * a NULL pointer dereference flaw was found in each of the following functions in the Linux kernel: pipe_read_open(), pipe_write_open(), and pipe_rdwr_open(). When the mutex lock is not held, the i_pipe pointer could be released by other processes before it is used to update the pipe's reader and writer counters. This could lead to a local denial of service or privilege escalation. (CVE-2009-3547, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU space exhaustion and a system crash. An attacker on the local network could abuse this flaw by using jumbo frames for large amounts of network traffic. (CVE-2009-3613, Important) * missing initialization flaws were found in the Linux kernel. Padding data in several core network structures was not initialized properly before being sent to user-space. These flaws could lead to information leaks. (CVE-2009-3228, Moderate) Bug fixes: * with network bonding in the "balance-tlb" or "balance-alb" mode, the primary setting for the primary slave device was lost when said device was brought down. Bringing the slave back up did not restore the primary setting. (BZ#517971) * some faulty serial device hardware caused systems running the kernel-xen kernel to take a very long time to boot. (BZ#524153) * a caching bug in nfs_readdir() may have caused NFS clients to see duplicate files or not see all files in a directory. (BZ#526960) * the RHSA-2009:1243 update removed the mpt_msi_enable option, preventing certain scripts from running. This update adds the option back. (BZ#526963) * an iptables rule with the recent module and a hit count value greater than the ip_pkt_list_tot parameter (the default is 20), did not have any effect over packets, as the hit count could not be reached. (BZ#527434) * a check has been added to the IPv4 code to make sure that rt is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#527436) * a kernel panic occurred in certain conditions after reconfiguring a tape drive's block size. (BZ#528133) * when using the Linux Virtual Server (LVS) in a master and backup configuration, and propagating active connections on the master to the backup, the connection timeout value on the backup was hard-coded to 180 seconds, meaning connection information on the backup was soon lost. This could prevent the successful failover of connections. The timeout value can now be set via "ipvsadm --set". (BZ#528645) * a bug in nfs4_do_open_expired() could have caused the reclaimer thread on an NFSv4 client to enter an infinite loop. (BZ#529162) * MSI interrupts may not have been delivered for r8169 based network cards that have MSI interrupts enabled. This bug only affected certain systems. (BZ#529366) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:1549: wget security update (Moderate)oval-com.redhat.rhsa-def-20091549 mediumRHSA-2009:1549 CVE-2009-3490
RHSA-2009:1549: wget security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091549 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1549, CVE-2009-3490 |
| Description | GNU Wget is a file retrieval utility that can use HTTP, HTTPS, and FTP. Daniel Stenberg reported that Wget is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse Wget into accepting it by mistake. (CVE-2009-3490) Wget users should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2009:1561: libvorbis security update (Important)oval-com.redhat.rhsa-def-20091561 highRHSA-2009:1561 CVE-2009-3379
RHSA-2009:1561: libvorbis security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091561 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1561, CVE-2009-3379 |
| Description | The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. Multiple flaws were found in the libvorbis library. A specially-crafted Ogg Vorbis media format file (Ogg) could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3379) Users of libvorbis should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2009:1572: 4Suite security update (Moderate)oval-com.redhat.rhsa-def-20091572 mediumRHSA-2009:1572 CVE-2009-3720
RHSA-2009:1572: 4Suite security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091572 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1572, CVE-2009-3720 |
| Description | The 4Suite package contains XML-related tools and libraries for Python, including 4DOM, 4XSLT, 4XPath, 4RDF, and 4XPointer. A buffer over-read flaw was found in the way 4Suite's XML parser handles malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using the 4Suite library to crash while parsing the file. (CVE-2009-3720) Note: In Red Hat Enterprise Linux 3, this flaw only affects a non-default configuration of the 4Suite package: configurations where the beta version of the cDomlette module is enabled. All 4Suite users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, applications using the 4Suite XML-related tools and libraries must be restarted for the update to take effect. |
RHSA-2009:1579: httpd security update (Moderate)oval-com.redhat.rhsa-def-20091579 mediumRHSA-2009:1579 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555
RHSA-2009:1579: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091579 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1579, CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 |
| Description | The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555) Note: This update does not fully resolve the issue for HTTPS servers. An attack is still possible in configurations that require a server-initiated renegotiation. Refer to the following Knowledgebase article for further information: http://kbase.redhat.com/faq/docs/DOC-20491 A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service. (CVE-2009-3094) A second flaw was found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server. (CVE-2009-3095) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2009:1580: httpd security update (Moderate)oval-com.redhat.rhsa-def-20091580 mediumRHSA-2009:1580 CVE-2009-1891 CVE-2009-3094 CVE-2009-3095 CVE-2009-3555
RHSA-2009:1580: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1580, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, CVE-2009-3555 |
| Description | The Apache HTTP Server is a popular Web server. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by rejecting client-requested renegotiation. (CVE-2009-3555) Note: This update does not fully resolve the issue for HTTPS servers. An attack is still possible in configurations that require a server-initiated renegotiation. Refer to the following Knowledgebase article for further information: http://kbase.redhat.com/faq/docs/DOC-20491 A denial of service flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed. This would cause mod_deflate to consume large amounts of CPU if mod_deflate was enabled for a large file. (CVE-2009-1891) A NULL pointer dereference flaw was found in the Apache mod_proxy_ftp module. A malicious FTP server to which requests are being proxied could use this flaw to crash an httpd child process via a malformed reply to the EPSV or PASV commands, resulting in a limited denial of service. (CVE-2009-3094) A second flaw was found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a remote attacker could use this flaw to bypass intended access restrictions by creating a carefully-crafted HTTP Authorization header, allowing the attacker to send arbitrary commands to the FTP server. (CVE-2009-3095) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2009:1584: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20091584 highRHSA-2009:1584 CVE-2009-2409 CVE-2009-3728 CVE-2009-3869 CVE-2009-3871 CVE-2009-3873 CVE-2009-3874 CVE-2009-3875 CVE-2009-3876 CVE-2009-3877 CVE-2009-3879 CVE-2009-3880 CVE-2009-3881 CVE-2009-3882 CVE-2009-3883 CVE-2009-3884
RHSA-2009:1584: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091584 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1584, CVE-2009-2409, CVE-2009-3728, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881, CVE-2009-3882, CVE-2009-3883, CVE-2009-3884 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. An integer overflow flaw and buffer overflow flaws were found in the way the JRE processed image files. An untrusted applet or application could use these flaws to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874) An information leak was found in the JRE. An untrusted applet or application could use this flaw to extend its privileges, allowing it to read and write local files, as well as to execute local applications with the privileges of the user running the applet or application. (CVE-2009-3881) It was discovered that the JRE still accepts certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by the JRE. With this update, the JRE disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) A timing attack flaw was found in the way the JRE processed HMAC digests. This flaw could aid an attacker using forged digital signatures to bypass authentication checks. (CVE-2009-3875) Two denial of service flaws were found in the JRE. These could be exploited in server-side application scenarios that process DER-encoded (Distinguished Encoding Rules) data. (CVE-2009-3876, CVE-2009-3877) An information leak was found in the way the JRE handled color profiles. An attacker could use this flaw to discover the existence of files outside of the color profiles directory. (CVE-2009-3728) A flaw in the JRE with passing arrays to the X11GraphicsDevice API was found. An untrusted applet or application could use this flaw to access and modify the list of supported graphics configurations. This flaw could also lead to sensitive information being leaked to unprivileged code. (CVE-2009-3879) It was discovered that the JRE passed entire objects to the logging API. This could lead to sensitive information being leaked to either untrusted or lower-privileged code from an attacker-controlled applet which has access to the logging API and is therefore able to manipulate (read and/or call) the passed objects. (CVE-2009-3880) Potential information leaks were found in various mutable static variables. These could be exploited in application scenarios that execute untrusted scripting code. (CVE-2009-3882, CVE-2009-3883) An information leak was found in the way the TimeZone.getTimeZone method was handled. This method could load time zone files that are outside of the [JRE_HOME]/lib/zi/ directory, allowing a remote attacker to probe the local file system. (CVE-2009-3884) Note: The flaws concerning applets in this advisory, CVE-2009-3869, CVE-2009-3871, CVE-2009-3873, CVE-2009-3874, CVE-2009-3879, CVE-2009-3880, CVE-2009-3881 and CVE-2009-3884, can only be triggered in java-1.6.0-openjdk by calling the "appletviewer" application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2009:1595: cups security update (Moderate)oval-com.redhat.rhsa-def-20091595 mediumRHSA-2009:1595 CVE-2009-2820 CVE-2009-3553
RHSA-2009:1595: cups security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091595 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1595, CVE-2009-2820, CVE-2009-3553 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could, in a specially-crafted way, query for the list of current print jobs for a specific printer, leading to a denial of service (cupsd crash). (CVE-2009-3553) Several cross-site scripting (XSS) flaws were found in the way the CUPS web server interface processed HTML form content. If a remote attacker could trick a local user who is logged into the CUPS web interface into visiting a specially-crafted HTML page, the attacker could retrieve and potentially modify confidential CUPS administration data. (CVE-2009-2820) Red Hat would like to thank Aaron Sigel of Apple Product Security for responsibly reporting the CVE-2009-2820 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the cupsd daemon will be restarted automatically. |
RHSA-2009:1601: kdelibs security update (Critical)oval-com.redhat.rhsa-def-20091601 highRHSA-2009:1601 CVE-2009-0689
RHSA-2009:1601: kdelibs security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091601 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1601, CVE-2009-0689 |
| Description | The kdelibs packages provide libraries for the K Desktop Environment (KDE). A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2009:1615: xerces-j2 security update (Moderate)oval-com.redhat.rhsa-def-20091615 mediumRHSA-2009:1615 CVE-2009-2625
RHSA-2009:1615: xerces-j2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091615 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1615, CVE-2009-2625 |
| Description | The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Apache Xerces2 Java Parser must be restarted for this update to take effect. |
RHSA-2009:1619: dstat security update (Moderate)oval-com.redhat.rhsa-def-20091619 mediumRHSA-2009:1619 CVE-2009-3894
RHSA-2009:1619: dstat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091619 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1619, CVE-2009-3894 |
| Description | Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. Dstat can be used for performance tuning tests, benchmarks, and troubleshooting. Robert Buchholz of the Gentoo Security Team reported a flaw in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat. (CVE-2009-3894) All dstat users should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2009:1620: bind security update (Moderate)oval-com.redhat.rhsa-def-20091620 mediumRHSA-2009:1620 CVE-2009-4022
RHSA-2009:1620: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091620 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1620, CVE-2009-4022 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Michael Sinatra discovered that BIND was incorrectly caching responses without performing proper DNSSEC validation, when those responses were received during the resolution of a recursive client query that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2009-4022) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2009:1625: expat security update (Moderate)oval-com.redhat.rhsa-def-20091625 mediumRHSA-2009:1625 CVE-2009-3560 CVE-2009-3720
RHSA-2009:1625: expat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091625 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1625, CVE-2009-3560, CVE-2009-3720 |
| Description | Expat is a C library written by James Clark for parsing XML documents. Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file. (CVE-2009-3560, CVE-2009-3720) All expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. |
RHSA-2009:1642: acpid security update (Important)oval-com.redhat.rhsa-def-20091642 highRHSA-2009:1642 CVE-2009-4033
RHSA-2009:1642: acpid security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091642 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1642, CVE-2009-4033 |
| Description | acpid is a daemon that dispatches ACPI (Advanced Configuration and Power
Interface) events to user-space programs.
It was discovered that acpid could create its log file ("/var/log/acpid")
with random permissions on some systems. A local attacker could use this
flaw to escalate their privileges if the log file was created as
world-writable and with the setuid or setgid bit set. (CVE-2009-4033)
Please note that this flaw was due to a Red Hat-specific patch
(acpid-1.0.4-fd.patch) included in the Red Hat Enterprise Linux 5 acpid
package.
Users are advised to upgrade to this updated package, which contains a
backported patch to correct this issue.
|
RHSA-2009:1646: libtool security update (Moderate)oval-com.redhat.rhsa-def-20091646 mediumRHSA-2009:1646 CVE-2009-3736
RHSA-2009:1646: libtool security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091646 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1646, CVE-2009-3736 |
| Description | GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool's libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbitrary library in the current working directory. If a local attacker could trick a local user into running an application (which uses libltdl) from an attacker-controlled directory containing a malicious Libtool control file (.la), the attacker could possibly execute arbitrary code with the privileges of the user running the application. (CVE-2009-3736) All libtool users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications using the libltdl library must be restarted for the update to take effect. |
RHSA-2009:1648: ntp security update (Moderate)oval-com.redhat.rhsa-def-20091648 mediumRHSA-2009:1648 CVE-2009-3563
RHSA-2009:1648: ntp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091648 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1648, CVE-2009-3563 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd. A remote attacker could use this flaw to create an NTP packet reply loop between two ntpd servers via a malformed packet with a spoofed source IP address and port, causing ntpd on those servers to use excessive amounts of CPU time and fill disk space with log messages. (CVE-2009-3563) All ntp users are advised to upgrade to this updated package, which contains a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically. |
RHSA-2009:1659: kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20091659 mediumRHSA-2009:1659 CVE-2009-4031
RHSA-2009:1659: kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20091659 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2009:1659, CVE-2009-4031 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. On x86 platforms, the do_insn_fetch() function did not limit the amount of instruction bytes fetched per instruction. Users in guest operating systems could leverage this flaw to cause large latencies on SMP hosts that could lead to a local denial of service on the host operating system. This update fixes this issue by imposing the architecturally-defined 15 byte length limit for instructions. (CVE-2009-4031) This update also fixes the following bugs: * performance problems occurred when using the qcow2 image format with the qemu-kvm -drive "cache=none" option (the default setting when not specified otherwise). This could cause guest operating system installations to take hours. With this update, performance patches have been backported so that using the qcow2 image format with the "cache=none" option no longer causes performance issues. (BZ#520693) * when using the virtual vm8086 mode, bugs in the emulated hardware task switching implementation may have, in some situations, caused older guest operating systems to malfunction. (BZ#532031) * Windows Server 2003 guests (32-bit) with more than 4GB of memory may have crashed during reboot when using the default qemu-kvm CPU settings. (BZ#532043) * with Red Hat Enterprise Virtualization, guests continued to run after encountering disk read errors. This could have led to their file systems becoming corrupted (but not the host's), notably in environments that use networked storage. With this update, the qemu-kvm -drive "werror=stop" option now applies not only to write errors but also to read errors: When using this option, guests will pause on disk read and write errors. By default, guests managed by Red Hat Enterprise Virtualization use the "werror=stop" option. This option is not used by default for guests managed by libvirt. (BZ#537334, BZ#540406) * the para-virtualized block driver (virtio-blk) silently ignored read errors when accessing disk images. With this update, the driver correctly signals the read error to the guest. (BZ#537334) All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2009:1670: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091670 highRHSA-2009:1670 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726
RHSA-2009:1670: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091670 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1670, CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * NULL pointer dereference flaws in the r128 driver. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2009-3620, Important) * a NULL pointer dereference flaw in the NFSv4 implementation. Several NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it. A local user on a system with an NFSv4 share mounted could possibly use this flaw to cause a denial of service or escalate their privileges. (CVE-2009-3726, Important) * a flaw in tcf_fill_node(). A certain data structure in this function was not initialized properly before being copied to user-space. This could lead to an information leak. (CVE-2009-3612, Moderate) * unix_stream_connect() did not check if a UNIX domain socket was in the shutdown state. This could lead to a deadlock. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2009-3621, Moderate) Knowledgebase DOC-20536 has steps to mitigate NULL pointer dereference flaws. Bug fixes: * frequently changing a CPU between online and offline caused a kernel panic on some systems. (BZ#545583) * for the LSI Logic LSI53C1030 Ultra320 SCSI controller, read commands sent could receive incorrect data, preventing correct data transfer. (BZ#529308) * pciehp could not detect PCI Express hot plug slots on some systems. (BZ#530383) * soft lockups: inotify race and contention on dcache_lock. (BZ#533822, BZ#537019) * priority ordered lists are now used for threads waiting for a given mutex. (BZ#533858) * a deadlock in DLM could cause GFS2 file systems to lock up. (BZ#533859) * use-after-free bug in the audit subsystem crashed certain systems when running usermod. (BZ#533861) * on certain hardware configurations, a kernel panic when the Broadcom iSCSI offload driver (bnx2i.ko and cnic.ko) was loaded. (BZ#537014) * qla2xxx: Enabled MSI-X, and correctly handle the module parameter to control it. This improves performance for certain systems. (BZ#537020) * system crash when reading the cpuaffinity file on a system. (BZ#537346) * suspend-resume problems on systems with lots of logical CPUs, e.g. BX-EX. (BZ#539674) * off-by-one error in the legacy PCI bus check. (BZ#539675) * TSC was not made available on systems with multi-clustered APICs. This could cause slow performance for time-sensitive applications. (BZ#539676) * ACPI: ARB_DISABLE now disabled on platforms that do not need it. (BZ#539677) * fix node to core and power-aware scheduling issues, and a kernel panic during boot on certain AMD Opteron processors. (BZ#539678, BZ#540469, BZ#539680, BZ#539682) * APIC timer interrupt issues on some AMD Opteron systems prevented achieving full power savings. (BZ#539681) * general OProfile support for some newer Intel processors. (BZ#539683) * system crash during boot when NUMA is enabled on systems using MC and kernel-xen. (BZ#539684) * on some larger systems, performance issues due to a spinlock. (BZ#539685) * APIC errors when IOMMU is enabled on some AMD Opteron systems. (BZ#539687) * on some AMD Opteron systems, repeatedly taking a CPU offline then online caused a system hang. (BZ#539688) * I/O page fault errors on some systems. (BZ#539689) * certain memory configurations could cause the kernel-xen kernel to fail to boot on some AMD Opteron systems. (BZ#539690) * NMI watchdog is now disabled for offline CPUs. (BZ#539691) * duplicate directories in /proc/acpi/processor/ on BX-EX systems. (BZ#539692) * links did not come up when using bnx2x with certain Broadcom devices. (BZ#540381) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:1671: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20091671 highRHSA-2009:1671 CVE-2009-2910 CVE-2009-3613 CVE-2009-3620 CVE-2009-3621
RHSA-2009:1671: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091671 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1671, CVE-2009-2910, CVE-2009-3613, CVE-2009-3620, CVE-2009-3621 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. pci_unmap_single() presented a memory leak that could lead to IOMMU space exhaustion and a system crash. An attacker on the local network could trigger this flaw by using jumbo frames for large amounts of network traffic. (CVE-2009-3613, Important) * NULL pointer dereference flaws were found in the r128 driver in the Linux kernel. Checks to test if the Concurrent Command Engine state was initialized were missing in private IOCTL functions. An attacker could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2009-3620, Important) * an information leak was found in the Linux kernel. On AMD64 systems, 32-bit processes could access and read certain 64-bit registers by temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate) * the unix_stream_connect() function in the Linux kernel did not check if a UNIX domain socket was in the shutdown state. This could lead to a deadlock. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2009-3621, Moderate) This update also fixes the following bugs: * an iptables rule with the recent module and a hit count value greater than the ip_pkt_list_tot parameter (the default is 20), did not have any effect over packets, as the hit count could not be reached. (BZ#529306) * in environments that use dual-controller storage devices with the cciss driver, Device-Mapper Multipath maps could not be detected and configured, due to the cciss driver not exporting the bus attribute via sysfs. This attribute is now exported. (BZ#529309) * the kernel crashed with a divide error when a certain joystick was attached. (BZ#532027) * a bug in the mptctl_do_mpt_command() function in the mpt driver may have resulted in crashes during boot on i386 systems with certain adapters using the mpt driver, and also running the hugemem kernel. (BZ#533798) * on certain hardware, the igb driver was unable to detect link statuses correctly. This may have caused problems for network bonding, such as failover not occurring. (BZ#534105) * the RHSA-2009:1024 update introduced a regression. After updating to Red Hat Enterprise Linux 4.8 and rebooting, network links often failed to be brought up for interfaces using the forcedeth driver. "no link during initialization" messages may have been logged. (BZ#534112) * the RHSA-2009:1024 update introduced a second regression. On certain systems, PS/2 keyboards failed to work. (BZ#537344) * a bug in checksum offload calculations could have crashed the bnx2x firmware when the iptable_nat module was loaded, causing network traffic to stop. (BZ#537013) * a check has been added to the IPv4 code to make sure that the routing table data structure, rt, is not NULL, to help prevent future bugs in functions that call ip_append_data() from being exploitable. (BZ#537016) * possible kernel pointer dereferences on systems with several NFS mounts (a mixture of "-o lock" and "-o nolock"), which in rare cases may have caused a system crash, have been resolved. (BZ#537017) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2009:1673: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20091673 highRHSA-2009:1673 CVE-2009-3979 CVE-2009-3983 CVE-2009-3984
RHSA-2009:1673: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091673 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1673, CVE-2009-3979, CVE-2009-3983, CVE-2009-3984 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-3979) A flaw was found in the SeaMonkey NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other applications on the user's system. (CVE-2009-3983) A flaw was found in the way SeaMonkey displayed the SSL location bar indicator. An attacker could create an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they are visiting a secure page. (CVE-2009-3984) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2009:1674: firefox security update (Critical)oval-com.redhat.rhsa-def-20091674 highRHSA-2009:1674 CVE-2009-3979 CVE-2009-3981 CVE-2009-3983 CVE-2009-3984 CVE-2009-3985 CVE-2009-3986
RHSA-2009:1674: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20091674 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1674, CVE-2009-3979, CVE-2009-3981, CVE-2009-3983, CVE-2009-3984, CVE-2009-3985, CVE-2009-3986 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2009-3979, CVE-2009-3981, CVE-2009-3986) A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other applications on the user's system. (CVE-2009-3983) A flaw was found in the way Firefox displayed the SSL location bar indicator. An attacker could create an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they are visiting a secure page. (CVE-2009-3984) A flaw was found in the way Firefox displayed blank pages after a user navigates to an invalid address. If a user visits an attacker-controlled web page that results in a blank page, the attacker could inject content into that blank page, possibly tricking the user into believing they are viewing a legitimate page. (CVE-2009-3985) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.16. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.16, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2009:1680: xpdf security update (Important)oval-com.redhat.rhsa-def-20091680 highRHSA-2009:1680 CVE-2009-4035
RHSA-2009:1680: xpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091680 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1680, CVE-2009-4035 |
| Description | Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in Xpdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause Xpdf to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2009:1681: gpdf security update (Important)oval-com.redhat.rhsa-def-20091681 highRHSA-2009:1681 CVE-2009-4035
RHSA-2009:1681: gpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091681 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1681, CVE-2009-4035 |
| Description | GPdf is a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in GPdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause GPdf to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2009:1682: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20091682 highRHSA-2009:1682 CVE-2009-4035
RHSA-2009:1682: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20091682 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2009:1682, CVE-2009-4035 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. Petr Gajdos and Christian Kornacker of SUSE reported a buffer overflow flaw in KPDF's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause KPDF to crash or, possibly, execute arbitrary code when opened. (CVE-2009-4035) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2010:0002: PyXML security update (Moderate)oval-com.redhat.rhsa-def-20100002 mediumRHSA-2010:0002 CVE-2009-3720
RHSA-2010:0002: PyXML security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100002 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0002, CVE-2009-3720 |
| Description | PyXML provides XML libraries for Python. The distribution contains a validating XML parser, an implementation of the SAX and DOM programming interfaces, and an interface to the Expat parser. A buffer over-read flaw was found in the way PyXML's Expat parser handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause Python applications using PyXML's Expat parser to crash while parsing the file. (CVE-2009-3720) This update makes PyXML use the system Expat library rather than its own internal copy; therefore, users must install the RHSA-2009:1625 expat update together with this PyXML update to resolve the CVE-2009-3720 issue. All PyXML users should upgrade to this updated package, which changes PyXML to use the system Expat library. After installing this update along with RHSA-2009:1625, applications using the PyXML library must be restarted for the update to take effect. |
RHSA-2010:0003: gd security update (Moderate)oval-com.redhat.rhsa-def-20100003 mediumRHSA-2010:0003 CVE-2009-3546
RHSA-2010:0003: gd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0003, CVE-2009-3546 |
| Description | The gd packages provide a graphics library used for the dynamic creation of images, such as PNG and JPEG. A missing input sanitization flaw, leading to a buffer overflow, was discovered in the gd library. A specially-crafted GD image file could cause an application using the gd library to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3546) Users of gd should upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2010:0018: dbus security update (Moderate)oval-com.redhat.rhsa-def-20100018 mediumRHSA-2010:0018 CVE-2009-1189
RHSA-2010:0018: dbus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100018 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0018, CVE-2009-1189 |
| Description | D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the Red Hat Security Advisory RHSA-2009:0008 did not correctly fix the denial of service flaw in the system for sending messages between applications. A local user could use this flaw to send a message with a malformed signature to the bus, causing the bus (and, consequently, any process using libdbus to receive messages) to abort. (CVE-2009-1189) Note: Users running any application providing services over the system message bus are advised to test this update carefully before deploying it in production environments. All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. |
RHSA-2010:0019: kernel security update (Important)oval-com.redhat.rhsa-def-20100019 highRHSA-2010:0019 CVE-2007-4567 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538
RHSA-2010:0019: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100019 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0019, CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the IPv6 Extension Header (EH) handling implementation in the Linux kernel. The skb->dst data structure was not properly validated in the ipv6_hop_jumbo() function. This could possibly lead to a remote denial of service. (CVE-2007-4567, Important) * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0020: kernel security update (Important)oval-com.redhat.rhsa-def-20100020 highRHSA-2010:0020 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538
RHSA-2010:0020: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100020 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0020, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in each of the following Intel PRO/1000 Linux drivers in the Linux kernel: e1000 and e1000e. A remote attacker using packets larger than the MTU could bypass the existing fragment check, resulting in partial, invalid frames being passed to the network stack. These flaws could also possibly be used to trigger a remote denial of service. (CVE-2009-4536, CVE-2009-4538, Important) * a flaw was found in the Realtek r8169 Ethernet driver in the Linux kernel. Receiving overly-long frames with network cards supported by this driver could possibly result in a remote denial of service. (CVE-2009-4537, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0029: krb5 security update (Critical)oval-com.redhat.rhsa-def-20100029 highRHSA-2010:0029 CVE-2009-4212
RHSA-2010:0029: krb5 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100029 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0029, CVE-2009-4212 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center (KDC) decrypted ciphertexts encrypted with the Advanced Encryption Standard (AES) and ARCFOUR (RC4) encryption algorithms. If a remote KDC client were able to provide a specially-crafted AES- or RC4-encrypted ciphertext or texts, it could potentially lead to either a denial of service of the central KDC (KDC crash or abort upon processing the crafted ciphertext), or arbitrary code execution with the privileges of the KDC (i.e., root privileges). (CVE-2009-4212) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running services using the MIT Kerberos libraries must be restarted for the update to take effect. |
RHSA-2010:0039: gcc and gcc4 security update (Moderate)oval-com.redhat.rhsa-def-20100039 mediumRHSA-2010:0039 CVE-2009-3736
RHSA-2010:0039: gcc and gcc4 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100039 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0039, CVE-2009-3736 |
| Description | The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool's libltdl library. A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to trick a local user into running a Java application (which uses a function to load native libraries, such as System.loadLibrary) from within an attacker-controlled directory containing a malicious library or module, the attacker could possibly execute arbitrary code with the privileges of the user running the Java application. (CVE-2009-3736) All gcc and gcc4 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running Java applications using libgcj must be restarted for this update to take effect. |
RHSA-2010:0040: php security update (Moderate)oval-com.redhat.rhsa-def-20100040 mediumRHSA-2010:0040 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292 CVE-2009-3546 CVE-2009-4017 CVE-2009-4142
RHSA-2010:0040: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100040 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0040, CVE-2009-2687, CVE-2009-3291, CVE-2009-3292, CVE-2009-3546, CVE-2009-4017, CVE-2009-4142 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. Multiple missing input sanitization flaws were discovered in PHP's exif extension. A specially-crafted image file could cause the PHP interpreter to crash or, possibly, disclose portions of its memory when a PHP script tried to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2009-2687, CVE-2009-3292) A missing input sanitization flaw, leading to a buffer overflow, was discovered in PHP's gd library. A specially-crafted GD image file could cause the PHP interpreter to crash or, possibly, execute arbitrary code when opened. (CVE-2009-3546) It was discovered that PHP did not limit the maximum number of files that can be uploaded in one request. A remote attacker could use this flaw to instigate a denial of service by causing the PHP interpreter to use lots of system resources dealing with requests containing large amounts of files to be uploaded. This vulnerability depends on file uploads being enabled (which it is, in the default PHP configuration). (CVE-2009-4017) Note: This update introduces a new configuration option, max_file_uploads, used for limiting the number of files that can be uploaded in one request. By default, the limit is 20 files per request. It was discovered that PHP was affected by the previously published "null prefix attack", caused by incorrect handling of NUL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse PHP into accepting it by mistake. (CVE-2009-3291) It was discovered that PHP's htmlspecialchars() function did not properly recognize partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use this flaw to perform a cross-site scripting attack. (CVE-2009-4142) All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2010:0044: pidgin security update (Important)oval-com.redhat.rhsa-def-20100044 highRHSA-2010:0044 CVE-2010-0013
RHSA-2010:0044: pidgin security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100044 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0044, CVE-2010-0013 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A directory traversal flaw was discovered in Pidgin's MSN protocol implementation. A remote attacker could send a specially-crafted emoticon image download request that would cause Pidgin to disclose an arbitrary file readable to the user running Pidgin. (CVE-2010-0013) These packages upgrade Pidgin to version 2.6.5. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog All Pidgin users should upgrade to these updated packages, which correct this issue. Pidgin must be restarted for this update to take effect. |
RHSA-2010:0046: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100046 highRHSA-2010:0046 CVE-2006-6304 CVE-2009-2910 CVE-2009-3080 CVE-2009-3556 CVE-2009-3889 CVE-2009-3939 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4141 CVE-2009-4272
RHSA-2010:0046: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100046 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0046, CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, CVE-2009-4272 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security fixes:
* an array index error was found in the gdth driver. A local user could
send a specially-crafted IOCTL request that would cause a denial of service
or, possibly, privilege escalation. (CVE-2009-3080, Important)
* a flaw was found in the FUSE implementation. When a system is low on
memory, fuse_put_request() could dereference an invalid pointer, possibly
leading to a local denial of service or privilege escalation.
(CVE-2009-4021, Important)
* Tavis Ormandy discovered a deficiency in the fasync_helper()
implementation. This could allow a local, unprivileged user to leverage a
use-after-free of locked, asynchronous file descriptors to cause a denial
of service or privilege escalation. (CVE-2009-4141, Important)
* the Parallels Virtuozzo Containers team reported the RHSA-2009:1243
update introduced two flaws in the routing implementation. If an attacker
was able to cause a large enough number of collisions in the routing hash
table (via specially-crafted packets) for the emergency route flush to
trigger, a deadlock could occur. Secondly, if the kernel routing cache was
disabled, an uninitialized pointer would be left behind after a route
lookup, leading to a kernel panic. (CVE-2009-4272, Important)
* the RHSA-2009:0225 update introduced a rewrite attack flaw in the
do_coredump() function. A local attacker able to guess the file name a
process is going to dump its core to, prior to the process crashing, could
use this flaw to append data to the dumped core file. This issue only
affects systems that have "/proc/sys/fs/suid_dumpable" set to 2 (the
default value is 0). (CVE-2006-6304, Moderate)
The fix for CVE-2006-6304 changes the expected behavior: With suid_dumpable
set to 2, the core file will not be recorded if the file already exists.
For example, core files will not be overwritten on subsequent crashes of
processes whose core files map to the same name.
* an information leak was found in the Linux kernel. On AMD64 systems,
32-bit processes could access and read certain 64-bit registers by
temporarily switching themselves to 64-bit mode. (CVE-2009-2910, Moderate)
* the RHBA-2008:0314 update introduced N_Port ID Virtualization (NPIV)
support in the qla2xxx driver, resulting in two new sysfs pseudo files,
"/sys/class/scsi_host/[a qla2xxx host]/vport_create" and "vport_delete".
These two files were world-writable by default, allowing a local user to
change SCSI host attributes. This flaw only affects systems using the
qla2xxx driver and NPIV capable hardware. (CVE-2009-3556, Moderate)
* permission issues were found in the megaraid_sas driver. The "dbg_lvl"
and "poll_mode_io" files on the sysfs file system ("/sys/") had
world-writable permissions. This could allow local, unprivileged users to
change the behavior of the driver. (CVE-2009-3889, CVE-2009-3939, Moderate)
* a NULL pointer dereference flaw was found in the firewire-ohci driver
used for OHCI compliant IEEE 1394 controllers. A local, unprivileged user
with access to /dev/fw* files could issue certain IOCTL calls, causing a
denial of service or privilege escalation. The FireWire modules are
blacklisted by default, and if enabled, only root has access to the files
noted above by default. (CVE-2009-4138, Moderate)
* a buffer overflow flaw was found in the hfs_bnode_read() function in the
HFS file system implementation. This could lead to a denial of service if a
user browsed a specially-crafted HFS file system, for example, by running
"ls". (CVE-2009-4020, Low)
Bug fix documentation for this update will be available shortly from
www.redhat.com/docs/en-US/errata/RHSA-2010-0046/Kernel_Security_Update/
index.html
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
|
RHSA-2010:0054: openssl security update (Moderate)oval-com.redhat.rhsa-def-20100054 mediumRHSA-2010:0054 CVE-2009-2409 CVE-2009-4355
RHSA-2010:0054: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100054 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0054, CVE-2009-2409, CVE-2009-4355 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that the OpenSSL library did not properly re-initialize its internal state in the SSL_library_init() function after previous calls to the CRYPTO_cleanup_all_ex_data() function, which would cause a memory leak for each subsequent SSL connection. This flaw could cause server applications that call those functions during reload, such as a combination of the Apache HTTP Server, mod_ssl, PHP, and cURL, to consume all available memory, resulting in a denial of service. (CVE-2009-4355) Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2010:0061: gzip security update (Moderate)oval-com.redhat.rhsa-def-20100061 mediumRHSA-2010:0061 CVE-2010-0001
RHSA-2010:0061: gzip security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100061 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0061, CVE-2010-0001 |
| Description | The gzip package provides the GNU gzip data compression program. An integer underflow flaw, leading to an array index error, was found in the way gzip expanded archive files compressed with the Lempel-Ziv-Welch (LZW) compression algorithm. If a victim expanded a specially-crafted archive, it could cause gzip to crash or, potentially, execute arbitrary code with the privileges of the user running gzip. This flaw only affects 64-bit systems. (CVE-2010-0001) Red Hat would like to thank Aki Helin of the Oulu University Secure Programming Group for responsibly reporting this flaw. Users of gzip should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2010:0062: bind security update (Moderate)oval-com.redhat.rhsa-def-20100062 mediumRHSA-2010:0062 CVE-2010-0097 CVE-2010-0290 CVE-2010-0382
RHSA-2010:0062: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100062 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0062, CVE-2010-0097, CVE-2010-0290, CVE-2010-0382 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the BIND DNSSEC NSEC/NSEC3 validation code. If BIND was running as a DNSSEC-validating resolver, it could incorrectly cache NXDOMAIN responses, as if they were valid, for records proven by NSEC or NSEC3 to exist. A remote attacker could use this flaw to cause a BIND server to return the bogus, cached NXDOMAIN responses for valid records and prevent users from retrieving those records (denial of service). (CVE-2010-0097) The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when received from processing recursive client queries that requested DNSSEC records but indicated that checking should be disabled. A remote attacker could use this flaw to bypass the DNSSEC validation check and perform a cache poisoning attack if the target BIND server was receiving such client queries. (CVE-2010-0290) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2010:0076: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100076 highRHSA-2010:0076 CVE-2009-3080 CVE-2009-3889 CVE-2009-3939 CVE-2009-4005 CVE-2009-4020
RHSA-2010:0076: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100076 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0076, CVE-2009-3080, CVE-2009-3889, CVE-2009-3939, CVE-2009-4005, CVE-2009-4020 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* an array index error was found in the gdth driver in the Linux kernel. A
local user could send a specially-crafted IOCTL request that would cause a
denial of service or, possibly, privilege escalation. (CVE-2009-3080,
Important)
* a flaw was found in the collect_rx_frame() function in the HiSax ISDN
driver (hfc_usb) in the Linux kernel. An attacker could use this flaw to
send a specially-crafted HDLC packet that could trigger a buffer out of
bounds, possibly resulting in a denial of service. (CVE-2009-4005,
Important)
* permission issues were found in the megaraid_sas driver (for SAS based
RAID controllers) in the Linux kernel. The "dbg_lvl" and "poll_mode_io"
files on the sysfs file system ("/sys/") had world-writable permissions.
This could allow local, unprivileged users to change the behavior of the
driver. (CVE-2009-3889, CVE-2009-3939, Moderate)
* a buffer overflow flaw was found in the hfs_bnode_read() function in the
HFS file system implementation in the Linux kernel. This could lead to a
denial of service if a user browsed a specially-crafted HFS file system,
for example, by running "ls". (CVE-2009-4020, Low)
This update also fixes the following bugs:
* if a process was using ptrace() to trace a multi-threaded process, and
that multi-threaded process dumped its core, the process performing the
trace could hang in wait4(). This issue could be triggered by running
"strace -f" on a multi-threaded process that was dumping its core,
resulting in the strace command hanging. (BZ#555869)
* a bug in the ptrace() implementation could have, in some cases, caused
ptrace_detach() to create a zombie process if the process being traced
was terminated with a SIGKILL signal. (BZ#555869)
* the RHSA-2010:0020 update resolved an issue (CVE-2009-4537) in the
Realtek r8169 Ethernet driver. This update implements a better solution for
that issue. Note: This is not a security regression. The original fix was
complete. This update is adding the official upstream fix. (BZ#556406)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
|
RHSA-2010:0088: kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20100088 highRHSA-2010:0088 CVE-2010-0297 CVE-2010-0298 CVE-2010-0306 CVE-2010-0309
RHSA-2010:0088: kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100088 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0088, CVE-2010-0297, CVE-2010-0298, CVE-2010-0306, CVE-2010-0309 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. The x86 emulator implementation was missing a check for the Current Privilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest could leverage these flaws to cause a denial of service (guest crash) or possibly escalate their privileges within that guest. (CVE-2010-0298, CVE-2010-0306) A flaw was found in the Programmable Interval Timer (PIT) emulation. Access to the internal data structure pit_state, which represents the data state of the emulated PIT, was not properly validated in the pit_ioport_read() function. A privileged guest user could use this flaw to crash the host. (CVE-2010-0309) A flaw was found in the USB passthrough handling code. A specially-crafted USB packet sent from inside a guest could be used to trigger a buffer overflow in the usb_host_handle_control() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to cause a denial of service (guest hang or crash) or possibly escalate their privileges within the host. (CVE-2010-0297) This update also fixes the following bugs: * pvclock MSR values were not preserved during remote migration, causing time drift for guests. (BZ#537028) * SMBIOS table 4 data is now generated for Windows guests. (BZ#545874) * if the qemu-kvm "-net user" option was used, unattended Windows XP installations did not receive an IP address after reboot. (BZ#546562) * when being restored from migration, a race condition caused Windows Server 2008 R2 guests to hang during shutdown. (BZ#546563) * the kernel symbol checking on the kvm-kmod build process has a safety check for ABI changes. (BZ#547293) * on hosts without high-res timers, Windows Server 2003 guests experienced significant time drift. (BZ#547625) * in some situations, installing Windows Server 2008 R2 from an ISO image resulted in a blue screen "BAD_POOL_HEADER" stop error. (BZ#548368) * a bug in the grow_refcount_table() error handling caused infinite recursion in some cases. This caused the qemu-kvm process to hang and eventually crash. (BZ#552159) * for Windows Server 2003 R2, Service Pack 2, 32-bit guests, an "unhandled vm exit" error could occur during reboot on some systems. (BZ#552518) * for Windows guests, QEMU could attempt to stop a stopped audio device, resulting in a "snd_playback_stop: ASSERT playback_channel->base.active failed" error. (BZ#552519) * the Hypercall driver did not reset the device on power-down. (BZ#552528) * mechanisms have been added to make older savevm versions to be emitted in some cases. (BZ#552529) * an error in the Makefile prevented users from using the source RPM to install KVM. (BZ#552530) * guests became unresponsive and could use up to 100% CPU when running certain benchmark tests with more than 7 guests running simultaneously. (BZ#553249) * QEMU could terminate randomly with virtio-net and SMP enabled. (BZ#561022) All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2010:0094: HelixPlayer security update (Critical)oval-com.redhat.rhsa-def-20100094 highRHSA-2010:0094 CVE-2009-4242 CVE-2009-4245 CVE-2009-4247 CVE-2009-4248 CVE-2009-4257 CVE-2010-0416 CVE-2010-0417 CVE-2010-4376
RHSA-2010:0094: HelixPlayer security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100094 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0094, CVE-2009-4242, CVE-2009-4245, CVE-2009-4247, CVE-2009-4248, CVE-2009-4257, CVE-2010-0416, CVE-2010-0417, CVE-2010-4376 |
| Description | HelixPlayer is a media player. Multiple buffer and integer overflow flaws were found in the way HelixPlayer processed Graphics Interchange Format (GIF) files. An attacker could create a specially-crafted GIF file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4242, CVE-2009-4245) A buffer overflow flaw was found in the way HelixPlayer processed Synchronized Multimedia Integration Language (SMIL) files. An attacker could create a specially-crafted SMIL file which would cause HelixPlayer to crash or, potentially, execute arbitrary code when opened. (CVE-2009-4257) A buffer overflow flaw was found in the way HelixPlayer handled the Real Time Streaming Protocol (RTSP) SET_PARAMETER directive. A malicious RTSP server could use this flaw to crash HelixPlayer or, potentially, execute arbitrary code. (CVE-2009-4248) Multiple buffer overflow flaws were discovered in the way HelixPlayer handled RuleBook structures in media files and RTSP streams. Specially-crafted input could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2009-4247, CVE-2010-0417) A buffer overflow flaw was found in the way HelixPlayer performed URL un-escaping. A specially-crafted URL string could cause HelixPlayer to crash or, potentially, execute arbitrary code. (CVE-2010-0416) All HelixPlayer users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. All running instances of HelixPlayer must be restarted for this update to take effect. |
RHSA-2010:0101: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20100101 highRHSA-2010:0101 CVE-2009-2949 CVE-2009-2950 CVE-2009-3301 CVE-2009-3302
RHSA-2010:0101: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100101 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0101, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially-crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially-crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially-crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2010:0108: NetworkManager security update (Moderate)oval-com.redhat.rhsa-def-20100108 mediumRHSA-2010:0108 CVE-2009-4144 CVE-2009-4145
RHSA-2010:0108: NetworkManager security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100108 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0108, CVE-2009-4144, CVE-2009-4145 |
| Description | NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. A missing network certificate verification flaw was found in NetworkManager. If a user created a WPA Enterprise or 802.1x wireless network connection that was verified using a Certificate Authority (CA) certificate, and then later removed that CA certificate file, NetworkManager failed to verify the identity of the network on the following connection attempts. In these situations, a malicious wireless network spoofing the original network could trick a user into disclosing authentication credentials or communicating over an untrusted network. (CVE-2009-4144) An information disclosure flaw was found in NetworkManager's nm-connection-editor D-Bus interface. If a user edited network connection options using nm-connection-editor, a summary of those changes was broadcasted over the D-Bus message bus, possibly disclosing sensitive information (such as wireless network authentication credentials) to other local users. (CVE-2009-4145) Users of NetworkManager should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0109: mysql security update (Moderate)oval-com.redhat.rhsa-def-20100109 mediumRHSA-2010:0109 CVE-2009-4019 CVE-2009-4028 CVE-2009-4030
RHSA-2010:0109: mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100109 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0109, CVE-2009-4019, CVE-2009-4028, CVE-2009-4030 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was discovered that the MySQL client ignored certain SSL certificate verification errors when connecting to servers. A man-in-the-middle attacker could use this flaw to trick MySQL clients into connecting to a spoofed MySQL server. (CVE-2009-4028) Note: This fix may uncover previously hidden SSL configuration issues, such as incorrect CA certificates being used by clients or expired server certificates. This update should be carefully tested in deployments where SSL connections are used. A flaw was found in the way MySQL handled SELECT statements with subqueries in the WHERE clause, that assigned results to a user variable. A remote, authenticated attacker could use this flaw to crash the MySQL server daemon (mysqld). This issue only caused a temporary denial of service, as the MySQL daemon was automatically restarted after the crash. (CVE-2009-4019) When the "datadir" option was configured with a relative path, MySQL did not properly check paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. (CVE-2009-4030) Note: Due to the security risks and previous security issues related to the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not depending on this feature should consider disabling it by adding "symbolic-links=0" to the "[mysqld]" section of the "my.cnf" configuration file. In this update, an example of such a configuration was added to the default "my.cnf" file. All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2010:0110: mysql security update (Moderate)oval-com.redhat.rhsa-def-20100110 mediumRHSA-2010:0110 CVE-2008-4098 CVE-2008-4456 CVE-2009-2446 CVE-2009-4030
RHSA-2010:0110: mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100110 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0110, CVE-2008-4098, CVE-2008-4456, CVE-2009-2446, CVE-2009-4030 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Multiple flaws were discovered in the way MySQL handled symbolic links to tables created using the DATA DIRECTORY and INDEX DIRECTORY directives in CREATE TABLE statements. An attacker with CREATE and DROP table privileges and shell access to the database server could use these flaws to escalate their database privileges, or gain access to tables created by other database users. (CVE-2008-4098, CVE-2009-4030) Note: Due to the security risks and previous security issues related to the use of the DATA DIRECTORY and INDEX DIRECTORY directives, users not depending on this feature should consider disabling it by adding "symbolic-links=0" to the "[mysqld]" section of the "my.cnf" configuration file. In this update, an example of such a configuration was added to the default "my.cnf" file. An insufficient HTML entities quoting flaw was found in the mysql command line client's HTML output mode. If an attacker was able to inject arbitrary HTML tags into data stored in a MySQL database, which was later retrieved using the mysql command line client and its HTML output mode, they could perform a cross-site scripting (XSS) attack against victims viewing the HTML output in a web browser. (CVE-2008-4456) Multiple format string flaws were found in the way the MySQL server logged user commands when creating and deleting databases. A remote, authenticated attacker with permissions to CREATE and DROP databases could use these flaws to formulate a specially-crafted SQL command that would cause a temporary denial of service (open connections to mysqld are terminated). (CVE-2009-2446) Note: To exploit the CVE-2009-2446 flaws, the general query log (the mysqld "--log" command line option or the "log" option in "my.cnf") must be enabled. This logging is not enabled by default. All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2010:0112: firefox security update (Critical)oval-com.redhat.rhsa-def-20100112 highRHSA-2010:0112 CVE-2009-1571 CVE-2009-3988 CVE-2010-0159 CVE-2010-0160 CVE-2010-0162 CVE-2010-0167 CVE-2010-0169 CVE-2010-0171
RHSA-2010:0112: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100112 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0112, CVE-2009-1571, CVE-2009-3988, CVE-2010-0159, CVE-2010-0160, CVE-2010-0162, CVE-2010-0167, CVE-2010-0169, CVE-2010-0171 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in Firefox. Under low memory conditions, visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0159, CVE-2010-0160) Two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988, CVE-2010-0162) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0113: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20100113 highRHSA-2010:0113 CVE-2009-1571 CVE-2010-0159 CVE-2010-0169 CVE-2010-0171
RHSA-2010:0113: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100113 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0113, CVE-2009-1571, CVE-2010-0159, CVE-2010-0169, CVE-2010-0171 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. A use-after-free flaw was found in SeaMonkey. Under low memory conditions, visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2009-1571) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0159) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2010:0115: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20100115 mediumRHSA-2010:0115 CVE-2010-0277 CVE-2010-0420 CVE-2010-0423
RHSA-2010:0115: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100115 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0115, CVE-2010-0277, CVE-2010-0420, CVE-2010-0423 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way Pidgin's MSN protocol implementation handled MSNSLP invitations. A remote attacker could send a specially-crafted INVITE request that would cause a denial of service (memory corruption and Pidgin crash). (CVE-2010-0277) A denial of service flaw was found in Finch's XMPP chat implementation, when using multi-user chat. If a Finch user in a multi-user chat session were to change their nickname to contain the HTML "br" element, it would cause Finch to crash. (CVE-2010-0420) Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting the CVE-2010-0420 issue. A denial of service flaw was found in the way Pidgin processed emoticon images. A remote attacker could flood the victim with emoticon images during mutual communication, leading to excessive CPU use. (CVE-2010-0423) These packages upgrade Pidgin to version 2.6.6. Refer to the Pidgin release notes for a full list of changes: http://developer.pidgin.im/wiki/ChangeLog All Pidgin users are advised to upgrade to these updated packages, which correct these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2010:0122: sudo security update (Important)oval-com.redhat.rhsa-def-20100122 highRHSA-2010:0122 CVE-2010-0426 CVE-2010-0427
RHSA-2010:0122: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100122 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0122, CVE-2010-0426, CVE-2010-0427 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly leverage this flaw to execute arbitrary code with the privileges of the root user. (CVE-2010-0426) The sudo utility did not properly initialize supplementary groups when the "runas_default" option (in the sudoers file) was used. If a local user were authorized by the sudoers file to perform their sudo commands under the account specified with "runas_default", they would receive the root user's supplementary groups instead of those of the intended target user, giving them unintended privileges. (CVE-2010-0427) Users of sudo should upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2010:0124: systemtap security update (Important)oval-com.redhat.rhsa-def-20100124 highRHSA-2010:0124 CVE-2009-4273 CVE-2010-0411
RHSA-2010:0124: systemtap security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100124 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0124, CVE-2009-4273, CVE-2010-0411 |
| Description | SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A flaw was found in the SystemTap compile server, stap-server, an optional component of SystemTap. This server did not adequately sanitize input provided by the stap-client program, which may allow a remote user to execute arbitrary shell code with the privileges of the compile server process, which could possibly be running as the root user. (CVE-2009-4273) Note: stap-server is not run by default. It must be started by a user or administrator. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0125: systemtap security update (Moderate)oval-com.redhat.rhsa-def-20100125 mediumRHSA-2010:0125 CVE-2010-0411
RHSA-2010:0125: systemtap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100125 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0125, CVE-2010-0411 |
| Description | SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A buffer overflow flaw was found in SystemTap's tapset __get_argv() function. If a privileged user ran a SystemTap script that called this function, a local, unprivileged user could, while that script is still running, trigger this flaw and cause memory corruption by running a command with a large argument list, which may lead to a system crash or, potentially, arbitrary code execution with root privileges. (CVE-2010-0411) Note: SystemTap scripts that call __get_argv(), being a privileged function, can only be executed by the root user or users in the stapdev group. As well, if such a script was compiled and installed by root, users in the stapusr group would also be able to execute it. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2010:0126: kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20100126 highRHSA-2010:0126 CVE-2009-3722 CVE-2010-0419
RHSA-2010:0126: kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100126 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0126, CVE-2009-3722, CVE-2010-0419 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the x86 emulator loaded segment selectors (used for memory segmentation and protection) into segment registers. In some guest system configurations, an unprivileged guest user could leverage this flaw to crash the guest or possibly escalate their privileges within the guest. (CVE-2010-0419) The x86 emulator implementation was missing a check for the Current Privilege Level (CPL) while accessing debug registers. An unprivileged user in a guest could leverage this flaw to crash the guest. (CVE-2009-3722) This update also fixes the following bugs: With Red Hat Enterprise Virtualization, the virtio_blk_dma_restart_bh() function was previously used to handle write errors; however, a bug fix provided by the RHSA-2009:1659 update meant that read errors would also have to be handled by this function. The function was not updated for this, causing read errors to be resubmitted as writes. This caused guest image corruption in some cases. Additionally, the return values of the bdrv_aio_write() and bdrv_aio_read() functions were ignored. If an immediate failure occurred in one of these functions, errors would be missed and the guest could hang or read corrupted data. (BZ#562776) All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2010:0129: cups security update (Moderate)oval-com.redhat.rhsa-def-20100129 mediumRHSA-2010:0129 CVE-2010-0302
RHSA-2010:0129: cups security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100129 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0129, CVE-2010-0302 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. It was discovered that the Red Hat Security Advisory RHSA-2009:1595 did not fully correct the use-after-free flaw in the way CUPS handled references in its file descriptors-handling interface. A remote attacker could send specially-crafted queries to the CUPS server, causing it to crash. (CVE-2010-0302) Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the cupsd daemon will be restarted automatically. |
RHSA-2010:0140: pango security update (Moderate)oval-com.redhat.rhsa-def-20100140 mediumRHSA-2010:0140 CVE-2010-0421
RHSA-2010:0140: pango security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100140 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0140, CVE-2010-0421 |
| Description | Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to an array index error, was found in the way the Pango font rendering library synthesized the Glyph Definition (GDEF) table from a font's character map and the Unicode property database. If an attacker created a specially-crafted font file and tricked a local, unsuspecting user into loading the font file in an application that uses the Pango font rendering library, it could cause that application to crash. (CVE-2010-0421) Users of pango and evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart your X session for this update to take effect. |
RHSA-2010:0141: tar security update (Moderate)oval-com.redhat.rhsa-def-20100141 mediumRHSA-2010:0141 CVE-2007-4476 CVE-2010-0624
RHSA-2010:0141: tar security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100141 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0141, CVE-2007-4476, CVE-2010-0624 |
| Description | The GNU tar program saves many files together in one archive and can restore individual files (or all of the files) from that archive. A heap-based buffer overflow flaw was found in the way tar expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the tar executable to crash or execute arbitrary code with the privileges of the user running tar. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting the CVE-2010-0624 issue. A denial of service flaw was found in the way tar expanded archive files. If a user expanded a specially-crafted archive, it could cause the tar executable to crash. (CVE-2007-4476) Users of tar are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2010:0143: cpio security update (Moderate)oval-com.redhat.rhsa-def-20100143 mediumRHSA-2010:0143 CVE-2010-0624
RHSA-2010:0143: cpio security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100143 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0143, CVE-2010-0624 |
| Description | GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges of the user running cpio. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting this issue. Users of cpio are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2010:0144: cpio security update (Moderate)oval-com.redhat.rhsa-def-20100144 mediumRHSA-2010:0144 CVE-2007-4476 CVE-2010-0624
RHSA-2010:0144: cpio security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100144 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0144, CVE-2007-4476, CVE-2010-0624 |
| Description | GNU cpio copies files into or out of a cpio or tar archive. A heap-based buffer overflow flaw was found in the way cpio expanded archive files. If a user were tricked into expanding a specially-crafted archive, it could cause the cpio executable to crash or execute arbitrary code with the privileges of the user running cpio. (CVE-2010-0624) Red Hat would like to thank Jakob Lell for responsibly reporting the CVE-2010-0624 issue. A denial of service flaw was found in the way cpio expanded archive files. If a user expanded a specially-crafted archive, it could cause the cpio executable to crash. (CVE-2007-4476) Users of cpio are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2010:0146: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100146 highRHSA-2010:0146 CVE-2009-4271 CVE-2010-0003 CVE-2010-0007 CVE-2010-0008 CVE-2010-0307
RHSA-2010:0146: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100146 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0146, CVE-2009-4271, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0307 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a NULL pointer dereference flaw was found in the Linux kernel. During a core dump, the kernel did not check if the Virtual Dynamically-linked Shared Object page was accessible. On Intel 64 and AMD64 systems, a local, unprivileged user could use this flaw to cause a kernel panic by running a crafted 32-bit application. (CVE-2009-4271, Important) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) This update also fixes the following bugs: * under some circumstances, a locking bug could have caused an online ext3 file system resize to deadlock, which may have, in turn, caused the file system or the entire system to become unresponsive. In either case, a reboot was required after the deadlock. With this update, using resize2fs to perform an online resize of an ext3 file system works as expected. (BZ#553135) * some ATA and SCSI devices were not honoring the barrier=1 mount option, which could result in data loss after a crash or power loss. This update applies a patch to the Linux SCSI driver to ensure ordered write caching. This solution does not provide cache flushes; however, it does provide data integrity on devices that have no write caching (or where write caching is disabled) and no command queuing. For systems that have command queuing or write cache enabled there is no guarantee of data integrity after a crash. (BZ#560563) * it was found that lpfc_find_target() could loop continuously when scanning a list of nodes due to a missing spinlock. This missing spinlock allowed the list to be changed after the list_empty() test, resulting in a NULL value, causing the loop. This update adds the spinlock, resolving the issue. (BZ#561453) * the fix for CVE-2009-4538 provided by RHSA-2010:0020 introduced a regression, preventing Wake on LAN (WoL) working for network devices using the Intel PRO/1000 Linux driver, e1000e. Attempting to configure WoL for such devices resulted in the following error, even when configuring valid options: "Cannot set new wake-on-lan settings: Operation not supported not setting wol" This update resolves this regression, and WoL now works as expected for network devices using the e1000e driver. (BZ#565496) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0147: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100147 highRHSA-2010:0147 CVE-2009-4308 CVE-2010-0003 CVE-2010-0007 CVE-2010-0008 CVE-2010-0415 CVE-2010-0437
RHSA-2010:0147: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100147 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0147, CVE-2009-4308, CVE-2010-0003, CVE-2010-0007, CVE-2010-0008, CVE-2010-0415, CVE-2010-0437 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a NULL pointer dereference flaw was found in the sctp_rcv_ootb() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2010-0008, Important) * a missing boundary check was found in the do_move_pages() function in the memory migration functionality in the Linux kernel. A local user could use this flaw to cause a local denial of service or an information leak. (CVE-2010-0415, Important) * a NULL pointer dereference flaw was found in the ip6_dst_lookup_tail() function in the Linux kernel. An attacker on the local network could trigger this flaw by sending IPv6 traffic to a target system, leading to a system crash (kernel OOPS) if dst->neighbour is NULL on the target system when receiving an IPv6 packet. (CVE-2010-0437, Important) * a NULL pointer dereference flaw was found in the ext4 file system code in the Linux kernel. A local attacker could use this flaw to trigger a local denial of service by mounting a specially-crafted, journal-less ext4 file system, if that file system forced an EROFS error. (CVE-2009-4308, Moderate) * an information leak was found in the print_fatal_signal() implementation in the Linux kernel. When "/proc/sys/kernel/print-fatal-signals" is set to 1 (the default value is 0), memory that is reachable by the kernel could be leaked to user-space. This issue could also result in a system crash. Note that this flaw only affected the i386 architecture. (CVE-2010-0003, Moderate) * missing capability checks were found in the ebtables implementation, used for creating an Ethernet bridge firewall. This could allow a local, unprivileged user to bypass intended capability restrictions and modify ebtables rules. (CVE-2010-0007, Low) Bug fixes: * a bug prevented Wake on LAN (WoL) being enabled on certain Intel hardware. (BZ#543449) * a race issue in the Journaling Block Device. (BZ#553132) * 32-bit x86 timespec structures are not the same size as on 64-bit systems. A 32-bit compatible function -- sys32_sched_rr_get_interval() -- is available. However, when 32-bit programs running on 64-bit systems called sched_rr_get_interval(), it was not called and the kernel wrote data past the allocated space, causing user stack corruption. sys32_sched_rr_get_interval() is now called as expected. (BZ#557684) * the RHSA-2010:0019 update introduced a regression, preventing WoL from working for network devices using the e1000e driver. (BZ#559335) * adding a bonding interface in mode balance-alb to a bridge was not functional. (BZ#560588) * some KVM (Kernel-based Virtual Machine) guests experienced slow performance (and possibly a crash) after suspend/resume. (BZ#560640) * on some systems, VF cannot be enabled in dom0. (BZ#560665) * on systems with certain network cards, a system crash occurred after enabling GRO. (BZ#561417) * for x86 KVM guests with pvclock enabled, the boot clocks were registered twice, possibly causing KVM to write data to a random memory area during the guest's life. (BZ#561454) * serious performance degradation for 32-bit applications, that map (mmap) thousands of small files, when run on a 64-bit system. (BZ#562746) * improved kexec/kdump handling. Previously, on some systems under heavy load, kexec/kdump was not functional. (BZ#562772) * dom0 was unable to boot when using the Xen hypervisor on a system with a large number of logical CPUs. (BZ#562777) * a fix for a bug that could potentially cause file system corruption. (BZ#564281) * a bug caused infrequent cluster issues for users of GFS2. (BZ#564288) * gfs2_delete_inode failed on read-only file systems. (BZ#564290) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0153: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20100153 mediumRHSA-2010:0153 CVE-2009-0689 CVE-2009-1571 CVE-2009-2462 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3274 CVE-2009-3376 CVE-2009-3380 CVE-2009-3384 CVE-2009-3979 CVE-2010-0159 CVE-2010-0163 CVE-2010-0169 CVE-2010-0171
RHSA-2010:0153: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100153 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0153, CVE-2009-0689, CVE-2009-1571, CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-2470, CVE-2009-3072, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3274, CVE-2009-3376, CVE-2009-3380, CVE-2009-3384, CVE-2009-3979, CVE-2010-0159, CVE-2010-0163, CVE-2010-0169, CVE-2010-0171 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially-crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0154: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20100154 mediumRHSA-2010:0154 CVE-2009-0689 CVE-2009-1571 CVE-2009-2462 CVE-2009-2463 CVE-2009-2466 CVE-2009-2470 CVE-2009-3072 CVE-2009-3075 CVE-2009-3076 CVE-2009-3077 CVE-2009-3274 CVE-2009-3376 CVE-2009-3380 CVE-2009-3384 CVE-2009-3979 CVE-2010-0159 CVE-2010-0163 CVE-2010-0169 CVE-2010-0171
RHSA-2010:0154: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100154 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0154, CVE-2009-0689, CVE-2009-1571, CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-2470, CVE-2009-3072, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3274, CVE-2009-3376, CVE-2009-3380, CVE-2009-3384, CVE-2009-3979, CVE-2010-0159, CVE-2010-0163, CVE-2010-0169, CVE-2010-0171 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2466, CVE-2009-3072, CVE-2009-3075, CVE-2009-3380, CVE-2009-3979, CVE-2010-0159) A use-after-free flaw was found in Thunderbird. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3077) A heap-based buffer overflow flaw was found in the Thunderbird string to floating point conversion routines. An HTML mail message containing malicious JavaScript could crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-0689) A use-after-free flaw was found in Thunderbird. Under low memory conditions, viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-1571) A flaw was found in the way Thunderbird created temporary file names for downloaded files. If a local attacker knows the name of a file Thunderbird is going to download, they can replace the contents of that file with arbitrary contents. (CVE-2009-3274) A flaw was found in the way Thunderbird displayed a right-to-left override character when downloading a file. In these cases, the name displayed in the title bar differed from the name displayed in the dialog body. An attacker could use this flaw to trick a user into downloading a file that has a file name or extension that is different from what the user expected. (CVE-2009-3376) A flaw was found in the way Thunderbird processed SOCKS5 proxy replies. A malicious SOCKS5 server could send a specially-crafted reply that would cause Thunderbird to crash. (CVE-2009-2470) Descriptions in the dialogs when adding and removing PKCS #11 modules were not informative. An attacker able to trick a user into installing a malicious PKCS #11 module could use this flaw to install their own Certificate Authority certificates on a user's machine, making it possible to trick the user into believing they are viewing trusted content or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2009-3076) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0162: openssl security update (Important)oval-com.redhat.rhsa-def-20100162 highRHSA-2010:0162 CVE-2009-3245 CVE-2009-3555 CVE-2010-0433
RHSA-2010:0162: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100162 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0162, CVE-2009-3245, CVE-2009-3555, CVE-2010-0433 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 A missing return value check flaw was discovered in OpenSSL, that could possibly cause OpenSSL to call a Kerberos library function with invalid arguments, resulting in a NULL pointer dereference crash in the MIT Kerberos library. In certain configurations, a remote attacker could use this flaw to crash a TLS/SSL server using OpenSSL by requesting Kerberos cipher suites during the TLS handshake. (CVE-2010-0433) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2010:0163: openssl security update (Moderate)oval-com.redhat.rhsa-def-20100163 mediumRHSA-2010:0163 CVE-2009-0590 CVE-2009-2409 CVE-2009-3555
RHSA-2010:0163: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0163, CVE-2009-0590, CVE-2009-2409, CVE-2009-3555 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. OpenSSL now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) An input validation flaw was found in the handling of the BMPString and UniversalString ASN1 string types in OpenSSL's ASN1_STRING_print_ex() function. An attacker could use this flaw to create a specially-crafted X.509 certificate that could cause applications using the affected function to crash when printing certificate contents. (CVE-2009-0590) Note: The affected function is rarely used. No application shipped with Red Hat Enterprise Linux calls this function, for example. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2010:0164: openssl097a security update (Moderate)oval-com.redhat.rhsa-def-20100164 mediumRHSA-2010:0164 CVE-2009-3555
RHSA-2010:0164: openssl097a security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0164, CVE-2009-3555 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about this flaw: http://kbase.redhat.com/faq/docs/DOC-20491 All openssl097a users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the openssl097a library must be restarted, or the system rebooted. |
RHSA-2010:0165: nss security update (Moderate)oval-com.redhat.rhsa-def-20100165 mediumRHSA-2010:0165 CVE-2009-3555
RHSA-2010:0165: nss security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100165 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0165, CVE-2009-3555 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management (malloc and free), and shared library linking. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about this flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Users of Red Hat Certificate System 7.3 and 8.0 should review the following Knowledgebase article before installing this update: http://kbase.redhat.com/faq/docs/DOC-28439 All users of NSS are advised to upgrade to these updated packages, which update NSS to version 3.12.6. This erratum also updates the NSPR packages to the version required by NSS 3.12.6. All running applications using the NSS library must be restarted for this update to take effect. |
RHSA-2010:0166: gnutls security update (Moderate)oval-com.redhat.rhsa-def-20100166 mediumRHSA-2010:0166 CVE-2009-2409 CVE-2009-3555
RHSA-2010:0166: gnutls security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100166 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0166, CVE-2009-2409, CVE-2009-3555 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 Dan Kaminsky found that browsers could accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. GnuTLS now disables the use of the MD2 algorithm inside signatures by default. (CVE-2009-2409) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted. |
RHSA-2010:0167: gnutls security update (Moderate)oval-com.redhat.rhsa-def-20100167 mediumRHSA-2010:0167 CVE-2009-3555 CVE-2010-0731
RHSA-2010:0167: gnutls security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100167 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0167, CVE-2009-3555, CVE-2010-0731 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handled session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. This update addresses this flaw by implementing the TLS Renegotiation Indication Extension, as defined in RFC 5746. (CVE-2009-3555) Refer to the following Knowledgebase article for additional details about the CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491 A flaw was found in the way GnuTLS extracted serial numbers from X.509 certificates. On 64-bit big endian platforms, this flaw could cause the certificate revocation list (CRL) check to be bypassed; cause various GnuTLS utilities to crash; or, possibly, execute arbitrary code. (CVE-2010-0731) Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted. |
RHSA-2010:0168: httpd security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20100168 mediumRHSA-2010:0168 CVE-2010-0408 CVE-2010-0434
RHSA-2010:0168: httpd security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100168 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0168, CVE-2010-0408, CVE-2010-0434 |
| Description | The Apache HTTP Server is a popular web server. It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed requests, which caused the back-end server to be marked as failed in configurations where mod_proxy is used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period (60 seconds by default) by sending specially-crafted requests. (CVE-2010-0408) A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also adds the following enhancement: * with the updated openssl packages from RHSA-2010:0162 installed, mod_ssl will refuse to renegotiate a TLS/SSL connection with an unpatched client that does not support RFC 5746. This update adds the "SSLInsecureRenegotiation" configuration directive. If this directive is enabled, mod_ssl will renegotiate insecurely with unpatched clients. (BZ#567980) Refer to the following Red Hat Knowledgebase article for more details about the changed mod_ssl behavior: http://kbase.redhat.com/faq/docs/DOC-20491 All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2010:0173: openssl096b security update (Important)oval-com.redhat.rhsa-def-20100173 highRHSA-2010:0173 CVE-2009-3245
RHSA-2010:0173: openssl096b security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100173 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0173, CVE-2009-3245 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could cause an application using the OpenSSL library to crash or, possibly, execute arbitrary code. (CVE-2009-3245) All openssl096b users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all programs using the openssl096b library must be restarted. |
RHSA-2010:0175: httpd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20100175 lowRHSA-2010:0175 CVE-2010-0434
RHSA-2010:0175: httpd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100175 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0175, CVE-2010-0434 |
| Description | The Apache HTTP Server is a popular web server. A use-after-free flaw was discovered in the way the Apache HTTP Server handled request headers in subrequests. In configurations where subrequests are used, a multithreaded MPM (Multi-Processing Module) could possibly leak information from other requests in request replies. (CVE-2010-0434) This update also fixes the following bug: * a bug was found in the mod_dav module. If a PUT request for an existing file failed, that file would be unexpectedly deleted and a "Could not get next bucket brigade" error logged. With this update, failed PUT requests no longer cause mod_dav to delete files, which resolves this issue. (BZ#572932) As well, this update adds the following enhancement: * with the updated openssl packages from RHSA-2010:0163 installed, mod_ssl will refuse to renegotiate a TLS/SSL connection with an unpatched client that does not support RFC 5746. This update adds the "SSLInsecureRenegotiation" configuration directive. If this directive is enabled, mod_ssl will renegotiate insecurely with unpatched clients. (BZ#575805) Refer to the following Red Hat Knowledgebase article for more details about the changed mod_ssl behavior: http://kbase.redhat.com/faq/docs/DOC-20491 All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2010:0178: Red Hat Enterprise Linux 5.5 kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100178 highRHSA-2010:0178 CVE-2009-4027 CVE-2009-4307 CVE-2010-0727 CVE-2010-1188
RHSA-2010:0178: Red Hat Enterprise Linux 5.5 kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100178 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0178, CVE-2009-4027, CVE-2009-4307, CVE-2010-0727, CVE-2010-1188 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a race condition was found in the mac80211 implementation, a framework used for writing drivers for wireless devices. An attacker could trigger this flaw by sending a Delete Block ACK (DELBA) packet to a target system, resulting in a remote denial of service. Note: This issue only affected users on 802.11n networks, and that also use the iwlagn driver with Intel wireless hardware. (CVE-2009-4027, Important) * a flaw was found in the gfs2_lock() implementation. The GFS2 locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS2 file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727, Moderate) * a divide-by-zero flaw was found in the ext4 file system code. A local attacker could use this flaw to cause a denial of service by mounting a specially-crafted ext4 file system. (CVE-2009-4307, Low) These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.5 Release Notes for information on the most significant of these changes: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Release_Notes/ Also, for details concerning every bug fixed in and every enhancement added to the kernel for this release, refer to the kernel chapter in the Red Hat Enterprise Linux 5.5 Technical Notes: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2010:0181: brltty security and bug fix update (Low)oval-com.redhat.rhsa-def-20100181 lowRHSA-2010:0181 CVE-2008-3279
RHSA-2010:0181: brltty security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100181 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0181, CVE-2008-3279 |
| Description | brltty (Braille TTY) is a background process (daemon) which provides access to the Linux console (when in text mode) for a blind person using a refreshable braille display. It drives the braille display, and provides complete screen review functionality. It was discovered that a brltty library had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user able to convince another user to run an application using brltty in an attacker-controlled directory, could run arbitrary code with the privileges of the victim. (CVE-2008-3279) These updated packages also provide fixes for the following bugs: * the brltty configuration file is documented in the brltty manual page, but there is no separate manual page for the /etc/brltty.conf configuration file: running "man brltty.conf" returned "No manual entry for brltty.conf" rather than opening the brltty manual entry. This update adds brltty.conf.5 as an alias to the brltty manual page. Consequently, running "man brltty.conf" now opens the manual entry documenting the brltty.conf specification. (BZ#530554) * previously, the brltty-pm.conf configuration file was installed in the /etc/brltty/ directory. This file, which configures Papenmeier Braille Terminals for use with Red Hat Enterprise Linux, is optional. As well, it did not come with a corresponding manual page. With this update, the file has been moved to /usr/share/doc/brltty-3.7.2/BrailleDrivers/Papenmeier/. This directory also includes a README document that explains the file's purpose and format. (BZ#530554) * during the brltty packages installation, the message Creating screen inspection device /dev/vcsa...done. was presented at the console. This was inadequate, especially during the initial install of the system. These updated packages do not send any message to the console during installation. (BZ#529163) * although brltty contains ELF objects, the brltty-debuginfo package was empty. With this update, the -debuginfo package contains valid debugging information as expected. (BZ#500545) * the MAX_NR_CONSOLES definition was acquired by brltty by #including linux/tty.h in Programs/api_client.c. MAX_NR_CONSOLES has since moved to linux/vt.h but the #include in api_client.c was not updated. Consequently, brltty could not be built from the source RPM against the Red Hat Enterprise Linux 5 kernel. This update corrects the #include in api_client.c to linux/vt.h and brltty now builds from source as expected. (BZ#456247) All brltty users are advised to upgrade to these updated packages, which resolve these issues. |
RHSA-2010:0198: openldap security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20100198 mediumRHSA-2010:0198 CVE-2009-3767
RHSA-2010:0198: openldap security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100198 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0198, CVE-2009-3767 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. (CVE-2009-3767) This update also fixes the following bugs: * the ldap init script did not provide a way to alter system limits for the slapd daemon. A variable is now available in "/etc/sysconfig/ldap" for this option. (BZ#527313) * applications that use the OpenLDAP libraries to contact a Microsoft Active Directory server could crash when a large number of network interfaces existed. This update implements locks in the OpenLDAP library code to resolve this issue. (BZ#510522) * when slapd was configured to allow client certificates, approximately 90% of connections froze because of a large CA certificate file and slapd not checking the success of the SSL handshake. (BZ#509230) * the OpenLDAP server would freeze for unknown reasons under high load. These packages add support for accepting incoming connections by new threads, resolving the issue. (BZ#507276) * the compat-openldap libraries did not list dependencies on other libraries, causing programs that did not specifically specify the libraries to fail. Detection of the Application Binary Interface (ABI) in use on 64-bit systems has been added with this update. (BZ#503734) * the OpenLDAP libraries caused applications to crash due to an unprocessed network timeout. A timeval of -1 is now passed when NULL is passed to LDAP. (BZ#495701) * slapd could crash on a server under heavy load when using rwm overlay, caused by freeing non-allocated memory during operation cleanup. (BZ#495628) * the ldap init script made a temporary script in "/tmp/" and attempted to execute it. Problems arose when "/tmp/" was mounted with the noexec option. The temporary script is no longer created. (BZ#483356) * the ldap init script always started slapd listening on ldap:/// even if instructed to listen only on ldaps:///. By correcting the init script, a user can now select which ports slapd should listen on. (BZ#481003) * the slapd manual page did not mention the supported options -V and -o. (BZ#468206) * slapd.conf had a commented-out option to load the syncprov.la module. Once un-commented, slapd crashed at start-up because the module had already been statically linked to OpenLDAP. This update removes "moduleload syncprov.la" from slapd.conf, which resolves this issue. (BZ#466937) * the migrate_automount.pl script produced output that was unsupported by autofs. This is corrected by updating the output LDIF format for automount records. (BZ#460331) * the ldap init script uses the TERM signal followed by the KILL signal when shutting down slapd. Minimal delay between the two signals could cause the LDAP database to become corrupted if it had not finished saving its state. A delay between the signals has been added via the "STOP_DELAY" option in "/etc/sysconfig/ldap". (BZ#452064) * the migrate_passwd.pl migration script had a problem when number fields contained only a zero. Such fields were considered to be empty, leading to the attribute not being set in the LDIF output. The condition in dump_shadow_attributes has been corrected to allow for the attributes to contain only a zero. (BZ#113857) * the migrate_base.pl migration script did not handle third level domains correctly, creating a second level domain that could not be held by a database with a three level base. This is now allowed by modifying the migrate_base.pl script to generate only one domain. (BZ#104585) Users of OpenLDAP should upgrade to these updated packages, which resolve these issues. |
RHSA-2010:0221: squid security and bug fix update (Low)oval-com.redhat.rhsa-def-20100221 lowRHSA-2010:0221 CVE-2009-2855 CVE-2010-0308
RHSA-2010:0221: squid security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100221 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0221, CVE-2009-2855, CVE-2010-0308 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid processed certain external ACL helper HTTP header fields that contained a delimiter that was not a comma. A remote attacker could issue a crafted request to the Squid server, causing excessive CPU use (up to 100%). (CVE-2009-2855) Note: The CVE-2009-2855 issue only affected non-default configurations that use an external ACL helper script. A flaw was found in the way Squid handled truncated DNS replies. A remote attacker able to send specially-crafted UDP packets to Squid's DNS client port could trigger an assertion failure in Squid's child process, causing that child process to exit. (CVE-2010-0308) This update also fixes the following bugs: * Squid's init script returns a non-zero value when trying to stop a stopped service. This is not LSB compliant and can generate difficulties in cluster environments. This update makes stopping LSB compliant. (BZ#521926) * Squid is not currently built to support MAC address filtering in ACLs. This update includes support for MAC address filtering. (BZ#496170) * Squid is not currently built to support Kerberos negotiate authentication. This update enables Kerberos authentication. (BZ#516245) * Squid does not include the port number as part of URIs it constructs when configured as an accelerator. This results in a 403 error. This update corrects this behavior. (BZ#538738) * the error_map feature does not work if the same handling is set also on the HTTP server that operates in deflate mode. This update fixes this issue. (BZ#470843) All users of squid should upgrade to this updated package, which resolves these issues. After installing this update, the squid service will be restarted automatically. |
RHSA-2010:0237: sendmail security and bug fix update (Low)oval-com.redhat.rhsa-def-20100237 lowRHSA-2010:0237 CVE-2006-7176 CVE-2009-4565
RHSA-2010:0237: sendmail security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100237 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0237, CVE-2006-7176, CVE-2009-4565 |
| Description | Sendmail is a very widely used Mail Transport Agent (MTA). MTAs deliver mail from one machine to another. Sendmail is not a client program, but rather a behind-the-scenes daemon that moves email over networks or the Internet to its final destination. The configuration of sendmail in Red Hat Enterprise Linux was found to not reject the "localhost.localdomain" domain name for email messages that come from external hosts. This could allow remote attackers to disguise spoofed messages. (CVE-2006-7176) A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack or bypass intended client certificate authentication. (CVE-2009-4565) Note: The CVE-2009-4565 issue only affected configurations using TLS with certificate verification and CommonName checking enabled, which is not a typical configuration. This update also fixes the following bugs: * sendmail was unable to parse files specified by the ServiceSwitchFile option which used a colon as a separator. (BZ#512871) * sendmail incorrectly returned a zero exit code when free space was low. (BZ#299951) * the sendmail manual page had a blank space between the -qG option and parameter. (BZ#250552) * the comments in the sendmail.mc file specified the wrong path to SSL certificates. (BZ#244012) * the sendmail packages did not provide the MTA capability. (BZ#494408) All users of sendmail are advised to upgrade to these updated packages, which resolve these issues. |
RHSA-2010:0258: pam_krb5 security and bug fix update (Low)oval-com.redhat.rhsa-def-20100258 lowRHSA-2010:0258 CVE-2009-1384
RHSA-2010:0258: pam_krb5 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100258 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0258, CVE-2009-1384 |
| Description | The pam_krb5 module allows Pluggable Authentication Modules (PAM) aware applications to use Kerberos to verify user identities by obtaining user credentials at log in time. A flaw was found in pam_krb5. In some non-default configurations (specifically, those where pam_krb5 would be the first module to prompt for a password), the text of the password prompt varied based on whether or not the username provided was a username known to the system. A remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. (CVE-2009-1384) This update also fixes the following bugs: * certain applications which do not properly implement PAM conversations may fail to authenticate users whose passwords have expired and must be changed, or may succeed without forcing the user's password to be changed. This bug is triggered by a previously-applied fix to pam_krb5 which makes it comply more closely to PAM specifications. If an application misbehaves, enabling the "chpw_prompt" option for its service should restore the old behavior. (BZ#509092) * pam_krb5 does not allow the user to change an expired password in cases where the Key Distribution Center (KDC) is configured to refuse attempts to obtain forwardable password-changing credentials. This update fixes this issue. (BZ#489015) * failure to verify TGT because of wrong keytab handling. (BZ#450776) Users of pam_krb5 are advised to upgrade to these updated packages, which resolve these issues. |
RHSA-2010:0271: kvm security, bug fix and enhancement update (Important)oval-com.redhat.rhsa-def-20100271 highRHSA-2010:0271 CVE-2010-0430 CVE-2010-0741
RHSA-2010:0271: kvm security, bug fix and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100271 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0271, CVE-2010-0430, CVE-2010-0741 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM handled erroneous data provided by the Linux virtio-net driver, used by guest operating systems. Due to a deficiency in the TSO (TCP segment offloading) implementation, a guest's virtio-net driver would transmit improper data to a certain QEMU-KVM process on the host, causing the guest to crash. A remote attacker could use this flaw to send specially-crafted data to a target guest system, causing that guest to crash. (CVE-2010-0741) Additionally, these updated packages include numerous bug fixes and enhancements. Refer to the KVM chapter of the Red Hat Enterprise Linux 5.5 Technical Notes for details: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Technical_Notes/kvm.html All KVM users should upgrade to these updated packages, which resolve this issue as well as fixing the bugs and adding the enhancements noted in the Technical Notes. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2010:0273: curl security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20100273 mediumRHSA-2010:0273 CVE-2010-0734
RHSA-2010:0273: curl security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100273 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0273, CVE-2010-0734 |
| Description | cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue only affected applications using libcurl that rely on the documented data size limit, and that copy the data to the insufficiently sized buffer. (CVE-2010-0734) This update also fixes the following bugs: * when using curl to upload a file, if the connection was broken or reset by the server during the transfer, curl immediately started using 100% CPU and failed to acknowledge that the transfer had failed. With this update, curl displays an appropriate error message and exits when an upload fails mid-transfer due to a broken or reset connection. (BZ#479967) * libcurl experienced a segmentation fault when attempting to reuse a connection after performing GSS-negotiate authentication, which in turn caused the curl program to crash. This update fixes this bug so that reused connections are able to be successfully established even after GSS-negotiate authentication has been performed. (BZ#517199) As well, this update adds the following enhancements: * curl now supports loading Certificate Revocation Lists (CRLs) from a Privacy Enhanced Mail (PEM) file. When curl attempts to access sites that have had their certificate revoked in a CRL, curl refuses access to those sites. (BZ#532069) * the curl(1) manual page has been updated to clarify that the "--socks4" and "--socks5" options do not work with the IPv6, FTPS, or LDAP protocols. (BZ#473128) * the curl utility's program help, which is accessed by running "curl -h", has been updated with descriptions for the "--ftp-account" and "--ftp-alternative-to-user" options. (BZ#517084) Users of curl should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running applications using libcurl must be restarted for the update to take effect. |
RHSA-2010:0291: gfs-kmod security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20100291 mediumRHSA-2010:0291 CVE-2010-0727
RHSA-2010:0291: gfs-kmod security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100291 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0291, CVE-2010-0727 |
| Description | The gfs-kmod packages contain modules that provide the ability to mount and use GFS file systems. A flaw was found in the gfs_lock() implementation. The GFS locking code could skip the lock operation for files that have the S_ISGID bit (set-group-ID on execution) in their mode set. A local, unprivileged user on a system that has a GFS file system mounted could use this flaw to cause a kernel panic. (CVE-2010-0727) These updated gfs-kmod packages are in sync with the latest kernel (2.6.18-194.el5). The modules in earlier gfs-kmod packages failed to load because they did not match the running kernel. It was possible to force-load the modules. With this update, however, users no longer need to. These updated gfs-kmod packages also fix the following bugs: * when SELinux was in permissive mode, a race condition during file creation could have caused one or more cluster nodes to be fenced and lock the remaining nodes out of the GFS file system. This race condition no longer occurs with this update. (BZ#471258) * when ACLs (Access Control Lists) are enabled on a GFS file system, if a transaction that has started to do a write request does not have enough spare blocks for the operation it causes a kernel panic. This update ensures that there are enough blocks for the write request before starting the operation. (BZ#513885) * requesting a "flock" on a file in GFS in either read-only or read-write mode would sometimes cause a "Resource temporarily unavailable" state error (error 11 for EWOULDBLOCK) to occur. In these cases, a flock could not be obtained on the file in question. This has been fixed with this update so that flocks can successfully be obtained on GFS files without this error occurring. (BZ#515717) * the GFS withdraw function is a data integrity feature of GFS file systems in a cluster. If the GFS kernel module detects an inconsistency in a GFS file system following an I/O operation, the file system becomes unavailable to the cluster. The GFS withdraw function is less severe than a kernel panic, which would cause another node to fence the node. With this update, you can override the GFS withdraw function by mounting the file system with the "-o errors=panic" option specified. When this option is specified, any errors that would normally cause the system to withdraw cause the system to panic instead. This stops the node's cluster communications, which causes the node to be fenced. (BZ#517145) Finally, these updated gfs-kmod packages provide the following enhancement: * the GFS kernel modules have been updated to use the new generic freeze and unfreeze ioctl interface that is also supported by the following file systems: ext3, ext4, GFS2, JFS and ReiserFS. With this update, GFS supports freeze/unfreeze through the VFS-level FIFREEZE/FITHAW ioctl interface. (BZ#487610) Users are advised to upgrade to these latest gfs-kmod packages, updated for use with the 2.6.18-194.el5 kernel, which contain backported patches to correct these issues, fix these bugs, and add this enhancement. |
RHSA-2010:0321: automake security update (Low)oval-com.redhat.rhsa-def-20100321 lowRHSA-2010:0321 CVE-2009-4029
RHSA-2010:0321: automake security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100321 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0321, CVE-2009-4029 |
| Description | Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. Automake-generated Makefiles made certain directories world-writable when preparing source archives, as was recommended by the GNU Coding Standards. If a malicious, local user could access the directory where a victim was creating distribution archives, they could use this flaw to modify the files being added to those archives. Makefiles generated by these updated automake packages no longer make distribution directories world-writable, as recommended by the updated GNU Coding Standards. (CVE-2009-4029) Note: This issue affected Makefile targets used by developers to prepare distribution source archives. Those targets are not used when compiling programs from the source code. All users of automake, automake14, automake15, automake16, and automake17 should upgrade to these updated packages, which resolve this issue. |
RHSA-2010:0329: curl security update (Moderate)oval-com.redhat.rhsa-def-20100329 mediumRHSA-2010:0329 CVE-2010-0734
RHSA-2010:0329: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100329 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0329, CVE-2010-0734 |
| Description | cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and DICT servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue only affected applications using libcurl that rely on the documented data size limit, and that copy the data to the insufficiently sized buffer. (CVE-2010-0734) Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. |
RHSA-2010:0332: firefox security update (Critical)oval-com.redhat.rhsa-def-20100332 highRHSA-2010:0332 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-0178 CVE-2010-0179
RHSA-2010:0332: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100332 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0332, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-0178, CVE-2010-0179 |
| Description | Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several use-after-free flaws were found in Firefox. Visiting a web page containing malicious content could result in Firefox executing arbitrary code with the privileges of the user running Firefox. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in Firefox that could allow an applet to generate a drag and drop action from a mouse click. Such an action could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0178) A privilege escalation flaw was found in Firefox when the Firebug add-on is in use. The XMLHttpRequestSpy module in the Firebug add-on exposes a Chrome privilege escalation flaw that could be used to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-0179) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-0174) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.19. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.19, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0333: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20100333 highRHSA-2010:0333 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177
RHSA-2010:0333: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100333 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0333, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177 |
| Description | SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several use-after-free flaws were found in SeaMonkey. Visiting a web page containing malicious content could result in SeaMonkey executing arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-0174) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2010:0339: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20100339 highRHSA-2010:0339 CVE-2009-3555 CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0088 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0840 CVE-2010-0845 CVE-2010-0847 CVE-2010-0848
RHSA-2010:0339: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100339 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0339, CVE-2009-3555, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0845, CVE-2010-0847, CVE-2010-0848 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The Java Runtime Environment (JRE) contains the software and tools that users need to run applications written using the Java programming language. A flaw was found in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation. A man-in-the-middle attacker could use this flaw to prefix arbitrary plain text to a client's session (for example, an HTTPS connection to a website). This could force the server to process an attacker's request as if authenticated using the victim's credentials. (CVE-2009-3555) This update disables renegotiation in the Java Secure Socket Extension (JSSE) component. Unsafe renegotiation can be re-enabled using the sun.security.ssl.allowUnsafeRenegotiation property. Refer to the following Knowledgebase article for details: http://kbase.redhat.com/faq/docs/DOC-20491 A number of flaws have been fixed in the Java Virtual Machine (JVM) and in various Java class implementations. These flaws could allow an unsigned applet or application to bypass intended access restrictions. (CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0094) An untrusted applet could access clipboard information if a drag operation was performed over that applet's canvas. This could lead to an information leak. (CVE-2010-0091) The rawIndex operation incorrectly handled large values, causing the corruption of internal memory structures, resulting in an untrusted applet or application crashing. (CVE-2010-0092) The System.arraycopy operation incorrectly handled large index values, potentially causing array corruption in an untrusted applet or application. (CVE-2010-0093) Subclasses of InetAddress may incorrectly interpret network addresses, allowing an untrusted applet or application to bypass network access restrictions. (CVE-2010-0095) In certain cases, type assignments could result in "non-exact" interface types. This could be used to bypass type-safety restrictions. (CVE-2010-0845) A buffer overflow flaw in LittleCMS (embedded in OpenJDK) could cause an untrusted applet or application using color profiles from untrusted sources to crash. (CVE-2010-0838) An input validation flaw was found in the JRE unpack200 functionality. An untrusted applet or application could use this flaw to elevate its privileges. (CVE-2010-0837) Deferred calls to trusted applet methods could be granted incorrect permissions, allowing an untrusted applet or application to extend its privileges. (CVE-2010-0840) A missing input validation flaw in the JRE could allow an attacker to crash an untrusted applet or application. (CVE-2010-0848) A flaw in Java2D could allow an attacker to execute arbitrary code with the privileges of a user running an untrusted applet or application that uses Java2D. (CVE-2010-0847) Note: The flaws concerning applets in this advisory, CVE-2010-0082, CVE-2010-0084, CVE-2010-0085, CVE-2010-0088, CVE-2010-0091, CVE-2010-0092, CVE-2010-0093, CVE-2010-0094, CVE-2010-0095, CVE-2010-0837, CVE-2010-0838, CVE-2010-0840, CVE-2010-0847, and CVE-2010-0848, can only be triggered in java-1.6.0-openjdk by calling the "appletviewer" application. This update also provides three defense in depth patches. (BZ#575745, BZ#575861, BZ#575789) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2010:0343: krb5 security and bug fix update (Important)oval-com.redhat.rhsa-def-20100343 highRHSA-2010:0343 CVE-2010-0629
RHSA-2010:0343: krb5 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100343 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0343, CVE-2010-0629 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). A use-after-free flaw was discovered in the MIT Kerberos administration daemon, kadmind. A remote, authenticated attacker could use this flaw to crash the kadmind daemon. Administrative privileges are not required to trigger this flaw, as any realm user can request information about their own principal from kadmind. (CVE-2010-0629) This update also fixes the following bug: * when a Kerberos client seeks tickets for use with a service, it must contact the Key Distribution Center (KDC) to obtain them. The client must also determine which realm the service belongs to and it typically does this with a combination of client configuration detail, DNS information and guesswork. If the service belongs to a realm other than the client's, cross-realm authentication is required. Using a combination of client configuration and guesswork, the client determines the trust relationship sequence which forms the trusted path between the client's realm and the service's realm. This may include one or more intermediate realms. Anticipating the KDC has better knowledge of extant trust relationships, the client then requests a ticket from the service's KDC, indicating it will accept guidance from the service's KDC by setting a special flag in the request. A KDC which recognizes the flag can, at its option, return a ticket-granting ticket for the next realm along the trust path the client should be following. If the ticket-granting ticket returned by the service's KDC is for use with a realm the client has already determined was in the trusted path, the client accepts this as an optimization and continues. If, however, the ticket is for use in a realm the client is not expecting, the client responds incorrectly: it treats the case as an error rather than continuing along the path suggested by the service's KDC. For this update, the krb5 1.7 modifications which allow the client to trust such KDCs to send them along the correct path, resulting in the client obtaining the tickets it originally desired, were backported to krb 1.6.1 (the version shipped with Red Hat Enterprise Linux 5.5). (BZ#578540) All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. All running KDC services must be restarted for the update to take effect. |
RHSA-2010:0347: nss_db security update (Moderate)oval-com.redhat.rhsa-def-20100347 mediumRHSA-2010:0347 CVE-2010-0826
RHSA-2010:0347: nss_db security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100347 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0347, CVE-2010-0826 |
| Description | The nss_db packages provide a set of C library extensions which allow Berkeley Database (Berkeley DB) databases to be used as a primary source of aliases, ethers, groups, hosts, networks, protocols, users, RPCs, services, and shadow passwords. These databases are used instead of or in addition to the flat files used by these tools by default. It was discovered that nss_db did not specify a path to the directory to be used as the database environment for the Berkeley Database library, causing it to use the current working directory as the default. This could possibly allow a local attacker to obtain sensitive information. (CVE-2010-0826) Users of nss_db are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2010:0348: kdebase security update (Important)oval-com.redhat.rhsa-def-20100348 highRHSA-2010:0348 CVE-2010-0436
RHSA-2010:0348: kdebase security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100348 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0348, CVE-2010-0436 |
| Description | The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdebase packages include core applications for KDE. A privilege escalation flaw was found in the KDE Display Manager (KDM). A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world writable, allowing privilege escalation. (CVE-2010-0436) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for responsibly reporting this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. The system should be rebooted for this update to take effect. After the reboot, administrators should manually remove all leftover user-owned dmctl-* directories in "/var/run/xdmctl/". |
RHSA-2010:0360: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20100360 mediumRHSA-2010:0360 CVE-2009-2560 CVE-2009-2562 CVE-2009-2563 CVE-2009-3550 CVE-2009-3829 CVE-2009-4377 CVE-2010-0304
RHSA-2010:0360: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100360 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0360, CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829, CVE-2009-4377, CVE-2010-0304 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An invalid pointer dereference flaw was found in the Wireshark SMB and SMB2 dissectors. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2009-4377) Several buffer overflow flaws were found in the Wireshark LWRES dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-0304) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2009-2560, CVE-2009-2562, CVE-2009-2563, CVE-2009-3550, CVE-2009-3829) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.11, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2010:0361: sudo security update (Moderate)oval-com.redhat.rhsa-def-20100361 mediumRHSA-2010:0361 CVE-2010-1163
RHSA-2010:0361: sudo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100361 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0361, CVE-2010-1163 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignore_dot option in the "/etc/sudoers" configuration file. This ability introduced a regression in the upstream fix for CVE-2010-0426. In configurations where the ignore_dot option was set to off (the default is on for the Red Hat Enterprise Linux 5 sudo package), a local user authorized to use the sudoedit pseudo-command could possibly run arbitrary commands with the privileges of the users sudoedit was authorized to run as. (CVE-2010-1163) Red Hat would like to thank Todd C. Miller, the upstream sudo maintainer, for responsibly reporting this issue. Upstream acknowledges Valerio Costamagna as the original reporter. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2010:0362: scsi-target-utils security update (Important)oval-com.redhat.rhsa-def-20100362 highRHSA-2010:0362 CVE-2010-0743
RHSA-2010:0362: scsi-target-utils security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100362 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0362, CVE-2010-0743 |
| Description | The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A format string flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending a carefully-crafted Internet Storage Name Service (iSNS) request, causing the tgtd daemon to crash. (CVE-2010-0743) All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct this issue. All running scsi-target-utils services must be restarted for the update to take effect. |
RHSA-2010:0382: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20100382 highRHSA-2010:0382 CVE-2010-1166
RHSA-2010:0382: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100382 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0382, CVE-2010-1166 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An incorrect calculation flaw was discovered in the X.Org Render extension. A malicious, authorized client could exploit this issue to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-1166) Users of xorg-x11-server should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for this update to take effect. |
RHSA-2010:0394: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20100394 highRHSA-2010:0394 CVE-2010-0729 CVE-2010-1083 CVE-2010-1085 CVE-2010-1086 CVE-2010-1188
RHSA-2010:0394: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100394 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0394, CVE-2010-0729, CVE-2010-1083, CVE-2010-1085, CVE-2010-1086, CVE-2010-1188 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * RHSA-2009:1024 introduced a flaw in the ptrace implementation on Itanium systems. ptrace_check_attach() was not called during certain ptrace() requests. Under certain circumstances, a local, unprivileged user could use this flaw to call ptrace() on a process they do not own, giving them control over that process. (CVE-2010-0729, Important) * a flaw was found in the kernel's Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially-crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in a denial of service. (CVE-2010-1086, Important) * a use-after-free flaw was found in tcp_rcv_state_process() in the kernel's TCP/IP protocol suite implementation. If a system using IPv6 had the IPV6_RECVPKTINFO option set on a listening socket, a remote attacker could send an IPv6 packet to that system, causing a kernel panic. (CVE-2010-1188, Important) * a divide-by-zero flaw was found in azx_position_ok() in the Intel High Definition Audio driver, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a denial of service. (CVE-2010-1085, Moderate) * an information leak flaw was found in the kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low) Red Hat would like to thank Ang Way Chuang for reporting CVE-2010-1086. Bug fixes: * a regression prevented the Broadcom BCM5761 network device from working when in the first (top) PCI-E slot of Hewlett-Packard (HP) Z600 systems. Note: The card worked in the 2nd or 3rd PCI-E slot. (BZ#567205) * the Xen hypervisor supports 168 GB of RAM for 32-bit guests. The physical address range was set incorrectly, however, causing 32-bit, para-virtualized Red Hat Enterprise Linux 4.8 guests to crash when launched on AMD64 or Intel 64 hosts that have more than 64 GB of RAM. (BZ#574392) * RHSA-2009:1024 introduced a regression, causing diskdump to fail on systems with certain adapters using the qla2xxx driver. (BZ#577234) * a race condition caused TX to stop in a guest using the virtio_net driver. (BZ#580089) * on some systems, using the "arp_validate=3" bonding option caused both links to show as "down" even though the arp_target was responding to ARP requests sent by the bonding driver. (BZ#580842) * in some circumstances, when a Red Hat Enterprise Linux client connected to a re-booted Windows-based NFS server, server-side filehandle-to-inode mapping changes caused a kernel panic. "bad_inode_ops" handling was changed to prevent this. Note: filehandle-to-inode mapping changes may still cause errors, but not panics. (BZ#582908) * when installing a Red Hat Enterprise Linux 4 guest via PXE, hard-coded fixed-size scatterlists could conflict with host requests, causing the guest's kernel to panic. With this update, dynamically allocated scatterlists are used, resolving this issue. (BZ#582911) Enhancements: * kernel support for connlimit. Note: iptables errata update RHBA-2010:0395 is also required for connlimit to work correctly. (BZ#563223) * support for the Intel architectural performance monitoring subsystem (arch_perfmon). On supported CPUs, arch_perfmon offers means to mark performance events and options for configuring and counting these events. (BZ#582913) * kernel support for OProfile sampling of Intel microarchitecture (Nehalem) CPUs. This update alone does not address OProfile support for such CPUs. A future oprofile package update will allow OProfile to work on Intel Nehalem CPUs. (BZ#582241) Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2010:0398: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100398 highRHSA-2010:0398 CVE-2010-0307 CVE-2010-0410 CVE-2010-0730 CVE-2010-1085 CVE-2010-1086
RHSA-2010:0398: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100398 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0398, CVE-2010-0307, CVE-2010-0410, CVE-2010-0730, CVE-2010-1085, CVE-2010-1086 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the Unidirectional Lightweight Encapsulation (ULE) implementation. A remote attacker could send a specially-crafted ISO MPEG-2 Transport Stream (TS) frame to a target system, resulting in an infinite loop (denial of service). (CVE-2010-1086, Important) * on AMD64 systems, it was discovered that the kernel did not ensure the ELF interpreter was available before making a call to the SET_PERSONALITY macro. A local attacker could use this flaw to cause a denial of service by running a 32-bit application that attempts to execute a 64-bit application. (CVE-2010-0307, Moderate) * a flaw was found in the kernel connector implementation. A local, unprivileged user could trigger this flaw by sending an arbitrary number of notification requests using specially-crafted netlink messages, resulting in a denial of service. (CVE-2010-0410, Moderate) * a flaw was found in the Memory-mapped I/O (MMIO) instruction decoder in the Xen hypervisor implementation. An unprivileged guest user could use this flaw to trick the hypervisor into emulating a certain instruction, which could crash the guest (denial of service). (CVE-2010-0730, Moderate) * a divide-by-zero flaw was found in the azx_position_ok() function in the driver for Intel High Definition Audio, snd-hda-intel. A local, unprivileged user could trigger this flaw to cause a kernel crash (denial of service). (CVE-2010-1085, Moderate) This update also fixes the following bugs: * in some cases, booting a system with the "iommu=on" kernel parameter resulted in a Xen hypervisor panic. (BZ#580199) * the fnic driver flushed the Rx queue instead of the Tx queue after fabric login. This caused crashes in some cases. (BZ#580829) * "kernel unaligned access" warnings were logged to the dmesg log on some systems. (BZ#580832) * the "Northbridge Error, node 1, core: -1 K8 ECC error" error occurred on some systems using the amd64_edac driver. (BZ#580836) * in rare circumstances, when using kdump and booting a kernel with "crashkernel=128M@16M", the kdump kernel did not boot after a crash. (BZ#580838) * TLB page table entry flushing was done incorrectly on IBM System z, possibly causing crashes, subtle data inconsistency, or other issues. (BZ#580839) * iSCSI failover times were slower than in Red Hat Enterprise Linux 5.3. (BZ#580840) * fixed floating point state corruption after signal. (BZ#580841) * in certain circumstances, under heavy load, certain network interface cards using the bnx2 driver and configured to use MSI-X, could stop processing interrupts and then network connectivity would cease. (BZ#587799) * cnic parts resets could cause a deadlock when the bnx2 device was enslaved in a bonding device and that device had an associated VLAN. (BZ#581148) * some BIOS implementations initialized interrupt remapping hardware in a way the Xen hypervisor implementation did not expect. This could have caused a system hang during boot. (BZ#581150) * AMD Magny-Cours systems panicked when booting a 32-bit kernel. (BZ#580846) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0399: tetex security update (Moderate)oval-com.redhat.rhsa-def-20100399 mediumRHSA-2010:0399 CVE-2007-5935 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0791 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-3609 CVE-2010-0739 CVE-2010-0827 CVE-2010-1440
RHSA-2010:0399: tetex security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100399 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0399, CVE-2007-5935, CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0195, CVE-2009-0791, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-3609, CVE-2010-0739, CVE-2010-0827, CVE-2010-1440 |
| Description | teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. A buffer overflow flaw was found in the way teTeX processed virtual font files when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0827) Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) A stack-based buffer overflow flaw was found in the way teTeX processed DVI files containing HyperTeX references with long titles, when converting them into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash. (CVE-2007-5935) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code: Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0147, CVE-2009-1179) Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3609) A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0195) Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the freeing of arbitrary memory. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0800) Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, Will Dormann of the CERT/CC, and Alin Rad Pop of Secunia Research, for responsibly reporting the Xpdf flaws. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0400: tetex security update (Moderate)oval-com.redhat.rhsa-def-20100400 mediumRHSA-2010:0400 CVE-2009-0146 CVE-2009-0147 CVE-2009-0166 CVE-2009-0195 CVE-2009-0791 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-3608 CVE-2009-3609 CVE-2010-0739 CVE-2010-0829 CVE-2010-1440
RHSA-2010:0400: tetex security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100400 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0400, CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0195, CVE-2009-0791, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-1182, CVE-2009-1183, CVE-2009-3608, CVE-2009-3609, CVE-2010-0739, CVE-2010-0829, CVE-2010-1440 |
| Description | teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. Multiple integer overflow flaws were found in the way teTeX processed special commands when converting DVI files into PostScript. An attacker could create a malicious DVI file that would cause the dvips executable to crash or, potentially, execute arbitrary code. (CVE-2010-0739, CVE-2010-1440) Multiple array index errors were found in the way teTeX converted DVI files into the Portable Network Graphics (PNG) format. An attacker could create a malicious DVI file that would cause the dvipng executable to crash. (CVE-2010-0829) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code: Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0147, CVE-2009-1179) Multiple integer overflow flaws were found in Xpdf. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0791, CVE-2009-3608, CVE-2009-3609) A heap-based buffer overflow flaw was found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0195) Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0146, CVE-2009-1182) Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to the freeing of arbitrary memory. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0166, CVE-2009-1180) Multiple input validation flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2009-0800) Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. If a local user generated a PDF file from a TeX document, referencing a specially-crafted PDF file, it would cause Xpdf to crash. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183) Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team, Will Dormann of the CERT/CC, Alin Rad Pop of Secunia Research, and Chris Rohlf, for responsibly reporting the Xpdf flaws. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0423: krb5 security update (Important)oval-com.redhat.rhsa-def-20100423 highRHSA-2010:0423 CVE-2010-1321
RHSA-2010:0423: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100423 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0423, CVE-2010-1321 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was discovered in the MIT Kerberos Generic Security Service Application Program Interface (GSS-API) library. A remote, authenticated attacker could use this flaw to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field. (CVE-2010-1321) Red Hat would like to thank the MIT Kerberos Team for responsibly reporting this issue. Upstream acknowledges Shawn Emery of Oracle as the original reporter. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running services using the MIT Kerberos libraries must be restarted for the update to take effect. |
RHSA-2010:0428: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20100428 mediumRHSA-2010:0428 CVE-2009-4136 CVE-2010-0442 CVE-2010-0733 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975
RHSA-2010:0428: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100428 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0428, CVE-2009-4136, CVE-2010-0442, CVE-2010-0733, CVE-2010-1169, CVE-2010-1170, CVE-2010-1975 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially-crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially-crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 7.4.29. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/7.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2010:0429: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20100429 mediumRHSA-2010:0429 CVE-2009-4136 CVE-2010-0442 CVE-2010-0733 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975
RHSA-2010:0429: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100429 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0429, CVE-2009-4136, CVE-2010-0442, CVE-2010-0733, CVE-2010-1169, CVE-2010-1170, CVE-2010-1975 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) A buffer overflow flaw was found in the way PostgreSQL retrieved a substring from the bit string for BIT() and BIT VARYING() SQL data types. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0442) An integer overflow flaw was found in the way PostgreSQL used to calculate the size of the hash table for joined relations. An authenticated database user could create a specially-crafted SQL query which could cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-0733) PostgreSQL improperly protected session-local state during the execution of an index function by a database superuser during the database maintenance operations. An authenticated database user could use this flaw to elevate their privileges via specially-crafted index functions. (CVE-2009-4136) These packages upgrade PostgreSQL to version 8.1.21. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/8.1/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2010:0430: postgresql84 security update (Moderate)oval-com.redhat.rhsa-def-20100430 mediumRHSA-2010:0430 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975
RHSA-2010:0430: postgresql84 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100430 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0430, CVE-2010-1169, CVE-2010-1170, CVE-2010-1975 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages, and are installed in trusted mode by default. In trusted mode, certain operations, such as operating system level access, are restricted. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Perl. If the PL/Perl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Perl script could use this flaw to bypass intended PL/Perl trusted mode restrictions, allowing them to run arbitrary Perl scripts with the privileges of the database server. (CVE-2010-1169) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1169 flaw. A flaw was found in the way PostgreSQL enforced permission checks on scripts written in PL/Tcl. If the PL/Tcl procedural language was registered on a particular database, an authenticated database user running a specially-crafted PL/Tcl script could use this flaw to bypass intended PL/Tcl trusted mode restrictions, allowing them to run arbitrary Tcl scripts with the privileges of the database server. (CVE-2010-1170) These packages upgrade PostgreSQL to version 8.4.4. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2010:0442: mysql security update (Important)oval-com.redhat.rhsa-def-20100442 highRHSA-2010:0442 CVE-2010-1626 CVE-2010-1848 CVE-2010-1850
RHSA-2010:0442: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100442 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0442, CVE-2010-1626, CVE-2010-1848, CVE-2010-1850 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A buffer overflow flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command (this command is sent when a client uses the MySQL mysql_list_fields() client library function). An authenticated database user could send a request with an excessively long table name to cause a temporary denial of service (mysqld crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-1850) A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. An authenticated database user could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially-crafted table name. (CVE-2010-1848) A flaw was discovered in the way MySQL handled symbolic links to tables created using the DATA DIRECTORY and INDEX DIRECTORY directives in CREATE TABLE statements. An attacker with CREATE and DROP table privileges, and shell access to the database server, could use this flaw to remove data and index files of tables created by other database users using the MyISAM storage engine. (CVE-2010-1626) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2010:0449: rhn-client-tools security update (Moderate)oval-com.redhat.rhsa-def-20100449 mediumRHSA-2010:0449 CVE-2010-1439
RHSA-2010:0449: rhn-client-tools security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100449 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0449, CVE-2010-1439 |
| Description | Red Hat Network Client Tools provide programs and libraries that allow your system to receive software updates from the Red Hat Network (RHN). It was discovered that rhn-client-tools set insecure permissions on the loginAuth.pkl file, used to store session credentials for authenticating connections to Red Hat Network servers. A local, unprivileged user could use these credentials to download packages from the Red Hat Network. They could also manipulate package or action lists associated with the system's profile. (CVE-2010-1439) Users of rhn-client-tools are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2010:0457: perl security update (Moderate)oval-com.redhat.rhsa-def-20100457 mediumRHSA-2010:0457 CVE-2010-1168 CVE-2010-1447
RHSA-2010:0457: perl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100457 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0457, CVE-2010-1168, CVE-2010-1447 |
| Description | Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The Safe module did not properly restrict the code of implicitly called methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe when such objects were accessed or destroyed. A specially-crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions. (CVE-2010-1168) The Safe module did not properly restrict code compiled in a Safe compartment and executed out of the compartment via a subroutine reference returned as a result of unsafe code evaluation. A specially-crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions, if the returned subroutine reference was called from outside of the compartment. (CVE-2010-1447) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton as the original reporter of CVE-2010-1168, and Tim Bunce and Rafaël Garcia-Suarez as the original reporters of CVE-2010-1447. These packages upgrade the Safe extension module to version 2.27. Refer to the Safe module's Changes file, linked to in the References, for a full list of changes. Users of perl are advised to upgrade to these updated packages, which correct these issues. All applications using the Safe extension module must be restarted for this update to take effect. |
RHSA-2010:0458: perl security update (Moderate)oval-com.redhat.rhsa-def-20100458 mediumRHSA-2010:0458 CVE-2008-5302 CVE-2008-5303 CVE-2010-1168 CVE-2010-1447
RHSA-2010:0458: perl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100458 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0458, CVE-2008-5302, CVE-2008-5303, CVE-2010-1168, CVE-2010-1447 |
| Description | Perl is a high-level programming language commonly used for system administration utilities and web programming. The Safe extension module allows users to compile and execute Perl code in restricted compartments. The File::Path module allows users to create and remove directory trees. The Safe module did not properly restrict the code of implicitly called methods (such as DESTROY and AUTOLOAD) on implicitly blessed objects returned as a result of unsafe code evaluation. These methods could have been executed unrestricted by Safe when such objects were accessed or destroyed. A specially-crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions. (CVE-2010-1168) The Safe module did not properly restrict code compiled in a Safe compartment and executed out of the compartment via a subroutine reference returned as a result of unsafe code evaluation. A specially-crafted Perl script executed inside of a Safe compartment could use this flaw to bypass intended Safe module restrictions, if the returned subroutine reference was called from outside of the compartment. (CVE-2010-1447) Multiple race conditions were found in the way the File::Path module's rmtree function removed directory trees. A malicious, local user with write access to a directory being removed by a victim, running a Perl script using rmtree, could cause the permissions of arbitrary files to be changed to world-writable and setuid, or delete arbitrary files via a symbolic link attack, if the victim had the privileges to change the permissions of the target files or to remove them. (CVE-2008-5302, CVE-2008-5303) Red Hat would like to thank Tim Bunce for responsibly reporting the CVE-2010-1168 and CVE-2010-1447 issues. Upstream acknowledges Nick Cleaton as the original reporter of CVE-2010-1168, and Tim Bunce and Rafaël Garcia-Suarez as the original reporters of CVE-2010-1447. These packages upgrade the Safe extension module to version 2.27. Refer to the Safe module's Changes file, linked to in the References, for a full list of changes. Users of perl are advised to upgrade to these updated packages, which correct these issues. All applications using the Safe or File::Path modules must be restarted for this update to take effect. |
RHSA-2010:0459: openoffice.org security update (Moderate)oval-com.redhat.rhsa-def-20100459 mediumRHSA-2010:0459 CVE-2010-0395
RHSA-2010:0459: openoffice.org security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0459, CVE-2010-0395 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. A flaw was found in the way OpenOffice.org enforced a macro security setting for macros, written in the Python scripting language, that were embedded in OpenOffice.org documents. If a user were tricked into opening a specially-crafted OpenOffice.org document and previewed the macro directory structure, it could lead to Python macro execution even if macro execution was disabled. (CVE-2010-0395) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For Red Hat Enterprise Linux 4, this erratum provides updated openoffice.org2 packages. For Red Hat Enterprise Linux 5, this erratum provides updated openoffice.org packages. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2010:0474: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100474 highRHSA-2010:0474 CVE-2009-3726 CVE-2010-1173 CVE-2010-1437
RHSA-2010:0474: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100474 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0474, CVE-2009-3726, CVE-2010-1173, CVE-2010-1437 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * a NULL pointer dereference flaw was found in the Linux kernel NFSv4 implementation. Several of the NFSv4 file locking functions failed to check whether a file had been opened on the server before performing locking operations on it. A local, unprivileged user on a system with an NFSv4 share mounted could possibly use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2009-3726, Important) * a flaw was found in the sctp_process_unk_param() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to an SCTP listening port on a target system, causing a kernel panic (denial of service). (CVE-2010-1173, Important) * a race condition between finding a keyring by name and destroying a freed keyring was found in the Linux kernel key management facility. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1437, Important) Red Hat would like to thank Simon Vallet for responsibly reporting CVE-2009-3726; and Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for responsibly reporting CVE-2010-1173. Bug fixes: * RHBA-2007:0791 introduced a regression in the Journaling Block Device (JBD). Under certain circumstances, removing a large file (such as 300 MB or more) did not result in inactive memory being freed, leading to the system having a large amount of inactive memory. Now, the memory is correctly freed. (BZ#589155) * the timer_interrupt() routine did not scale lost real ticks to logical ticks correctly, possibly causing time drift for 64-bit Red Hat Enterprise Linux 4 KVM (Kernel-based Virtual Machine) guests that were booted with the "divider=x" kernel parameter set to a value greater than 1. "warning: many lost ticks" messages may have been logged on the affected guest systems. (BZ#590551) * a bug could have prevented NFSv3 clients from having the most up-to-date file attributes for files on a given NFSv3 file system. In cases where a file type changed, such as if a file was removed and replaced with a directory of the same name, the NFSv3 client may not have noticed this change until stat(2) was called (for example, by running "ls -l"). (BZ#596372) * RHBA-2007:0791 introduced bugs in the Linux kernel PCI-X subsystem. These could have caused a system deadlock on some systems where the BIOS set the default Maximum Memory Read Byte Count (MMRBC) to 4096, and that also use the Intel PRO/1000 Linux driver, e1000. Errors such as "e1000: eth[x]: e1000_clean_tx_irq: Detected Tx Unit Hang" were logged. (BZ#596374) * an out of memory condition in a KVM guest, using the virtio-net network driver and also under heavy network stress, could have resulted in that guest being unable to receive network traffic. Users had to manually remove and re-add the virtio_net module and restart the network service before networking worked as expected. Such memory conditions no longer prevent KVM guests receiving network traffic. (BZ#597310) * when an SFQ qdisc that limited the queue size to two packets was added to a network interface, sending traffic through that interface resulted in a kernel crash. Such a qdisc no longer results in a kernel crash. (BZ#597312) * when an NFS client opened a file with the O_TRUNC flag set, it received a valid stateid, but did not use that stateid to perform the SETATTR call. Such cases were rejected by Red Hat Enterprise Linux 4 NFS servers with an "NFS4ERR_BAD_STATEID" error, possibly preventing some NFS clients from writing files to an NFS file system. (BZ#597314) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0475: sudo security update (Moderate)oval-com.redhat.rhsa-def-20100475 mediumRHSA-2010:0475 CVE-2010-1646
RHSA-2010:0475: sudo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100475 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0475, CVE-2010-1646 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set by sudo, which could result in those values being used by the executed command instead of the values set by sudo. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. (CVE-2010-1646) Red Hat would like to thank Anders Kaseorg and Evan Broder of Ksplice, Inc. for responsibly reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2010:0488: samba and samba3x security update (Critical)oval-com.redhat.rhsa-def-20100488 highRHSA-2010:0488 CVE-2010-2063
RHSA-2010:0488: samba and samba3x security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100488 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0488, CVE-2010-2063 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. An input sanitization flaw was found in the way Samba parsed client data. A malicious client could send a specially-crafted SMB packet to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-2063) Red Hat would like to thank the Samba team for responsibly reporting this issue. Upstream acknowledges Jun Mao as the original reporter. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2010:0490: cups security update (Important)oval-com.redhat.rhsa-def-20100490 highRHSA-2010:0490 CVE-2010-0540 CVE-2010-0542 CVE-2010-1748
RHSA-2010:0490: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100490 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0490, CVE-2010-0540, CVE-2010-0542, CVE-2010-1748 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS "texttops" filter converts text files to PostScript. A missing memory allocation failure check flaw, leading to a NULL pointer dereference, was found in the CUPS "texttops" filter. An attacker could create a malicious text file that would cause "texttops" to crash or, potentially, execute arbitrary code as the "lp" user if the file was printed. (CVE-2010-0542) A Cross-Site Request Forgery (CSRF) issue was found in the CUPS web interface. If a remote attacker could trick a user, who is logged into the CUPS web interface as an administrator, into visiting a specially-crafted website, the attacker could reconfigure and disable CUPS, and gain access to print jobs and system files. (CVE-2010-0540) Note: As a result of the fix for CVE-2010-0540, cookies must now be enabled in your web browser to use the CUPS web interface. An uninitialized memory read issue was found in the CUPS web interface. If an attacker had access to the CUPS web interface, they could use a specially-crafted URL to leverage this flaw to read a limited amount of memory from the cupsd process, possibly obtaining sensitive information. (CVE-2010-1748) Red Hat would like to thank the Apple Product Security team for responsibly reporting these issues. Upstream acknowledges regenrecht as the original reporter of CVE-2010-0542; Adrian 'pagvac' Pastor of GNUCITIZEN and Tim Starling as the original reporters of CVE-2010-0540; and Luca Carettoni as the original reporter of CVE-2010-1748. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2010:0499: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20100499 highRHSA-2010:0499 CVE-2010-0163 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200
RHSA-2010:0499: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100499 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0499, CVE-2010-0163, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1200) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1198) An integer overflow flaw was found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1199) A flaw was found in the way SeaMonkey processed mail attachments. A specially-crafted mail message could cause SeaMonkey to crash. (CVE-2010-0163) A flaw was found in the way SeaMonkey handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. A website that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2010:0500: firefox security, bug fix, and enhancement update (Critical)oval-com.redhat.rhsa-def-20100500 highRHSA-2010:0500 CVE-2008-5913 CVE-2009-5017 CVE-2010-0182 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1202 CVE-2010-1203
RHSA-2010:0500: firefox security, bug fix, and enhancement update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100500 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0500, CVE-2008-5913, CVE-2009-5017, CVE-2010-0182, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203 |
| Description | Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. A website that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories in the References section of this erratum. This erratum upgrades Firefox from version 3.0.19 to version 3.6.4, and as such, contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. For details concerning these changes, refer to the Firefox Release Notes links in the References section of this erratum. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to this updated package, which contains Firefox version 3.6.4. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0501: firefox security, bug fix, and enhancement update (Critical)oval-com.redhat.rhsa-def-20100501 highRHSA-2010:0501 CVE-2008-5913 CVE-2009-5017 CVE-2010-0182 CVE-2010-1121 CVE-2010-1125 CVE-2010-1196 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1202 CVE-2010-1203
RHSA-2010:0501: firefox security, bug fix, and enhancement update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100501 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0501, CVE-2008-5913, CVE-2009-5017, CVE-2010-0182, CVE-2010-1121, CVE-2010-1125, CVE-2010-1196, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203 |
| Description | Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1121, CVE-2010-1200, CVE-2010-1202, CVE-2010-1203) A flaw was found in the way browser plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Firefox. (CVE-2010-1198) Several integer overflow flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1196, CVE-2010-1199) A focus stealing flaw was found in the way Firefox handled focus changes. A malicious website could use this flaw to steal sensitive data from a user, such as usernames and passwords. (CVE-2010-1125) A flaw was found in the way Firefox handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. A website that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A flaw was found in the Firefox Math.random() function. This function could be used to identify a browsing session and track a user across different websites. (CVE-2008-5913) A flaw was found in the Firefox XML document loading security checks. Certain security checks were not being called when an XML document was loaded. This could possibly be leveraged later by an attacker to load certain resources that violate the security policies of the browser or its add-ons. Note that this issue cannot be exploited by only loading an XML document. (CVE-2010-0182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.4. You can find a link to the Mozilla advisories in the References section of this erratum. This erratum upgrades Firefox from version 3.0.19 to version 3.6.4. Due to the requirements of Firefox 3.6.4, this erratum also provides a number of other updated packages, including esc, totem, and yelp. This erratum also contains multiple bug fixes and numerous enhancements. Space precludes documenting these changes in this advisory. For details concerning these changes, refer to the Firefox Release Notes links in the References section of this erratum. Important: Firefox 3.6.4 is not completely backwards-compatible with all Mozilla Add-ons and Firefox plug-ins that worked with Firefox 3.0.19. Firefox 3.6 checks compatibility on first-launch, and, depending on the individual configuration and the installed Add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.4. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0504: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100504 highRHSA-2010:0504 CVE-2010-0291 CVE-2010-0622 CVE-2010-1087 CVE-2010-1088 CVE-2010-1173 CVE-2010-1187 CVE-2010-1436 CVE-2010-1437 CVE-2010-1641
RHSA-2010:0504: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100504 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0504, CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1088, CVE-2010-1173, CVE-2010-1187, CVE-2010-1436, CVE-2010-1437, CVE-2010-1641 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * multiple flaws were found in the mmap and mremap implementations. A local user could use these flaws to cause a local denial of service or escalate their privileges. (CVE-2010-0291, Important) * a NULL pointer dereference flaw was found in the Fast Userspace Mutexes (futexes) implementation. The unlock code path did not check if the futex value associated with pi_state->owner had been modified. A local user could use this flaw to modify the futex value, possibly leading to a denial of service or privilege escalation when the pi_state->owner pointer is dereferenced. (CVE-2010-0622, Important) * a NULL pointer dereference flaw was found in the Linux kernel Network File System (NFS) implementation. A local user on a system that has an NFS-mounted file system could use this flaw to cause a denial of service or escalate their privileges on that system. (CVE-2010-1087, Important) * a flaw was found in the sctp_process_unk_param() function in the Linux kernel Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to an SCTP listening port on a target system, causing a kernel panic (denial of service). (CVE-2010-1173, Important) * a flaw was found in the Linux kernel Transparent Inter-Process Communication protocol (TIPC) implementation. If a client application, on a local system where the tipc module is not yet in network mode, attempted to send a message to a remote TIPC node, it would dereference a NULL pointer on the local system, causing a kernel panic (denial of service). (CVE-2010-1187, Important) * a buffer overflow flaw was found in the Linux kernel Global File System 2 (GFS2) implementation. In certain cases, a quota could be written past the end of a memory page, causing memory corruption, leaving the quota stored on disk in an invalid state. A user with write access to a GFS2 file system could trigger this flaw to cause a kernel crash (denial of service) or escalate their privileges on the GFS2 server. This issue can only be triggered if the GFS2 file system is mounted with the "quota=on" or "quota=account" mount option. (CVE-2010-1436, Important) * a race condition between finding a keyring by name and destroying a freed keyring was found in the Linux kernel key management facility. A local user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1437, Important) * a flaw was found in the link_path_walk() function in the Linux kernel. Using the file descriptor returned by the open() function with the O_NOFOLLOW flag on a subordinate NFS-mounted file system, could result in a NULL pointer dereference, causing a denial of service or privilege escalation. (CVE-2010-1088, Moderate) * a missing permission check was found in the gfs2_set_flags() function in the Linux kernel GFS2 implementation. A local user could use this flaw to change certain file attributes of files, on a GFS2 file system, that they do not own. (CVE-2010-1641, Low) Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for responsibly reporting CVE-2010-1173; Mario Mikocevic for responsibly reporting CVE-2010-1436; and Dan Rosenberg for responsibly reporting CVE-2010-1641. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from http://www.redhat.com/docs/en-US/errata/RHSA-2010-0504/Kernel_Security_Update/index.html Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0505: perl-Archive-Tar security update (Moderate)oval-com.redhat.rhsa-def-20100505 mediumRHSA-2010:0505 CVE-2007-4829
RHSA-2010:0505: perl-Archive-Tar security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100505 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0505, CVE-2007-4829 |
| Description | The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Multiple directory traversal flaws were discovered in the Archive::Tar module. A specially-crafted tar file could cause a Perl script, using the Archive::Tar module to extract the archive, to overwrite an arbitrary file writable by the user running the script. (CVE-2007-4829) This package upgrades the Archive::Tar module to version 1.39_01. Refer to the Archive::Tar module's changes file, linked to in the References, for a full list of changes. Users of perl-Archive-Tar are advised to upgrade to this updated package, which corrects these issues. All applications using the Archive::Tar module must be restarted for this update to take effect. |
RHSA-2010:0518: scsi-target-utils security update (Important)oval-com.redhat.rhsa-def-20100518 highRHSA-2010:0518 CVE-2010-2221
RHSA-2010:0518: scsi-target-utils security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100518 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0518, CVE-2010-2221 |
| Description | The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. Multiple buffer overflow flaws were found in scsi-target-utils' tgtd daemon. A remote attacker could trigger these flaws by sending a carefully-crafted Internet Storage Name Service (iSNS) request, causing the tgtd daemon to crash. (CVE-2010-2221) Red Hat would like to thank the Vulnerability Research Team at TELUS Security Labs and Fujita Tomonori for responsibly reporting these flaws. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct these issues. All running scsi-target-utils services must be restarted for the update to take effect. |
RHSA-2010:0519: libtiff security update (Important)oval-com.redhat.rhsa-def-20100519 highRHSA-2010:0519 CVE-2010-1411 CVE-2010-2481 CVE-2010-2483 CVE-2010-2595 CVE-2010-2597 CVE-2010-4665
RHSA-2010:0519: libtiff security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100519 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0519, CVE-2010-1411, CVE-2010-2481, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597, CVE-2010-4665 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Multiple integer overflow flaws, leading to a buffer overflow, were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2010-1411) Multiple input validation flaws were discovered in libtiff. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash. (CVE-2010-2481, CVE-2010-2483, CVE-2010-2595, CVE-2010-2597) Red Hat would like to thank Apple Product Security for responsibly reporting the CVE-2010-1411 flaw, who credit Kevin Finisterre of digitalmunition.com for the discovery of the issue. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. |
RHSA-2010:0528: avahi security update (Moderate)oval-com.redhat.rhsa-def-20100528 mediumRHSA-2010:0528 CVE-2009-0758 CVE-2010-2244
RHSA-2010:0528: avahi security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100528 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0528, CVE-2009-0758, CVE-2010-2244 |
| Description | Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with corrupted checksums. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to exit unexpectedly via specially-crafted mDNS packets. (CVE-2010-2244) A flaw was found in the way avahi-daemon processed incoming unicast mDNS messages. If the mDNS reflector were enabled on a system, an attacker on the local network could send a specially-crafted unicast mDNS message to that system, resulting in its avahi-daemon flooding the network with a multicast packet storm, and consuming a large amount of CPU. Note: The mDNS reflector is disabled by default. (CVE-2009-0758) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, avahi-daemon will be restarted automatically. |
RHSA-2010:0533: pcsc-lite security update (Moderate)oval-com.redhat.rhsa-def-20100533 mediumRHSA-2010:0533 CVE-2009-4901 CVE-2010-0407
RHSA-2010:0533: pcsc-lite security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100533 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0533, CVE-2009-4901, CVE-2010-0407 |
| Description | PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. Multiple buffer overflow flaws were discovered in the way the pcscd daemon, a resource manager that coordinates communications with smart card readers and smart cards connected to the system, handled client requests. A local user could create a specially-crafted request that would cause the pcscd daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407, CVE-2009-4901) Users of pcsc-lite should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the pcscd daemon will be restarted automatically. |
RHSA-2010:0534: libpng security update (Important)oval-com.redhat.rhsa-def-20100534 highRHSA-2010:0534 CVE-2009-2042 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249
RHSA-2010:0534: libpng security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100534 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0534, CVE-2009-2042, CVE-2010-0205, CVE-2010-1205, CVE-2010-2249 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1205) A denial of service flaw was found in the way applications using the libpng library decoded PNG images that have certain, highly compressed ancillary chunks. An attacker could create a specially-crafted PNG image that could cause an application using libpng to consume excessive amounts of memory and CPU time, and possibly crash. (CVE-2010-0205) A memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit. (CVE-2010-2249) A sensitive information disclosure flaw was found in the way applications using the libpng library processed 1-bit interlaced PNG images. An attacker could create a specially-crafted PNG image that could cause an application using libpng to disclose uninitialized memory. (CVE-2009-2042) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect. |
RHSA-2010:0542: openldap security update (Moderate)oval-com.redhat.rhsa-def-20100542 mediumRHSA-2010:0542 CVE-2010-0211 CVE-2010-0212
RHSA-2010:0542: openldap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100542 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0542, CVE-2010-0211, CVE-2010-0212 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. Multiple flaws were discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use these flaws to crash the slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211, CVE-2010-0212) Red Hat would like to thank CERT-FI for responsibly reporting these flaws, who credit Ilkka Mattila and Tuomas Salomäki for the discovery of the issues. Users of OpenLDAP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. |
RHSA-2010:0543: openldap security update (Moderate)oval-com.redhat.rhsa-def-20100543 mediumRHSA-2010:0543 CVE-2009-3767 CVE-2010-0211
RHSA-2010:0543: openldap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100543 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0543, CVE-2009-3767, CVE-2010-0211 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. An uninitialized pointer use flaw was discovered in the way the slapd daemon handled modify relative distinguished name (modrdn) requests. An authenticated user with privileges to perform modrdn operations could use this flaw to crash the slapd daemon via specially-crafted modrdn requests. (CVE-2010-0211) Red Hat would like to thank CERT-FI for responsibly reporting the CVE-2010-0211 flaw, who credit Ilkka Mattila and Tuomas Salomäki for the discovery of the issue. A flaw was found in the way OpenLDAP handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick applications using OpenLDAP libraries into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack. (CVE-2009-3767) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. |
RHSA-2010:0544: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20100544 mediumRHSA-2010:0544 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1211 CVE-2010-1214 CVE-2010-2753 CVE-2010-2754
RHSA-2010:0544: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100544 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0544, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753, CVE-2010-2754 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0545: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20100545 highRHSA-2010:0545 CVE-2010-0174 CVE-2010-0175 CVE-2010-0176 CVE-2010-0177 CVE-2010-1197 CVE-2010-1198 CVE-2010-1199 CVE-2010-1200 CVE-2010-1205 CVE-2010-1211 CVE-2010-1214 CVE-2010-2753 CVE-2010-2754
RHSA-2010:0545: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100545 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0545, CVE-2010-0174, CVE-2010-0175, CVE-2010-0176, CVE-2010-0177, CVE-2010-1197, CVE-2010-1198, CVE-2010-1199, CVE-2010-1200, CVE-2010-1205, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753, CVE-2010-2754 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A memory corruption flaw was found in the way Thunderbird decoded certain PNG images. An attacker could create a mail message containing a specially-crafted PNG image that, when opened, could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1205) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0174, CVE-2010-1200, CVE-2010-1211, CVE-2010-1214, CVE-2010-2753) An integer overflow flaw was found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1199) Several use-after-free flaws were found in Thunderbird. Viewing an HTML mail message containing malicious content could result in Thunderbird executing arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-0175, CVE-2010-0176, CVE-2010-0177) A flaw was found in the way Thunderbird plug-ins interact. It was possible for a plug-in to reference the freed memory from a different plug-in, resulting in the execution of arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1198) A flaw was found in the way Thunderbird handled the "Content-Disposition: attachment" HTTP header when the "Content-Type: multipart" HTTP header was also present. Loading remote HTTP content that allows arbitrary uploads and relies on the "Content-Disposition: attachment" HTTP header to prevent content from being displayed inline, could be used by an attacker to serve malicious content to users. (CVE-2010-1197) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded. (CVE-2010-2754) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0546: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20100546 highRHSA-2010:0546 CVE-2010-1205 CVE-2010-1211 CVE-2010-1214 CVE-2010-2751 CVE-2010-2753 CVE-2010-2754
RHSA-2010:0546: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100546 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0546, CVE-2010-1205, CVE-2010-1211, CVE-2010-1214, CVE-2010-2751, CVE-2010-2753, CVE-2010-2754 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1211, CVE-2010-2753, CVE-2010-1214) A memory corruption flaw was found in the way SeaMonkey decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opened, could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-1205) A same-origin policy bypass flaw was found in SeaMonkey. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with SeaMonkey. (CVE-2010-2754) A flaw was found in the way SeaMonkey displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2010:0547: firefox security update (Critical)oval-com.redhat.rhsa-def-20100547 highRHSA-2010:0547 CVE-2010-0654 CVE-2010-1205 CVE-2010-1206 CVE-2010-1207 CVE-2010-1208 CVE-2010-1209 CVE-2010-1210 CVE-2010-1211 CVE-2010-1212 CVE-2010-1213 CVE-2010-1214 CVE-2010-1215 CVE-2010-2751 CVE-2010-2752 CVE-2010-2753 CVE-2010-2754
RHSA-2010:0547: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100547 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0547, CVE-2010-0654, CVE-2010-1205, CVE-2010-1206, CVE-2010-1207, CVE-2010-1208, CVE-2010-1209, CVE-2010-1210, CVE-2010-1211, CVE-2010-1212, CVE-2010-1213, CVE-2010-1214, CVE-2010-1215, CVE-2010-2751, CVE-2010-2752, CVE-2010-2753, CVE-2010-2754 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212, CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753) A memory corruption flaw was found in the way Firefox decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opened, could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-1205) Several same-origin policy bypass flaws were found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754) A flaw was found in the way Firefox presented the location bar to a user. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-1206) A flaw was found in the way Firefox displayed the location bar when visiting a secure web page. A malicious server could use this flaw to present data that appears to originate from a secure server, even though it does not. (CVE-2010-2751) A flaw was found in the way Firefox displayed certain malformed characters. A malicious web page could use this flaw to bypass certain string sanitization methods, allowing it to display malicious information to users. (CVE-2010-1210) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.7, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0556: firefox security update (Critical)oval-com.redhat.rhsa-def-20100556 highRHSA-2010:0556 CVE-2010-2755
RHSA-2010:0556: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100556 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0556, CVE-2010-2755 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. An invalid free flaw was found in Firefox's plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running the Firefox application. (CVE-2010-2755) All Firefox users should upgrade to these updated packages, which contain a backported patch that corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0557: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20100557 highRHSA-2010:0557 CVE-2010-2755
RHSA-2010:0557: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100557 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0557, CVE-2010-2755 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. An invalid free flaw was found in SeaMonkey's plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2755) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2010:0558: firefox security update (Critical)oval-com.redhat.rhsa-def-20100558 highRHSA-2010:0558 CVE-2010-2755
RHSA-2010:0558: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100558 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0558, CVE-2010-2755 |
| Description | Mozilla Firefox is an open source web browser. An invalid free flaw was found in Firefox's plugin handler. Malicious web content could result in an invalid memory pointer being freed, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2755) All Firefox users should upgrade to these updated packages, which contain a backported patch that corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0565: w3m security update (Moderate)oval-com.redhat.rhsa-def-20100565 mediumRHSA-2010:0565 CVE-2010-2074
RHSA-2010:0565: w3m security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100565 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0565, CVE-2010-2074 |
| Description | The w3m program is a pager (or text file viewer) that can also be used as a text mode web browser. It was discovered that w3m is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse w3m into accepting it by mistake. (CVE-2010-2074) All w3m users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2010:0567: lvm2-cluster security update (Moderate)oval-com.redhat.rhsa-def-20100567 mediumRHSA-2010:0567 CVE-2010-2526
RHSA-2010:0567: lvm2-cluster security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100567 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0567, CVE-2010-2526 |
| Description | The lvm2-cluster package contains support for Logical Volume Management (LVM) in a clustered environment. It was discovered that the cluster logical volume manager daemon (clvmd) did not verify the credentials of clients connecting to its control UNIX abstract socket, allowing local, unprivileged users to send control commands that were intended to only be available to the privileged root user. This could allow a local, unprivileged user to cause clvmd to exit, or request clvmd to activate, deactivate, or reload any logical volume on the local system or another system in the cluster. (CVE-2010-2526) Note: This update changes clvmd to use a pathname-based socket rather than an abstract socket. As such, the lvm2 update RHBA-2010:0569, which changes LVM to also use this pathname-based socket, must also be installed for LVM to be able to communicate with the updated clvmd. All lvm2-cluster users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the updated package, clvmd must be restarted for the update to take effect. |
RHSA-2010:0578: freetype security update (Important)oval-com.redhat.rhsa-def-20100578 highRHSA-2010:0578 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2527 CVE-2010-2541
RHSA-2010:0578: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100578 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0578, CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2527, CVE-2010-2541 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. An invalid memory management flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2498) An integer overflow flaw was found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2500) Several buffer overflow flaws were found in the way the FreeType font engine processed font files. If a user loaded a carefully-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2499, CVE-2010-2519) Several buffer overflow flaws were found in the FreeType demo applications. If a user loaded a carefully-crafted font file with a demo application, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2527, CVE-2010-2541) Red Hat would like to thank Robert Swiecki of the Google Security Team for the discovery of the CVE-2010-2498, CVE-2010-2500, CVE-2010-2499, CVE-2010-2519, and CVE-2010-2527 issues. Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2010:0580: tomcat5 security update (Important)oval-com.redhat.rhsa-def-20100580 highRHSA-2010:0580 CVE-2009-2693 CVE-2009-2696 CVE-2009-2902 CVE-2010-2227
RHSA-2010:0580: tomcat5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0580, CVE-2009-2693, CVE-2009-2696, CVE-2009-2902, CVE-2010-2227 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way Tomcat handled the Transfer-Encoding header in HTTP requests. A specially-crafted HTTP request could prevent Tomcat from sending replies, or cause Tomcat to return truncated replies, or replies containing data related to the requests of other users, for all subsequent HTTP requests. (CVE-2010-2227) The Tomcat security update RHSA-2009:1164 did not, unlike the erratum text stated, provide a fix for CVE-2009-0781, a cross-site scripting (XSS) flaw in the examples calendar application. With some web browsers, remote attackers could use this flaw to inject arbitrary web script or HTML via the "time" parameter. (CVE-2009-2696) Two directory traversal flaws were found in the Tomcat deployment process. A specially-crafted WAR file could, when deployed, cause a file to be created outside of the web root into any directory writable by the Tomcat user, or could lead to the deletion of files in the Tomcat host's work directory. (CVE-2009-2693, CVE-2009-2902) Users of Tomcat should upgrade to these updated packages, which contain backported patches to resolve these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2010:0585: lftp security update (Moderate)oval-com.redhat.rhsa-def-20100585 mediumRHSA-2010:0585 CVE-2010-2251
RHSA-2010:0585: lftp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100585 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0585, CVE-2010-2251 |
| Description | LFTP is a sophisticated file transfer program for the FTP and HTTP protocols. Like Bash, it has job control and uses the Readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind. It was discovered that lftp trusted the file name provided in the Content-Disposition HTTP header. A malicious HTTP server could use this flaw to write or overwrite files in the current working directory of a victim running lftp, by sending a different file from what the victim requested. (CVE-2010-2251) To correct this flaw, the following changes were made to lftp: the "xfer:clobber" option now defaults to "no", causing lftp to not overwrite existing files, and a new option, "xfer:auto-rename", which defaults to "no", has been introduced to control whether lftp should use server-suggested file names. Refer to the "Settings" section of the lftp(1) manual page for additional details on changing lftp settings. All lftp users should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2010:0603: gnupg2 security update (Moderate)oval-com.redhat.rhsa-def-20100603 mediumRHSA-2010:0603 CVE-2010-2547
RHSA-2010:0603: gnupg2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100603 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0603, CVE-2010-2547 |
| Description | The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A use-after-free flaw was found in the way gpgsm, a Cryptographic Message Syntax (CMS) encryption and signing tool, handled X.509 certificates with a large number of Subject Alternate Names. A specially-crafted X.509 certificate could, when imported, cause gpgsm to crash or, possibly, execute arbitrary code. (CVE-2010-2547) All gnupg2 users should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2010:0606: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100606 highRHSA-2010:0606 CVE-2010-2248 CVE-2010-2521
RHSA-2010:0606: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100606 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0606, CVE-2010-2248, CVE-2010-2521 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially-crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service). (CVE-2010-2248, Important) * buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important) This update also fixes the following bug: * the rpc_call_async() function in the SUN Remote Procedure Call (RPC) subsystem in the Linux kernel had a reference counting bug. In certain situations, some Network Lock Manager (NLM) messages may have triggered this bug on NFSv2 and NFSv3 servers, leading to a kernel panic (with "kernel BUG at fs/lockd/host.c:[xxx]!" logged to "/var/log/messages"). (BZ#612962) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0607: freetype security update (Important)oval-com.redhat.rhsa-def-20100607 highRHSA-2010:0607 CVE-2010-1797
RHSA-2010:0607: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100607 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0607, CVE-2010-1797 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 3 and 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. Two stack overflow flaws were found in the way the FreeType font engine processed certain Compact Font Format (CFF) character strings (opcodes). If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1797) Red Hat would like to thank Braden Thomas of the Apple Product Security team for reporting these issues. Note: CVE-2010-1797 only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2010:0610: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100610 highRHSA-2010:0610 CVE-2010-1084 CVE-2010-2066 CVE-2010-2070 CVE-2010-2226 CVE-2010-2248 CVE-2010-2521 CVE-2010-2524
RHSA-2010:0610: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100610 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0610, CVE-2010-1084, CVE-2010-2066, CVE-2010-2070, CVE-2010-2226, CVE-2010-2248, CVE-2010-2521, CVE-2010-2524 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * instances of unsafe sprintf() use were found in the Linux kernel Bluetooth implementation. Creating a large number of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrary memory pages being overwritten. A local, unprivileged user could use this flaw to cause a kernel panic (denial of service) or escalate their privileges. (CVE-2010-1084, Important) * a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE (Big Endian) bit of the Processor Status Register (PSR), leading to the guest crashing (denial of service). (CVE-2010-2070, Important) * a flaw was found in the CIFSSMBWrite() function in the Linux kernel Common Internet File System (CIFS) implementation. A remote attacker could send a specially-crafted SMB response packet to a target CIFS client, resulting in a kernel panic (denial of service). (CVE-2010-2248, Important) * buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important) * a flaw was found in the handling of the SWAPEXT IOCTL in the Linux kernel XFS file system implementation. A local user could use this flaw to read write-only files, that they do not own, on an XFS file system. This could lead to unintended information disclosure. (CVE-2010-2226, Moderate) * a flaw was found in the dns_resolver upcall used by CIFS. A local, unprivileged user could redirect a Microsoft Distributed File System link to another IP address, tricking the client into mounting the share from a server of the user's choosing. (CVE-2010-2524, Moderate) * a missing check was found in the mext_check_arguments() function in the ext4 file system code. A local user could use this flaw to cause the MOVE_EXT IOCTL to overwrite the contents of an append-only file on an ext4 file system, if they have write permissions for that file. (CVE-2010-2066, Low) Red Hat would like to thank Neil Brown for reporting CVE-2010-1084, and Dan Rosenberg for reporting CVE-2010-2226 and CVE-2010-2066. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0615: libvirt security and bug fix update (Low)oval-com.redhat.rhsa-def-20100615 lowRHSA-2010:0615 CVE-2010-2239 CVE-2010-2242
RHSA-2010:0615: libvirt security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100615 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0615, CVE-2010-2239, CVE-2010-2242 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems. It was found that libvirt did not set the user-defined backing store format when creating a new image, possibly resulting in applications having to probe the backing store to discover the format. A privileged guest user could use this flaw to read arbitrary files on the host. (CVE-2010-2239) It was found that libvirt created insecure iptables rules on the host when a guest system was configured for IP masquerading, allowing the guest to use privileged ports on the host when accessing network resources. A privileged guest user could use this flaw to access network resources that would otherwise not be accessible to the guest. (CVE-2010-2242) Red Hat would like to thank Jeremy Nickurak for reporting the CVE-2010-2242 issue. This update also fixes the following bugs: * a Linux software bridge assumes the MAC address of the enslaved interface with the numerically lowest MAC address. When the bridge changes its MAC address, for a period of time it does not relay packets across network segments, resulting in a temporary network "blackout". The bridge should thus avoid changing its MAC address in order not to disrupt network communications. The Linux kernel assigns network TAP devices a random MAC address. Occasionally, this random MAC address is lower than that of the physical interface which is enslaved (for example, eth0 or eth1), which causes the bridge to change its MAC address, thereby disrupting network communications for a period of time. With this update, libvirt now sets an explicit MAC address for all TAP devices created using the configured MAC address from the XML, but with the high bit set to 0xFE. The result is that TAP device MAC addresses are now numerically greater than those for physical interfaces, and bridges should no longer attempt to switch their MAC address to that of the TAP device, thus avoiding potential spurious network disruptions. (BZ#617243) * a memory leak in the libvirt driver for the Xen hypervisor has been fixed with this update. (BZ#619711) * the xm and virsh management user interfaces for virtual guests can be called on the command line to list the number of active guests. However, under certain circumstances, running the "virsh list" command resulted in virsh not listing all of the virtual guests that were active (that is, running) at the time. This update incorporates a fix that matches the logic used for determining active guests with that of "xm list", such that both commands should now list the same number of active virtual guests under all circumstances. (BZ#618200) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the system must be rebooted for the update to take effect. |
RHSA-2010:0616: dbus-glib security update (Moderate)oval-com.redhat.rhsa-def-20100616 mediumRHSA-2010:0616 CVE-2010-1172
RHSA-2010:0616: dbus-glib security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100616 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0616, CVE-2010-1172 |
| Description | dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was discovered that dbus-glib did not enforce the "access" flag on exported GObject properties. If such a property were read/write internally but specified as read-only externally, a malicious, local user could use this flaw to modify that property of an application. Such a change could impact the application's behavior (for example, if an IP address were changed the network may not come up properly after reboot) and possibly lead to a denial of service. (CVE-2010-1172) Due to the way dbus-glib translates an application's XML definitions of service interfaces and properties into C code at application build time, applications built against dbus-glib that use read-only properties needed to be rebuilt to fully fix the flaw. As such, this update provides NetworkManager packages that have been rebuilt against the updated dbus-glib packages. No other applications shipped with Red Hat Enterprise Linux 5 were affected. All dbus-glib and NetworkManager users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted (service NetworkManager restart) for this update to take effect. |
RHSA-2010:0625: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20100625 mediumRHSA-2010:0625 CVE-2010-1455 CVE-2010-2283 CVE-2010-2284 CVE-2010-2286 CVE-2010-2287 CVE-2010-2995
RHSA-2010:0625: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100625 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0625, CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286, CVE-2010-2287, CVE-2010-2995 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Multiple buffer overflow flaws were found in the Wireshark SigComp Universal Decompressor Virtual Machine (UDVM) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-2287, CVE-2010-2995) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-1455, CVE-2010-2283, CVE-2010-2284, CVE-2010-2286) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.0.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2010:0627: kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20100627 highRHSA-2010:0627 CVE-2010-0431 CVE-2010-0435 CVE-2010-2784
RHSA-2010:0627: kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100627 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0627, CVE-2010-0431, CVE-2010-0435, CVE-2010-2784 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0431) A flaw was found in QEMU-KVM, allowing the guest some control over the index used to access the callback array during sub-page MMIO initialization. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-2784) A NULL pointer dereference flaw was found when the host system had a processor with the Intel VT-x extension enabled. A privileged guest user could use this flaw to trick the host into emulating a certain instruction, which could crash the host (denial of service). (CVE-2010-0435) This update also fixes the following bugs: * running a "qemu-img" check on a faulty virtual machine image ended with a segmentation fault. With this update, the segmentation fault no longer occurs when running the "qemu-img" check. (BZ#610342) * when attempting to transfer a file between two guests that were joined in the same virtual LAN (VLAN), the receiving guest unexpectedly quit. With this update, the transfer completes successfully. (BZ#610343) * installation of a system was occasionally failing in KVM. This was caused by KVM using wrong permissions for large guest pages. With this update, the installation completes successfully. (BZ#616796) * previously, the migration process would fail for a virtual machine because the virtual machine could not map all the memory. This was caused by a conflict that was initiated when a virtual machine was initially run and then migrated right away. With this update, the conflict no longer occurs and the migration process no longer fails. (BZ#618205) * using a thinly provisioned VirtIO disk on iSCSI storage and performing a "qemu-img" check during an "e_no_space" event returned cluster errors. With this update, the errors no longer appear. (BZ#618206) All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2010:0632: qspice-client security update (Moderate)oval-com.redhat.rhsa-def-20100632 mediumRHSA-2010:0632 CVE-2010-2792
RHSA-2010:0632: qspice-client security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100632 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0632, CVE-2010-2792 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The qspice-client package provides the client side of the SPICE protocol. A race condition was found in the way the SPICE Mozilla Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into communicating over an attacker-controlled socket, possibly gaining access to authentication details, or resulting in a man-in-the-middle attack on the SPICE connection. (CVE-2010-2792) Users of qspice-client should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2010:0633: qspice security update (Important)oval-com.redhat.rhsa-def-20100633 highRHSA-2010:0633 CVE-2010-0428 CVE-2010-0429
RHSA-2010:0633: qspice security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100633 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0633, CVE-2010-0428, CVE-2010-0429 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system's QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host. (CVE-2010-0428) It was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2010-0429) All qspice users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0643: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20100643 highRHSA-2010:0643 CVE-2010-2935 CVE-2010-2936
RHSA-2010:0643: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100643 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0643, CVE-2010-2935, CVE-2010-2936 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer truncation error, leading to a heap-based buffer overflow, was found in the way the OpenOffice.org Impress presentation application sanitized a file's dictionary property items. An attacker could use this flaw to create a specially-crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org Impress to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org Impress. (CVE-2010-2935) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org Impress processed polygons in input documents. An attacker could use this flaw to create a specially-crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org Impress to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org Impress. (CVE-2010-2936) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For Red Hat Enterprise Linux 3, this erratum provides updated openoffice.org packages. For Red Hat Enterprise Linux 4, this erratum provides updated openoffice.org and openoffice.org2 packages. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2010:0651: spice-xpi security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20100651 mediumRHSA-2010:0651 CVE-2010-2792 CVE-2010-2794
RHSA-2010:0651: spice-xpi security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100651 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0651, CVE-2010-2792, CVE-2010-2794 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug-in that allows the SPICE client to run from within Mozilla Firefox. A race condition was found in the way the SPICE Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into communicating over an attacker-controlled socket, possibly gaining access to authentication details, or resulting in a man-in-the-middle attack on the SPICE connection. (CVE-2010-2792) It was found that the SPICE Firefox plug-in used a predictable name for its log file. A local attacker could use this flaw to conduct a symbolic link attack, allowing them to overwrite arbitrary files accessible to the user running Firefox. (CVE-2010-2794) This update also fixes the following bugs: * a bug prevented users of Red Hat Enterprise Linux 5.5, with all updates applied, from running the SPICE Firefox plug-in when using Firefox 3.6.4. With this update, the plug-in works correctly with Firefox 3.6.4 and the latest version in Red Hat Enterprise Linux 5.5, Firefox 3.6.7. (BZ#618244) * unused code has been removed during source code refactoring. This also resolves a bug in the SPICE Firefox plug-in that caused it to close random file descriptors. (BZ#594006, BZ#619067) Note: This update should be installed together with the RHSA-2010:0632 qspice-client update: https://rhn.redhat.com/errata/RHSA-2010-0632.html Users of spice-xpi should upgrade to this updated package, which contains backported patches to correct these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0652: ImageMagick security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20100652 mediumRHSA-2010:0652 CVE-2009-1882
RHSA-2010:0652: ImageMagick security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100652 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0652, CVE-2009-1882 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) This update also fixes the following bug: * previously, portions of certain RGB images on the right side were not rendered and left black when converting or displaying them. With this update, RGB images display correctly. (BZ#625058) Users of ImageMagick are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of ImageMagick must be restarted for this update to take effect. |
RHSA-2010:0653: ImageMagick security update (Moderate)oval-com.redhat.rhsa-def-20100653 mediumRHSA-2010:0653 CVE-2009-1882
RHSA-2010:0653: ImageMagick security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100653 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0653, CVE-2009-1882 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the ImageMagick routine responsible for creating X11 images. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2009-1882) Users of ImageMagick are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of ImageMagick must be restarted for this update to take effect. |
RHSA-2010:0657: gdm security and bug fix update (Low)oval-com.redhat.rhsa-def-20100657 lowRHSA-2010:0657 CVE-2007-5079
RHSA-2010:0657: gdm security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100657 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0657, CVE-2007-5079 |
| Description | The GNOME Display Manager (GDM) is a configurable re-implementation of XDM, the X Display Manager. GDM allows you to log in to your system with the X Window System running, and supports running several different X sessions on your local machine at the same time. A flaw was found in the way the gdm package was built. The gdm package was missing TCP wrappers support on 64-bit platforms, which could result in an administrator believing they had access restrictions enabled when they did not. (CVE-2007-5079) This update also fixes the following bug: * sometimes the system would hang instead of properly shutting down when a user chose "Shut down" from the login screen. (BZ#625818) All users should upgrade to this updated package, which contains backported patches to correct these issues. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM. |
RHSA-2010:0659: httpd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20100659 mediumRHSA-2010:0659 CVE-2010-1452 CVE-2010-2791
RHSA-2010:0659: httpd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100659 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0659, CVE-2010-1452, CVE-2010-2791 |
| Description | The Apache HTTP Server is a popular web server. A flaw was discovered in the way the mod_proxy module of the Apache HTTP Server handled the timeouts of requests forwarded by a reverse proxy to the back-end server. If the proxy was configured to reuse existing back-end connections, it could return a response intended for another user under certain timeout conditions, possibly leading to information disclosure. (CVE-2010-2791) A flaw was found in the way the mod_dav module of the Apache HTTP Server handled certain requests. If a remote attacker were to send a carefully crafted request to the server, it could cause the httpd child process to crash. (CVE-2010-1452) This update also fixes the following bugs: * numerous issues in the INFLATE filter provided by mod_deflate. "Inflate error -5 on flush" errors may have been logged. This update upgrades mod_deflate to the newer upstream version from Apache HTTP Server 2.2.15. (BZ#625435) * the response would be corrupted if mod_filter applied the DEFLATE filter to a resource requiring a subrequest with an internal redirect. (BZ#625451) * the OID() function used in the mod_ssl "SSLRequire" directive did not correctly evaluate extensions of an unknown type. (BZ#625452) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2010:0661: kernel security update (Important)oval-com.redhat.rhsa-def-20100661 highRHSA-2010:0661 CVE-2010-2240
RHSA-2010:0661: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100661 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0661, CVE-2010-2240 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * when an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause an application to execute arbitrary code, possibly leading to privilege escalation. It is known that the X Window System server can be used to trigger this flaw. (CVE-2010-2240, Important) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Rafal Wojtczuk as the original reporter. Users should upgrade to these updated packages, which contain backported patches to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2010:0675: sudo security update (Important)oval-com.redhat.rhsa-def-20100675 highRHSA-2010:0675 CVE-2010-2956
RHSA-2010:0675: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100675 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0675, CVE-2010-2956 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2010:0676: kernel security update (Important)oval-com.redhat.rhsa-def-20100676 highRHSA-2010:0676 CVE-2010-2240
RHSA-2010:0676: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100676 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0676, CVE-2010-2240 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * When an application has a stack overflow, the stack could silently overwrite another memory mapped area instead of a segmentation fault occurring, which could cause an application to execute arbitrary code, possibly leading to privilege escalation. It is known that the X Window System server can be used to trigger this flaw. (CVE-2010-2240, Important) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Rafal Wojtczuk as the original reporter. Users should upgrade to these updated packages, which contain backported patches to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2010:0678: rpm security update (Moderate)oval-com.redhat.rhsa-def-20100678 mediumRHSA-2010:0678 CVE-2005-4889 CVE-2010-2059
RHSA-2010:0678: rpm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100678 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0678, CVE-2005-4889, CVE-2010-2059 |
| Description | The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading or removing packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the package providing them was upgraded or removed by a system administrator. This could have security implications if a package was upgraded or removed because of a security flaw in a setuid or setgid program. (CVE-2005-4889, CVE-2010-2059) All users of rpm are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2010:0679: rpm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20100679 mediumRHSA-2010:0679 CVE-2010-2059
RHSA-2010:0679: rpm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100679 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0679, CVE-2010-2059 |
| Description | The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. It was discovered that RPM did not remove setuid and setgid bits set on binaries when upgrading packages. A local attacker able to create hard links to binaries could use this flaw to keep those binaries on the system, at a specific version level and with the setuid or setgid bit set, even if the package providing them was upgraded by a system administrator. This could have security implications if a package was upgraded because of a security flaw in a setuid or setgid program. (CVE-2010-2059) This update also fixes the following bug: * A memory leak in the communication between RPM and the Security-Enhanced Linux (SELinux) subsystem, which could have caused extensive memory consumption. In reported cases, this issue was triggered by running rhn_check when errata were scheduled to be applied. (BZ#627630) All users of rpm are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0680: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20100680 highRHSA-2010:0680 CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169
RHSA-2010:0680: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100680 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0680, CVE-2010-2760, CVE-2010-2765, CVE-2010-2767, CVE-2010-2768, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3169) A buffer overflow flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2010-2768) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2010:0681: firefox security update (Critical)oval-com.redhat.rhsa-def-20100681 highRHSA-2010:0681 CVE-2010-2760 CVE-2010-2762 CVE-2010-2764 CVE-2010-2765 CVE-2010-2766 CVE-2010-2767 CVE-2010-2768 CVE-2010-2769 CVE-2010-3166 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169
RHSA-2010:0681: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100681 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0681, CVE-2010-2760, CVE-2010-2762, CVE-2010-2764, CVE-2010-2765, CVE-2010-2766, CVE-2010-2767, CVE-2010-2768, CVE-2010-2769, CVE-2010-3166, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3169, CVE-2010-2762) Several use-after-free and dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) Multiple buffer overflow flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-2765, CVE-2010-3166) Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769) A flaw was found in the Firefox XMLHttpRequest object. A remote site could use this flaw to gather information about servers on an internal private network. (CVE-2010-2764) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories in the References section of this erratum. Note: After installing this update, Firefox will fail to connect (with HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key exchange if the server's ephemeral key is too small. Connecting to such servers is a security risk as an ephemeral key that is too small makes the SSL connection vulnerable to attack. Refer to the Solution section for further information. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.9, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0682: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20100682 mediumRHSA-2010:0682 CVE-2010-2760 CVE-2010-2765 CVE-2010-2767 CVE-2010-2768 CVE-2010-3167 CVE-2010-3168 CVE-2010-3169
RHSA-2010:0682: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100682 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0682, CVE-2010-2760, CVE-2010-2765, CVE-2010-2767, CVE-2010-2768, CVE-2010-3167, CVE-2010-3168, CVE-2010-3169 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3169) A buffer overflow flaw was found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2765) A use-after-free flaw and several dangling pointer flaws were found in Thunderbird. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-2760, CVE-2010-2767, CVE-2010-3167, CVE-2010-3168) A cross-site scripting (XSS) flaw was found in Thunderbird. Remote HTML content could cause Thunderbird to execute JavaScript code with the permissions of different remote HTML content. (CVE-2010-2768) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0697: samba security and bug fix update (Critical)oval-com.redhat.rhsa-def-20100697 highRHSA-2010:0697 CVE-2010-3069
RHSA-2010:0697: samba security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100697 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0697, CVE-2010-3069 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially-crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) For Red Hat Enterprise Linux 4, this update also fixes the following bug: * Previously, the restorecon utility was required during the installation of the samba-common package. As a result, attempting to update samba without this utility installed may have failed with the following error: /var/tmp/rpm-tmp.[xxxxx]: line 7: restorecon: command not found With this update, the utility is only used when it is already present on the system, and the package is now always updated as expected. (BZ#629602) Users of Samba are advised to upgrade to these updated packages, which correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2010:0698: samba3x security update (Critical)oval-com.redhat.rhsa-def-20100698 highRHSA-2010:0698 CVE-2010-3069
RHSA-2010:0698: samba3x security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100698 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0698, CVE-2010-3069 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially-crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2010:0703: bzip2 security update (Important)oval-com.redhat.rhsa-def-20100703 highRHSA-2010:0703 CVE-2010-0405
RHSA-2010:0703: bzip2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100703 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0703, CVE-2010-0405 |
| Description | bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the libbz2 library must be restarted for the update to take effect. |
RHSA-2010:0704: kernel security update (Important)oval-com.redhat.rhsa-def-20100704 highRHSA-2010:0704 CVE-2010-3081
RHSA-2010:0704: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100704 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0704, CVE-2010-3081 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) Red Hat would like to thank Ben Hawkes for reporting this issue. Red Hat is aware that a public exploit for this issue is available. Refer to Knowledgebase article DOC-40265 for further details: https://access.redhat.com/kb/docs/DOC-40265 Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2010:0718: kernel security update (Important)oval-com.redhat.rhsa-def-20100718 highRHSA-2010:0718 CVE-2010-3081
RHSA-2010:0718: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100718 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0718, CVE-2010-3081 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The compat_alloc_user_space() function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) Red Hat would like to thank Ben Hawkes for reporting this issue. Refer to Knowledgebase article DOC-40265 for further details: https://access.redhat.com/kb/docs/DOC-40265 Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2010:0720: mikmod security update (Moderate)oval-com.redhat.rhsa-def-20100720 mediumRHSA-2010:0720 CVE-2007-6720 CVE-2009-3995 CVE-2009-3996
RHSA-2010:0720: mikmod security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100720 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0720, CVE-2007-6720, CVE-2009-3995, CVE-2009-3996 |
| Description | MikMod is a MOD music file player for Linux, UNIX, and similar operating systems. It supports various file formats including MOD, STM, S3M, MTM, XM, ULT, and IT. Multiple input validation flaws, resulting in buffer overflows, were discovered in MikMod. Specially-crafted music files in various formats could, when played, cause an application using the MikMod library to crash or, potentially, execute arbitrary code. (CVE-2009-3995, CVE-2009-3996, CVE-2007-6720) All MikMod users should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using the MikMod library must be restarted for this update to take effect. |
RHSA-2010:0723: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100723 highRHSA-2010:0723 CVE-2010-1083 CVE-2010-2492 CVE-2010-2798 CVE-2010-2938 CVE-2010-2942 CVE-2010-2943 CVE-2010-3015
RHSA-2010:0723: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100723 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0723, CVE-2010-1083, CVE-2010-2492, CVE-2010-2798, CVE-2010-2938, CVE-2010-2942, CVE-2010-2943, CVE-2010-3015 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the ecryptfs_uid_hash() function in the Linux kernel eCryptfs implementation. On systems that have the eCryptfs netlink transport (Red Hat Enterprise Linux 5 does) or where the "/dev/ecryptfs" file has world writable permissions (which it does not, by default, on Red Hat Enterprise Linux 5), a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. (CVE-2010-2492, Important) * A miscalculation of the size of the free space of the initial directory entry in a directory leaf block was found in the Linux kernel Global File System 2 (GFS2) implementation. A local, unprivileged user with write access to a GFS2-mounted file system could perform a rename operation on that file system to trigger a NULL pointer dereference, possibly resulting in a denial of service or privilege escalation. (CVE-2010-2798, Important) * A flaw was found in the Xen hypervisor implementation when running a system that has an Intel CPU without Extended Page Tables (EPT) support. While attempting to dump information about a crashing fully-virtualized guest, the flaw could cause the hypervisor to crash the host as well. A user with permissions to configure a fully-virtualized guest system could use this flaw to crash the host. (CVE-2010-2938, Moderate) * Information leak flaws were found in the Linux kernel's Traffic Control Unit implementation. A local attacker could use these flaws to cause the kernel to leak kernel memory to user-space, possibly leading to the disclosure of sensitive information. (CVE-2010-2942, Moderate) * A flaw was found in the Linux kernel's XFS file system implementation. The file handle lookup could return an invalid inode as valid. If an XFS file system was mounted via NFS (Network File System), a local attacker could access stale data or overwrite existing data that reused the inodes. (CVE-2010-2943, Moderate) * An integer overflow flaw was found in the extent range checking code in the Linux kernel's ext4 file system implementation. A local, unprivileged user with write access to an ext4-mounted file system could trigger this flaw by writing to a file at a very large file offset, resulting in a local denial of service. (CVE-2010-3015, Moderate) * An information leak flaw was found in the Linux kernel's USB implementation. Certain USB errors could result in an uninitialized kernel buffer being sent to user-space. An attacker with physical access to a target system could use this flaw to cause an information leak. (CVE-2010-1083, Low) Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492; Grant Diffey of CenITex for reporting CVE-2010-2798; Toshiyuki Okajima for reporting CVE-2010-3015; and Marcus Meissner for reporting CVE-2010-1083. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0737: freetype security update (Important)oval-com.redhat.rhsa-def-20100737 highRHSA-2010:0737 CVE-2010-2806 CVE-2010-2808 CVE-2010-3054 CVE-2010-3311
RHSA-2010:0737: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100737 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0737, CVE-2010-2806, CVE-2010-2808, CVE-2010-3054, CVE-2010-3311 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 provide only the FreeType 2 font engine. It was discovered that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially-crafted font file with an application linked against FreeType, and the relevant font glyphs were subsequently rendered with the X FreeType library (libXft), it could trigger a heap-based buffer overflow in the libXft library, causing the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3311) A stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808) An array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806) A stack overflow flaw was found in the way the FreeType font rendering engine processed PostScript Type 1 font files that contain nested Standard Encoding Accented Character (seac) calls. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash. (CVE-2010-3054) Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2010:0742: postgresql and postgresql84 security update (Moderate)oval-com.redhat.rhsa-def-20100742 mediumRHSA-2010:0742 CVE-2010-3433
RHSA-2010:0742: postgresql and postgresql84 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100742 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0742, CVE-2010-3433 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will be executed with the privileges of the user that created it. It was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used to implement a SECURITY DEFINER function, an authenticated database user could use a PL/Perl or PL/Tcl script to modify the behavior of that function during subsequent calls in the same session. This would result in the modified or injected code also being executed with the privileges of the user who created the SECURITY DEFINER function, possibly leading to privilege escalation. (CVE-2010-3433) For Red Hat Enterprise Linux 4, the updated postgresql packages upgrade PostgreSQL to version 7.4.30. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/7.4/static/release.html For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.22, and the updated postgresql84 packages upgrade PostgreSQL to version 8.4.5. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/8.1/static/release.html http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2010:0749: poppler security update (Important)oval-com.redhat.rhsa-def-20100749 highRHSA-2010:0749 CVE-2010-3702 CVE-2010-3704
RHSA-2010:0749: poppler security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100749 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0749, CVE-2010-3702, CVE-2010-3704 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. An uninitialized pointer use flaw was discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0751: xpdf security update (Important)oval-com.redhat.rhsa-def-20100751 highRHSA-2010:0751 CVE-2010-3702 CVE-2010-3704
RHSA-2010:0751: xpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100751 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0751, CVE-2010-3702, CVE-2010-3704 |
| Description | Xpdf is an X Window System based viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in Xpdf. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause Xpdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2010:0752: gpdf security update (Important)oval-com.redhat.rhsa-def-20100752 highRHSA-2010:0752 CVE-2010-3702 CVE-2010-3704
RHSA-2010:0752: gpdf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100752 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0752, CVE-2010-3702, CVE-2010-3704 |
| Description | GPdf is a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in GPdf. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way GPdf parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause GPdf to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2010:0753: kdegraphics security update (Important)oval-com.redhat.rhsa-def-20100753 highRHSA-2010:0753 CVE-2010-3702 CVE-2010-3704
RHSA-2010:0753: kdegraphics security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100753 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0753, CVE-2010-3702, CVE-2010-3704 |
| Description | The kdegraphics packages contain applications for the K Desktop Environment, including KPDF, a viewer for Portable Document Format (PDF) files. An uninitialized pointer use flaw was discovered in KPDF. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3702) An array index error was found in the way KPDF parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause KPDF to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0755: cups security update (Important)oval-com.redhat.rhsa-def-20100755 highRHSA-2010:0755 CVE-2009-3609 CVE-2010-3702
RHSA-2010:0755: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100755 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0755, CVE-2009-3609, CVE-2010-3702 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The CUPS "pdftops" filter converts Portable Document Format (PDF) files to PostScript. Multiple flaws were discovered in the CUPS "pdftops" filter. An attacker could create a malicious PDF file that, when printed, would cause "pdftops" to crash or, potentially, execute arbitrary code as the "lp" user. (CVE-2010-3702, CVE-2009-3609) Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20100768 highRHSA-2010:0768 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574
RHSA-2010:0768: java-1.6.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100768 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0768, CVE-2009-3555, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3557, CVE-2010-3561, CVE-2010-3562, CVE-2010-3564, CVE-2010-3565, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3573, CVE-2010-3574 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The RHSA-2010:0339 update mitigated a man-in-the-middle attack in the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network "connect" permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the "appletviewer" application. Bug fixes: * This update provides one defense in depth patch. (BZ#639922) * Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#618290) |
RHSA-2010:0779: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20100779 mediumRHSA-2010:0779 CVE-2010-2942 CVE-2010-3067 CVE-2010-3477
RHSA-2010:0779: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100779 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0779, CVE-2010-2942, CVE-2010-3067, CVE-2010-3477 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leak flaws were found in the Linux kernel Traffic Control Unit implementation. A local attacker could use these flaws to cause the kernel to leak kernel memory to user-space, possibly leading to the disclosure of sensitive information. (CVE-2010-2942, Moderate) * A flaw was found in the tcf_act_police_dump() function in the Linux kernel network traffic policing implementation. A data structure in tcf_act_police_dump() was not initialized properly before being copied to user-space. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3477, Moderate) * A missing upper bound integer check was found in the sys_io_submit() function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3067, Low) Red Hat would like to thank Tavis Ormandy for reporting CVE-2010-3067. This update also fixes the following bugs: * When two systems using bonding devices in the adaptive load balancing (ALB) mode communicated with each other, an endless loop of ARP replies started between these two systems due to a faulty MAC address update. With this update, the MAC address update no longer creates unneeded ARP replies. (BZ#629239) * When running the Connectathon NFS Testsuite with certain clients and Red Hat Enterprise Linux 4.8 as the server, nfsvers4, lock, and test2 failed the Connectathon test. (BZ#625535) * For UDP/UNIX domain sockets, due to insufficient memory barriers in the network code, a process sleeping in select() may have missed notifications about new data. In rare cases, this bug may have caused a process to sleep forever. (BZ#640117) * In certain situations, a bug found in either the HTB or TBF network packet schedulers in the Linux kernel could have caused a kernel panic when using Broadcom network cards with the bnx2 driver. (BZ#624363) * Previously, allocating fallback cqr for DASD reserve/release IOCTLs failed because it used the memory pool of the respective device. This update preallocates sufficient memory for a single reserve/release request. (BZ#626828) * In some situations a bug prevented "force online" succeeding for a DASD device. (BZ#626827) * Using the "fsstress" utility may have caused a kernel panic. (BZ#633968) * This update introduces additional stack guard patches. (BZ#632515) * A bug was found in the way the megaraid_sas driver handled physical disks and management IOCTLs. All physical disks were exported to the disk layer, allowing an oops in megasas_complete_cmd_dpc() when completing the IOCTL command if a timeout occurred. (BZ#631903) * Previously, a warning message was returned when a large amount of messages was passed through netconsole and a considerable amount of network load was added. With this update, the warning message is no longer displayed. (BZ#637729) * Executing a large "dd" command (1 to 5GB) on an iSCSI device with the qla3xxx driver caused a system crash due to the incorrect storing of a private data structure. With this update, the size of the stored data structure is checked and the system crashes no longer occur. (BZ#624364) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0780: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20100780 mediumRHSA-2010:0780 CVE-2010-3176 CVE-2010-3180 CVE-2010-3182
RHSA-2010:0780: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100780 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0780, CVE-2010-3176, CVE-2010-3180, CVE-2010-3182 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3176, CVE-2010-3180) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0781: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20100781 highRHSA-2010:0781 CVE-2010-3170 CVE-2010-3173 CVE-2010-3176 CVE-2010-3177 CVE-2010-3180 CVE-2010-3182
RHSA-2010:0781: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100781 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0781, CVE-2010-3170, CVE-2010-3173, CVE-2010-3176, CVE-2010-3177, CVE-2010-3180, CVE-2010-3182 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3176, CVE-2010-3180) A flaw was found in the way the Gopher parser in SeaMonkey converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running SeaMonkey, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A flaw was found in the script that launches SeaMonkey. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running SeaMonkey, if that user ran SeaMonkey from within an attacker-controlled directory. (CVE-2010-3182) It was found that the SSL DHE (Diffie-Hellman Ephemeral) mode implementation for key exchanges in SeaMonkey accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern hardware. (CVE-2010-3173) A flaw was found in the way SeaMonkey matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. SeaMonkey incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2010:0782: firefox security update (Critical)oval-com.redhat.rhsa-def-20100782 highRHSA-2010:0782 CVE-2010-3170 CVE-2010-3173 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183
RHSA-2010:0782: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100782 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0782, CVE-2010-3170, CVE-2010-3173, CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim has loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Firefox, if that user ran Firefox from within an attacker-controlled directory. (CVE-2010-3182) This update also provides NSS version 3.12.8 which is required by the updated Firefox version, fixing the following security issues: It was found that the SSL DHE (Diffie-Hellman Ephemeral) mode implementation for key exchanges in Firefox accepted DHE keys that were 256 bits in length. This update removes support for 256 bit DHE keys, as such keys are easily broken using modern hardware. (CVE-2010-3173) A flaw was found in the way NSS matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. NSS incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.11. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.11, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0785: quagga security update (Moderate)oval-com.redhat.rhsa-def-20100785 mediumRHSA-2010:0785 CVE-2007-4826 CVE-2010-2948
RHSA-2010:0785: quagga security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100785 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0785, CVE-2007-4826, CVE-2010-2948 |
| Description | Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh (RR) messages. A configured BGP peer could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. (CVE-2010-2948) Note: On Red Hat Enterprise Linux 5 it is not possible to exploit CVE-2010-2948 to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. Multiple NULL pointer dereference flaws were found in the way the Quagga bgpd daemon processed certain specially-crafted BGP messages. A configured BGP peer could crash bgpd on a target system via specially-crafted BGP messages. (CVE-2007-4826) Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. |
RHSA-2010:0787: glibc security update (Important)oval-com.redhat.rhsa-def-20100787 highRHSA-2010:0787 CVE-2010-3847
RHSA-2010:0787: glibc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100787 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0787, CVE-2010-3847 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847) Red Hat would like to thank Tavis Ormandy for reporting this issue. All users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2010:0788: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20100788 mediumRHSA-2010:0788 CVE-2010-1624 CVE-2010-3711
RHSA-2010:0788: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100788 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0788, CVE-2010-1624, CVE-2010-3711 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol, MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for authentication. (CVE-2010-3711) A NULL pointer dereference flaw was found in the way the Pidgin MSN protocol plug-in processed custom emoticon messages. A remote attacker could use this flaw to crash Pidgin by sending specially-crafted emoticon messages during mutual communication. (CVE-2010-1624) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2010-3711, and Pierre Noguès of Meta Security as the original reporter of CVE-2010-1624. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2010:0792: kernel security update (Important)oval-com.redhat.rhsa-def-20100792 highRHSA-2010:0792 CVE-2010-3904
RHSA-2010:0792: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100792 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0792, CVE-2010-3904 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * The rds_page_copy_user() function in the Linux kernel Reliable Datagram Sockets (RDS) protocol implementation was missing sanity checks. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3904, Important) Red Hat would like to thank Dan Rosenberg of Virtual Security Research for reporting this issue. Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2010:0793: glibc security update (Important)oval-com.redhat.rhsa-def-20100793 highRHSA-2010:0793 CVE-2010-3856
RHSA-2010:0793: glibc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100793 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0793, CVE-2010-3856 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects (DSOs) to provide callbacks for its auditing API during the execution of privileged programs. A local attacker could use this flaw to escalate their privileges via a carefully-chosen system DSO library containing unsafe constructors. (CVE-2010-3856) Red Hat would like to thank Ben Hawkes and Tavis Ormandy for reporting this issue. All users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2010:0808: firefox security update (Critical)oval-com.redhat.rhsa-def-20100808 highRHSA-2010:0808 CVE-2010-3765
RHSA-2010:0808: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100808 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0808, CVE-2010-3765 |
| Description | Mozilla Firefox is an open source web browser. A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) For technical details regarding this flaw, refer to the Mozilla security advisories for Firefox 3.6.12. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0809: xulrunner security update (Critical)oval-com.redhat.rhsa-def-20100809 highRHSA-2010:0809 CVE-2010-3765
RHSA-2010:0809: xulrunner security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100809 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0809, CVE-2010-3765 |
| Description | XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A race condition flaw was found in the way XULRunner handled Document Object Model (DOM) element properties. Malicious HTML content could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3765) For technical details regarding this flaw, refer to the Mozilla security advisories for Firefox 3.6.12. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. |
RHSA-2010:0810: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20100810 highRHSA-2010:0810 CVE-2010-3765
RHSA-2010:0810: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100810 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0810, CVE-2010-3765 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A race condition flaw was found in the way SeaMonkey handled Document Object Model (DOM) element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3765) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2010:0811: cups security update (Important)oval-com.redhat.rhsa-def-20100811 highRHSA-2010:0811 CVE-2010-2431 CVE-2010-2941
RHSA-2010:0811: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100811 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0811, CVE-2010-2431, CVE-2010-2941 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A use-after-free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server or, potentially, execute arbitrary code with the privileges of the CUPS server. (CVE-2010-2941) A possible privilege escalation flaw was found in CUPS. An unprivileged process running as the "lp" user (such as a compromised external filter program spawned by the CUPS server) could trick the CUPS server into overwriting arbitrary files as the root user. (CVE-2010-2431) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting the CVE-2010-2941 issue. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2010:0812: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20100812 mediumRHSA-2010:0812 CVE-2010-3765
RHSA-2010:0812: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100812 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0812, CVE-2010-3765 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Note: JavaScript support is disabled by default in Thunderbird. The CVE-2010-3765 issue is not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0819: pam security update (Moderate)oval-com.redhat.rhsa-def-20100819 mediumRHSA-2010:0819 CVE-2010-3316 CVE-2010-3435 CVE-2010-3853 CVE-2010-4707
RHSA-2010:0819: pam security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100819 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0819, CVE-2010-3316, CVE-2010-3435, CVE-2010-3853, CVE-2010-4707 |
| Description | Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_mail module used root privileges while accessing users' files. In certain configurations, a local, unprivileged user could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0824: mysql security update (Moderate)oval-com.redhat.rhsa-def-20100824 mediumRHSA-2010:0824 CVE-2010-1848 CVE-2010-3681 CVE-2010-3840
RHSA-2010:0824: mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100824 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0824, CVE-2010-1848, CVE-2010-3681, CVE-2010-3840 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially-crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A directory traversal flaw was found in the way MySQL handled the parameters of the MySQL COM_FIELD_LIST network protocol command. A remote, authenticated attacker could use this flaw to obtain descriptions of the fields of an arbitrary table using a request with a specially-crafted table name. (CVE-2010-1848) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2010:0825: mysql security update (Moderate)oval-com.redhat.rhsa-def-20100825 mediumRHSA-2010:0825 CVE-2010-3677 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840
RHSA-2010:0825: mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100825 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0825, CVE-2010-3677, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3833, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data. A remote, authenticated attacker could use specially-crafted WKB data to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3840) A flaw was found in the way MySQL processed certain JOIN queries. If a stored procedure contained JOIN queries, and that procedure was executed twice in sequence, it could cause an infinite loop, leading to excessive CPU use (up to 100%). A remote, authenticated attacker could use this flaw to cause a denial of service. (CVE-2010-3839) A flaw was found in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3838) A flaw was found in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3837) It was found that MySQL did not properly pre-evaluate LIKE arguments in view prepare mode. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3836) A flaw was found in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3835) A flaw was found in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3833) A flaw was found in the way MySQL processed EXPLAIN statements for some complex SELECT queries. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3682) A flaw was found in the way MySQL processed certain alternating READ requests provided by HANDLER statements. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3681) A flaw was found in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3680) A flaw was found in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column. A remote, authenticated attacker could use this flaw to crash mysqld. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2010-3677) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2010:0839: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20100839 mediumRHSA-2010:0839 CVE-2010-3066 CVE-2010-3067 CVE-2010-3078 CVE-2010-3086 CVE-2010-3448 CVE-2010-3477
RHSA-2010:0839: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100839 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0839, CVE-2010-3066, CVE-2010-3067, CVE-2010-3078, CVE-2010-3086, CVE-2010-3448, CVE-2010-3477 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the io_submit_one() function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-3066, Moderate) * A flaw was found in the xfs_ioc_fsgetxattr() function in the Linux kernel XFS file system implementation. A data structure in xfs_ioc_fsgetxattr() was not initialized properly before being copied to user-space. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3078, Moderate) * The exception fixup code for the __futex_atomic_op1, __futex_atomic_op2, and futex_atomic_cmpxchg_inatomic() macros replaced the LOCK prefix with a NOP instruction. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-3086, Moderate) * A flaw was found in the tcf_act_police_dump() function in the Linux kernel network traffic policing implementation. A data structure in tcf_act_police_dump() was not initialized properly before being copied to user-space. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3477, Moderate) * A missing upper bound integer check was found in the sys_io_submit() function in the Linux kernel asynchronous I/O implementation. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2010-3067, Low) Red Hat would like to thank Tavis Ormandy for reporting CVE-2010-3066, CVE-2010-3086, and CVE-2010-3067, and Dan Rosenberg for reporting CVE-2010-3078. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0842: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100842 highRHSA-2010:0842 CVE-2010-2803 CVE-2010-2955 CVE-2010-2962 CVE-2010-3079 CVE-2010-3081 CVE-2010-3084 CVE-2010-3301 CVE-2010-3432 CVE-2010-3437 CVE-2010-3442 CVE-2010-3698 CVE-2010-3705 CVE-2010-3904
RHSA-2010:0842: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100842 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0842, CVE-2010-2803, CVE-2010-2955, CVE-2010-2962, CVE-2010-3079, CVE-2010-3081, CVE-2010-3084, CVE-2010-3301, CVE-2010-3432, CVE-2010-3437, CVE-2010-3442, CVE-2010-3698, CVE-2010-3705, CVE-2010-3904 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Missing sanity checks in the Intel i915 driver in the Linux kernel could allow a local, unprivileged user to escalate their privileges. (CVE-2010-2962, Important) * compat_alloc_user_space() in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be controlled from user-space. On 64-bit systems, a local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3081, Important) * A buffer overflow flaw in niu_get_ethtool_tcam_all() in the niu Ethernet driver in the Linux kernel, could allow a local user to cause a denial of service or escalate their privileges. (CVE-2010-3084, Important) * A flaw in the IA32 system call emulation provided in 64-bit Linux kernels could allow a local user to escalate their privileges. (CVE-2010-3301, Important) * A flaw in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service. (CVE-2010-3432, Important) * A missing integer overflow check in snd_ctl_new() in the Linux kernel's sound subsystem could allow a local, unprivileged user on a 32-bit system to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important) * A flaw was found in sctp_auth_asoc_get_hmac() in the Linux kernel's SCTP implementation. When iterating through the hmac_ids array, it did not reset the last id element if it was out of range. This could allow a remote attacker to cause a denial of service. (CVE-2010-3705, Important) * A function in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was missing sanity checks, which could allow a local, unprivileged user to escalate their privileges. (CVE-2010-3904, Important) * A flaw in drm_ioctl() in the Linux kernel's Direct Rendering Manager (DRM) implementation could allow a local, unprivileged user to cause an information leak. (CVE-2010-2803, Moderate) * It was found that wireless drivers might not always clear allocated buffers when handling a driver-specific IOCTL information request. A local user could trigger this flaw to cause an information leak. (CVE-2010-2955, Moderate) * A NULL pointer dereference flaw in ftrace_regex_lseek() in the Linux kernel's ftrace implementation could allow a local, unprivileged user to cause a denial of service. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2010-3079, Moderate) * A flaw in the Linux kernel's packet writing driver could be triggered via the PKT_CTRL_CMD_STATUS IOCTL request, possibly allowing a local, unprivileged user with access to "/dev/pktcdvd/control" to cause an information leak. Note: By default, only users in the cdrom group have access to "/dev/pktcdvd/control". (CVE-2010-3437, Moderate) * A flaw was found in the way KVM (Kernel-based Virtual Machine) handled the reloading of fs and gs segment registers when they had invalid selectors. A privileged host user with access to "/dev/kvm" could use this flaw to crash the host. (CVE-2010-3698, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2010-2962 and CVE-2010-2803; Ben Hawkes for reporting CVE-2010-3081 and CVE-2010-3301; Dan Rosenberg for reporting CVE-2010-3442, CVE-2010-3705, CVE-2010-3904, and CVE-2010-3437; and Robert Swiecki for reporting CVE-2010-3079. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0858: bzip2 security update (Important)oval-com.redhat.rhsa-def-20100858 highRHSA-2010:0858 CVE-2010-0405
RHSA-2010:0858: bzip2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100858 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0858, CVE-2010-0405 |
| Description | bzip2 is a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs. An integer overflow flaw was discovered in the bzip2 decompression routine. This issue could, when decompressing malformed archives, cause bzip2, or an application linked against the libbz2 library, to crash or, potentially, execute arbitrary code. (CVE-2010-0405) Users of bzip2 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using the libbz2 library must be restarted for the update to take effect. |
RHSA-2010:0859: poppler security update (Important)oval-com.redhat.rhsa-def-20100859 highRHSA-2010:0859 CVE-2010-3702 CVE-2010-3703 CVE-2010-3704
RHSA-2010:0859: poppler security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100859 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0859, CVE-2010-3702, CVE-2010-3703, CVE-2010-3704 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Two uninitialized pointer use flaws were discovered in poppler. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3702, CVE-2010-3703) An array index error was found in the way poppler parsed PostScript Type 1 fonts embedded in PDF documents. An attacker could create a malicious PDF file that, when opened, would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code. (CVE-2010-3704) Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0860: samba security update (Critical)oval-com.redhat.rhsa-def-20100860 highRHSA-2010:0860 CVE-2010-3069
RHSA-2010:0860: samba security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100860 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0860, CVE-2010-3069 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A missing array boundary checking flaw was found in the way Samba parsed the binary representation of Windows security identifiers (SIDs). A malicious client could send a specially-crafted SMB request to the Samba server, resulting in arbitrary code execution with the privileges of the Samba server (smbd). (CVE-2010-3069) Users of Samba are advised to upgrade to these updated packages, which correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2010:0861: firefox security update (Critical)oval-com.redhat.rhsa-def-20100861 highRHSA-2010:0861 CVE-2010-3175 CVE-2010-3176 CVE-2010-3177 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765
RHSA-2010:0861: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100861 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0861, CVE-2010-3175, CVE-2010-3176, CVE-2010-3177, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183, CVE-2010-3765 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A race condition flaw was found in the way Firefox handled Document Object Model (DOM) element properties. Malicious HTML content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3765) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3183, CVE-2010-3180) A flaw was found in the way the Gopher parser in Firefox converted text into HTML. A malformed file name on a Gopher server could, when accessed by a victim running Firefox, allow arbitrary JavaScript to be executed in the context of the Gopher domain. (CVE-2010-3177) A same-origin policy bypass flaw was found in Firefox. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox. (CVE-2010-3178) A flaw was found in the script that launches Firefox. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Firefox, if that user ran Firefox from within an attacker-controlled directory. (CVE-2010-3182) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.11 and 3.6.12. You can find links to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.12, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0862: nss security update (Low)oval-com.redhat.rhsa-def-20100862 lowRHSA-2010:0862 CVE-2010-3170
RHSA-2010:0862: nss security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100862 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0862, CVE-2010-3170 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the development of security-enabled client and server applications. A flaw was found in the way NSS matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. NSS incorrectly accepted connections to IP addresses that fell within the SSL certificate's wildcard range as valid SSL connections, possibly allowing an attacker to conduct a man-in-the-middle attack. (CVE-2010-3170) All NSS users should upgrade to these updated packages, which provide NSS version 3.12.8 to resolve this issue. After installing the update, applications using NSS must be restarted for the changes to take effect. |
RHSA-2010:0863: krb5 security update (Important)oval-com.redhat.rhsa-def-20100863 highRHSA-2010:0863 CVE-2010-1322
RHSA-2010:0863: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100863 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0863, CVE-2010-1322 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled TGS (Ticket-granting Server) request messages. A remote, authenticated attacker could use this flaw to crash the KDC or, possibly, disclose KDC memory or execute arbitrary code with the privileges of the KDC (krb5kdc). (CVE-2010-1322) Red Hat would like to thank the MIT Kerberos Team for reporting this issue. Upstream acknowledges Mike Roszkowski as the original reporter. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2010:0864: freetype security update (Important)oval-com.redhat.rhsa-def-20100864 highRHSA-2010:0864 CVE-2010-2805 CVE-2010-2806 CVE-2010-2808 CVE-2010-3311
RHSA-2010:0864: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100864 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0864, CVE-2010-2805, CVE-2010-2806, CVE-2010-2808, CVE-2010-3311 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. It was found that the FreeType font rendering engine improperly validated certain position values when processing input streams. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2805, CVE-2010-3311) A stack-based buffer overflow flaw was found in the way the FreeType font rendering engine processed some PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2808) An array index error was found in the way the FreeType font rendering engine processed certain PostScript Type 42 font files. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2806) Note: All of the issues in this erratum only affect the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20100865 highRHSA-2010:0865 CVE-2009-3555 CVE-2010-3541 CVE-2010-3548 CVE-2010-3549 CVE-2010-3551 CVE-2010-3553 CVE-2010-3554 CVE-2010-3557 CVE-2010-3561 CVE-2010-3562 CVE-2010-3564 CVE-2010-3565 CVE-2010-3567 CVE-2010-3568 CVE-2010-3569 CVE-2010-3573 CVE-2010-3574
RHSA-2010:0865: java-1.6.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100865 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0865, CVE-2009-3555, CVE-2010-3541, CVE-2010-3548, CVE-2010-3549, CVE-2010-3551, CVE-2010-3553, CVE-2010-3554, CVE-2010-3557, CVE-2010-3561, CVE-2010-3562, CVE-2010-3564, CVE-2010-3565, CVE-2010-3567, CVE-2010-3568, CVE-2010-3569, CVE-2010-3573, CVE-2010-3574 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. defaultReadObject of the Serialization API could be tricked into setting a volatile field multiple times, which could allow a remote attacker to execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3569) Race condition in the way objects were deserialized could allow an untrusted applet or application to misuse the privileges of the user running the applet or application. (CVE-2010-3568) Miscalculation in the OpenType font rendering implementation caused out-of-bounds memory access, which could allow remote attackers to execute code with the privileges of the user running the java process. (CVE-2010-3567) JPEGImageWriter.writeImage in the imageio API improperly checked certain image metadata, which could allow a remote attacker to execute arbitrary code in the context of the user running the applet or application. (CVE-2010-3565) Double free in IndexColorModel could cause an untrusted applet or application to crash or, possibly, execute arbitrary code with the privileges of the user running the applet or application. (CVE-2010-3562) The privileged accept method of the ServerSocket class in the Common Object Request Broker Architecture (CORBA) implementation in OpenJDK allowed it to receive connections from any host, instead of just the host of the current connection. An attacker could use this flaw to bypass restrictions defined by network permissions. (CVE-2010-3561) Flaws in the Swing library could allow an untrusted application to modify the behavior and state of certain JDK classes. (CVE-2010-3557) Flaws in the CORBA implementation could allow an attacker to execute arbitrary code by misusing permissions granted to certain system objects. (CVE-2010-3554) UIDefault.ProxyLazyValue had unsafe reflection usage, allowing untrusted callers to create objects via ProxyLazyValue values. (CVE-2010-3553) HttpURLConnection improperly handled the "chunked" transfer encoding method, which could allow remote attackers to conduct HTTP response splitting attacks. (CVE-2010-3549) HttpURLConnection improperly checked whether the calling code was granted the "allowHttpTrace" permission, allowing untrusted code to create HTTP TRACE requests. (CVE-2010-3574) HttpURLConnection did not validate request headers set by applets, which could allow remote attackers to trigger actions otherwise restricted to HTTP clients. (CVE-2010-3541, CVE-2010-3573) The Kerberos implementation improperly checked the sanity of AP-REQ requests, which could cause a denial of service condition in the receiving Java Virtual Machine. (CVE-2010-3564) The java-1.6.0-openjdk packages shipped with the GA release of Red Hat Enterprise Linux 6 mitigated a man-in-the-middle attack in the way the TLS/SSL protocols handle session renegotiation by disabling renegotiation. This update implements the TLS Renegotiation Indication Extension as defined in RFC 5746, allowing secure renegotiation between updated clients and servers. (CVE-2009-3555) The NetworkInterface class improperly checked the network "connect" permissions for local network addresses, which could allow remote attackers to read local network addresses. (CVE-2010-3551) Information leak flaw in the Java Naming and Directory Interface (JNDI) could allow a remote attacker to access information about otherwise-protected internal network names. (CVE-2010-3548) Note: Flaws concerning applets in this advisory (CVE-2010-3568, CVE-2010-3554, CVE-2009-3555, CVE-2010-3562, CVE-2010-3557, CVE-2010-3548, CVE-2010-3564, CVE-2010-3565, CVE-2010-3569) can only be triggered in OpenJDK by calling the "appletviewer" application. Bug fixes: * One defense in depth patch. (BZ#639922) * Problems for certain SSL connections. In a reported case, this prevented the JBoss JAAS modules from connecting over SSL to Microsoft Active Directory servers. (BZ#642779) |
RHSA-2010:0866: cups security update (Important)oval-com.redhat.rhsa-def-20100866 highRHSA-2010:0866 CVE-2010-2941
RHSA-2010:0866: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100866 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0866, CVE-2010-2941 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. An invalid free flaw was found in the way the CUPS server parsed Internet Printing Protocol (IPP) packets. A malicious user able to send IPP requests to the CUPS server could use this flaw to crash the CUPS server. (CVE-2010-2941) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2010:0872: glibc security and bug fix update (Important)oval-com.redhat.rhsa-def-20100872 highRHSA-2010:0872 CVE-2010-3847 CVE-2010-3856
RHSA-2010:0872: glibc security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100872 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0872, CVE-2010-3847, CVE-2010-3856 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847) It was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects (DSOs) to provide callbacks for its auditing API during the execution of privileged programs. A local attacker could use this flaw to escalate their privileges via a carefully-chosen system DSO library containing unsafe constructors. (CVE-2010-3856) Red Hat would like to thank Tavis Ormandy for reporting the CVE-2010-3847 issue, and Ben Hawkes and Tavis Ormandy for reporting the CVE-2010-3856 issue. This update also fixes the following bugs: * Previously, the generic implementation of the strstr() and memmem() functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected. (BZ#643341) * The "TCB_ALIGNMENT" value has been increased to 32 bytes to prevent applications from crashing during symbol resolution on 64-bit systems with support for Intel AVX vector registers. (BZ#643343) All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0888: openssl security update (Important)oval-com.redhat.rhsa-def-20100888 highRHSA-2010:0888 CVE-2010-3864
RHSA-2010:0888: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100888 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0888, CVE-2010-3864 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A race condition flaw has been found in the OpenSSL TLS server extension parsing code, which could affect some multithreaded OpenSSL applications. Under certain specific conditions, it may be possible for a remote attacker to trigger this race condition and cause such an application to crash, or possibly execute arbitrary code with the permissions of the application. (CVE-2010-3864) Note that this issue does not affect the Apache HTTP Server. Refer to Red Hat Bugzilla bug 649304 for more technical details on how to determine if your application is affected. Red Hat would like to thank Rob Hulswit for reporting this issue. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2010:0889: freetype security update (Important)oval-com.redhat.rhsa-def-20100889 highRHSA-2010:0889 CVE-2010-3855
RHSA-2010:0889: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100889 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0889, CVE-2010-3855 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. A heap-based buffer overflow flaw was found in the way the FreeType font rendering engine processed certain TrueType GX fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2010-3855) Note: This issue only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2010:0890: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20100890 mediumRHSA-2010:0890 CVE-2010-3711
RHSA-2010:0890: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100890 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0890, CVE-2010-3711 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding. A remote attacker could use these flaws to crash Pidgin if the target Pidgin user was using the Yahoo! Messenger Protocol, MSN, MySpace, or Extensible Messaging and Presence Protocol (XMPP) protocol plug-ins, or using the Microsoft NT LAN Manager (NTLM) protocol for authentication. (CVE-2010-3711) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter. All Pidgin users should upgrade to these updated packages, which contain a backported patch to resolve these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2010:0891: pam security update (Moderate)oval-com.redhat.rhsa-def-20100891 mediumRHSA-2010:0891 CVE-2010-3316 CVE-2010-3435 CVE-2010-3853 CVE-2010-4707 CVE-2010-4708
RHSA-2010:0891: pam security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100891 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0891, CVE-2010-3316, CVE-2010-3435, CVE-2010-3853, CVE-2010-4707, CVE-2010-4708 |
| Description | Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. It was discovered that the pam_namespace module executed the external script namespace.init with an unchanged environment inherited from an application calling PAM. In cases where such an environment was untrusted (for example, when pam_namespace was configured for setuid applications such as su or sudo), a local, unprivileged user could possibly use this flaw to escalate their privileges. (CVE-2010-3853) It was discovered that the pam_env and pam_mail modules used root privileges while accessing user's files. A local, unprivileged user could use this flaw to obtain information, from the lines that have the KEY=VALUE format expected by pam_env, from an arbitrary file. Also, in certain configurations, a local, unprivileged user using a service for which the pam_mail module was configured for, could use this flaw to obtain limited information about files or directories that they do not have access to. (CVE-2010-3435) Note: As part of the fix for CVE-2010-3435, this update changes the default value of pam_env's configuration option user_readenv to 0, causing the module to not read user's ~/.pam_environment configuration file by default, as reading it may introduce unexpected changes to the environment of the service using PAM, or PAM modules consulted after pam_env. It was discovered that the pam_xauth module did not verify the return values of the setuid() and setgid() system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and make it read an arbitrary input file. (CVE-2010-3316) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting the CVE-2010-3435 issue. All pam users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0892: openswan security update (Moderate)oval-com.redhat.rhsa-def-20100892 mediumRHSA-2010:0892 CVE-2010-3302 CVE-2010-3308 CVE-2010-3752 CVE-2010-3753
RHSA-2010:0892: openswan security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100892 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0892, CVE-2010-3302, CVE-2010-3308, CVE-2010-3752, CVE-2010-3753 |
| Description | Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. Two buffer overflow flaws were found in the Openswan client-side XAUTH handling code used when connecting to certain Cisco gateways. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client. (CVE-2010-3302, CVE-2010-3308) Two input sanitization flaws were found in the Openswan client-side handling of Cisco gateway banners. A malicious or compromised VPN gateway could use these flaws to execute arbitrary code on the connecting Openswan client. (CVE-2010-3752, CVE-2010-3753) Red Hat would like to thank the Openswan project for reporting these issues. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original reporters. All users of openswan are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the ipsec service will be restarted automatically. |
RHSA-2010:0894: systemtap security update (Important)oval-com.redhat.rhsa-def-20100894 highRHSA-2010:0894 CVE-2010-4170 CVE-2010-4171
RHSA-2010:0894: systemtap security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100894 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0894, CVE-2010-4170, CVE-2010-4171 |
| Description | SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules (for example, loading them). It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170) It was discovered that staprun did not check if the module to be unloaded was previously loaded by SystemTap. A local, unprivileged user could use this flaw to unload an arbitrary kernel module that was not in use. (CVE-2010-4171) Note: After installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool. Red Hat would like to thank Tavis Ormandy for reporting these issues. SystemTap users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2010:0895: systemtap security update (Moderate)oval-com.redhat.rhsa-def-20100895 mediumRHSA-2010:0895 CVE-2010-4170
RHSA-2010:0895: systemtap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100895 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0895, CVE-2010-4170 |
| Description | SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. staprun, the SystemTap runtime tool, is used for managing SystemTap kernel modules (for example, loading them). It was discovered that staprun did not properly sanitize the environment before executing the modprobe command to load an additional kernel module. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-4170) Note: On Red Hat Enterprise Linux 4, an attacker must be a member of the stapusr group to exploit this issue. Also note that, after installing this update, users already in the stapdev group must be added to the stapusr group in order to be able to run the staprun tool. Red Hat would like to thank Tavis Ormandy for reporting this issue. SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2010:0896: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20100896 mediumRHSA-2010:0896 CVE-2010-3175 CVE-2010-3176 CVE-2010-3178 CVE-2010-3179 CVE-2010-3180 CVE-2010-3182 CVE-2010-3183 CVE-2010-3765
RHSA-2010:0896: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100896 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0896, CVE-2010-3175, CVE-2010-3176, CVE-2010-3178, CVE-2010-3179, CVE-2010-3180, CVE-2010-3182, CVE-2010-3183, CVE-2010-3765 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A race condition flaw was found in the way Thunderbird handled Document Object Model (DOM) element properties. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3765) Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3175, CVE-2010-3176, CVE-2010-3179, CVE-2010-3180, CVE-2010-3183) A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird had loaded. (CVE-2010-3178) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. A flaw was found in the script that launches Thunderbird. The LD_LIBRARY_PATH variable was appending a "." character, which could allow a local attacker to execute arbitrary code with the privileges of a different user running Thunderbird, if that user ran Thunderbird from within an attacker-controlled directory. (CVE-2010-3182) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0898: kvm security update (Moderate)oval-com.redhat.rhsa-def-20100898 mediumRHSA-2010:0898 CVE-2010-3698
RHSA-2010:0898: kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100898 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0898, CVE-2010-3698 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM handled the reloading of fs and gs segment registers when they had invalid selectors. A privileged host user with access to "/dev/kvm" could use this flaw to crash the host (denial of service). (CVE-2010-3698) All KVM users should upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2010:0908: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20100908 mediumRHSA-2010:0908 CVE-2010-3433
RHSA-2010:0908: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100908 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0908, CVE-2010-3433 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). PL/Perl and PL/Tcl allow users to write PostgreSQL functions in the Perl and Tcl languages. The PostgreSQL SECURITY DEFINER parameter, which can be used when creating a new PostgreSQL function, specifies that the function will be executed with the privileges of the user that created it. It was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used to implement a SECURITY DEFINER function, an authenticated database user could use a PL/Perl or PL/Tcl script to modify the behavior of that function during subsequent calls in the same session. This would result in the modified or injected code also being executed with the privileges of the user who created the SECURITY DEFINER function, possibly leading to privilege escalation. (CVE-2010-3433) These updated postgresql packages upgrade PostgreSQL to version 8.4.5. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2010:0918: cvs security update (Moderate)oval-com.redhat.rhsa-def-20100918 mediumRHSA-2010:0918 CVE-2010-3846
RHSA-2010:0918: cvs security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100918 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0918, CVE-2010-3846 |
| Description | Concurrent Version System (CVS) is a version control system that can record the history of your files. An array index error, leading to a heap-based buffer overflow, was found in the way CVS applied certain delta fragment changes from input files in the RCS (Revision Control System file) format. If an attacker in control of a CVS repository stored a specially-crafted RCS file in that repository, and then tricked a remote victim into checking out (updating their CVS repository tree) a revision containing that file, it could lead to arbitrary code execution with the privileges of the CVS server process on the system hosting the CVS repository. (CVE-2010-3846) Red Hat would like to thank Ralph Loader for reporting this issue. All users of cvs are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2010:0919: php security update (Moderate)oval-com.redhat.rhsa-def-20100919 mediumRHSA-2010:0919 CVE-2009-5016 CVE-2010-0397 CVE-2010-1128 CVE-2010-1917 CVE-2010-2531 CVE-2010-3065 CVE-2010-3870
RHSA-2010:0919: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100919 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0919, CVE-2009-5016, CVE-2010-0397, CVE-2010-1128, CVE-2010-1917, CVE-2010-2531, CVE-2010-3065, CVE-2010-3870 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065) An information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531) A numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870) It was discovered that the PHP lcg_value() function used insufficient entropy to seed the pseudo-random number generator. A remote attacker could possibly use this flaw to predict values returned by the function, which are used to generate session identifiers by default. This update changes the function's implementation to use more entropy during seeding. (CVE-2010-1128) It was discovered that the PHP fnmatch() function did not restrict the length of the pattern argument. A remote attacker could use this flaw to crash the PHP interpreter where a script used fnmatch() on untrusted matching patterns. (CVE-2010-1917) A NULL pointer dereference flaw was discovered in the PHP XML-RPC extension. A malicious XML-RPC client or server could use this flaw to crash the PHP interpreter via a specially-crafted XML-RPC request. (CVE-2010-0397) All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2010:0923: dhcp security update (Moderate)oval-com.redhat.rhsa-def-20100923 mediumRHSA-2010:0923 CVE-2010-3611
RHSA-2010:0923: dhcp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100923 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0923, CVE-2010-3611 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks. A NULL pointer dereference flaw was discovered in the way the dhcpd daemon parsed DHCPv6 packets. A remote attacker could use this flaw to crash dhcpd via a specially-crafted DHCPv6 packet, if dhcpd was running as a DHCPv6 server. (CVE-2010-3611) Users running dhcpd as a DHCPv6 server should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all DHCP servers will be restarted automatically. |
RHSA-2010:0924: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20100924 mediumRHSA-2010:0924 CVE-2010-3445 CVE-2010-4300
RHSA-2010:0924: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100924 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0924, CVE-2010-3445, CVE-2010-4300 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark Local Download Sharing Service (LDSS) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-4300) A denial of service flaw was found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.13, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2010:0925: krb5 security and bug fix update (Important)oval-com.redhat.rhsa-def-20100925 highRHSA-2010:0925 CVE-2010-1323 CVE-2010-1324 CVE-2010-4020
RHSA-2010:0925: krb5 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100925 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0925, CVE-2010-1323, CVE-2010-1324, CVE-2010-4020 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple checksum validation flaws were discovered in the MIT Kerberos implementation. A remote attacker could use these flaws to tamper with certain Kerberos protocol packets and, possibly, bypass authentication or authorization mechanisms and escalate their privileges. (CVE-2010-1323, CVE-2010-1324, CVE-2010-4020) Red Hat would like to thank the MIT Kerberos Team for reporting these issues. This update also fixes the following bug: * When attempting to perform PKINIT pre-authentication, if the client had more than one possible candidate certificate the client could fail to select the certificate and key to use. This usually occurred if certificate selection was configured to use the value of the keyUsage extension, or if any of the candidate certificates did not contain a subjectAltName extension. Consequently, the client attempted to perform pre-authentication using a different (usually password-based) mechanism. (BZ#644825) All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2010:0926: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20100926 mediumRHSA-2010:0926 CVE-2010-1323
RHSA-2010:0926: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100926 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0926, CVE-2010-1323 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple checksum validation flaws were discovered in the MIT Kerberos implementation. A remote attacker could use these flaws to tamper with certain Kerberos protocol packets and, possibly, bypass authentication mechanisms in certain configurations using Single-use Authentication Mechanisms. (CVE-2010-1323) Red Hat would like to thank the MIT Kerberos Team for reporting these issues. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2010:0936: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20100936 highRHSA-2010:0936 CVE-2010-3432 CVE-2010-3442
RHSA-2010:0936: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100936 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0936, CVE-2010-3432, CVE-2010-3442 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * A flaw in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service. (CVE-2010-3432, Important) * A missing integer overflow check in snd_ctl_new() in the Linux kernel's sound subsystem could allow a local, unprivileged user on a 32-bit system to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important) Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-3442. Bug fixes: * Forward time drift was observed on virtual machines using PM timer-based kernel tick accounting and running on KVM or the Microsoft Hyper-V Server hypervisor. Virtual machines that were booted with the divider=x kernel parameter set to a value greater than 1 and that showed the following in the kernel boot messages were subject to this issue: time.c: Using PM based timekeeping Fine grained accounting for the PM timer is introduced which eliminates this issue. However, this fix uncovered a bug in the Xen hypervisor, possibly causing backward time drift. If this erratum is installed in Xen HVM guests that meet the aforementioned conditions, it is recommended that the host use kernel-xen-2.6.18-194.26.1.el5 or newer, which includes a fix (BZ#641915) for the backward time drift. (BZ#629237) * With multipath enabled, systems would occasionally halt when the do_cciss_request function was used. This was caused by wrongly-generated requests. Additional checks have been added to avoid the aforementioned issue. (BZ#640193) * A Sun X4200 system equipped with a QLogic HBA spontaneously rebooted and logged a Hyper-Transport Sync Flood Error to the system event log. A Maximum Memory Read Byte Count restriction was added to fix this bug. (BZ#640919) * For an active/backup bonding network interface with VLANs on top of it, when a link failed over, it took a minute for the multicast domain to be rejoined. This was caused by the driver not sending any IGMP join packets. The driver now sends IGMP join packets and the multicast domain is rejoined immediately. (BZ#641002) * Replacing a disk and trying to rebuild it afterwards caused the system to panic. When a domain validation request for a hot plugged drive was sent, the mptscsi driver did not validate its existence. This could result in the driver accessing random memory and causing the crash. A check has been added that describes the newly-added device and reloads the iocPg3 data from the firmware if needed. (BZ#641137) * An attempt to create a VLAN interface on a bond of two bnx2 adapters in two switch configurations resulted in a soft lockup after a few seconds. This was caused by an incorrect use of a bonding pointer. With this update, soft lockups no longer occur and creating a VLAN interface works as expected. (BZ#641254) * Erroneous pointer checks could have caused a kernel panic. This was due to a critical value not being copied when a network buffer was duplicated and consumed by multiple portions of the kernel's network stack. Fixing the copy operation resolved this bug. (BZ#642746) * A typo in a variable name caused it to be dereferenced in either mkdir() or create() which could cause a kernel panic. (BZ#643342) * SCSI high level drivers can submit SCSI commands which would never be completed when the device was offline. This was caused by a missing callback for the request to complete the given command. SCSI requests are now terminated by calling their callback when a device is offline. (BZ#644816) * A kernel panic could have occurred on systems due to a recursive lock in the 3c59x driver. Recursion is now avoided and this kernel panic no longer occurs. (BZ#648407) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2010:0945: quagga security update (Moderate)oval-com.redhat.rhsa-def-20100945 mediumRHSA-2010:0945 CVE-2010-2948 CVE-2010-2949
RHSA-2010:0945: quagga security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100945 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0945, CVE-2010-2948, CVE-2010-2949 |
| Description | Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. A stack-based buffer overflow flaw was found in the way the Quagga bgpd daemon processed certain BGP Route Refresh (RR) messages. A configured BGP peer could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. (CVE-2010-2948) Note: On Red Hat Enterprise Linux 6 it is not possible to exploit CVE-2010-2948 to run arbitrary code as the overflow is blocked by FORTIFY_SOURCE. A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon parsed the paths of autonomous systems (AS). A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-2949) Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. |
RHSA-2010:0950: apr-util security update (Moderate)oval-com.redhat.rhsa-def-20100950 mediumRHSA-2010:0950 CVE-2010-1623
RHSA-2010:0950: apr-util security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100950 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0950, CVE-2010-1623 |
| Description | The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. apr-util is a library which provides additional utility interfaces for APR; including support for XML parsing, LDAP, database interfaces, URI parsing, and more. It was found that certain input could cause the apr-util library to allocate more memory than intended in the apr_brigade_split_line() function. An attacker able to provide input in small chunks to an application using the apr-util library (such as httpd) could possibly use this flaw to trigger high memory consumption. (CVE-2010-1623) All apr-util users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr-util library, such as httpd, must be restarted for this update to take effect. |
RHSA-2010:0966: firefox security update (Critical)oval-com.redhat.rhsa-def-20100966 highRHSA-2010:0966 CVE-2010-3766 CVE-2010-3767 CVE-2010-3768 CVE-2010-3770 CVE-2010-3771 CVE-2010-3772 CVE-2010-3773 CVE-2010-3774 CVE-2010-3775 CVE-2010-3776 CVE-2010-3777
RHSA-2010:0966: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100966 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0966, CVE-2010-3766, CVE-2010-3767, CVE-2010-3768, CVE-2010-3770, CVE-2010-3771, CVE-2010-3772, CVE-2010-3773, CVE-2010-3774, CVE-2010-3775, CVE-2010-3776, CVE-2010-3777 |
| Description | Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2010-3766, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776, CVE-2010-3777) A flaw was found in the way Firefox handled malformed JavaScript. A website with an object containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2010-3771) This update adds support for the Sanitiser for OpenType (OTS) library to Firefox. This library helps prevent potential exploits in malformed OpenType fonts by verifying the font file prior to use. (CVE-2010-3768) A flaw was found in the way Firefox loaded Java LiveConnect scripts. Malicious web content could load a Java LiveConnect script in a way that would result in the plug-in object having elevated privileges, allowing it to execute Java code with the privileges of the user running Firefox. (CVE-2010-3775) It was found that the fix for CVE-2010-0179 was incomplete when the Firebug add-on was used. If a user visited a website containing malicious JavaScript while the Firebug add-on was enabled, it could cause Firefox to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-3773) A flaw was found in the way Firefox presented the location bar to users. A malicious website could trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-3774) A cross-site scripting (XSS) flaw was found in the Firefox x-mac-arabic, x-mac-farsi, and x-mac-hebrew character encodings. Certain characters were converted to angle brackets when displayed. If server-side script filtering missed these cases, it could result in Firefox executing JavaScript code with the permissions of a different website. (CVE-2010-3770) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.13. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.13, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2010:0967: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20100967 highRHSA-2010:0967 CVE-2010-3767 CVE-2010-3772 CVE-2010-3775 CVE-2010-3776
RHSA-2010:0967: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100967 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0967, CVE-2010-3767, CVE-2010-3772, CVE-2010-3775, CVE-2010-3776 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2010-3767, CVE-2010-3772, CVE-2010-3776) A flaw was found in the way SeaMonkey loaded Java LiveConnect scripts. Malicious web content could load a Java LiveConnect script in a way that would result in the plug-in object having elevated privileges, allowing it to execute Java code with the privileges of the user running SeaMonkey. (CVE-2010-3775) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2010:0968: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20100968 mediumRHSA-2010:0968 CVE-2010-3767 CVE-2010-3772 CVE-2010-3776
RHSA-2010:0968: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100968 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0968, CVE-2010-3767, CVE-2010-3772, CVE-2010-3776 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. HTML containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3767, CVE-2010-3772, CVE-2010-3776) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0969: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20100969 mediumRHSA-2010:0969 CVE-2010-3768 CVE-2010-3776 CVE-2010-3777
RHSA-2010:0969: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100969 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0969, CVE-2010-3768, CVE-2010-3776, CVE-2010-3777 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-3776, CVE-2010-3777) Note: JavaScript support is disabled in Thunderbird for mail messages. The above issues are believed to not be exploitable without JavaScript. This update adds support for the Sanitiser for OpenType (OTS) library to Thunderbird. This library helps prevent potential exploits in malformed OpenType fonts by verifying the font file prior to use. (CVE-2010-3768) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2010:0970: exim security update (Critical)oval-com.redhat.rhsa-def-20100970 highRHSA-2010:0970 CVE-2010-4344
RHSA-2010:0970: exim security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100970 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0970, CVE-2010-4344 |
| Description | Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. A buffer overflow flaw was discovered in Exim's internal string_vformat() function. A remote attacker could use this flaw to execute arbitrary code on the mail server running Exim. (CVE-2010-4344) Note: successful exploitation would allow a remote attacker to execute arbitrary code as root on a Red Hat Enterprise Linux 4 or 5 system that is running the Exim mail server. An exploit for this issue is known to exist. For additional information regarding this flaw, along with mitigation advice, please see the Knowledge Base article linked to in the References section of this advisory. Users of Exim are advised to update to these erratum packages which contain a backported patch to correct this issue. After installing this update, the Exim daemon will be restarted automatically. |
RHSA-2010:0975: bind security update (Important)oval-com.redhat.rhsa-def-20100975 highRHSA-2010:0975 CVE-2010-3613 CVE-2010-3614
RHSA-2010:0975: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100975 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0975, CVE-2010-3613, CVE-2010-3614 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached RRSIG records when adding an NCACHE record for the same entry to the cache. A remote attacker allowed to send recursive DNS queries to named could use this flaw to crash named. (CVE-2010-3613) It was discovered that, in certain cases, named did not properly perform DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY algorithm rollover. This flaw could cause the validator to incorrectly determine that the zone is insecure and not protected by DNSSEC. (CVE-2010-3614) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2010:0976: bind security update (Important)oval-com.redhat.rhsa-def-20100976 highRHSA-2010:0976 CVE-2010-3613 CVE-2010-3614 CVE-2010-3762
RHSA-2010:0976: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20100976 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0976, CVE-2010-3613, CVE-2010-3614, CVE-2010-3762 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached RRSIG records when adding an NCACHE record for the same entry to the cache. A remote attacker allowed to send recursive DNS queries to named could use this flaw to crash named. (CVE-2010-3613) A flaw was found in the DNSSEC validation code in named. If named had multiple trust anchors configured for a zone, a response to a request for a record in that zone with a bad signature could cause named to crash. (CVE-2010-3762) It was discovered that, in certain cases, named did not properly perform DNSSEC validation of an NS RRset for zones in the middle of a DNSKEY algorithm rollover. This flaw could cause the validator to incorrectly determine that the zone is insecure and not protected by DNSSEC. (CVE-2010-3614) All BIND users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2010:0977: openssl security update (Moderate)oval-com.redhat.rhsa-def-20100977 mediumRHSA-2010:0977 CVE-2008-7270 CVE-2009-3245 CVE-2010-4180
RHSA-2010:0977: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100977 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0977, CVE-2008-7270, CVE-2009-3245, CVE-2010-4180 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180, CVE-2008-7270) Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled. It was discovered that OpenSSL did not always check the return value of the bn_wexpand() function. An attacker able to trigger a memory allocation failure in that function could possibly crash an application using the OpenSSL library and its UBSEC hardware engine support. (CVE-2009-3245) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2010:0978: openssl security update (Moderate)oval-com.redhat.rhsa-def-20100978 mediumRHSA-2010:0978 CVE-2008-7270 CVE-2010-4180
RHSA-2010:0978: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100978 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0978, CVE-2008-7270, CVE-2010-4180 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180, CVE-2008-7270) Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2010:0979: openssl security update (Moderate)oval-com.redhat.rhsa-def-20100979 mediumRHSA-2010:0979 CVE-2010-4180
RHSA-2010:0979: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100979 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0979, CVE-2010-4180 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A ciphersuite downgrade flaw was found in the OpenSSL SSL/TLS server code. A remote attacker could possibly use this flaw to change the ciphersuite associated with a cached session stored on the server, if the server enabled the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option, possibly forcing the client to use a weaker ciphersuite after resuming the session. (CVE-2010-4180) Note: With this update, setting the SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option has no effect and this bug workaround can no longer be enabled. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2010:0981: HelixPlayer removal (Critical)oval-com.redhat.rhsa-def-20100981 highRHSA-2010:0981 CVE-2010-2997 CVE-2010-4375 CVE-2010-4378 CVE-2010-4379 CVE-2010-4382 CVE-2010-4383 CVE-2010-4384 CVE-2010-4385 CVE-2010-4386 CVE-2010-4392
RHSA-2010:0981: HelixPlayer removal (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20100981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:0981, CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392 |
| Description | Helix Player is a media player. Multiple security flaws were discovered in RealPlayer. Helix Player and RealPlayer share a common source code base; therefore, some of the flaws discovered in RealPlayer may also affect Helix Player. Some of these flaws could, when opening, viewing, or playing a malicious media file or stream, lead to arbitrary code execution with the privileges of the user running Helix Player. (CVE-2010-2997, CVE-2010-4375, CVE-2010-4378, CVE-2010-4379, CVE-2010-4382, CVE-2010-4383, CVE-2010-4384, CVE-2010-4385, CVE-2010-4386, CVE-2010-4392) The Red Hat Security Response Team is unable to properly determine the impact or fix all of these issues in Helix Player, due to the source code for RealPlayer being unavailable. Due to the security concerns this update removes the HelixPlayer package from Red Hat Enterprise Linux 4. Users wishing to continue to use Helix Player should download it directly from https://player.helixcommunity.org/ |
RHSA-2010:0998: kvm security and bug fix update (Low)oval-com.redhat.rhsa-def-20100998 lowRHSA-2010:0998 CVE-2010-3881
RHSA-2010:0998: kvm security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20100998 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2010:0998, CVE-2010-3881 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that some structure padding and reserved fields in certain data structures in QEMU-KVM were not initialized properly before being copied to user-space. A privileged host user with access to "/dev/kvm" could use this flaw to leak kernel stack memory to user-space. (CVE-2010-3881) Red Hat would like to thank Vasiliy Kulikov for reporting this issue. This update also fixes the following bugs: * The 'kvm_amd' kernel module did not initialize the TSC (Time Stamp Counter) offset in the VMCB (Virtual Machine Control Block) correctly. After a vCPU (virtual CPU) has been created, the TSC offset in the VMCB should have a negative value so that the virtual machine will see TSC values starting at zero. However, the TSC offset was set to zero and therefore the virtual machine saw the same TSC value as the host. With this update, the TSC offset has been updated to show the correct values. (BZ#656984) * Setting the boot settings of a virtual machine to, firstly, boot from PXE and, secondly, to boot from the hard drive would result in a PXE boot loop, that is, the virtual machine would not continue to boot from the hard drive if the PXE boot failed. This was caused by a flaw in the 'bochs-bios' (part of KVM) code. With this update, after a virtual machine tries to boot from PXE and fails, it continues to boot from a hard drive if there is one present. (BZ#659850) * If a 64-bit Red Hat Enterprise Linux 5.5 virtual machine was migrated to another host with a different CPU clock speed, the clock of that virtual machine would consistently lose or gain time (approximately half a second for every second the host is running). On machines that do not use the kvm clock, the network time protocol daemon (ntpd) could correct the time drifts caused by migration. However, using the pvclock caused the time to change consistently. This was due to flaws in the save/load functions of pvclock. With this update, the issue has been fixed and migrating a virtual machine no longer causes time drift. (BZ#660239) All KVM users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2010:0999: libvpx security update (Moderate)oval-com.redhat.rhsa-def-20100999 mediumRHSA-2010:0999 CVE-2010-4203
RHSA-2010:0999: libvpx security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20100999 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:0999, CVE-2010-4203 |
| Description | The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. An integer overflow flaw, leading to arbitrary memory writes, was found in libvpx. An attacker could create a specially-crafted video encoded using the VP8 codec that, when played by a victim with an application using libvpx (such as Totem), would cause the application to crash or, potentially, execute arbitrary code. (CVE-2010-4203) All users of libvpx are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using libvpx must be restarted for the changes to take effect. |
RHSA-2010:1000: bind security update (Important)oval-com.redhat.rhsa-def-20101000 highRHSA-2010:1000 CVE-2010-3613
RHSA-2010:1000: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20101000 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2010:1000, CVE-2010-3613 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. It was discovered that named did not invalidate previously cached SIG records when adding an NCACHE record for the same entry to the cache. A remote attacker allowed to send recursive DNS queries to named could use this flaw to crash named. (CVE-2010-3613) All BIND users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2010:1002: mod_auth_mysql security update (Moderate)oval-com.redhat.rhsa-def-20101002 mediumRHSA-2010:1002 CVE-2008-2384
RHSA-2010:1002: mod_auth_mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20101002 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:1002, CVE-2008-2384 |
| Description | The mod_auth_mysql package includes an extension module for the Apache HTTP
Server, which can be used to implement web user authentication against a
MySQL database.
A flaw was found in the way mod_auth_mysql escaped certain
multibyte-encoded strings. If mod_auth_mysql was configured to use a
multibyte character set that allowed a backslash ("\") as part of the
character encodings, a remote attacker could inject arbitrary SQL commands
into a login request. (CVE-2008-2384)
Note: This flaw only affected non-default installations where
AuthMySQLCharacterSet is configured to use one of the affected multibyte
character sets. Installations that did not use the AuthMySQLCharacterSet
configuration option were not vulnerable to this flaw.
All mod_auth_mysql users are advised to upgrade to this updated package,
which contains a backported patch to correct this issue. After installing
the updated package, the httpd daemon must be restarted for the update to
take effect.
|
RHSA-2010:1003: git security update (Moderate)oval-com.redhat.rhsa-def-20101003 mediumRHSA-2010:1003 CVE-2010-3906
RHSA-2010:1003: git security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20101003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2010:1003, CVE-2010-3906 |
| Description | Git is a fast, scalable, distributed revision control system. A cross-site scripting (XSS) flaw was found in gitweb, a simple web interface for Git repositories. A remote attacker could perform an XSS attack against victims by tricking them into visiting a specially-crafted gitweb URL. (CVE-2010-3906) All gitweb users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2011:0004: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20110004 highRHSA-2011:0004 CVE-2010-3432 CVE-2010-3442 CVE-2010-3699 CVE-2010-3858 CVE-2010-3859 CVE-2010-3865 CVE-2010-3876 CVE-2010-3880 CVE-2010-4083 CVE-2010-4157 CVE-2010-4161 CVE-2010-4242 CVE-2010-4247 CVE-2010-4248
RHSA-2011:0004: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110004 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0004, CVE-2010-3432, CVE-2010-3442, CVE-2010-3699, CVE-2010-3858, CVE-2010-3859, CVE-2010-3865, CVE-2010-3876, CVE-2010-3880, CVE-2010-4083, CVE-2010-4157, CVE-2010-4161, CVE-2010-4242, CVE-2010-4247, CVE-2010-4248 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in sctp_packet_config() in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-3432, Important) * A missing integer overflow check was found in snd_ctl_new() in the Linux kernel's sound subsystem. A local, unprivileged user on a 32-bit system could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-3442, Important) * A heap overflow flaw in the Linux kernel's Transparent Inter-Process Communication protocol (TIPC) implementation could allow a local, unprivileged user to escalate their privileges. (CVE-2010-3859, Important) * An integer overflow flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-3865, Important) * A flaw was found in the Xenbus code for the unified block-device I/O interface back end. A privileged guest user could use this flaw to cause a denial of service on the host system running the Xen hypervisor. (CVE-2010-3699, Moderate) * Missing sanity checks were found in setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate) * A flaw was found in inet_csk_diag_dump() in the Linux kernel's module for monitoring the sockets of INET transport protocols. By sending a netlink message with certain bytecode, a local, unprivileged user could cause a denial of service. (CVE-2010-3880, Moderate) * Missing sanity checks were found in gdth_ioctl_alloc() in the gdth driver in the Linux kernel. A local user with access to "/dev/gdth" on a 64-bit system could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-4157, Moderate) * The fix for Red Hat Bugzilla bug 484590 as provided in RHSA-2009:1243 introduced a regression. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4161, Moderate) * A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4242, Moderate) * It was found that a malicious guest running on the Xen hypervisor could place invalid data in the memory that the guest shared with the blkback and blktap back-end drivers, resulting in a denial of service on the host system. (CVE-2010-4247, Moderate) * A flaw was found in the Linux kernel's CPU time clocks implementation for the POSIX clock interface. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4248, Moderate) * Missing initialization flaws in the Linux kernel could lead to information leaks. (CVE-2010-3876, CVE-2010-4083, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-3442, CVE-2010-4161, and CVE-2010-4083; Thomas Pollet for reporting CVE-2010-3865; Brad Spengler for reporting CVE-2010-3858; Nelson Elhage for reporting CVE-2010-3880; Alan Cox for reporting CVE-2010-4242; and Vasiliy Kulikov for reporting CVE-2010-3876. This update also fixes several bugs and adds an enhancement. Documentation for the bug fixes and the enhancement will be available shortly from the Technical Notes document, linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0007: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110007 highRHSA-2011:0007 CVE-2010-2492 CVE-2010-3067 CVE-2010-3078 CVE-2010-3080 CVE-2010-3298 CVE-2010-3477 CVE-2010-3861 CVE-2010-3865 CVE-2010-3874 CVE-2010-3876 CVE-2010-3880 CVE-2010-4072 CVE-2010-4073 CVE-2010-4074 CVE-2010-4075 CVE-2010-4077 CVE-2010-4079 CVE-2010-4080 CVE-2010-4081 CVE-2010-4082 CVE-2010-4083 CVE-2010-4158 CVE-2010-4160 CVE-2010-4162 CVE-2010-4163 CVE-2010-4242 CVE-2010-4248 CVE-2010-4249 CVE-2010-4263 CVE-2010-4525 CVE-2010-4668
RHSA-2011:0007: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110007 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0007, CVE-2010-2492, CVE-2010-3067, CVE-2010-3078, CVE-2010-3080, CVE-2010-3298, CVE-2010-3477, CVE-2010-3861, CVE-2010-3865, CVE-2010-3874, CVE-2010-3876, CVE-2010-3880, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4158, CVE-2010-4160, CVE-2010-4162, CVE-2010-4163, CVE-2010-4242, CVE-2010-4248, CVE-2010-4249, CVE-2010-4263, CVE-2010-4525, CVE-2010-4668 |
| Description | * Buffer overflow in eCryptfs. When /dev/ecryptfs has world writable permissions (which it does not, by default, on Red Hat Enterprise Linux 6), a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. (CVE-2010-2492, Important) * Integer overflow in the RDS protocol implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-3865, Important) * Missing boundary checks in the PPP over L2TP sockets implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4160, Important) * NULL pointer dereference in the igb driver. If both Single Root I/O Virtualization (SR-IOV) and promiscuous mode were enabled on an interface using igb, it could result in a denial of service when a tagged VLAN packet is received on that interface. (CVE-2010-4263, Important) * Missing initialization flaw in the XFS file system implementation, and in the network traffic policing implementation, could allow a local, unprivileged user to cause an information leak. (CVE-2010-3078, CVE-2010-3477, Moderate) * NULL pointer dereference in the Open Sound System compatible sequencer driver could allow a local, unprivileged user with access to /dev/sequencer to cause a denial of service. /dev/sequencer is only accessible to root and users in the audio group by default. (CVE-2010-3080, Moderate) * Flaw in the ethtool IOCTL handler could allow a local user to cause an information leak. (CVE-2010-3861, Moderate) * Flaw in bcm_connect() in the Controller Area Network (CAN) Broadcast Manager. On 64-bit systems, writing the socket address may overflow the procname character array. (CVE-2010-3874, Moderate) * Flaw in the module for monitoring the sockets of INET transport protocols could allow a local, unprivileged user to cause a denial of service. (CVE-2010-3880, Moderate) * Missing boundary checks in the block layer implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4162, CVE-2010-4163, CVE-2010-4668, Moderate) * NULL pointer dereference in the Bluetooth HCI UART driver could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4242, Moderate) * Flaw in the Linux kernel CPU time clocks implementation for the POSIX clock interface could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4248, Moderate) * Flaw in the garbage collector for AF_UNIX sockets could allow a local, unprivileged user to trigger a denial of service. (CVE-2010-4249, Moderate) * Missing upper bound integer check in the AIO implementation could allow a local, unprivileged user to cause an information leak. (CVE-2010-3067, Low) * Missing initialization flaws could lead to information leaks. (CVE-2010-3298, CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, CVE-2010-4158, Low) * Missing initialization flaw in KVM could allow a privileged host user with access to /dev/kvm to cause an information leak. (CVE-2010-4525, Low) Red Hat would like to thank Andre Osterhues for reporting CVE-2010-2492; Thomas Pollet for reporting CVE-2010-3865; Dan Rosenberg for reporting CVE-2010-4160, CVE-2010-3078, CVE-2010-3874, CVE-2010-4162, CVE-2010-4163, CVE-2010-3298, CVE-2010-4073, CVE-2010-4074, CVE-2010-4075, CVE-2010-4077, CVE-2010-4079, CVE-2010-4080, CVE-2010-4081, CVE-2010-4082, CVE-2010-4083, and CVE-2010-4158; Kosuke Tatsukawa for reporting CVE-2010-4263; Tavis Ormandy for reporting CVE-2010-3080 and CVE-2010-3067; Kees Cook for reporting CVE-2010-3861 and CVE-2010-4072; Nelson Elhage for reporting CVE-2010-3880; Alan Cox for reporting CVE-2010-4242; Vegard Nossum for reporting CVE-2010-4249; Vasiliy Kulikov for reporting CVE-2010-3876; and Stephan Mueller of atsec information security for reporting CVE-2010-4525. |
RHSA-2011:0009: evince security update (Moderate)oval-com.redhat.rhsa-def-20110009 mediumRHSA-2011:0009 CVE-2010-2640 CVE-2010-2641 CVE-2010-2642 CVE-2010-2643
RHSA-2011:0009: evince security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110009 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0009, CVE-2010-2640, CVE-2010-2641, CVE-2010-2642, CVE-2010-2643 |
| Description | Evince is a document viewer. An array index error was found in the DeVice Independent (DVI) renderer's PK and VF font file parsers. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user running Evince. (CVE-2010-2640, CVE-2010-2641) A heap-based buffer overflow flaw was found in the DVI renderer's AFM font file parser. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user running Evince. (CVE-2010-2642) An integer overflow flaw was found in the DVI renderer's TFM font file parser. A DVI file that references a specially-crafted font file could, when opened, cause Evince to crash or, potentially, execute arbitrary code with the privileges of the user running Evince. (CVE-2010-2643) Note: The above issues are not exploitable unless an attacker can trick the user into installing a malicious font file. Red Hat would like to thank the Evince development team for reporting these issues. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of these issues. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2011:0013: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20110013 mediumRHSA-2011:0013 CVE-2010-4538
RHSA-2011:0013: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110013 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0013, CVE-2010-4538 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. An array index error, leading to a stack-based buffer overflow, was found in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-4538) Users of Wireshark should upgrade to these updated packages, which contain a backported patch to correct this issue. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2011:0017: Red Hat Enterprise Linux 5.6 kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110017 highRHSA-2011:0017 CVE-2010-3296 CVE-2010-3877 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4080 CVE-2010-4081 CVE-2010-4158 CVE-2010-4238 CVE-2010-4243 CVE-2010-4255 CVE-2010-4263 CVE-2010-4343
RHSA-2011:0017: Red Hat Enterprise Linux 5.6 kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110017 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0017, CVE-2010-3296, CVE-2010-3877, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4158, CVE-2010-4238, CVE-2010-4243, CVE-2010-4255, CVE-2010-4263, CVE-2010-4343 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the igb driver in the Linux kernel. If both the Single Root I/O Virtualization (SR-IOV) feature and promiscuous mode were enabled on an interface using igb, it could result in a denial of service when a tagged VLAN packet is received on that interface. (CVE-2010-4263, Important) * A missing sanity check was found in vbd_create() in the Xen hypervisor implementation. As CD-ROM drives are not supported by the blkback back-end driver, attempting to use a virtual CD-ROM drive with blkback could trigger a denial of service (crash) on the host system running the Xen hypervisor. (CVE-2010-4238, Moderate) * A flaw was found in the Linux kernel execve() system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM (Out of Memory) killer, triggering a denial of service. (CVE-2010-4243, Moderate) * A flaw was found in fixup_page_fault() in the Xen hypervisor implementation. If a 64-bit para-virtualized guest accessed a certain area of memory, it could cause a denial of service on the host system running the Xen hypervisor. (CVE-2010-4255, Moderate) * A missing initialization flaw was found in the bfa driver used by Brocade Fibre Channel Host Bus Adapters. A local, unprivileged user could use this flaw to cause a denial of service by reading a file in the "/sys/class/fc_host/host#/statistics/" directory. (CVE-2010-4343, Moderate) * Missing initialization flaws in the Linux kernel could lead to information leaks. (CVE-2010-3296, CVE-2010-3877, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, CVE-2010-4158, Low) Red Hat would like to thank Kosuke Tatsukawa for reporting CVE-2010-4263; Vladymyr Denysov for reporting CVE-2010-4238; Brad Spengler for reporting CVE-2010-4243; Dan Rosenberg for reporting CVE-2010-3296, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4081, and CVE-2010-4158; Vasiliy Kulikov for reporting CVE-2010-3877; and Kees Cook for reporting CVE-2010-4072. These updated packages also include several hundred bug fixes for and enhancements to the Linux kernel. Space precludes documenting each of these changes in this advisory and users are directed to the Red Hat Enterprise Linux 5.6 Release Notes for information on the most significant of these changes: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Release_Notes/index.html Refer to the kernel chapter in the Red Hat Enterprise Linux 5.6 Technical Notes for further information: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.6_Technical_Notes/kernel.html All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which address these vulnerabilities as well as fixing the bugs and adding the enhancements noted in the Red Hat Enterprise Linux 5.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0025: gcc security and bug fix update (Low)oval-com.redhat.rhsa-def-20110025 lowRHSA-2011:0025 CVE-2010-0831 CVE-2010-2322
RHSA-2011:0025: gcc security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110025 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0025, CVE-2010-0831, CVE-2010-2322 |
| Description | The gcc packages include C, C++, Java, Fortran, Objective C, and Ada 95 GNU compilers, along with related support libraries. The libgcj package provides fastjar, an archive tool for Java Archive (JAR) files. Two directory traversal flaws were found in the way fastjar extracted JAR archive files. If a local, unsuspecting user extracted a specially-crafted JAR file, it could cause fastjar to overwrite arbitrary files writable by the user running fastjar. (CVE-2010-0831, CVE-2010-2322) This update also fixes the following bugs: * The option -print-multi-os-directory in the gcc --help output is not in the gcc(1) man page. This update applies an upstream patch to amend this. (BZ#529659) * An internal assertion in the compiler tried to check that a C++ static data member is external which resulted in errors. This was because when the compiler optimizes C++ anonymous namespaces the declarations were no longer marked external as everything on anonymous namespaces is local to the current translation. This update corrects the assertion to resolve this issue. (BZ#503565, BZ#508735, BZ#582682) * Attempting to compile certain .cpp files could have resulted in an internal compiler error. This update resolves this issue. (BZ#527510) * PrintServiceLookup.lookupPrintServices with an appropriate DocFlavor failed to return a list of printers under gcj. This update includes a backported patch to correct this bug in the printer lookup service. (BZ#578382) * GCC would not build against xulrunner-devel-1.9.2. This update removes gcjwebplugin from the GCC RPM. (BZ#596097) * When a SystemTap generated kernel module was compiled, gcc reported an internal compiler error and gets a segmentation fault. This update applies a patch that, instead of crashing, assumes it can point to anything. (BZ#605803) * There was a performance issue with libstdc++ regarding all objects derived from or using std::streambuf because of lock contention between threads. This patch ensures reload uses the same value from _S_global for the comparison, _M_add_reference () and _M_impl member of the class. (BZ#635708) All gcc users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:0027: python security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20110027 lowRHSA-2011:0027 CVE-2008-5983 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 CVE-2010-1634 CVE-2010-2089
RHSA-2011:0027: python security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110027 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0027, CVE-2008-5983, CVE-2009-4134, CVE-2010-1449, CVE-2010-1450, CVE-2010-1634, CVE-2010-2089 |
| Description | Python is an interpreted, interactive, object-oriented programming language. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim's privileges. This update adds the PySys_SetArgvEx API. Developers can modify their applications to use this new API, which sets sys.argv without modifying sys.path. (CVE-2008-5983) Multiple flaws were found in the Python rgbimg module. If an application written in Python was using the rgbimg module and loaded a specially-crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450) Multiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089) This update also fixes the following bugs: * When starting a child process from the subprocess module in Python 2.4, the parent process could leak file descriptors if an error occurred. This update resolves the issue. (BZ#609017) * Prior to Python 2.7, programs that used "ulimit -n" to enable communication with large numbers of subprocesses could still monitor only 1024 file descriptors at a time, which caused an exception: ValueError: filedescriptor out of range in select() This was due to the subprocess module using the "select" system call. The module now uses the "poll" system call, removing this limitation. (BZ#609020) * Prior to Python 2.5, the tarfile module failed to unpack tar files if the path was longer than 100 characters. This update backports the tarfile module from Python 2.5 and the issue no longer occurs. (BZ#263401) * The email module incorrectly implemented the logic for obtaining attachment file names: the get_filename() fallback for using the deprecated "name" parameter of the "Content-Type" header erroneously used the "Content-Disposition" header. This update backports a fix from Python 2.6, which resolves this issue. (BZ#644147) * Prior to version 2.5, Python's optimized memory allocator never released memory back to the system. The memory usage of a long-running Python process would resemble a "high-water mark". This update backports a fix from Python 2.5a1, which frees unused arenas, and adds a non-standard sys._debugmallocstats() function, which prints diagnostic information to stderr. Finally, when running under Valgrind, the optimized allocator is deactivated, to allow more convenient debugging of Python memory usage issues. (BZ#569093) * The urllib and urllib2 modules ignored the no_proxy variable, which could lead to programs such as "yum" erroneously accessing a proxy server for URLs covered by a "no_proxy" exclusion. This update backports fixes of urllib and urllib2, which respect the "no_proxy" variable, which fixes these issues. (BZ#549372) As well, this update adds the following enhancements: * This update introduces a new python-libs package, subsuming the majority of the content of the core python package. This makes both 32-bit and 64-bit Python libraries available on PowerPC systems. (BZ#625372) * The python-libs.i386 package is now available for 64-bit Itanium with the 32-bit Itanium compatibility mode. (BZ#644761) All Python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2011:0028: kvm security and bug fix update (Low)oval-com.redhat.rhsa-def-20110028 lowRHSA-2011:0028 CVE-2010-4525
RHSA-2011:0028: kvm security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110028 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0028, CVE-2010-4525 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM was not initialized properly before being copied to user-space. A privileged host user with access to "/dev/kvm" could use this flaw to leak kernel stack memory to user-space. (CVE-2010-4525) Red Hat would like to thank Stephan Mueller of atsec information security for reporting this issue. These updated packages also fix several bugs. Documentation for these bug fixes will be available shortly in the "kvm" section of the Red Hat Enterprise Linux 5.6 Technical Notes, linked to in the References. All KVM users should upgrade to these updated packages, which resolve this issue as well as fixing the bugs noted in the Technical Notes. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2011:0153: exim security update (Moderate)oval-com.redhat.rhsa-def-20110153 mediumRHSA-2011:0153 CVE-2010-4345
RHSA-2011:0153: exim security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110153 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0153, CVE-2010-4345 |
| Description | Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause Exim to execute arbitrary commands as the root user. (CVE-2010-4345) This update adds a new configuration file, "/etc/exim/trusted-configs". To prevent Exim from running arbitrary commands as root, Exim will now drop privileges when run with a configuration file not listed as trusted. This could break backwards compatibility with some Exim configurations, as the trusted-configs file only trusts "/etc/exim/exim.conf" and "/etc/exim/exim4.conf" by default. If you are using a configuration file not listed in the new trusted-configs file, you will need to add it manually. Additionally, Exim will no longer allow a user to execute exim as root with the -D command line option to override macro definitions. All macro definitions that require root permissions must now reside in a trusted configuration file. Users of Exim are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the exim daemon will be restarted automatically. |
RHSA-2011:0154: hplip security update (Moderate)oval-com.redhat.rhsa-def-20110154 mediumRHSA-2011:0154 CVE-2010-4267
RHSA-2011:0154: hplip security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110154 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0154, CVE-2010-4267 |
| Description | Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for Hewlett-Packard printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw was found in the way certain HPLIP tools discovered devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them. (CVE-2010-4267) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. Users of hplip should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2011:0162: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110162 highRHSA-2011:0162 CVE-2010-3859 CVE-2010-3876 CVE-2010-4072 CVE-2010-4073 CVE-2010-4075 CVE-2010-4080 CVE-2010-4083 CVE-2010-4157 CVE-2010-4158 CVE-2010-4242 CVE-2010-4249
RHSA-2011:0162: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110162 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0162, CVE-2010-3859, CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4242, CVE-2010-4249 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A heap overflow flaw was found in the Linux kernel's Transparent Inter-Process Communication protocol (TIPC) implementation. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2010-3859, Important) * Missing sanity checks were found in gdth_ioctl_alloc() in the gdth driver in the Linux kernel. A local user with access to "/dev/gdth" on a 64-bit system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2010-4157, Moderate) * A NULL pointer dereference flaw was found in the Bluetooth HCI UART driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2010-4242, Moderate) * A flaw was found in the Linux kernel's garbage collector for AF_UNIX sockets. A local, unprivileged user could use this flaw to trigger a denial of service (out-of-memory condition). (CVE-2010-4249, Moderate) * Missing initialization flaws were found in the Linux kernel. A local, unprivileged user could use these flaws to cause information leaks. (CVE-2010-3876, CVE-2010-4072, CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4083, CVE-2010-4158, Low) Red Hat would like to thank Alan Cox for reporting CVE-2010-4242; Vegard Nossum for reporting CVE-2010-4249; Vasiliy Kulikov for reporting CVE-2010-3876; Kees Cook for reporting CVE-2010-4072; and Dan Rosenberg for reporting CVE-2010-4073, CVE-2010-4075, CVE-2010-4080, CVE-2010-4083, and CVE-2010-4158. This update also fixes the following bugs: * A flaw was found in the Linux kernel where, if used in conjunction with another flaw that can result in a kernel Oops, could possibly lead to privilege escalation. It does not affect Red Hat Enterprise Linux 4 as the sysctl panic_on_oops variable is turned on by default. However, as a preventive measure if the variable is turned off by an administrator, this update addresses the issue. Red Hat would like to thank Nelson Elhage for reporting this vulnerability. (BZ#659568) * On Intel I/O Controller Hub 9 (ICH9) hardware, jumbo frame support is achieved by using page-based sk_buff buffers without any packet split. The entire frame data is copied to the page(s) rather than some to the skb->data area and some to the page(s) when performing a typical packet-split. This caused problems with the filtering code and frames were getting dropped before they were received by listening applications. This bug could eventually lead to the IP address being released and not being able to be re-acquired from DHCP if the MTU (Maximum Transfer Unit) was changed (for an affected interface using the e1000e driver). With this update, frames are no longer dropped and an IP address is correctly re-acquired after a previous release. (BZ#664667) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2011:0163: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110163 highRHSA-2011:0163 CVE-2010-4526
RHSA-2011:0163: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0163, CVE-2010-4526 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the sctp_icmp_proto_unreachable() function in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-4526, Important) This update also fixes the following bugs: * Due to an off-by-one error, gfs2_grow failed to take the very last "rgrp" parameter into account when adding up the new free space. With this update, the GFS2 kernel properly counts all the new resource groups and fixes the "statfs" file correctly. (BZ#666792) * Prior to this update, a multi-threaded application, which invoked popen(3) internally, could cause a thread stall by FILE lock corruption. The application program waited for a FILE lock in glibc, but the lock seemed to be corrupted, which was caused by a race condition in the COW (Copy On Write) logic. With this update, the race condition was corrected and FILE lock corruption no longer occurs. (BZ#667050) * If an error occurred during I/O, the SCSI driver reset the "megaraid_sas" controller to restore it to normal state. However, on Red Hat Enterprise Linux 5, the waiting time to allow a full reset completion for the "megaraid_sas" controller was too short. The driver incorrectly recognized the controller as stalled, and, as a result, the system stalled as well. With this update, more time is given to the controller to properly restart, thus, the controller operates as expected after being reset. (BZ#667141) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2011:0164: mysql security update (Moderate)oval-com.redhat.rhsa-def-20110164 mediumRHSA-2011:0164 CVE-2010-3677 CVE-2010-3678 CVE-2010-3679 CVE-2010-3680 CVE-2010-3681 CVE-2010-3682 CVE-2010-3683 CVE-2010-3833 CVE-2010-3835 CVE-2010-3836 CVE-2010-3837 CVE-2010-3838 CVE-2010-3839 CVE-2010-3840
RHSA-2011:0164: mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0164, CVE-2010-3677, CVE-2010-3678, CVE-2010-3679, CVE-2010-3680, CVE-2010-3681, CVE-2010-3682, CVE-2010-3683, CVE-2010-3833, CVE-2010-3835, CVE-2010-3836, CVE-2010-3837, CVE-2010-3838, CVE-2010-3839, CVE-2010-3840 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The MySQL PolyFromWKB() function did not sanity check Well-Known Binary (WKB) data, which could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3840) A flaw in the way MySQL processed certain JOIN queries could allow a remote, authenticated attacker to cause excessive CPU use (up to 100%), if a stored procedure contained JOIN queries, and that procedure was executed twice in sequence. (CVE-2010-3839) A flaw in the way MySQL processed queries that provide a mixture of numeric and longblob data types to the LEAST or GREATEST function, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3838) A flaw in the way MySQL processed PREPARE statements containing both GROUP_CONCAT and the WITH ROLLUP modifier could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3837) MySQL did not properly pre-evaluate LIKE arguments in view prepare mode, possibly allowing a remote, authenticated attacker to crash mysqld. (CVE-2010-3836) A flaw in the way MySQL processed statements that assign a value to a user-defined variable and that also contain a logical value evaluation could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3835) A flaw in the way MySQL evaluated the arguments of extreme-value functions, such as LEAST and GREATEST, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3833) A flaw in the way MySQL handled LOAD DATA INFILE requests allowed MySQL to send OK packets even when there were errors. (CVE-2010-3683) A flaw in the way MySQL processed EXPLAIN statements for some complex SELECT queries could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3682) A flaw in the way MySQL processed certain alternating READ requests provided by HANDLER statements could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3681) A flaw in the way MySQL processed CREATE TEMPORARY TABLE statements that define NULL columns when using the InnoDB storage engine, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3680) A flaw in the way MySQL processed certain values provided to the BINLOG statement caused MySQL to read unassigned memory. A remote, authenticated attacker could possibly use this flaw to crash mysqld. (CVE-2010-3679) A flaw in the way MySQL processed SQL queries containing IN or CASE statements, when a NULL argument was provided as one of the arguments to the query, could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3678) A flaw in the way MySQL processed JOIN queries that attempt to retrieve data from a unique SET column could allow a remote, authenticated attacker to crash mysqld. (CVE-2010-3677) Note: CVE-2010-3840, CVE-2010-3838, CVE-2010-3837, CVE-2010-3835, CVE-2010-3833, CVE-2010-3682, CVE-2010-3681, CVE-2010-3680, CVE-2010-3678, and CVE-2010-3677 only cause a temporary denial of service, as mysqld was automatically restarted after each crash. These updated packages upgrade MySQL to version 5.1.52. Refer to the MySQL release notes for a full list of changes: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-52.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2011:0170: libuser security update (Moderate)oval-com.redhat.rhsa-def-20110170 mediumRHSA-2011:0170 CVE-2011-0002
RHSA-2011:0170: libuser security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110170 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0170, CVE-2011-0002 |
| Description | The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages. It was discovered that libuser did not set the password entry correctly when creating LDAP (Lightweight Directory Access Protocol) users. If an administrator did not assign a password to an LDAP based user account, either at account creation with luseradd, or with lpasswd after account creation, an attacker could use this flaw to log into that account with a default password string that should have been rejected. (CVE-2011-0002) Note: LDAP administrators that have used libuser tools to add users should check existing user accounts for plain text passwords, and reset them as necessary. Users of libuser should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2011:0176: java-1.6.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20110176 mediumRHSA-2011:0176 CVE-2010-3860 CVE-2010-4351
RHSA-2011:0176: java-1.6.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110176 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0176, CVE-2010-3860, CVE-2010-4351 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. The javaws command can be used to launch Java Web Start applications. A public static field declaration allowed untrusted JNLP (Java Network Launching Protocol) applications to read privileged data. A remote attacker could directly or indirectly read the values of restricted system properties, such as "user.name", "user.home", and "java.home", which untrusted applications should not be allowed to read. (CVE-2010-3860) It was found that JNLPSecurityManager could silently return without throwing an exception when permission was denied. If the javaws command was used to launch a Java Web Start application that relies on this exception being thrown, it could result in that application being run with elevated privileges, allowing it to bypass security manager restrictions and gain access to privileged functionality. (CVE-2010-4351) Note: The RHSA-2010:0339 java-1.6.0-openjdk update installed javaws by mistake. As part of the fixes for CVE-2010-3860 and CVE-2010-4351, this update removes javaws. Red Hat would like to thank the TippingPoint Zero Day Initiative project for reporting CVE-2010-4351. The original issue reporter wishes to stay anonymous. This erratum also upgrades the OpenJDK package to IcedTea6 1.7.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2011:0177: webkitgtk security update (Moderate)oval-com.redhat.rhsa-def-20110177 mediumRHSA-2011:0177 CVE-2010-1780 CVE-2010-1782 CVE-2010-1783 CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-1807 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-3116 CVE-2010-3119 CVE-2010-3255 CVE-2010-3257 CVE-2010-3259 CVE-2010-3812 CVE-2010-3813 CVE-2010-4197 CVE-2010-4198 CVE-2010-4204 CVE-2010-4206 CVE-2010-4577
RHSA-2011:0177: webkitgtk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110177 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0177, CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1814, CVE-2010-1815, CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3257, CVE-2010-3259, CVE-2010-3812, CVE-2010-3813, CVE-2010-4197, CVE-2010-4198, CVE-2010-4204, CVE-2010-4206, CVE-2010-4577 |
| Description | WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. Multiple memory corruption flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114, CVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812, CVE-2010-4198) Multiple use-after-free flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793, CVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257, CVE-2010-4197, CVE-2010-4204) Two array index errors, leading to out-of-bounds memory reads, were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577) A flaw in WebKit could allow malicious web content to trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2010-3115) It was found that WebKit did not correctly restrict read access to images created from the "canvas" element. Malicious web content could allow a remote attacker to bypass the same-origin policy and potentially access sensitive image data. (CVE-2010-3259) A flaw was found in the way WebKit handled DNS prefetching. Even when it was disabled, web content containing certain "link" elements could cause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813) Users of WebKitGTK+ should upgrade to these updated packages, which contain WebKitGTK+ version 1.2.6, and resolve these issues. All running applications that use WebKitGTK+ must be restarted for this update to take effect. |
RHSA-2011:0180: pango security update (Moderate)oval-com.redhat.rhsa-def-20110180 mediumRHSA-2011:0180 CVE-2011-0020
RHSA-2011:0180: pango security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0180, CVE-2011-0020 |
| Description | Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to a heap-based buffer overflow, was found in the way Pango displayed font files when using the FreeType font engine back end. If a user loaded a malformed font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0020) Users of pango and evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, you must restart your system or restart your X session for the update to take effect. |
RHSA-2011:0181: openoffice.org and openoffice.org2 security update (Important)oval-com.redhat.rhsa-def-20110181 highRHSA-2011:0181 CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-4643
RHSA-2011:0181: openoffice.org and openoffice.org2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110181 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0181, CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-4643 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially-crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially-crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing this specially-crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially-crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2011:0182: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20110182 highRHSA-2011:0182 CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643
RHSA-2011:0182: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110182 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0182, CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-3689, CVE-2010-4253, CVE-2010-4643 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially-crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially-crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially-crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing this specially-crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially-crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a "." character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute arbitrary code with the privileges of the user running OpenOffice.org, if that user ran OpenOffice.org from within an attacker-controlled directory. (CVE-2010-3689) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and Dmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2011:0183: openoffice.org security and bug fix update (Important)oval-com.redhat.rhsa-def-20110183 highRHSA-2011:0183 CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643
RHSA-2011:0183: openoffice.org security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110183 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0183, CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-3689, CVE-2010-4253, CVE-2010-4643 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially-crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially-crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially-crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing this specially-crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially-crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a "." character could be included in the LD_LIBRARY_PATH variable, allowing a local attacker to execute arbitrary code with the privileges of the user running OpenOffice.org, if that user ran OpenOffice.org from within an attacker-controlled directory. (CVE-2010-3689) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues; and Dmitri Gribenko for reporting the CVE-2010-3689 issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. This update also fixes the following bug: * OpenOffice.org did not create a lock file when opening a file that was on a share mounted via SFTP. Additionally, if there was a lock file, it was ignored. This could result in data loss if a file in this situation was opened simultaneously by another user. (BZ#671087) All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2011:0195: php security update (Moderate)oval-com.redhat.rhsa-def-20110195 mediumRHSA-2011:0195 CVE-2009-5016 CVE-2010-3709 CVE-2010-3870 CVE-2010-4645
RHSA-2011:0195: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110195 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0195, CVE-2009-5016, CVE-2010-3709, CVE-2010-3870, CVE-2010-4645 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only affected i386 systems. (CVE-2010-4645) A numeric truncation error and an input validation flaw were found in the way the PHP utf8_decode() function decoded partial multi-byte sequences for some multi-byte encodings, sending them to output without them being escaped. An attacker could use these flaws to perform a cross-site scripting attack. (CVE-2009-5016, CVE-2010-3870) A NULL pointer dereference flaw was found in the PHP ZipArchive::getArchiveComment function. If a script used this function to inspect a specially-crafted ZIP archive file, it could cause the PHP interpreter to crash. (CVE-2010-3709) All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2011:0196: php53 security update (Moderate)oval-com.redhat.rhsa-def-20110196 mediumRHSA-2011:0196 CVE-2010-3710 CVE-2010-4156 CVE-2010-4645
RHSA-2011:0196: php53 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110196 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0196, CVE-2010-3710, CVE-2010-4156, CVE-2010-4645 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP converted certain floating point values from string representation to a number. If a PHP script evaluated an attacker's input in a numeric context, the PHP interpreter could cause high CPU usage until the script execution time limit is reached. This issue only affected i386 systems. (CVE-2010-4645) A stack memory exhaustion flaw was found in the way the PHP filter_var() function validated email addresses. An attacker could use this flaw to crash the PHP interpreter by providing excessively long input to be validated as an email address. (CVE-2010-3710) A memory disclosure flaw was found in the PHP multi-byte string extension. If the mb_strcut() function was called with a length argument exceeding the input string size, the function could disclose a portion of the PHP interpreter's memory. (CVE-2010-4156) All php53 users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2011:0197: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20110197 mediumRHSA-2011:0197 CVE-2010-4015
RHSA-2011:0197: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0197, CVE-2010-4015 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. For Red Hat Enterprise Linux 4, the updated postgresql packages contain a backported patch for this issue; there are no other changes. For Red Hat Enterprise Linux 5, the updated postgresql packages upgrade PostgreSQL to version 8.1.23, and contain a backported patch for this issue. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.1/static/release.html For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.7, which includes a fix for this issue. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2011:0198: postgresql84 security update (Moderate)oval-com.redhat.rhsa-def-20110198 mediumRHSA-2011:0198 CVE-2010-4015
RHSA-2011:0198: postgresql84 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110198 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0198, CVE-2010-4015 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from an SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially-crafted SQL query could use this flaw to cause a temporary denial of service (postgres daemon crash) or, potentially, execute arbitrary code with the privileges of the database server. (CVE-2010-4015) Red Hat would like to thank Geoff Keating of the Apple Product Security team for reporting this issue. These updated postgresql84 packages upgrade PostgreSQL to version 8.4.7. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2011:0199: krb5 security update (Important)oval-com.redhat.rhsa-def-20110199 highRHSA-2011:0199 CVE-2011-0281 CVE-2011-0282
RHSA-2011:0199: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110199 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0199, CVE-2011-0281, CVE-2011-0282 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially-crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially-crafted request. (CVE-2011-0281) Red Hat would like to thank the MIT Kerberos Team for reporting these issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2011:0200: krb5 security update (Important)oval-com.redhat.rhsa-def-20110200 highRHSA-2011:0200 CVE-2010-4022 CVE-2011-0281 CVE-2011-0282
RHSA-2011:0200: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110200 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0200, CVE-2010-4022, CVE-2011-0281, CVE-2011-0282 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed principal names that were not null terminated, when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to crash the KDC via a specially-crafted request. (CVE-2011-0282) A denial of service flaw was found in the way the MIT Kerberos KDC processed certain principal names when the KDC was configured to use an LDAP back end. A remote attacker could use this flaw to cause the KDC to hang via a specially-crafted request. (CVE-2011-0281) A denial of service flaw was found in the way the MIT Kerberos V5 slave KDC update server (kpropd) processed certain update requests for KDC database propagation. A remote attacker could use this flaw to terminate the kpropd daemon via a specially-crafted update request. (CVE-2010-4022) Red Hat would like to thank the MIT Kerberos Team for reporting the CVE-2011-0282 and CVE-2011-0281 issues. Upstream acknowledges Kevin Longfellow of Oracle Corporation as the original reporter of the CVE-2011-0281 issue. All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20110214 mediumRHSA-2011:0214 CVE-2010-4476
RHSA-2011:0214: java-1.6.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110214 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0214, CVE-2010-4476 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Java-based applications to hang, for instance if they parse Double values in a specially-crafted HTTP request. (CVE-2010-4476) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve this issue. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2011:0219: Red Hat Enterprise Linux 4 - 1-Year End Of Life Notice (Low)oval-com.redhat.rhsa-def-20110219 lowRHSA-2011:0219
RHSA-2011:0219: Red Hat Enterprise Linux 4 - 1-Year End Of Life Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110219 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0219 |
| Description | In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life-cycle of Red Hat Enterprise Linux 4 will end on February 29, 2012. After this date, Red Hat will discontinue the regular subscription services for Red Hat Enterprise Linux 4. Therefore, new bug fix, enhancement, and security errata updates, as well as technical support services will no longer be available for the following products: * Red Hat Enterprise Linux AS 4 * Red Hat Enterprise Linux ES 4 * Red Hat Enterprise Linux WS 4 * Red Hat Enterprise Linux Extras 4 * Red Hat Desktop 4 * Red Hat Global File System 4 * Red Hat Cluster Suite 4 Customers still running production workloads on Red Hat Enterprise Linux 4 are advised to begin planning the upgrade to Red Hat Enterprise Linux 5 or 6. Active subscribers of Red Hat Enterprise Linux already have access to all currently maintained versions of Red Hat Enterprise Linux, as part of their subscription without additional fees. For customers who are unable to migrate off Red Hat Enterprise Linux 4 before its end-of-life date, Red Hat intends to offer a limited, optional extension program. For more information, contact your Red Hat sales representative or channel partner. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ |
RHSA-2011:0256: dhcp security update (Moderate)oval-com.redhat.rhsa-def-20110256 mediumRHSA-2011:0256 CVE-2011-0413
RHSA-2011:0256: dhcp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110256 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0256, CVE-2011-0413 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks. A flaw was found in the way the dhcpd daemon processed certain DHCPv6 messages for addresses that had previously been declined and marked as abandoned internally. If a remote attacker sent such messages to dhcpd, it could cause dhcpd to crash due to an assertion failure if it was running as a DHCPv6 server. (CVE-2011-0413) Red Hat would like to thank Internet Systems Consortium for reporting this issue. Users running dhcpd as a DHCPv6 server should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all DHCP servers will be restarted automatically. |
RHSA-2011:0257: subversion security update (Moderate)oval-com.redhat.rhsa-def-20110257 mediumRHSA-2011:0257 CVE-2010-4539 CVE-2010-4644
RHSA-2011:0257: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110257 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0257, CVE-2010-4539, CVE-2010-4644 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. A server-side memory leak was found in the Subversion server. If a malicious, remote user performed "svn blame" or "svn log" operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module (for use with the Apache HTTP Server) processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. |
RHSA-2011:0258: subversion security update (Moderate)oval-com.redhat.rhsa-def-20110258 mediumRHSA-2011:0258 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644
RHSA-2011:0258: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110258 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0258, CVE-2010-3315, CVE-2010-4539, CVE-2010-4644 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An access restriction bypass flaw was found in the mod_dav_svn module. If the SVNPathAuthz directive was set to "short_circuit", certain access rules were not enforced, possibly allowing sensitive repository data to be leaked to remote users. Note that SVNPathAuthz is set to "On" by default. (CVE-2010-3315) A server-side memory leak was found in the Subversion server. If a malicious, remote user performed "svn blame" or "svn log" operations on certain repository files, it could cause the Subversion server to consume a large amount of system memory. (CVE-2010-4644) A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests. If a malicious, remote user issued a certain type of request to display a collection of Subversion repositories on a host that has the SVNListParentPath directive enabled, it could cause the httpd process serving the request to crash. Note that SVNListParentPath is not enabled by default. (CVE-2010-4539) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the Subversion server must be restarted for the update to take effect: restart httpd if you are using mod_dav_svn, or restart svnserve if it is used. |
RHSA-2011:0260: python security and bug fix update (Low)oval-com.redhat.rhsa-def-20110260 lowRHSA-2011:0260 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450
RHSA-2011:0260: python security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110260 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0260, CVE-2009-4134, CVE-2010-1449, CVE-2010-1450 |
| Description | Python is an interpreted, interactive, object-oriented programming language. Multiple flaws were found in the Python rgbimg module. If an application written in Python was using the rgbimg module and loaded a specially-crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2009-4134, CVE-2010-1449, CVE-2010-1450) This update also fixes the following bugs: * Python 2.3.4's time.strptime() function did not correctly handle the "%W" week number format string. This update backports the _strptime implementation from Python 2.3.6, fixing this issue. (BZ#436001) * Python 2.3.4's socket.htons() function returned partially-uninitialized data on IBM System z, generally leading to incorrect results. (BZ#513341) * Python 2.3.4's pwd.getpwuid() and grp.getgrgid() functions did not support the full range of user and group IDs on 64-bit architectures, leading to "OverflowError" exceptions for large input values. This update adds support for the full range of user and group IDs on 64-bit architectures. (BZ#497540) Users of Python should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:0261: bash security and bug fix update (Low)oval-com.redhat.rhsa-def-20110261 lowRHSA-2011:0261 CVE-2008-5374
RHSA-2011:0261: bash security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110261 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0261, CVE-2008-5374 |
| Description | Bash (Bourne-again shell) is the default shell for Red Hat Enterprise Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374) This update also fixes the following bugs: * If a child process's PID was the same as the PID of a previously ended child process, Bash did not wait for that child process. In some cases this caused "Resource temporarily unavailable" errors. With this update, Bash recycles PIDs and waits for processes with recycled PIDs. (BZ#521134) * Bash's built-in "read" command had a memory leak when "read" failed due to no input (pipe for stdin). With this update, the memory is correctly freed. (BZ#537029) * Bash did not correctly check for a valid multi-byte string when setting the IFS value, causing Bash to crash. With this update, Bash checks the multi-byte string and no longer crashes. (BZ#539536) * Bash incorrectly set locale settings when using the built-in "export" command and setting the locale on the same line (for example, with "LC_ALL=C export LC_ALL"). With this update, Bash correctly sets locale settings. (BZ#539538) All bash users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:0262: sendmail security and bug fix update (Low)oval-com.redhat.rhsa-def-20110262 lowRHSA-2011:0262 CVE-2009-4565
RHSA-2011:0262: sendmail security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110262 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0262, CVE-2009-4565 |
| Description | Sendmail is a Mail Transport Agent (MTA) used to send mail between machines. A flaw was found in the way sendmail handled NUL characters in the CommonName field of X.509 certificates. An attacker able to get a carefully-crafted certificate signed by a trusted Certificate Authority could trick sendmail into accepting it by mistake, allowing the attacker to perform a man-in-the-middle attack or bypass intended client certificate authentication. (CVE-2009-4565) The CVE-2009-4565 issue only affected configurations using TLS with certificate verification and CommonName checking enabled, which is not a typical configuration. This update also fixes the following bugs: * Previously, sendmail did not correctly handle mail messages that had a long first header line. A line with more than 2048 characters was split, causing the part of the line exceeding the limit, as well as all of the following mail headers, to be incorrectly handled as the message body. (BZ#499450) * When an SMTP-sender is sending mail data to sendmail, it may spool that data to a file in the mail queue. It was found that, if the SMTP-sender stopped sending data and a timeout occurred, the file may have been left stalled in the mail queue, instead of being deleted. This update may not correct this issue for every situation and configuration. Refer to the Solution section for further information. (BZ#434645) * Previously, the sendmail macro MAXHOSTNAMELEN used 64 characters as the limit for the hostname length. However, in some cases, it was used against an FQDN length, which has a maximum length of 255 characters. With this update, the MAXHOSTNAMELEN limit has been changed to 255. (BZ#485380) All sendmail users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, sendmail will be restarted automatically. |
RHSA-2011:0263: Red Hat Enterprise Linux 4.9 kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110263 highRHSA-2011:0263 CVE-2010-4527 CVE-2010-4655 CVE-2011-0521
RHSA-2011:0263: Red Hat Enterprise Linux 4.9 kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110263 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0263, CVE-2010-4527, CVE-2010-4655, CVE-2011-0521 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the load_mixer_volumes() function in the Linux kernel's Open Sound System (OSS) sound driver. On 64-bit PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2010-4527, Important) * A missing boundary check was found in the dvb_ca_ioctl() function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-0521, Important) * A missing initialization flaw was found in the ethtool_get_regs() function in the Linux kernel's ethtool IOCTL handler. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause an information leak. (CVE-2010-4655, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2010-4527, and Kees Cook for reporting CVE-2010-4655. These updated kernel packages also fix hundreds of bugs and add numerous enhancements. For details on individual bug fixes and enhancements included in this update, refer to the Red Hat Enterprise Linux 4.9 Release Notes, linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2011:0281: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20110281 highRHSA-2011:0281 CVE-2010-4448 CVE-2010-4450 CVE-2010-4465 CVE-2010-4469 CVE-2010-4470 CVE-2010-4472
RHSA-2011:0281: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110281 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0281, CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4472 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Swing library. Forged TimerEvents could be used to bypass SecurityManager checks, allowing access to otherwise blocked files and directories. (CVE-2010-4465) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), which could lead to heap corruption. (CVE-2010-4469) A flaw was found in the way JAXP (Java API for XML Processing) components were handled, allowing them to be manipulated by untrusted applets. This could be used to elevate privileges and bypass secure XML processing restrictions. (CVE-2010-4470) It was found that untrusted applets could create and place cache entries in the name resolution cache. This could allow an attacker targeted manipulation over name resolution until the OpenJDK VM is restarted. (CVE-2010-4448) It was found that the Java launcher provided by OpenJDK did not check the LD_LIBRARY_PATH environment variable for insecure empty path elements. A local attacker able to trick a user into running the Java launcher while working from an attacker-writable directory could use this flaw to load an untrusted library, subverting the Java security model. (CVE-2010-4450) A flaw was found in the XML Digital Signature component in OpenJDK. Untrusted code could use this flaw to replace the Java Runtime Environment (JRE) XML Digital Signature Transform or C14N algorithm implementations to intercept digital signature operations. (CVE-2010-4472) Note: All of the above flaws can only be remotely triggered in OpenJDK by calling the "appletviewer" application. This update also provides one defense in depth patch. (BZ#676019) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2011:0283: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20110283 mediumRHSA-2011:0283 CVE-2010-4165 CVE-2010-4169 CVE-2010-4243
RHSA-2011:0283: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110283 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0283, CVE-2010-4165, CVE-2010-4169, CVE-2010-4243 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A divide-by-zero flaw was found in the tcp_select_initial_window() function in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to trigger a denial of service by calling setsockopt() with certain options. (CVE-2010-4165, Moderate) * A use-after-free flaw in the mprotect() system call in the Linux kernel could allow a local, unprivileged user to cause a local denial of service. (CVE-2010-4169, Moderate) * A flaw was found in the Linux kernel execve() system call implementation. A local, unprivileged user could cause large amounts of memory to be allocated but not visible to the OOM (Out of Memory) killer, triggering a denial of service. (CVE-2010-4243, Moderate) Red Hat would like to thank Steve Chen for reporting CVE-2010-4165, and Brad Spengler for reporting CVE-2010-4243. This update also fixes several bugs and adds two enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancements noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0303: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20110303 mediumRHSA-2011:0303 CVE-2010-4249 CVE-2010-4251 CVE-2010-4655 CVE-2010-4805
RHSA-2011:0303: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110303 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0303, CVE-2010-4249, CVE-2010-4251, CVE-2010-4655, CVE-2010-4805 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the Linux kernel's garbage collector for AF_UNIX sockets. A local, unprivileged user could use this flaw to trigger a denial of service (out-of-memory condition). (CVE-2010-4249, Moderate) * A flaw was found in the Linux kernel's networking subsystem. If the number of packets received exceeded the receiver's buffer limit, they were queued in a backlog, consuming memory, instead of being discarded. A remote attacker could abuse this flaw to cause a denial of service (out-of-memory condition). (CVE-2010-4251, Moderate) * A missing initialization flaw was found in the ethtool_get_regs() function in the Linux kernel's ethtool IOCTL handler. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause an information leak. (CVE-2010-4655, Low) Red Hat would like to thank Vegard Nossum for reporting CVE-2010-4249, and Kees Cook for reporting CVE-2010-4655. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0305: samba security update (Important)oval-com.redhat.rhsa-def-20110305 highRHSA-2011:0305 CVE-2011-0719
RHSA-2011:0305: samba security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110305 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0305, CVE-2011-0719 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" values, resulting in the Samba server (smbd) crashing. (CVE-2011-0719) Red Hat would like to thank the Samba team for reporting this issue. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2011:0306: samba3x security update (Important)oval-com.redhat.rhsa-def-20110306 highRHSA-2011:0306 CVE-2011-0719
RHSA-2011:0306: samba3x security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110306 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0306, CVE-2011-0719 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A flaw was found in the way Samba handled file descriptors. If an attacker were able to open a large number of file descriptors on the Samba server, they could flip certain stack bits to "1" values, resulting in the Samba server (smbd) crashing. (CVE-2011-0719) Red Hat would like to thank the Samba team for reporting this issue. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2011:0307: mailman security update (Moderate)oval-com.redhat.rhsa-def-20110307 mediumRHSA-2011:0307 CVE-2008-0564 CVE-2010-3089 CVE-2011-0707
RHSA-2011:0307: mailman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110307 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0307, CVE-2008-0564, CVE-2010-3089, CVE-2011-0707 |
| Description | Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707) Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "listinfo" page. (CVE-2008-0564, CVE-2010-3089) Red Hat would like to thank Mark Sapiro for reporting the CVE-2011-0707 and CVE-2010-3089 issues. Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2011:0308: mailman security update (Moderate)oval-com.redhat.rhsa-def-20110308 mediumRHSA-2011:0308 CVE-2010-3089 CVE-2011-0707
RHSA-2011:0308: mailman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110308 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0308, CVE-2010-3089, CVE-2011-0707 |
| Description | Mailman is a program used to help manage email discussion lists. Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting (XSS) attack against the victim. (CVE-2011-0707) Multiple input sanitization flaws were found in the way Mailman displayed mailing list information. A mailing list administrator could use this flaw to conduct a cross-site scripting (XSS) attack against victims viewing a list's "listinfo" page. (CVE-2010-3089) Red Hat would like to thank Mark Sapiro for reporting these issues. Users of mailman should upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2011:0309: pango security update (Critical)oval-com.redhat.rhsa-def-20110309 highRHSA-2011:0309 CVE-2011-0064
RHSA-2011:0309: pango security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110309 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0309, CVE-2011-0064 |
| Description | Pango is a library used for the layout and rendering of internationalized text. It was discovered that Pango did not check for memory reallocation failures in the hb_buffer_ensure() function. An attacker able to trigger a reallocation failure by passing sufficiently large input to an application using Pango could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0064) Red Hat would like to thank the Mozilla Security Team for reporting this issue. All pango users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. |
RHSA-2011:0310: firefox security and bug fix update (Critical)oval-com.redhat.rhsa-def-20110310 highRHSA-2011:0310 CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0058 CVE-2011-0059 CVE-2011-0061 CVE-2011-0062
RHSA-2011:0310: firefox security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110310 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0310, CVE-2010-1585, CVE-2011-0051, CVE-2011-0053, CVE-2011-0054, CVE-2011-0055, CVE-2011-0056, CVE-2011-0057, CVE-2011-0058, CVE-2011-0059, CVE-2011-0061, CVE-2011-0062 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to safely display the content, causing Firefox to execute arbitrary JavaScript with the privileges of the user running Firefox. (CVE-2010-1585) A flaw was found in the way Firefox handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog box window, it could unexpectedly grant the malicious web page elevated privileges. (CVE-2011-0051) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0053, CVE-2011-0055, CVE-2011-0058, CVE-2011-0062) Several flaws were found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-0054, CVE-2011-0056, CVE-2011-0057) A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0061) A flaw was found in the way Firefox handled plug-ins that perform HTTP requests. If a plug-in performed an HTTP request, and the server sent a 307 redirect response, the plug-in was not notified, and the HTTP request was forwarded. The forwarded request could contain custom headers, which could result in a Cross Site Request Forgery attack. (CVE-2011-0059) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.14. You can find a link to the Mozilla advisories in the References section of this erratum. This update also fixes the following bug: * On Red Hat Enterprise Linux 4 and 5, running the "firefox -setDefaultBrowser" command caused warnings such as the following: libgnomevfs-WARNING **: Deprecated function. User modifications to the MIME database are no longer supported. This update disables the "setDefaultBrowser" option. Red Hat Enterprise Linux 4 users wishing to set a default web browser can use Applications -> Preferences -> More Preferences -> Preferred Applications. Red Hat Enterprise Linux 5 users can use System -> Preferences -> Preferred Applications. (BZ#463131, BZ#665031) All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.14, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2011:0311: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20110311 highRHSA-2011:0311 CVE-2010-1585 CVE-2011-0053 CVE-2011-0061 CVE-2011-0062
RHSA-2011:0311: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110311 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0311, CVE-2010-1585, CVE-2011-0053, CVE-2011-0061, CVE-2011-0062 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2010-1585, CVE-2011-0053, CVE-2011-0062) A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0061) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:0312: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20110312 mediumRHSA-2011:0312 CVE-2011-0051 CVE-2011-0053
RHSA-2011:0312: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110312 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0312, CVE-2011-0051, CVE-2011-0053 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0051, CVE-2011-0053) Note: JavaScript support is disabled by default in Thunderbird. The above issues are not exploitable unless JavaScript is enabled. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:0313: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20110313 highRHSA-2011:0313 CVE-2011-0051 CVE-2011-0053 CVE-2011-0059
RHSA-2011:0313: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110313 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0313, CVE-2011-0051, CVE-2011-0053, CVE-2011-0059 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog box window, it could unexpectedly grant the malicious web page elevated privileges. (CVE-2011-0051) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0053) A flaw was found in the way SeaMonkey handled plug-ins that perform HTTP requests. If a plug-in performed an HTTP request, and the server sent a 307 redirect response, the plug-in was not notified, and the HTTP request was forwarded. The forwarded request could contain custom headers, which could result in a Cross Site Request Forgery attack. (CVE-2011-0059) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2011:0318: libtiff security update (Important)oval-com.redhat.rhsa-def-20110318 highRHSA-2011:0318 CVE-2011-0192
RHSA-2011:0318: libtiff security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110318 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0318, CVE-2011-0192 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-0192) Red Hat would like to thank Apple Product Security for reporting this issue. All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect. |
RHSA-2011:0320: libcgroup security update (Important)oval-com.redhat.rhsa-def-20110320 highRHSA-2011:0320 CVE-2011-1006 CVE-2011-1022
RHSA-2011:0320: libcgroup security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110320 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0320, CVE-2011-1006, CVE-2011-1022 |
| Description | The libcgroup packages provide tools and libraries to control and monitor control groups. A heap-based buffer overflow flaw was found in the way libcgroup converted a list of user-provided controllers for a particular task into an array of strings. A local attacker could use this flaw to escalate their privileges via a specially-crafted list of controllers. (CVE-2011-1006) It was discovered that libcgroup did not properly check the origin of Netlink messages. A local attacker could use this flaw to send crafted Netlink messages to the cgrulesengd daemon, causing it to put processes into one or more existing control groups, based on the attacker's choosing, possibly allowing the particular tasks to run with more resources (memory, CPU, etc.) than originally intended. (CVE-2011-1022) Red Hat would like to thank Nelson Elhage for reporting the CVE-2011-1006 issue. All libcgroup users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:0324: logwatch security update (Important)oval-com.redhat.rhsa-def-20110324 highRHSA-2011:0324 CVE-2011-1018
RHSA-2011:0324: logwatch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110324 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0324, CVE-2011-1018 |
| Description | Logwatch is a customizable log analysis system. Logwatch parses through your system's logs for a given period of time and creates a report analyzing areas that you specify, in as much detail as you require. A flaw was found in the way Logwatch processed log files. If an attacker were able to create a log file with a malicious file name, it could result in arbitrary code execution with the privileges of the root user when that log file is analyzed by Logwatch. (CVE-2011-1018) Users of logwatch should upgrade to this updated package, which contains a backported patch to resolve this issue. |
RHSA-2011:0327: subversion security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20110327 mediumRHSA-2011:0327 CVE-2011-0715
RHSA-2011:0327: subversion security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110327 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0327, CVE-2011-0715 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd process serving the request to crash. (CVE-2011-0715) Red Hat would like to thank Hyrum Wright of the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin, WANdisco, Inc. as the original reporter. This update also fixes the following bug: * A regression was found in the handling of repositories which do not have a "db/fsfs.conf" file. The "svnadmin hotcopy" command would fail when trying to produce a copy of such a repository. This command has been fixed to ignore the absence of the "fsfs.conf" file. The "svnadmin hotcopy" command will now succeed for this type of repository. (BZ#681522) All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. |
RHSA-2011:0328: subversion security update (Moderate)oval-com.redhat.rhsa-def-20110328 mediumRHSA-2011:0328 CVE-2011-0715
RHSA-2011:0328: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110328 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0328, CVE-2011-0715 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed certain requests to lock working copy paths in a repository. A remote attacker could issue a lock request that could cause the httpd process serving the request to crash. (CVE-2011-0715) Red Hat would like to thank Hyrum Wright of the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin, WANdisco, Inc. as the original reporter. All Subversion users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. |
RHSA-2011:0329: kernel security update (Important)oval-com.redhat.rhsa-def-20110329 highRHSA-2011:0329 CVE-2011-0714
RHSA-2011:0329: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110329 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0329, CVE-2011-0714 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A use-after-free flaw was found in the Linux kernel's RPC server sockets implementation. A remote attacker could use this flaw to trigger a denial of service by sending a corrupted packet to a target system. (CVE-2011-0714, Important) Red Hat would like to thank Adam Prince for reporting this issue. Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2011:0332: scsi-target-utils security update (Important)oval-com.redhat.rhsa-def-20110332 highRHSA-2011:0332 CVE-2011-0001
RHSA-2011:0332: scsi-target-utils security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110332 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0332, CVE-2011-0001 |
| Description | The scsi-target-utils package contains the daemon and tools to set up and monitor SCSI targets. Currently, iSCSI software and iSER targets are supported. A double-free flaw was found in scsi-target-utils' tgtd daemon. A remote attacker could trigger this flaw by sending carefully-crafted network traffic, causing the tgtd daemon to crash. (CVE-2011-0001) Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue. All scsi-target-utils users should upgrade to this updated package, which contains a backported patch to correct this issue. All running scsi-target-utils services must be restarted for the update to take effect. |
RHSA-2011:0335: tomcat6 security and bug fix update (Important)oval-com.redhat.rhsa-def-20110335 highRHSA-2011:0335 CVE-2010-4476 CVE-2011-0534
RHSA-2011:0335: tomcat6 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110335 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0335, CVE-2010-4476, CVE-2011-0534 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) A flaw was found in the Tomcat NIO (Non-Blocking I/O) connector. A remote attacker could use this flaw to cause a denial of service (out-of-memory condition) via a specially-crafted request containing a large NIO buffer size request value. (CVE-2011-0534) This update also fixes the following bug: * A bug in the "tomcat6" init script prevented additional Tomcat instances from starting. As well, running "service tomcat6 start" caused configuration options applied from "/etc/sysconfig/tomcat6" to be overwritten with those from "/etc/tomcat6/tomcat6.conf". With this update, multiple instances of Tomcat run as expected. (BZ#676922) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2011:0336: tomcat5 security update (Important)oval-com.redhat.rhsa-def-20110336 highRHSA-2011:0336 CVE-2010-4476
RHSA-2011:0336: tomcat5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110336 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0336, CVE-2010-4476 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A denial of service flaw was found in the way certain strings were converted to Double objects. A remote attacker could use this flaw to cause Tomcat to hang via a specially-crafted HTTP request. (CVE-2010-4476) Users of Tomcat should upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect. |
RHSA-2011:0337: vsftpd security update (Important)oval-com.redhat.rhsa-def-20110337 highRHSA-2011:0337 CVE-2011-0762
RHSA-2011:0337: vsftpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110337 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0337, CVE-2011-0762 |
| Description | vsftpd (Very Secure File Transfer Protocol (FTP) daemon) is a secure FTP server for Linux, UNIX, and similar operating systems. A flaw was discovered in the way vsftpd processed file name patterns. An FTP user could use this flaw to cause the vsftpd process to use an excessive amount of CPU time, when processing a request with a specially-crafted file name pattern. (CVE-2011-0762) All vsftpd users should upgrade to this updated package, which contains a backported patch to correct this issue. The vsftpd daemon must be restarted for this update to take effect. |
RHSA-2011:0345: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20110345 mediumRHSA-2011:0345 CVE-2011-0011
RHSA-2011:0345: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110345 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0345, CVE-2011-0011 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. Virtual Network Computing (VNC) is a remote display system. A flaw was found in the way the VNC "password" option was handled. Clearing a password disabled VNC authentication, allowing a remote user able to connect to the virtual machines' VNC ports to open a VNC session without authentication. (CVE-2011-0011) All users of qemu-kvm should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2011:0346: openldap security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20110346 mediumRHSA-2011:0346 CVE-2011-1024
RHSA-2011:0346: openldap security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110346 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0346, CVE-2011-1024 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) This update also fixes the following bug: * Previously, multiple concurrent connections to an OpenLDAP server could cause the slapd service to terminate unexpectedly with an assertion error. This update adds mutexes to protect multiple threads from accessing a structure with a connection, and the slapd service no longer crashes. (BZ#677611) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. |
RHSA-2011:0347: openldap security update (Moderate)oval-com.redhat.rhsa-def-20110347 mediumRHSA-2011:0347 CVE-2011-1024 CVE-2011-1025 CVE-2011-1081
RHSA-2011:0347: openldap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110347 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0347, CVE-2011-1024, CVE-2011-1025, CVE-2011-1081 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A flaw was found in the way OpenLDAP handled authentication failures being passed from an OpenLDAP slave to the master. If OpenLDAP was configured with a chain overlay and it forwarded authentication failures, OpenLDAP would bind to the directory as an anonymous user and return success, rather than return failure on the authenticated bind. This could allow a user on a system that uses LDAP for authentication to log into a directory-based account without knowing the password. (CVE-2011-1024) It was found that the OpenLDAP back-ndb back end allowed successful authentication to the root distinguished name (DN) when any string was provided as a password. A remote user could use this flaw to access an OpenLDAP directory if they knew the value of the root DN. Note: This issue only affected OpenLDAP installations using the NDB back-end, which is only available for Red Hat Enterprise Linux 6 via third-party software. (CVE-2011-1025) A flaw was found in the way OpenLDAP handled modify relative distinguished name (modrdn) requests. A remote, unauthenticated user could use this flaw to crash an OpenLDAP server via a modrdn request containing an empty old RDN value. (CVE-2011-1081) Users of OpenLDAP should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. |
RHSA-2011:0356: krb5 security update (Important)oval-com.redhat.rhsa-def-20110356 highRHSA-2011:0356 CVE-2011-0284
RHSA-2011:0356: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110356 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0356, CVE-2011-0284 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). The Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) capability provides support for using public-key authentication with Kerberos. A double-free flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ), when the KDC was configured to provide the PKINIT capability. A remote attacker could use this flaw to cause the KDC daemon to abort by using a specially-crafted AS-REQ request. (CVE-2011-0284) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2011:0369: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20110369 mediumRHSA-2011:0369 CVE-2011-0444 CVE-2011-0538 CVE-2011-0713 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141
RHSA-2011:0369: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110369 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0369, CVE-2011-0444, CVE-2011-0538, CVE-2011-0713, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark MAC-LTE dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0444) A heap-based buffer overflow flaw was found in the way Wireshark processed signaling traces generated by the Gammu utility on Nokia DCT3 phones running in Netmonitor mode. If Wireshark opened a specially-crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0713) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.15, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2011:0370: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20110370 mediumRHSA-2011:0370 CVE-2010-3445 CVE-2011-0024 CVE-2011-0538 CVE-2011-1139 CVE-2011-1140 CVE-2011-1141 CVE-2011-1143
RHSA-2011:0370: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110370 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0370, CVE-2010-3445, CVE-2011-0024, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in Wireshark. If Wireshark opened a specially-crafted capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-0024) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445, CVE-2011-0538, CVE-2011-1139, CVE-2011-1140, CVE-2011-1141, CVE-2011-1143) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2011:0376: dbus security update (Moderate)oval-com.redhat.rhsa-def-20110376 mediumRHSA-2011:0376 CVE-2010-4352
RHSA-2011:0376: dbus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110376 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0376, CVE-2010-4352 |
| Description | D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was discovered in the system for sending messages between applications. A local user could send a message with an excessive number of nested variants to the system-wide message bus, causing the message bus (and, consequently, any process using libdbus to receive messages) to abort. (CVE-2010-4352) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. |
RHSA-2011:0390: rsync security update (Moderate)oval-com.redhat.rhsa-def-20110390 mediumRHSA-2011:0390 CVE-2011-1097
RHSA-2011:0390: rsync security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110390 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0390, CVE-2011-1097 |
| Description | rsync is a program for synchronizing files over a network. A memory corruption flaw was found in the way the rsync client processed malformed file list data. If an rsync client used the "--recursive" and "--delete" options without the "--owner" option when connecting to a malicious rsync server, the malicious server could cause rsync on the client system to crash or, possibly, execute arbitrary code with the privileges of the user running rsync. (CVE-2011-1097) Red Hat would like to thank Wayne Davison and Matt McCutchen for reporting this issue. Users of rsync should upgrade to this updated package, which contains a backported patch to resolve this issue. |
RHSA-2011:0391: libvirt security update (Important)oval-com.redhat.rhsa-def-20110391 highRHSA-2011:0391 CVE-2011-1146
RHSA-2011:0391: libvirt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110391 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0391, CVE-2011-1146 |
| Description | The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remotely managing virtualized systems.
It was found that several libvirt API calls did not honor the read-only
permission for connections. A local attacker able to establish a read-only
connection to libvirtd on a server could use this flaw to execute commands
that should be restricted to read-write connections, possibly leading to a
denial of service or privilege escalation. (CVE-2011-1146)
Note: Previously, using rpmbuild without the '--define "rhel 5"' option to
build the libvirt source RPM on Red Hat Enterprise Linux 5 failed with a
"Failed build dependencies" error for the device-mapper-devel package, as
this -devel sub-package is not available on Red Hat Enterprise Linux 5.
With this update, the -devel sub-package is no longer checked by default as
a dependency when building on Red Hat Enterprise Linux 5, allowing the
libvirt source RPM to build as expected.
All libvirt users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
updated packages, libvirtd must be restarted ("service libvirtd restart")
for this update to take effect.
|
RHSA-2011:0392: libtiff security and bug fix update (Important)oval-com.redhat.rhsa-def-20110392 highRHSA-2011:0392 CVE-2011-1167
RHSA-2011:0392: libtiff security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110392 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0392, CVE-2011-1167 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF files encoded with a 4-bit run-length encoding scheme from ThunderScan. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2011-1167) This update also fixes the following bug: * The RHSA-2011:0318 libtiff update introduced a regression that prevented certain TIFF Internet Fax image files, compressed with the CCITT Group 4 compression algorithm, from being read. (BZ#688825) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. |
RHSA-2011:0394: conga security update (Important)oval-com.redhat.rhsa-def-20110394 highRHSA-2011:0394 CVE-2011-0720
RHSA-2011:0394: conga security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110394 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0394, CVE-2011-0720 |
| Description | The conga packages provide a web-based administration tool for remote
cluster and storage management.
A privilege escalation flaw was found in luci, the Conga web-based
administration application. A remote attacker could possibly use this flaw
to obtain administrative access, allowing them to read, create, or modify
the content of the luci application. (CVE-2011-0720)
Users of Conga are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing the
updated packages, luci must be restarted ("service luci restart") for the
update to take effect.
|
RHSA-2011:0395: gdm security update (Moderate)oval-com.redhat.rhsa-def-20110395 mediumRHSA-2011:0395 CVE-2011-0727
RHSA-2011:0395: gdm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110395 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0395, CVE-2011-0727 |
| Description | The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition flaw was found in the way GDM handled the cache directories used to store users' dmrc and face icon files. A local attacker could use this flaw to trick GDM into changing the ownership of an arbitrary file via a symbolic link attack, allowing them to escalate their privileges. (CVE-2011-0727) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. All users should upgrade to these updated packages, which contain a backported patch to correct this issue. GDM must be restarted for this update to take effect. Rebooting achieves this, but changing the runlevel from 5 to 3 and back to 5 also restarts GDM. |
RHSA-2011:0406: quagga security update (Moderate)oval-com.redhat.rhsa-def-20110406 mediumRHSA-2011:0406 CVE-2010-1674 CVE-2010-1675
RHSA-2011:0406: quagga security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110406 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0406, CVE-2010-1674, CVE-2010-1675 |
| Description | Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. A denial of service flaw was found in the way the Quagga bgpd daemon processed certain route metrics information. A BGP message with a specially-crafted path limit attribute would cause the bgpd daemon to reset its session with the peer through which this message was received. (CVE-2010-1675) A NULL pointer dereference flaw was found in the way the Quagga bgpd daemon processed malformed route extended communities attributes. A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-1674) Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd daemon must be restarted for the update to take effect. |
RHSA-2011:0407: logrotate security update (Moderate)oval-com.redhat.rhsa-def-20110407 mediumRHSA-2011:0407 CVE-2011-1098 CVE-2011-1154 CVE-2011-1155
RHSA-2011:0407: logrotate security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110407 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0407, CVE-2011-1098, CVE-2011-1154, CVE-2011-1155 |
| Description | The logrotate utility simplifies the administration of multiple log files, allowing the automatic rotation, compression, removal, and mailing of log files. A shell command injection flaw was found in the way logrotate handled the shred directive. A specially-crafted log file could cause logrotate to execute arbitrary commands with the privileges of the user running logrotate (root, by default). Note: The shred directive is not enabled by default. (CVE-2011-1154) A race condition flaw was found in the way logrotate applied permissions when creating new log files. In some specific configurations, a local attacker could use this flaw to open new log files before logrotate applies the final permissions, possibly leading to the disclosure of sensitive information. (CVE-2011-1098) An input sanitization flaw was found in logrotate. A log file with a specially-crafted file name could cause logrotate to abort when attempting to process that file a subsequent time. (CVE-2011-1155) All logrotate users should upgrade to this updated package, which contains backported patches to resolve these issues. |
RHSA-2011:0412: glibc security update (Important)oval-com.redhat.rhsa-def-20110412 highRHSA-2011:0412 CVE-2010-0296 CVE-2011-0536 CVE-2011-1071 CVE-2011-1095 CVE-2011-1658 CVE-2011-1659
RHSA-2011:0412: glibc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110412 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0412, CVE-2010-0296, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536) It was discovered that the glibc addmntent() function did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into /etc/mtab via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095) All users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:0413: glibc security update (Important)oval-com.redhat.rhsa-def-20110413 highRHSA-2011:0413 CVE-2011-0536 CVE-2011-1071 CVE-2011-1095 CVE-2011-1658 CVE-2011-1659
RHSA-2011:0413: glibc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110413 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0413, CVE-2011-0536, CVE-2011-1071, CVE-2011-1095, CVE-2011-1658, CVE-2011-1659 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. The fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095) All users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:0414: policycoreutils security update (Important)oval-com.redhat.rhsa-def-20110414 highRHSA-2011:0414 CVE-2011-1011
RHSA-2011:0414: policycoreutils security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110414 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0414, CVE-2011-1011 |
| Description | The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies. It was discovered that the seunshare utility did not enforce proper file permissions on the directory used as an alternate temporary directory mounted as /tmp/. A local user could use this flaw to overwrite files or, possibly, execute arbitrary code with the privileges of a setuid or setgid application that relies on proper /tmp/ permissions, by running that application via seunshare. (CVE-2011-1011) Red Hat would like to thank Tavis Ormandy for reporting this issue. This update also introduces the following changes: * The seunshare utility was moved from the main policycoreutils subpackage to the policycoreutils-sandbox subpackage. This utility is only required by the sandbox feature and does not need to be installed by default. * Updated selinux-policy packages that add the SELinux policy changes required by the seunshare fixes. All policycoreutils users should upgrade to these updated packages, which correct this issue. |
RHSA-2011:0421: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110421 highRHSA-2011:0421 CVE-2010-3296 CVE-2010-4346 CVE-2010-4526 CVE-2010-4648 CVE-2010-4655 CVE-2010-4656 CVE-2011-0521 CVE-2011-0695 CVE-2011-0710 CVE-2011-0716 CVE-2011-1478
RHSA-2011:0421: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110421 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0421, CVE-2010-3296, CVE-2010-4346, CVE-2010-4526, CVE-2010-4648, CVE-2010-4655, CVE-2010-4656, CVE-2011-0521, CVE-2011-0695, CVE-2011-0710, CVE-2011-0716, CVE-2011-1478 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the sctp_icmp_proto_unreachable() function in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could use this flaw to cause a denial of service. (CVE-2010-4526, Important) * A missing boundary check was found in the dvb_ca_ioctl() function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-0521, Important) * A race condition was found in the way the Linux kernel's InfiniBand implementation set up new connections. This could allow a remote user to cause a denial of service. (CVE-2011-0695, Important) * A heap overflow flaw in the iowarrior_write() function could allow a user with access to an IO-Warrior USB device, that supports more than 8 bytes per report, to cause a denial of service or escalate their privileges. (CVE-2010-4656, Moderate) * A flaw was found in the way the Linux Ethernet bridge implementation handled certain IGMP (Internet Group Management Protocol) packets. A local, unprivileged user on a system that has a network interface in an Ethernet bridge could use this flaw to crash that system. (CVE-2011-0716, Moderate) * A NULL pointer dereference flaw was found in the Generic Receive Offload (GRO) functionality in the Linux kernel's networking implementation. If both GRO and promiscuous mode were enabled on an interface in a virtual LAN (VLAN), it could result in a denial of service when a malformed VLAN frame is received on that interface. (CVE-2011-1478, Moderate) * A missing initialization flaw in the Linux kernel could lead to an information leak. (CVE-2010-3296, Low) * A missing security check in the Linux kernel's implementation of the install_special_mapping() function could allow a local, unprivileged user to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low) * A logic error in the orinoco_ioctl_set_auth() function in the Linux kernel's ORiNOCO wireless extensions support implementation could render TKIP countermeasures ineffective when it is enabled, as it enabled the card instead of shutting it down. (CVE-2010-4648, Low) * A missing initialization flaw was found in the ethtool_get_regs() function in the Linux kernel's ethtool IOCTL handler. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause an information leak. (CVE-2010-4655, Low) * An information leak was found in the Linux kernel's task_show_regs() implementation. On IBM S/390 systems, a local, unprivileged user could use this flaw to read /proc/[PID]/status files, allowing them to discover the CPU register values of processes. (CVE-2011-0710, Low) Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695; Kees Cook for reporting CVE-2010-4656 and CVE-2010-4655; Dan Rosenberg for reporting CVE-2010-3296; and Tavis Ormandy for reporting CVE-2010-4346. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0422: postfix security update (Moderate)oval-com.redhat.rhsa-def-20110422 mediumRHSA-2011:0422 CVE-2008-2937 CVE-2011-0411
RHSA-2011:0422: postfix security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110422 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0422, CVE-2008-2937, CVE-2011-0411 |
| Description | Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim's session during the plain text phase. This would lead to those commands being processed by Postfix after TLS encryption is enabled, possibly allowing the attacker to steal the victim's mail or authentication credentials. (CVE-2011-0411) It was discovered that Postfix did not properly check the permissions of users' mailbox files. A local attacker able to create files in the mail spool directory could use this flaw to create mailbox files for other local users, and be able to read mail delivered to those users. (CVE-2008-2937) Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411, and Sebastian Krahmer of the SuSE Security Team for reporting CVE-2008-2937. The CERT/CC acknowledges Wietse Venema as the original reporter of CVE-2011-0411. Users of Postfix are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the postfix service will be restarted automatically. |
RHSA-2011:0423: postfix security update (Moderate)oval-com.redhat.rhsa-def-20110423 mediumRHSA-2011:0423 CVE-2011-0411
RHSA-2011:0423: postfix security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110423 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0423, CVE-2011-0411 |
| Description | Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. It was discovered that Postfix did not flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim's session during the plain text phase. This would lead to those commands being processed by Postfix after TLS encryption is enabled, possibly allowing the attacker to steal the victim's mail or authentication credentials. (CVE-2011-0411) Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The CERT/CC acknowledges Wietse Venema as the original reporter. Users of Postfix are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the postfix service will be restarted automatically. |
RHSA-2011:0426: spice-xpi security update (Moderate)oval-com.redhat.rhsa-def-20110426 mediumRHSA-2011:0426 CVE-2011-0012 CVE-2011-1179
RHSA-2011:0426: spice-xpi security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110426 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0426, CVE-2011-0012, CVE-2011-1179 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug-in that allows the SPICE client to run from within Mozilla Firefox. An uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-1179) It was found that the SPICE Firefox plug-in used a predictable name for one of its log files. A local attacker could use this flaw to conduct a symbolic link attack, allowing them to overwrite arbitrary files accessible to the user running Firefox. (CVE-2011-0012) Users of spice-xpi should upgrade to this updated package, which contains backported patches to correct these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2011:0427: spice-xpi security update (Moderate)oval-com.redhat.rhsa-def-20110427 mediumRHSA-2011:0427 CVE-2011-1179
RHSA-2011:0427: spice-xpi security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110427 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0427, CVE-2011-1179 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug-in that allows the SPICE client to run from within Mozilla Firefox. An uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-1179) Users of spice-xpi should upgrade to this updated package, which contains a backported patch to correct this issue. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2011:0428: dhcp security update (Important)oval-com.redhat.rhsa-def-20110428 highRHSA-2011:0428 CVE-2011-0997
RHSA-2011:0428: dhcp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110428 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0428, CVE-2011-0997 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. It was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. (CVE-2011-0997) Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue. All dhclient users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2011:0429: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110429 highRHSA-2011:0429 CVE-2010-4346 CVE-2011-0521 CVE-2011-0710 CVE-2011-1010 CVE-2011-1090 CVE-2011-1478
RHSA-2011:0429: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110429 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0429, CVE-2010-4346, CVE-2011-0521, CVE-2011-0710, CVE-2011-1010, CVE-2011-1090, CVE-2011-1478 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A missing boundary check was found in the dvb_ca_ioctl() function in the Linux kernel's av7110 module. On systems that use old DVB cards that require the av7110 module, a local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-0521, Important) * An inconsistency was found in the interaction between the Linux kernel's method for allocating NFSv4 (Network File System version 4) ACL data and the method by which it was freed. This inconsistency led to a kernel panic which could be triggered by a local, unprivileged user with files owned by said user on an NFSv4 share. (CVE-2011-1090, Moderate) * A NULL pointer dereference flaw was found in the Generic Receive Offload (GRO) functionality in the Linux kernel's networking implementation. If both GRO and promiscuous mode were enabled on an interface in a virtual LAN (VLAN), it could result in a denial of service when a malformed VLAN frame is received on that interface. (CVE-2011-1478, Moderate) * A missing security check in the Linux kernel's implementation of the install_special_mapping() function could allow a local, unprivileged user to bypass the mmap_min_addr protection mechanism. (CVE-2010-4346, Low) * An information leak was found in the Linux kernel's task_show_regs() implementation. On IBM S/390 systems, a local, unprivileged user could use this flaw to read /proc/[PID]/status files, allowing them to discover the CPU register values of processes. (CVE-2011-0710, Low) * A missing validation check was found in the Linux kernel's mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partitions. (CVE-2011-1010, Low) Red Hat would like to thank Ryan Sweat for reporting CVE-2011-1478; Tavis Ormandy for reporting CVE-2010-4346; and Timo Warns for reporting CVE-2011-1010. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0432: xorg-x11 security update (Moderate)oval-com.redhat.rhsa-def-20110432 mediumRHSA-2011:0432 CVE-2011-0465
RHSA-2011:0432: xorg-x11 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110432 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0432, CVE-2011-0465 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the X.Org X server resource database utility, xrdb. Certain variables were not properly sanitized during the launch of a user's graphical session, which could possibly allow a remote attacker to execute arbitrary code with root privileges, if they were able to make the display manager execute xrdb with a specially-crafted X client hostname. For example, by configuring the hostname on the target system via a crafted DHCP reply, or by using the X Display Manager Control Protocol (XDMCP) to connect to that system from a host that has a special DNS name. (CVE-2011-0465) Red Hat would like to thank Matthieu Herrb for reporting this issue. Upstream acknowledges Sebastian Krahmer of the SuSE Security Team as the original reporter. Users of xorg-x11 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for this update to take effect. |
RHSA-2011:0433: xorg-x11-server-utils security update (Moderate)oval-com.redhat.rhsa-def-20110433 mediumRHSA-2011:0433 CVE-2011-0465
RHSA-2011:0433: xorg-x11-server-utils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110433 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0433, CVE-2011-0465 |
| Description | The xorg-x11-server-utils package contains a collection of utilities used to modify and query the runtime configuration of the X.Org server. X.Org is an open source implementation of the X Window System. A flaw was found in the X.Org X server resource database utility, xrdb. Certain variables were not properly sanitized during the launch of a user's graphical session, which could possibly allow a remote attacker to execute arbitrary code with root privileges, if they were able to make the display manager execute xrdb with a specially-crafted X client hostname. For example, by configuring the hostname on the target system via a crafted DHCP reply, or by using the X Display Manager Control Protocol (XDMCP) to connect to that system from a host that has a special DNS name. (CVE-2011-0465) Red Hat would like to thank Matthieu Herrb for reporting this issue. Upstream acknowledges Sebastian Krahmer of the SuSE Security Team as the original reporter. Users of xorg-x11-server-utils should upgrade to this updated package, which contains a backported patch to resolve this issue. All running X.Org server instances must be restarted for this update to take effect. |
RHSA-2011:0436: avahi security update (Moderate)oval-com.redhat.rhsa-def-20110436 mediumRHSA-2011:0436 CVE-2011-1002
RHSA-2011:0436: avahi security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110436 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0436, CVE-2011-1002 |
| Description | Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, avahi-daemon will be restarted automatically. |
RHSA-2011:0447: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20110447 mediumRHSA-2011:0447 CVE-2011-0285
RHSA-2011:0447: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110447 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0447, CVE-2011-0285 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). An invalid free flaw was found in the password-changing capability of the MIT Kerberos administration daemon, kadmind. A remote, unauthenticated attacker could use this flaw to cause kadmind to abort via a specially-crafted request. (CVE-2011-0285) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the kadmind daemon will be restarted automatically. |
RHSA-2011:0452: libtiff security update (Important)oval-com.redhat.rhsa-def-20110452 highRHSA-2011:0452 CVE-2009-5022
RHSA-2011:0452: libtiff security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110452 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0452, CVE-2009-5022 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF image files that were compressed with the JPEG compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2009-5022) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications linked against libtiff must be restarted for this update to take effect. |
RHSA-2011:0455: polkit security update (Important)oval-com.redhat.rhsa-def-20110455 highRHSA-2011:0455 CVE-2011-1485
RHSA-2011:0455: polkit security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110455 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0455, CVE-2011-1485 |
| Description | PolicyKit is a toolkit for defining and handling authorizations. A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. (CVE-2011-1485) Red Hat would like to thank Neel Mehta of Google for reporting this issue. All polkit users should upgrade to these updated packages, which contain backported patches to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2011:0464: kdelibs security update (Moderate)oval-com.redhat.rhsa-def-20110464 mediumRHSA-2011:0464 CVE-2011-1094 CVE-2011-1168
RHSA-2011:0464: kdelibs security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110464 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0464, CVE-2011-1094, CVE-2011-1168 |
| Description | The kdelibs packages provide libraries for the K Desktop Environment (KDE). A cross-site scripting (XSS) flaw was found in the way KHTML, the HTML layout engine used by KDE applications such as the Konqueror web browser, displayed certain error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted URL. (CVE-2011-1168) A flaw was found in the way kdelibs checked the user specified hostname against the name in the server's SSL certificate. A man-in-the-middle attacker could use this flaw to trick an application using kdelibs into mistakenly accepting a certificate as if it was valid for the host, if that certificate was issued for an IP address to which the user specified hostname was resolved to. (CVE-2011-1094) Note: As part of the fix for CVE-2011-1094, this update also introduces stricter handling for wildcards used in servers' SSL certificates. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2011:0465: kdenetwork security update (Important)oval-com.redhat.rhsa-def-20110465 highRHSA-2011:0465 CVE-2011-1586
RHSA-2011:0465: kdenetwork security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110465 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0465, CVE-2011-1586 |
| Description | The kdenetwork packages contain networking applications for the K Desktop Environment (KDE). A directory traversal flaw was found in the way KGet, a download manager, handled the "file" element in Metalink files. An attacker could use this flaw to create a specially-crafted Metalink file that, when opened, would cause KGet to overwrite arbitrary files accessible to the user running KGet. (CVE-2011-1586) Users of kdenetwork should upgrade to these updated packages, which contain a backported patch to resolve this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2011:0471: firefox security update (Critical)oval-com.redhat.rhsa-def-20110471 highRHSA-2011:0471 CVE-2011-0065 CVE-2011-0066 CVE-2011-0067 CVE-2011-0069 CVE-2011-0070 CVE-2011-0071 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081 CVE-2011-1202
RHSA-2011:0471: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110471 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0471, CVE-2011-0065, CVE-2011-0066, CVE-2011-0067, CVE-2011-0069, CVE-2011-0070, CVE-2011-0071, CVE-2011-0072, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081, CVE-2011-1202 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Firefox handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0078) An integer overflow flaw was found in the way Firefox handled the HTML frameset tag. A web page with a frameset tag containing large values for the "rows" and "cols" attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0077) A flaw was found in the way Firefox handled the HTML iframe tag. A web page with an iframe tag containing a specially-crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-0075) A flaw was found in the way Firefox displayed multiple marquee elements. A malformed HTML document could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0074) A flaw was found in the way Firefox handled the nsTreeSelection element. Malformed content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0073) A use-after-free flaw was found in the way Firefox appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0072) A directory traversal flaw was found in the Firefox resource:// protocol handler. Malicious content could cause Firefox to access arbitrary files accessible to the user running Firefox. (CVE-2011-0071) A double free flaw was found in the way Firefox handled "application/http-index-format" documents. A malformed HTTP response could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0070) A flaw was found in the way Firefox handled certain JavaScript cross-domain requests. If malicious content generated a large number of cross-domain JavaScript requests, it could cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0069) A flaw was found in the way Firefox displayed the autocomplete pop-up. Malicious content could use this flaw to steal form history information. (CVE-2011-0067) Two use-after-free flaws were found in the Firefox mObserverList and mChannel objects. Malicious content could use these flaws to execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0066, CVE-2011-0065) A flaw was found in the Firefox XSLT generate-id() function. This function returned the memory address of an object in memory, which could possibly be used by attackers to bypass address randomization protections. (CVE-2011-1202) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.17. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.17, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2011:0473: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20110473 highRHSA-2011:0473 CVE-2011-0072 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080
RHSA-2011:0473: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110473 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0473, CVE-2011-0072, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0080) An arbitrary memory write flaw was found in the way SeaMonkey handled out-of-memory conditions. If all memory was consumed when a user visited a malicious web page, it could possibly lead to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0078) An integer overflow flaw was found in the way SeaMonkey handled the HTML frameset tag. A web page with a frameset tag containing large values for the "rows" and "cols" attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0077) A flaw was found in the way SeaMonkey handled the HTML iframe tag. A web page with an iframe tag containing a specially-crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running SeaMonkey. (CVE-2011-0075) A flaw was found in the way SeaMonkey displayed multiple marquee elements. A malformed HTML document could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0074) A flaw was found in the way SeaMonkey handled the nsTreeSelection element. Malformed content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0073) A use-after-free flaw was found in the way SeaMonkey appended frame and iframe elements to a DOM tree when the NoScript add-on was enabled. Malicious HTML content could cause SeaMonkey to execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0072) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2011:0474: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20110474 highRHSA-2011:0474 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080
RHSA-2011:0474: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110474 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0474, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080) An arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078) An integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the "rows" and "cols" attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0077) A flaw was found in the way Thunderbird handled the HTML iframe tag. An HTML mail message with an iframe tag containing a specially-crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0075) A flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0074) A flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0073) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:0475: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20110475 highRHSA-2011:0475 CVE-2011-0070 CVE-2011-0071 CVE-2011-0073 CVE-2011-0074 CVE-2011-0075 CVE-2011-0077 CVE-2011-0078 CVE-2011-0080 CVE-2011-0081
RHSA-2011:0475: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110475 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0475, CVE-2011-0070, CVE-2011-0071, CVE-2011-0073, CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, CVE-2011-0078, CVE-2011-0080, CVE-2011-0081 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0080, CVE-2011-0081) An arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0078) An integer overflow flaw was found in the way Thunderbird handled the HTML frameset tag. An HTML mail message with a frameset tag containing large values for the "rows" and "cols" attributes could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0077) A flaw was found in the way Thunderbird handled the HTML iframe tag. An HTML mail message with an iframe tag containing a specially-crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-0075) A flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0074) A flaw was found in the way Thunderbird handled the nsTreeSelection element. Malformed content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0073) A directory traversal flaw was found in the Thunderbird resource:// protocol handler. Malicious content could cause Thunderbird to access arbitrary files accessible to the user running Thunderbird. (CVE-2011-0071) A double free flaw was found in the way Thunderbird handled "application/http-index-format" documents. A malformed HTTP response could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0070) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:0477: gstreamer-plugins security update (Important)oval-com.redhat.rhsa-def-20110477 highRHSA-2011:0477 CVE-2006-4192 CVE-2011-1574
RHSA-2011:0477: gstreamer-plugins security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110477 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0477, CVE-2006-4192, CVE-2011-1574 |
| Description | The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect. |
RHSA-2011:0478: libvirt security update (Moderate)oval-com.redhat.rhsa-def-20110478 mediumRHSA-2011:0478 CVE-2011-1486
RHSA-2011:0478: libvirt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110478 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0478, CVE-2011-1486 |
| Description | The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remotely managing virtualized systems.
A flaw was found in the way libvirtd handled error reporting for concurrent
connections. A remote attacker able to establish read-only connections to
libvirtd on a server could use this flaw to crash libvirtd. (CVE-2011-1486)
All libvirt users are advised to upgrade to these updated packages, which
contain backported patches to resolve this issue. After installing the
updated packages, libvirtd must be restarted ("service libvirtd restart")
for this update to take effect.
|
RHSA-2011:0479: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20110479 mediumRHSA-2011:0479 CVE-2011-1486
RHSA-2011:0479: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110479 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0479, CVE-2011-1486 |
| Description | The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remotely managing virtualized systems.
A flaw was found in the way libvirtd handled error reporting for concurrent
connections. A remote attacker able to establish read-only connections to
libvirtd on a server could use this flaw to crash libvirtd. (CVE-2011-1486)
This update also fixes the following bug:
* Previously, running qemu under a different UID prevented it from
accessing files with mode 0660 permissions that were owned by a different
user, but by a group that qemu was a member of. (BZ#668692)
All libvirt users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing the
updated packages, libvirtd must be restarted ("service libvirtd restart")
for this update to take effect.
|
RHSA-2011:0486: xmlsec1 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20110486 mediumRHSA-2011:0486 CVE-2011-1425
RHSA-2011:0486: xmlsec1 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110486 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0486, CVE-2011-1425 |
| Description | The XML Security Library is a C library based on libxml2 and OpenSSL that implements the XML Digital Signature and XML Encryption standards. A flaw was found in the way xmlsec1 handled XML files that contain an XSLT transformation specification. A specially-crafted XML file could cause xmlsec1 to create or overwrite an arbitrary file while performing the verification of a file's digital signature. (CVE-2011-1425) Red Hat would like to thank Nicolas Grégoire and Aleksey Sanin for reporting this issue. This update also fixes the following bug: * xmlsec1 previously used an incorrect search path when searching for crypto plug-in libraries, possibly trying to access such libraries using a relative path. (BZ#558480, BZ#700467) Users of xmlsec1 should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all running applications that use the xmlsec1 library must be restarted for the update to take effect. |
RHSA-2011:0491: python security update (Moderate)oval-com.redhat.rhsa-def-20110491 mediumRHSA-2011:0491 CVE-2009-3720 CVE-2010-1634 CVE-2010-2089 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521
RHSA-2011:0491: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110491 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0491, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 |
| Description | Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the "file://" URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2011-1521) Multiple flaws were found in the Python audioop module. Supplying certain inputs could cause the audioop module to crash or, possibly, execute arbitrary code. (CVE-2010-1634, CVE-2010-2089) A race condition was found in the way the Python smtpd module handled new connections. A remote user could use this flaw to cause a Python script using the smtpd module to terminate. (CVE-2010-3493) An information disclosure flaw was found in the way the Python CGIHTTPServer module processed certain HTTP GET requests. A remote attacker could use a specially-crafted request to obtain the CGI script's source code. (CVE-2011-1015) A buffer over-read flaw was found in the way the Python Expat parser handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause Python applications using the Python Expat parser to crash while parsing the file. (CVE-2009-3720) This update makes Python use the system Expat library rather than its own internal copy; therefore, users must have the version of Expat shipped with RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720 issue. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:0492: python security update (Moderate)oval-com.redhat.rhsa-def-20110492 mediumRHSA-2011:0492 CVE-2009-3720 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521
RHSA-2011:0492: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110492 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0492, CVE-2009-3720, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 |
| Description | Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the "file://" URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2011-1521) A race condition was found in the way the Python smtpd module handled new connections. A remote user could use this flaw to cause a Python script using the smtpd module to terminate. (CVE-2010-3493) An information disclosure flaw was found in the way the Python CGIHTTPServer module processed certain HTTP GET requests. A remote attacker could use a specially-crafted request to obtain the CGI script's source code. (CVE-2011-1015) A buffer over-read flaw was found in the way the Python Expat parser handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause Python applications using the Python Expat parser to crash while parsing the file. (CVE-2009-3720) This update makes Python use the system Expat library rather than its own internal copy; therefore, users must have the version of Expat shipped with RHSA-2009:1625 installed, or a later version, to resolve the CVE-2009-3720 issue. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:0496: xen security update (Important)oval-com.redhat.rhsa-def-20110496 highRHSA-2011:0496 CVE-2011-1583 CVE-2011-3262
RHSA-2011:0496: xen security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110496 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0496, CVE-2011-1583, CVE-2011-3262 |
| Description | The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. It was found that the xc_try_bzip2_decode() and xc_try_lzma_decode() decode routines did not correctly check for a possible buffer size overflow in the decoding loop. As well, several integer overflow flaws and missing error/range checking were found that could lead to an infinite loop. A privileged guest user could use these flaws to crash the guest or, possibly, execute arbitrary code in the privileged management domain (Dom0). (CVE-2011-1583) All xen users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2011:0498: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20110498 highRHSA-2011:0498 CVE-2010-4250 CVE-2010-4565 CVE-2010-4649 CVE-2011-0006 CVE-2011-0711 CVE-2011-0712 CVE-2011-0726 CVE-2011-1013 CVE-2011-1016 CVE-2011-1019 CVE-2011-1044 CVE-2011-1079 CVE-2011-1080 CVE-2011-1093 CVE-2011-1573
RHSA-2011:0498: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110498 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0498, CVE-2010-4250, CVE-2010-4565, CVE-2010-4649, CVE-2011-0006, CVE-2011-0711, CVE-2011-0712, CVE-2011-0726, CVE-2011-1013, CVE-2011-1016, CVE-2011-1019, CVE-2011-1044, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1573 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important) * An integer signedness flaw in drm_modeset_ctl() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1013, Important) * The Radeon GPU drivers in the Linux kernel were missing sanity checks for the Anti Aliasing (AA) resolve register values which could allow a local, unprivileged user to cause a denial of service or escalate their privileges on systems using a graphics card from the ATI Radeon R300, R400, or R500 family of cards. (CVE-2011-1016, Important) * A flaw in dccp_rcv_state_process() could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) * A flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl "net.sctp.addip_enable" and "auth_enable" variables were turned on (they are off by default). (CVE-2011-1573, Important) * A memory leak in the inotify_init() system call. In some cases, it could leak a group, which could allow a local, unprivileged user to eventually cause a denial of service. (CVE-2010-4250, Moderate) * A missing validation of a null-terminated string data structure element in bnep_sock_ioctl() could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate) * An information leak in bcm_connect() in the Controller Area Network (CAN) Broadcast Manager implementation could allow a local, unprivileged user to leak kernel mode addresses in "/proc/net/can-bcm". (CVE-2010-4565, Low) * A flaw was found in the Linux kernel's Integrity Measurement Architecture (IMA) implementation. When SELinux was disabled, adding an IMA rule which was supposed to be processed by SELinux would cause ima_match_rules() to always succeed, ignoring any remaining rules. (CVE-2011-0006, Low) * A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low) * Buffer overflow flaws in snd_usb_caiaq_audio_init() and snd_usb_caiaq_midi_init() could allow a local, unprivileged user with access to a Native Instruments USB audio device to cause a denial of service or escalate their privileges. (CVE-2011-0712, Low) * The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low) * A flaw in dev_load() could allow a local user who has the CAP_NET_ADMIN capability to load arbitrary modules from "/lib/modules/", instead of only netdev modules. (CVE-2011-1019, Low) * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low) * A missing validation of a null-terminated string data structure element in do_replace() could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low) Red Hat would like to thank Vegard Nossum for reporting CVE-2010-4250; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1019, and CVE-2011-1080; Dan Rosenberg for reporting CVE-2010-4565 and CVE-2011-0711; Rafael Dominguez Vega for reporting CVE-2011-0712; and Kees Cook for reporting CVE-2011-0726. This update also fixes various bugs and adds an enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to resolve these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0506: rdesktop security update (Moderate)oval-com.redhat.rhsa-def-20110506 mediumRHSA-2011:0506 CVE-2011-1595
RHSA-2011:0506: rdesktop security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110506 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0506, CVE-2011-1595 |
| Description | rdesktop is a client for the Remote Desktop Server (previously, Terminal Server) in Microsoft Windows. It uses the Remote Desktop Protocol (RDP) to remotely present a user's desktop. A directory traversal flaw was found in the way rdesktop shared a local path with a remote server. If a user connects to a malicious server with rdesktop, the server could use this flaw to cause rdesktop to read and write to arbitrary, local files accessible to the user running rdesktop. (CVE-2011-1595) Red Hat would like to thank Cendio AB for reporting this issue. Cendio AB acknowledges an anonymous contributor working with the SecuriTeam Secure Disclosure program as the original reporter. Users of rdesktop should upgrade to this updated package, which contains a backported patch to resolve this issue. |
RHSA-2011:0507: apr security update (Moderate)oval-com.redhat.rhsa-def-20110507 mediumRHSA-2011:0507 CVE-2011-0419
RHSA-2011:0507: apr security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110507 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0507, CVE-2011-0419 |
| Description | The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. It was discovered that the apr_fnmatch() function used an unconstrained recursion when processing patterns with the '*' wildcard. An attacker could use this flaw to cause an application using this function, which also accepted untrusted input as a pattern for matching (such as an httpd server using the mod_autoindex module), to exhaust all stack memory or use an excessive amount of CPU time when performing matching. (CVE-2011-0419) Red Hat would like to thank Maksymilian Arciemowicz for reporting this issue. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect. |
RHSA-2011:0534: qemu-kvm security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20110534 highRHSA-2011:0534 CVE-2011-1750 CVE-2011-1751
RHSA-2011:0534: qemu-kvm security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110534 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0534, CVE-2011-1750, CVE-2011-1751 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio-blk driver in qemu-kvm did not properly validate read and write requests from guests. A privileged guest user could use this flaw to crash the guest or, possibly, execute arbitrary code on the host. (CVE-2011-1750) It was found that the PIIX4 Power Management emulation layer in qemu-kvm did not properly check for hot plug eligibility during device removals. A privileged guest user could use this flaw to crash the guest or, possibly, execute arbitrary code on the host. (CVE-2011-1751) Red Hat would like to thank Nelson Elhage for reporting CVE-2011-1751. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to resolve these issues, and fix the bugs and add the enhancements noted in the Technical Notes. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2011:0542: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update (Important)oval-com.redhat.rhsa-def-20110542 highRHSA-2011:0542 CVE-2010-3881 CVE-2010-4251 CVE-2010-4805 CVE-2011-0999 CVE-2011-1010 CVE-2011-1023 CVE-2011-1082 CVE-2011-1090 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1494 CVE-2011-1495 CVE-2011-1581
RHSA-2011:0542: Red Hat Enterprise Linux 6.1 kernel security, bug fix and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110542 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0542, CVE-2010-3881, CVE-2010-4251, CVE-2010-4805, CVE-2011-0999, CVE-2011-1010, CVE-2011-1023, CVE-2011-1082, CVE-2011-1090, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1581 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important) * A flaw was found in the Linux kernel's Ethernet bonding driver implementation. Packets coming in from network devices that have more than 16 receive queues to a bonding interface could cause a denial of service. (CVE-2011-1581, Important) * A flaw was found in the Linux kernel's networking subsystem. If the number of packets received exceeded the receiver's buffer limit, they were queued in a backlog, consuming memory, instead of being discarded. A remote attacker could abuse this flaw to cause a denial of service (out-of-memory condition). (CVE-2010-4251, Moderate) * A flaw was found in the Linux kernel's Transparent Huge Pages (THP) implementation. A local, unprivileged user could abuse this flaw to allow the user stack (when it is using huge pages) to grow and cause a denial of service. (CVE-2011-0999, Moderate) * A flaw was found in the transmit methods (xmit) for the loopback and InfiniBand transports in the Linux kernel's Reliable Datagram Sockets (RDS) implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1023, Moderate) * A flaw in the Linux kernel's Event Poll (epoll) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1082, Moderate) * An inconsistency was found in the interaction between the Linux kernel's method for allocating NFSv4 (Network File System version 4) ACL data and the method by which it was freed. This inconsistency led to a kernel panic which could be triggered by a local, unprivileged user with files owned by said user on an NFSv4 share. (CVE-2011-1090, Moderate) * A missing validation check was found in the Linux kernel's mac_partition() implementation, used for supporting file systems created on Mac OS operating systems. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partitions. (CVE-2011-1010, Low) * A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low) * Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Nelson Elhage for reporting CVE-2011-1082; Timo Warns for reporting CVE-2011-1010 and CVE-2011-1163; and Vasiliy Kulikov for reporting CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.1 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.1 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0545: squid security and bug fix update (Low)oval-com.redhat.rhsa-def-20110545 lowRHSA-2011:0545 CVE-2010-3072
RHSA-2011:0545: squid security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110545 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0545, CVE-2010-3072 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that string comparison functions in Squid did not properly handle the comparisons of NULL and empty strings. A remote, trusted web client could use this flaw to cause the squid daemon to crash via a specially-crafted request. (CVE-2010-3072) This update also fixes the following bugs: * A small memory leak in Squid caused multiple "ctx: enter level" messages to be logged to "/var/log/squid/cache.log". This update resolves the memory leak. (BZ#666533) * This erratum upgrades Squid to upstream version 3.1.10. This upgraded version supports the Google Instant service and introduces various code improvements. (BZ#639365) Users of squid should upgrade to this updated package, which resolves these issues. After installing this update, the squid service will be restarted automatically. |
RHSA-2011:0554: python security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20110554 mediumRHSA-2011:0554 CVE-2010-3493 CVE-2011-1015 CVE-2011-1521
RHSA-2011:0554: python security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110554 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0554, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 |
| Description | Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the Python urllib and urllib2 libraries where they would not differentiate between different target URLs when handling automatic redirects. This caused Python applications using these modules to follow any new URL that they understood, including the "file://" URL type. This could allow a remote server to force a local Python application to read a local file instead of the remote one, possibly exposing local files that were not meant to be exposed. (CVE-2011-1521) A race condition was found in the way the Python smtpd module handled new connections. A remote user could use this flaw to cause a Python script using the smtpd module to terminate. (CVE-2010-3493) An information disclosure flaw was found in the way the Python CGIHTTPServer module processed certain HTTP GET requests. A remote attacker could use a specially-crafted request to obtain the CGI script's source code. (CVE-2011-1015) This erratum also upgrades Python to upstream version 2.6.6, and includes a number of bug fixes and enhancements. Documentation for these bug fixes and enhancements is available from the Technical Notes document, linked to in the References section. All users of Python are advised to upgrade to these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Technical Notes. |
RHSA-2011:0558: perl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20110558 mediumRHSA-2011:0558 CVE-2010-2761 CVE-2010-4410 CVE-2011-1487
RHSA-2011:0558: perl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110558 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0558, CVE-2010-2761, CVE-2010-4410, CVE-2011-1487 |
| Description | Perl is a high-level programming language commonly used for system administration utilities and web programming. The Perl CGI module provides resources for preparing and processing Common Gateway Interface (CGI) based HTTP requests and responses. It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially-crafted sequence of characters provided to the CGI module. (CVE-2010-4410) It was found that certain Perl string manipulation functions (such as uc() and lc()) failed to preserve the taint bit. A remote attacker could use this flaw to bypass the Perl taint mode protection mechanism in scripts that use the affected functions to process tainted input. (CVE-2011-1487) These packages upgrade the CGI module to version 3.51. Refer to the CGI module's Changes file, linked to in the References, for a full list of changes. This update also fixes the following bugs: * When using the "threads" module, an attempt to send a signal to a thread that did not have a signal handler specified caused the perl interpreter to terminate unexpectedly with a segmentation fault. With this update, the "threads" module has been updated to upstream version 1.82, which fixes this bug. As a result, sending a signal to a thread that does not have the signal handler specified no longer causes perl to crash. (BZ#626330) * Prior to this update, the perl packages did not require the Digest::SHA module as a dependency. Consequent to this, when a user started the cpan command line interface and attempted to download a distribution from CPAN, they may have been presented with the following message: CPAN: checksum security checks disabled because Digest::SHA not installed. Please consider installing the Digest::SHA module. This update corrects the spec file for the perl package to require the perl-Digest-SHA package as a dependency, and cpan no longer displays the above message. (BZ#640716) * When using the "threads" module, continual creation and destruction of threads could cause the Perl program to consume an increasing amount of memory. With this update, the underlying source code has been corrected to free the allocated memory when a thread is destroyed, and the continual creation and destruction of threads in Perl programs no longer leads to memory leaks. (BZ#640720) * Due to a packaging error, the perl packages did not include the "NDBM_File" module. This update corrects this error, and "NDBM_File" is now included as expected. (BZ#640729) * Prior to this update, the prove(1) manual page and the "prove --help" command listed "--fork" as a valid command line option. However, version 3.17 of the Test::Harness distribution removed the support for the fork-based parallel testing, and the prove utility thus no longer supports this option. This update corrects both the manual page and the output of the "prove --help" command, so that "--fork" is no longer included in the list of available command line options. (BZ#609492) Users of Perl, especially those of Perl threads, are advised to upgrade to these updated packages, which correct these issues. |
RHSA-2011:0560: sssd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20110560 lowRHSA-2011:0560 CVE-2010-4341
RHSA-2011:0560: sssd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110560 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0560, CVE-2010-4341 |
| Description | The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw was found in the SSSD PAM responder that could allow a local attacker to crash SSSD via a carefully-crafted packet. With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hat would like to thank Sebastian Krahmer for reporting this issue. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. Users of SSSD should upgrade to these updated packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. |
RHSA-2011:0568: eclipse security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20110568 lowRHSA-2011:0568 CVE-2010-4647
RHSA-2011:0568: eclipse security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110568 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0568, CVE-2010-4647 |
| Description | The Eclipse software development environment provides a set of tools for C/C++ and Java development. A cross-site scripting (XSS) flaw was found in the Eclipse Help Contents web application. An attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted Eclipse Help URL. (CVE-2010-4647) The following Eclipse packages have been upgraded to the versions found in the official upstream Eclipse Helios SR1 release, providing a number of bug fixes and enhancements over the previous versions: * eclipse to 3.6.1. (BZ#656329) * eclipse-cdt to 7.0.1. (BZ#656333) * eclipse-birt to 2.6.0. (BZ#656391) * eclipse-emf to 2.6.0. (BZ#656344) * eclipse-gef to 3.6.1. (BZ#656347) * eclipse-mylyn to 3.4.2. (BZ#656337) * eclipse-rse to 3.2. (BZ#656338) * eclipse-dtp to 1.8.1. (BZ#656397) * eclipse-changelog to 2.7.0. (BZ#669499) * eclipse-valgrind to 0.6.1. (BZ#669460) * eclipse-callgraph to 0.6.1. (BZ#669462) * eclipse-oprofile to 0.6.1. (BZ#670228) * eclipse-linuxprofilingframework to 0.6.1. (BZ#669461) In addition, the following updates were made to the dependencies of the Eclipse packages above: * icu4j to 4.2.1. (BZ#656342) * sat4j to 2.2.0. (BZ#661842) * objectweb-asm to 3.2. (BZ#664019) * jetty-eclipse to 6.1.24. (BZ#661845) This update includes numerous upstream bug fixes and enhancements, such as: * The Eclipse IDE and Java Development Tools (JDT): - projects and folders can filter out resources in the workspace. - new virtual folder and linked files support. - the full set of UNIX file permissions is now supported. - addition of the stop button to cancel long-running wizard tasks. - Java editor now shows multiple quick-fixes via problem hover. - new support for running JUnit version 4 tests. - over 200 upstream bug fixes. * The Eclipse C/C++ Development Tooling (CDT): - new Codan framework has been added for static code analysis. - refactoring improvements such as stored refactoring history. - compile and build errors now highlighted in the build console. - switch to the new DSF debugger framework. - new template view support. - over 600 upstream bug fixes. This update also fixes the following bugs: * Incorrect URIs for GNU Tools in the "Help Contents" window have been fixed. (BZ#622713) * The profiling of binaries did not work if an Eclipse project was not in an Eclipse workspace. This update adds an automated test for external project profiling, which corrects this issue. (BZ#622867) * Running a C/C++ application in Eclipse successfully terminated, but returned an I/O exception not related to the application itself in the Error Log window. With this update, the exception is no longer returned. (BZ#668890) * The eclipse-mylyn package showed a "20100916-0100-e3x" qualifier. The qualifier has been modified to "v20100902-0100-e3x" to match the upstream version of eclipse-mylyn. (BZ#669819) * Installing the eclipse-mylyn package failed and returned a "Resource temporarily unavailable" error message due to a bug in the packaging. This update fixes this bug and installation now works as expected. (BZ#673174) * Building the eclipse-cdt package could fail due to an incorrect interaction with the local file system. Interaction with the local file system is now prevented and the build no longer fails. (BZ#678364) * The libhover plug-in, provided by the eclipse-cdt package, used binary data to search for hover topics. The data location was specified externally as a URL which could cause an exception to occur on a system with no Internet access. This update modifies the plug-in so that it pulls the needed data from a local location. (BZ#679543) Users of eclipse should upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2011:0586: libguestfs security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20110586 lowRHSA-2011:0586 CVE-2010-3851
RHSA-2011:0586: libguestfs security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110586 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0586, CVE-2010-3851 |
| Description | libguestfs is a library for accessing and modifying guest disk images. libguestfs relied on the format auto-detection in QEMU rather than allowing the guest image file format to be specified. A privileged guest user could potentially use this flaw to read arbitrary files on the host that were accessible to a user on that host who was running a program that utilized the libguestfs library. (CVE-2010-3851) This erratum upgrades libguestfs to upstream version 1.7.17, which includes a number of bug fixes and one enhancement. Documentation for these bug fixes and this enhancement is provided in the Technical Notes document, linked to in the References section. All libguestfs users are advised to upgrade to these updated packages, which correct this issue, and fix the bugs and add the enhancement noted in the Technical Notes. |
RHSA-2011:0599: sudo security and bug fix update (Low)oval-com.redhat.rhsa-def-20110599 lowRHSA-2011:0599 CVE-2011-0010
RHSA-2011:0599: sudo security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110599 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0599, CVE-2011-0010 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. (CVE-2011-0010) This update also fixes the following bugs: * When the "/etc/sudoers" file contained entries with multiple hosts, running the "sudo -l" command incorrectly reported that a certain user does not have permissions to use sudo on the system. With this update, running the "sudo -l" command now produces the correct output. (BZ#603823) * Prior to this update, the manual page for sudoers.ldap was not installed, even though it contains important information on how to set up an LDAP (Lightweight Directory Access Protocol) sudoers source, and other documents refer to it. With this update, the manual page is now properly included in the package. Additionally, various POD files have been removed from the package, as they are required for build purposes only. (BZ#634159) * The previous version of sudo did not use the same location for the LDAP configuration files as the nss_ldap package. This has been fixed and sudo now looks for these files in the same location as the nss_ldap package. (BZ#652726) * When a file was edited using the "sudo -e file" or the "sudoedit file" command, the editor being executed for this task was logged only as "sudoedit". With this update, the full path to the executable being used as an editor is now logged (instead of "sudoedit"). (BZ#665131) * A comment regarding the "visiblepw" option of the "Defaults" directive has been added to the default "/etc/sudoers" file to clarify its usage. (BZ#688640) * This erratum upgrades sudo to upstream version 1.7.4p5, which provides a number of bug fixes and enhancements over the previous version. (BZ#615087) All users of sudo are advised to upgrade to this updated package, which resolves these issues. |
RHSA-2011:0600: dovecot security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20110600 mediumRHSA-2011:0600 CVE-2010-3707 CVE-2010-3780
RHSA-2011:0600: dovecot security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110600 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0600, CVE-2010-3707, CVE-2010-3780 |
| Description | Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A flaw was found in the way Dovecot handled SIGCHLD signals. If a large amount of IMAP or POP3 session disconnects caused the Dovecot master process to receive these signals rapidly, it could cause the master process to crash. (CVE-2010-3780) A flaw was found in the way Dovecot processed multiple Access Control Lists (ACL) defined for a mailbox. In some cases, Dovecot could fail to apply the more specific ACL entry, possibly resulting in more access being granted to the user than intended. (CVE-2010-3707) This update also adds the following enhancement: * This erratum upgrades Dovecot to upstream version 2.0.9, providing multiple fixes for the "dsync" utility and improving overall performance. Refer to the "/usr/share/doc/dovecot-2.0.9/ChangeLog" file after installing this update for further information about the changes. (BZ#637056) Users of dovecot are advised to upgrade to these updated packages, which resolve these issues and add this enhancement. After installing the updated packages, the dovecot service will be restarted automatically. |
RHSA-2011:0616: pidgin security and bug fix update (Low)oval-com.redhat.rhsa-def-20110616 lowRHSA-2011:0616 CVE-2011-1091 CVE-2011-4922
RHSA-2011:0616: pidgin security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110616 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0616, CVE-2011-1091, CVE-2011-4922 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message. (CVE-2011-1091) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Marius Wachtler as the original reporter. This update also fixes the following bugs: * Previous versions of the pidgin package did not properly clear certain data structures used in libpurple/cipher.c when attempting to free them. Partial information could potentially be extracted from the incorrectly cleared regions of the previously freed memory. With this update, data structures are properly cleared when freed. (BZ#684685) * This erratum upgrades Pidgin to upstream version 2.7.9. For a list of all changes addressed in this upgrade, refer to http://developer.pidgin.im/wiki/ChangeLog (BZ#616917) * Some incomplete translations for the kn_IN and ta_IN locales have been corrected. (BZ#633860, BZ#640170) Users of pidgin should upgrade to these updated packages, which resolve these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2011:0677: openssl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20110677 mediumRHSA-2011:0677 CVE-2011-0014
RHSA-2011:0677: openssl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110677 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0677, CVE-2011-0014 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS handshake messages. A remote attacker could possibly use this flaw to crash an SSL server using the affected OpenSSL functionality. (CVE-2011-0014) This update fixes the following bugs: * The "openssl speed" command (which provides algorithm speed measurement) failed when openssl was running in FIPS (Federal Information Processing Standards) mode, even if testing of FIPS approved algorithms was requested. FIPS mode disables ciphers and cryptographic hash algorithms that are not approved by the NIST (National Institute of Standards and Technology) standards. With this update, the "openssl speed" command no longer fails. (BZ#619762) * The "openssl pkcs12 -export" command failed to export a PKCS#12 file in FIPS mode. The default algorithm for encrypting a certificate in the PKCS#12 file was not FIPS approved and thus did not work. The command now uses a FIPS approved algorithm by default in FIPS mode. (BZ#673453) This update also adds the following enhancements: * The "openssl s_server" command, which previously accepted connections only over IPv4, now accepts connections over IPv6. (BZ#601612) * For the purpose of allowing certain maintenance commands to be run (such as "rsync"), an "OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW" environment variable has been added. When a system is configured for FIPS mode and is in a maintenance state, this newly added environment variable can be set to allow software that requires the use of an MD5 cryptographic hash algorithm to be run, even though the hash algorithm is not approved by the FIPS-140-2 standard. (BZ#673071) Users of OpenSSL are advised to upgrade to these updated packages, which contain backported patches to resolve these issues and add these enhancements. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2011:0779: avahi security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20110779 mediumRHSA-2011:0779 CVE-2011-1002
RHSA-2011:0779: avahi security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110779 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0779, CVE-2011-1002 |
| Description | Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print to, and find shared files on other computers. A flaw was found in the way the Avahi daemon (avahi-daemon) processed Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet. (CVE-2011-1002) This update also fixes the following bug: * Previously, the avahi packages in Red Hat Enterprise Linux 6 were not compiled with standard RPM CFLAGS; therefore, the Stack Protector and Fortify Source protections were not enabled, and the debuginfo packages did not contain the information required for debugging. This update corrects this issue by using proper CFLAGS when compiling the packages. (BZ#629954, BZ#684276) All users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the update, avahi-daemon will be restarted automatically. |
RHSA-2011:0791: tomcat6 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20110791 mediumRHSA-2011:0791 CVE-2010-3718 CVE-2010-4172 CVE-2011-0013
RHSA-2011:0791: tomcat6 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110791 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0791, CVE-2010-3718, CVE-2010-4172, CVE-2011-0013 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Tomcat. If a remote attacker could trick a user who is logged into the Manager application into visiting a specially-crafted URL, the attacker could perform Manager application tasks with the privileges of the logged in user. (CVE-2010-4172) A second cross-site scripting (XSS) flaw was found in the Manager application. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) This update also fixes the following bugs: * A bug in the "tomcat6" init script prevented additional Tomcat instances from starting. As well, running "service tomcat6 start" caused configuration options applied from "/etc/sysconfig/tomcat6" to be overwritten with those from "/etc/tomcat6/tomcat6.conf". With this update, multiple instances of Tomcat run as expected. (BZ#636997) * The "/usr/share/java/" directory was missing a symbolic link to the "/usr/share/tomcat6/bin/tomcat-juli.jar" library. Because this library was mandatory for certain operations (such as running the Jasper JSP precompiler), the "build-jar-repository" command was unable to compose a valid classpath. With this update, the missing symbolic link has been added. (BZ#661244) * Previously, the "tomcat6" init script failed to start Tomcat with a "This account is currently not available." message when Tomcat was configured to run under a user that did not have a valid shell configured as a login shell. This update modifies the init script to work correctly regardless of the daemon user's login shell. Additionally, these new tomcat6 packages now set "/sbin/nologin" as the login shell for the "tomcat" user upon installation, as recommended by deployment best practices. (BZ#678671) * Some standard Tomcat directories were missing write permissions for the "tomcat" group, which could cause certain applications to fail with errors such as "No output folder". This update adds write permissions for the "tomcat" group to the affected directories. (BZ#643809) * The "/usr/sbin/tomcat6" wrapper script used a hard-coded path to the "catalina.out" file, which may have caused problems (such as for logging init script output) if Tomcat was being run with a user other than "tomcat" and with CATALINA_BASE set to a directory other than the default. (BZ#695284, BZ#697504) * Stopping Tomcat could have resulted in traceback errors being logged to "catalina.out" when certain web applications were deployed. (BZ#698624) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2011:0833: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110833 highRHSA-2011:0833 CVE-2011-0726 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1093 CVE-2011-1163 CVE-2011-1166 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1494 CVE-2011-1495 CVE-2011-1577 CVE-2011-1763
RHSA-2011:0833: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110833 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0833, CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw in the dccp_rcv_state_process() function could allow a remote attacker to cause a denial of service, even when the socket was already closed. (CVE-2011-1093, Important) * Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. A local, unprivileged user could use these flaws to cause a denial of service, an information leak, or escalate their privileges. (CVE-2011-1494, CVE-2011-1495, Important) * A missing validation of a null-terminated string data structure element in the bnep_sock_ioctl() function could allow a local user to cause an information leak or a denial of service. (CVE-2011-1079, Moderate) * Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate) * A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port. A privileged guest user could use this flaw to cause a denial of service or escalate their privileges. (CVE-2011-1763, Moderate) * The start_code and end_code values in "/proc/[pid]/stat" were not protected. In certain scenarios, this flaw could be used to defeat Address Space Layout Randomization (ASLR). (CVE-2011-0726, Low) * A missing initialization flaw in the sco_sock_getsockopt() function could allow a local, unprivileged user to cause an information leak. (CVE-2011-1078, Low) * A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low) * A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low) * Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, Low) * A heap overflow flaw in the Linux kernel's EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1577, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163 and CVE-2011-1577. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0836: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110836 highRHSA-2011:0836 CVE-2010-3858 CVE-2011-1598 CVE-2011-1748 CVE-2011-1770 CVE-2011-1771
RHSA-2011:0836: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110836 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0836, CVE-2010-3858, CVE-2011-1598, CVE-2011-1748, CVE-2011-1770, CVE-2011-1771 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer underflow flaw, leading to a buffer overflow, was found in the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation. This could allow a remote attacker to cause a denial of service. (CVE-2011-1770, Important) * Missing sanity checks were found in setup_arg_pages() in the Linux kernel. When making the size of the argument and environment area on the stack very large, it could trigger a BUG_ON(), resulting in a local denial of service. (CVE-2010-3858, Moderate) * A missing validation check was found in the bcm_release() and raw_release() functions in the Linux kernel's Controller Area Network (CAN) implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1598, CVE-2011-1748, Moderate) * The fix for Red Hat Bugzilla bug 656461, as provided in RHSA-2011:0542, introduced a regression in the cifs_close() function in the Linux kernel's Common Internet File System (CIFS) implementation. A local, unprivileged user with write access to a CIFS file system could use this flaw to cause a denial of service. (CVE-2011-1771, Moderate) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1770; Brad Spengler for reporting CVE-2010-3858; and Oliver Hartkopp for reporting CVE-2011-1748. This update also fixes various bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to resolve these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0837: gimp security update (Moderate)oval-com.redhat.rhsa-def-20110837 mediumRHSA-2011:0837 CVE-2009-1570 CVE-2010-4541 CVE-2010-4543 CVE-2011-1178
RHSA-2011:0837: gimp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110837 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0837, CVE-2009-1570, CVE-2010-4541, CVE-2010-4543, CVE-2011-1178 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178) A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543) A stack-based buffer overflow flaw was found in the GIMP's Sphere Designer image filter. An attacker could create a specially-crafted Sphere Designer filter configuration file that, when opened, could cause the Sphere Designer plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4541) Red Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. |
RHSA-2011:0838: gimp security update (Moderate)oval-com.redhat.rhsa-def-20110838 mediumRHSA-2011:0838 CVE-2009-1570 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543 CVE-2011-1178
RHSA-2011:0838: gimp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110838 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0838, CVE-2009-1570, CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543, CVE-2011-1178 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's Microsoft Windows Bitmap (BMP) and Personal Computer eXchange (PCX) image file plug-ins. An attacker could create a specially-crafted BMP or PCX image file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-1570, CVE-2011-1178) A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543) A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542) Red Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting the CVE-2009-1570 flaw. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. |
RHSA-2011:0839: gimp security update (Moderate)oval-com.redhat.rhsa-def-20110839 mediumRHSA-2011:0839 CVE-2010-4540 CVE-2010-4541 CVE-2010-4542 CVE-2010-4543
RHSA-2011:0839: gimp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110839 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0839, CVE-2010-4540, CVE-2010-4541, CVE-2010-4542, CVE-2010-4543 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. A heap-based buffer overflow flaw was found in the GIMP's Paint Shop Pro (PSP) image file plug-in. An attacker could create a specially-crafted PSP image file that, when opened, could cause the PSP plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4543) A stack-based buffer overflow flaw was found in the GIMP's Lightning, Sphere Designer, and Gfig image filters. An attacker could create a specially-crafted Lightning, Sphere Designer, or Gfig filter configuration file that, when opened, could cause the relevant plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542) Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. |
RHSA-2011:0841: systemtap security update (Moderate)oval-com.redhat.rhsa-def-20110841 mediumRHSA-2011:0841 CVE-2011-1769
RHSA-2011:0841: systemtap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110841 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0841, CVE-2011-1769 |
| Description | SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. A divide-by-zero flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2011:0842: systemtap security update (Moderate)oval-com.redhat.rhsa-def-20110842 mediumRHSA-2011:0842 CVE-2011-1769 CVE-2011-1781
RHSA-2011:0842: systemtap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110842 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0842, CVE-2011-1769, CVE-2011-1781 |
| Description | SystemTap is an instrumentation system for systems running the Linux kernel, version 2.6. Developers can write scripts to collect data on the operation of the system. Two divide-by-zero flaws were found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use these flaws to crash the system. Additionally, a privileged user (root, or a member of the stapdev group) could trigger these flaws when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2011-1769, CVE-2011-1781) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2011:0843: postfix security update (Moderate)oval-com.redhat.rhsa-def-20110843 mediumRHSA-2011:0843 CVE-2011-1720
RHSA-2011:0843: postfix security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110843 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0843, CVE-2011-1720 |
| Description | Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A heap-based buffer over-read flaw was found in the way Postfix performed SASL handlers management for SMTP sessions, when Cyrus SASL authentication was enabled. A remote attacker could use this flaw to cause the Postfix smtpd server to crash via a specially-crafted SASL authentication request. The smtpd process was automatically restarted by the postfix master process after the time configured with service_throttle_time elapsed. (CVE-2011-1720) Note: Cyrus SASL authentication for Postfix is not enabled by default. Red Hat would like to thank the CERT/CC for reporting this issue. Upstream acknowledges Thomas Jarosch of Intra2net AG as the original reporter. Users of Postfix are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the postfix service will be restarted automatically. |
RHSA-2011:0844: apr security update (Low)oval-com.redhat.rhsa-def-20110844 lowRHSA-2011:0844 CVE-2011-1928
RHSA-2011:0844: apr security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110844 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0844, CVE-2011-1928 |
| Description | The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. The fix for CVE-2011-0419 (released via RHSA-2011:0507) introduced an infinite loop flaw in the apr_fnmatch() function when the APR_FNM_PATHNAME matching flag was used. A remote attacker could possibly use this flaw to cause a denial of service on an application using the apr_fnmatch() function. (CVE-2011-1928) Note: This problem affected httpd configurations using the "Location" directive with wildcard URLs. The denial of service could have been triggered during normal operation; it did not specifically require a malicious HTTP request. This update also addresses additional problems introduced by the rewrite of the apr_fnmatch() function, which was necessary to address the CVE-2011-0419 flaw. All apr users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the apr library, such as httpd, must be restarted for this update to take effect. |
RHSA-2011:0845: bind security update (Important)oval-com.redhat.rhsa-def-20110845 highRHSA-2011:0845 CVE-2011-1910
RHSA-2011:0845: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110845 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0845, CVE-2011-1910 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. An off-by-one flaw was found in the way BIND processed negative responses with large resource record sets (RRSets). An attacker able to send recursive queries to a BIND server that is configured as a caching resolver could use this flaw to cause named to exit with an assertion failure. (CVE-2011-1910) All BIND users are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2011:0856: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20110856 highRHSA-2011:0856 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871
RHSA-2011:0856: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110856 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0856, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862) It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864) An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867) An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868) It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869) A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2011:0857: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20110857 highRHSA-2011:0857 CVE-2011-0862 CVE-2011-0864 CVE-2011-0865 CVE-2011-0867 CVE-2011-0868 CVE-2011-0869 CVE-2011-0871
RHSA-2011:0857: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110857 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0857, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0868, CVE-2011-0869, CVE-2011-0871 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Integer overflow flaws were found in the way Java2D parsed JPEG images and user-supplied fonts. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted applet or application. (CVE-2011-0862) It was found that the MediaTracker implementation created Component instances with unnecessary access privileges. A remote attacker could use this flaw to elevate their privileges by utilizing an untrusted applet or application that uses Swing. (CVE-2011-0871) A flaw was found in the HotSpot component in OpenJDK. Certain bytecode instructions confused the memory management within the Java Virtual Machine (JVM), resulting in an applet or application crashing. (CVE-2011-0864) An information leak flaw was found in the NetworkInterface class. An untrusted applet or application could use this flaw to access information about available network interfaces that should only be available to privileged code. (CVE-2011-0867) An incorrect float-to-long conversion, leading to an overflow, was found in the way certain objects (such as images and text) were transformed in Java2D. A remote attacker could use this flaw to crash an untrusted applet or application that uses Java2D. (CVE-2011-0868) It was found that untrusted applets and applications could misuse a SOAP connection to incorrectly set global HTTP proxy settings instead of setting them in a local scope. This flaw could be used to intercept HTTP requests. (CVE-2011-0869) A flaw was found in the way signed objects were deserialized. If trusted and untrusted code were running in the same Java Virtual Machine (JVM), and both were deserializing the same signed object, the untrusted code could modify said object by using this flaw to bypass the validation checks on signed objects. (CVE-2011-0865) Note: All of the above flaws can only be remotely triggered in OpenJDK by calling the "appletviewer" application. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which provide OpenJDK 6 b20 / IcedTea 1.9.8 and resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2011:0858: xerces-j2 security update (Moderate)oval-com.redhat.rhsa-def-20110858 mediumRHSA-2011:0858 CVE-2009-2625
RHSA-2011:0858: xerces-j2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110858 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0858, CVE-2009-2625 |
| Description | The xerces-j2 packages provide the Apache Xerces2 Java Parser, a high-performance XML parser. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service (application hang due to excessive CPU use). (CVE-2009-2625) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Apache Xerces2 Java Parser must be restarted for this update to take effect. |
RHSA-2011:0859: cyrus-imapd security update (Moderate)oval-com.redhat.rhsa-def-20110859 mediumRHSA-2011:0859 CVE-2011-1926
RHSA-2011:0859: cyrus-imapd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110859 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0859, CVE-2011-1926 |
| Description | The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. It was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject protocol commands into a victim's TLS session initialization messages. This could lead to those commands being processed by cyrus-imapd, potentially allowing the attacker to steal the victim's mail or authentication credentials. (CVE-2011-1926) Users of cyrus-imapd are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, cyrus-imapd will be restarted automatically. |
RHSA-2011:0861: subversion security update (Moderate)oval-com.redhat.rhsa-def-20110861 mediumRHSA-2011:0861 CVE-2011-1752
RHSA-2011:0861: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110861 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0861, CVE-2011-1752 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process serving the request to crash. (CVE-2011-1752) Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Joe Schaefer of the Apache Software Foundation as the original reporter. All Subversion users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. |
RHSA-2011:0862: subversion security update (Moderate)oval-com.redhat.rhsa-def-20110862 mediumRHSA-2011:0862 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921
RHSA-2011:0862: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110862 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0862, CVE-2011-1752, CVE-2011-1783, CVE-2011-1921 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An infinite loop flaw was found in the way the mod_dav_svn module processed certain data sets. If the SVNPathAuthz directive was set to "short_circuit", and path-based access control for files and directories was enabled, a malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. (CVE-2011-1783) A NULL pointer dereference flaw was found in the way the mod_dav_svn module processed requests submitted against the URL of a baselined resource. A malicious, remote user could use this flaw to cause the httpd process serving the request to crash. (CVE-2011-1752) An information disclosure flaw was found in the way the mod_dav_svn module processed certain URLs when path-based access control for files and directories was enabled. A malicious, remote user could possibly use this flaw to access certain files in a repository that would otherwise not be accessible to them. Note: This vulnerability cannot be triggered if the SVNPathAuthz directive is set to "short_circuit". (CVE-2011-1921) Red Hat would like to thank the Apache Subversion project for reporting these issues. Upstream acknowledges Joe Schaefer of the Apache Software Foundation as the original reporter of CVE-2011-1752; Ivan Zhakov of VisualSVN as the original reporter of CVE-2011-1783; and Kamesh Jayachandran of CollabNet, Inc. as the original reporter of CVE-2011-1921. All Subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. |
RHSA-2011:0871: tigervnc security update (Moderate)oval-com.redhat.rhsa-def-20110871 mediumRHSA-2011:0871 CVE-2011-1775
RHSA-2011:0871: tigervnc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110871 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0871, CVE-2011-1775 |
| Description | Virtual Network Computing (VNC) is a remote display system which allows you to view a computer's desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. It was discovered that vncviewer could prompt for and send authentication credentials to a remote server without first properly validating the server's X.509 certificate. As vncviewer did not indicate that the certificate was bad or missing, a man-in-the-middle attacker could use this flaw to trick a vncviewer client into connecting to a spoofed VNC server, allowing the attacker to obtain the client's credentials. (CVE-2011-1775) All tigervnc users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2011:0885: firefox security and bug fix update (Critical)oval-com.redhat.rhsa-def-20110885 highRHSA-2011:0885 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605
RHSA-2011:0885: firefox security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110885 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0885, CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377, CVE-2011-2605 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled malformed JPEG images. A website containing a malicious JPEG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2377) Multiple dangling pointer flaws were found in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376) An integer overflow flaw was found in the way Firefox handled JavaScript Array objects. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2371) A use-after-free flaw was found in the way Firefox handled malformed JavaScript. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2373) It was found that Firefox could treat two separate cookies as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.18. You can find a link to the Mozilla advisories in the References section of this erratum. This update also fixes the following bug: * With previous versions of Firefox on Red Hat Enterprise Linux 5, the "background-repeat" CSS (Cascading Style Sheets) property did not work (such images were not displayed and repeated as expected). (BZ#698313) All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.18, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2011:0886: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20110886 highRHSA-2011:0886 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605
RHSA-2011:0886: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110886 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0886, CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377, CVE-2011-2605 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2377) Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363) Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376) It was found that Thunderbird could treat two separate cookies (for web content) as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:0887: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20110887 highRHSA-2011:0887 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605
RHSA-2011:0887: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110887 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0887, CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377, CVE-2011-2605 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled malformed JPEG images. An HTML mail message containing a malicious JPEG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2377) Multiple dangling pointer flaws were found in Thunderbird. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363) Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376) An integer overflow flaw was found in the way Thunderbird handled JavaScript Array objects. Malicious content could cause Thunderbird to execute JavaScript with the privileges of the user running Thunderbird. (CVE-2011-2371) A use-after-free flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to execute JavaScript with the privileges of the user running Thunderbird. (CVE-2011-2373) It was found that Thunderbird could treat two separate cookies (for web content) as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:0888: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20110888 highRHSA-2011:0888 CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2375 CVE-2011-2376 CVE-2011-2377 CVE-2011-2605
RHSA-2011:0888: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20110888 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0888, CVE-2011-0083, CVE-2011-0085, CVE-2011-2362, CVE-2011-2363, CVE-2011-2364, CVE-2011-2365, CVE-2011-2371, CVE-2011-2373, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376, CVE-2011-2377, CVE-2011-2605 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled malformed JPEG images. A website containing a malicious JPEG image could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2377) Multiple dangling pointer flaws were found in SeaMonkey. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-0083, CVE-2011-0085, CVE-2011-2363) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2364, CVE-2011-2365, CVE-2011-2374, CVE-2011-2375, CVE-2011-2376) An integer overflow flaw was found in the way SeaMonkey handled JavaScript Array objects. A website containing malicious JavaScript could cause SeaMonkey to execute that JavaScript with the privileges of the user running SeaMonkey. (CVE-2011-2371) A use-after-free flaw was found in the way SeaMonkey handled malformed JavaScript. A website containing malicious JavaScript could cause SeaMonkey to execute that JavaScript with the privileges of the user running SeaMonkey. (CVE-2011-2373) It was found that SeaMonkey could treat two separate cookies as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy and could possibly lead to data being leaked to the wrong domain. (CVE-2011-2362) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2011:0908: ruby security update (Moderate)oval-com.redhat.rhsa-def-20110908 mediumRHSA-2011:0908 CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1005
RHSA-2011:0908: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110908 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0908, CVE-2009-4492, CVE-2010-0541, CVE-2011-0188, CVE-2011-1005 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2011:0909: ruby security update (Moderate)oval-com.redhat.rhsa-def-20110909 mediumRHSA-2011:0909 CVE-2009-4492 CVE-2010-0541 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005
RHSA-2011:0909: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110909 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0909, CVE-2009-4492, CVE-2010-0541, CVE-2011-0188, CVE-2011-1004, CVE-2011-1005 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. (CVE-2011-1004) It was found that WEBrick (the Ruby HTTP server toolkit) did not filter terminal escape sequences from its log files. A remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the WEBrick log files. If a victim viewed the log files with a terminal emulator, it could result in control characters being executed with the privileges of that user. (CVE-2009-4492) A cross-site scripting (XSS) flaw was found in the way WEBrick displayed error pages. A remote attacker could use this flaw to perform a cross-site scripting attack against victims by tricking them into visiting a specially-crafted URL. (CVE-2010-0541) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 and CVE-2010-0541 issues. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2011:0910: ruby security update (Moderate)oval-com.redhat.rhsa-def-20110910 mediumRHSA-2011:0910 CVE-2011-0188 CVE-2011-1004 CVE-2011-1005
RHSA-2011:0910: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110910 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0910, CVE-2011-0188, CVE-2011-1004, CVE-2011-1005 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker could use this flaw to cause memory corruption, causing a Ruby application that uses the BigDecimal class to crash or, possibly, execute arbitrary code. This issue did not affect 32-bit systems. (CVE-2011-0188) A race condition flaw was found in the remove system entries method in the FileUtils module. If a local user ran a Ruby script that uses this method, a local attacker could use this flaw to delete arbitrary files and directories accessible to that user via a symbolic link attack. (CVE-2011-1004) A flaw was found in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2011-1005) Red Hat would like to thank Drew Yao of Apple Product Security for reporting the CVE-2011-0188 issue. All Ruby users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2011:0918: curl security update (Moderate)oval-com.redhat.rhsa-def-20110918 mediumRHSA-2011:0918 CVE-2011-2192
RHSA-2011:0918: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110918 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0918, CVE-2011-2192 |
| Description | cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that cURL always performed credential delegation when authenticating with GSSAPI. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2011-2192) Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. |
RHSA-2011:0919: qemu-kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20110919 highRHSA-2011:0919 CVE-2011-2212 CVE-2011-2512
RHSA-2011:0919: qemu-kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110919 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0919, CVE-2011-2212, CVE-2011-2512 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that the virtio subsystem in qemu-kvm did not properly validate virtqueue in and out requests from the guest. A privileged guest user could use this flaw to trigger a buffer overflow, allowing them to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2011-2212) It was found that the virtio_queue_notify() function in qemu-kvm did not perform sufficient input validation on the value later used as an index into the array of virtqueues. An unprivileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host. (CVE-2011-2512) Red Hat would like to thank Nelson Elhage for reporting CVE-2011-2212. This update also fixes the following bug: * A bug was found in the way vhost (in qemu-kvm) set up mappings with the host kernel's vhost module. This could result in the host kernel's vhost module not having a complete view of a guest system's memory, if that guest had more than 4 GB of memory. Consequently, hot plugging a vhost-net network device and restarting the guest may have resulted in that device no longer working. (BZ#701771) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2011:0920: krb5-appl security update (Important)oval-com.redhat.rhsa-def-20110920 highRHSA-2011:0920 CVE-2011-1526
RHSA-2011:0920: krb5-appl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110920 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0920, CVE-2011-1526 |
| Description | The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. It was found that gssftp, a Kerberos-aware FTP server, did not properly drop privileges. A remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group. (CVE-2011-1526) Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Tim Zingelman as the original reporter. All krb5-appl users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2011:0926: bind security update (Important)oval-com.redhat.rhsa-def-20110926 highRHSA-2011:0926 CVE-2011-2464
RHSA-2011:0926: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110926 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0926, CVE-2011-2464 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS requests. A remote attacker could use this flaw to send a specially-crafted DNS request packet to BIND, causing it to exit unexpectedly due to a failed assertion. (CVE-2011-2464) Users of bind97 on Red Hat Enterprise Linux 5, and bind on Red Hat Enterprise Linux 6, are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2011:0927: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20110927 highRHSA-2011:0927 CVE-2010-4649 CVE-2011-0695 CVE-2011-0711 CVE-2011-1044 CVE-2011-1182 CVE-2011-1573 CVE-2011-1576 CVE-2011-1593 CVE-2011-1745 CVE-2011-1746 CVE-2011-1776 CVE-2011-1936 CVE-2011-2022 CVE-2011-2213 CVE-2011-2492
RHSA-2011:0927: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20110927 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:0927, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4649, Important) * A race condition in the way new InfiniBand connections were set up could allow a remote user to cause a denial of service. (CVE-2011-0695, Important) * A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service if the sysctl "net.sctp.addip_enable" variable was turned on (it is off by default). (CVE-2011-1573, Important) * Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important) * An integer overflow flaw in agp_allocate_memory() could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important) * A flaw allowed napi_reuse_skb() to be called on VLAN (virtual LAN) packets. An attacker on the local network could trigger this flaw by sending specially-crafted packets to a target system, possibly causing a denial of service. (CVE-2011-1576, Moderate) * An integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate) * A flaw in the way the Xen hypervisor implementation handled CPUID instruction emulation during virtual machine exits could allow an unprivileged guest user to crash a guest. This only affects systems that have an Intel x86 processor with the Intel VT-x extension enabled. (CVE-2011-1936, Moderate) * A flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service (infinite loop). (CVE-2011-2213, Moderate) * A missing initialization flaw in the XFS file system implementation could lead to an information leak. (CVE-2011-0711, Low) * A flaw in ib_uverbs_poll_cq() could allow a local, unprivileged user to cause an information leak. (CVE-2011-1044, Low) * A missing validation check was found in the signals implementation. A local, unprivileged user could use this flaw to send signals via the sigqueueinfo system call, with the si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. Note: This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low) * A heap overflow flaw in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing specially-crafted partition tables. (CVE-2011-1776, Low) * Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low) Red Hat would like to thank Jens Kuehnel for reporting CVE-2011-0695; Vasiliy Kulikov for reporting CVE-2011-1745, CVE-2011-2022, and CVE-2011-1746; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Dan Rosenberg for reporting CVE-2011-2213 and CVE-2011-0711; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; and Marek Kroemeke and Filip Palian for reporting CVE-2011-2492. Bug fix documentation will be available shortly from the Technical Notes document linked to in the References. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0928: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20110928 mediumRHSA-2011:0928 CVE-2011-1767 CVE-2011-1768 CVE-2011-2479
RHSA-2011:0928: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110928 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0928, CVE-2011-1767, CVE-2011-1768, CVE-2011-2479 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the receive hook in the ipip_init() function in the ipip module, and in the ipgre_init() function in the ip_gre module, could be called before network namespaces setup is complete. If packets were received at the time the ipip or ip_gre module was still being loaded into the kernel, it could cause a denial of service. (CVE-2011-1767, CVE-2011-1768, Moderate) * It was found that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" would create transparent hugepages and trigger a certain robustness check. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2479, Moderate) This update also fixes various bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to resolve these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:0930: NetworkManager security update (Moderate)oval-com.redhat.rhsa-def-20110930 mediumRHSA-2011:0930 CVE-2011-2176
RHSA-2011:0930: NetworkManager security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110930 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0930, CVE-2011-2176 |
| Description | NetworkManager is a network link manager that attempts to keep a wired or
wireless network connection active at all times.
It was found that NetworkManager did not properly enforce PolicyKit
settings controlling the permissions to configure wireless network sharing.
A local, unprivileged user could use this flaw to bypass intended PolicyKit
restrictions, allowing them to enable wireless network sharing.
(CVE-2011-2176)
Users of NetworkManager should upgrade to these updated packages, which
contain a backported patch to correct this issue. Running instances of
NetworkManager must be restarted ("service NetworkManager restart") for
this update to take effect.
|
RHSA-2011:0953: system-config-firewall security update (Moderate)oval-com.redhat.rhsa-def-20110953 mediumRHSA-2011:0953 CVE-2011-2520
RHSA-2011:0953: system-config-firewall security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110953 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0953, CVE-2011-2520 |
| Description | system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data (via D-Bus) to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-firewall could use this flaw to execute arbitrary code with root privileges, by sending a specially-crafted serialized object. (CVE-2011-2520) Red Hat would like to thank Marco Slaviero of SensePost for reporting this issue. This erratum updates system-config-firewall to use JSON (JavaScript Object Notation) for data exchange, instead of pickle. Therefore, an updated version of system-config-printer that uses this new communication data format is also provided in this erratum. Users of system-config-firewall are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Running instances of system-config-firewall must be restarted before the utility will be able to communicate with its updated back-end. |
RHSA-2011:0959: mutt security update (Moderate)oval-com.redhat.rhsa-def-20110959 mediumRHSA-2011:0959 CVE-2011-1429
RHSA-2011:0959: mutt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110959 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0959, CVE-2011-1429 |
| Description | Mutt is a text-mode mail user agent. A flaw was found in the way Mutt verified SSL certificates. When a server presented an SSL certificate chain, Mutt could ignore a server hostname check failure. A remote attacker able to get a certificate from a trusted Certificate Authority could use this flaw to trick Mutt into accepting a certificate issued for a different hostname, and perform man-in-the-middle attacks against Mutt's SSL connections. (CVE-2011-1429) All Mutt users should upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of Mutt must be restarted for this update to take effect. |
RHSA-2011:0975: sssd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20110975 lowRHSA-2011:0975 CVE-2010-4341
RHSA-2011:0975: sssd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20110975 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:0975, CVE-2010-4341 |
| Description | The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A flaw was found in the SSSD PAM responder that could allow a local attacker to force SSSD to enter an infinite loop via a carefully-crafted packet. With SSSD unresponsive, legitimate users could be denied the ability to log in to the system. (CVE-2010-4341) Red Hat would like to thank Sebastian Krahmer for reporting this issue. These updated sssd packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about these changes: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/sssd.html#RHSA-2011-0975 All sssd users are advised to upgrade to these updated sssd packages, which upgrade SSSD to upstream version 1.5.1 to correct this issue, and fix the bugs and add the enhancements noted in the Technical Notes. |
RHSA-2011:0999: rsync security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20110999 mediumRHSA-2011:0999 CVE-2007-6200
RHSA-2011:0999: rsync security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20110999 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:0999, CVE-2007-6200 |
| Description | rsync is a program for synchronizing files over a network.
A flaw was found in the way the rsync daemon handled the "filter",
"exclude", and "exclude from" options, used for hiding files and preventing
access to them from rsync clients. A remote attacker could use this flaw to
bypass those restrictions by using certain command line options and
symbolic links, allowing the attacker to overwrite those files if they knew
their file names and had write access to them. (CVE-2007-6200)
Note: This issue only affected users running rsync as a writable daemon:
"read only" set to "false" in the rsync configuration file (for example,
"/etc/rsyncd.conf"). By default, this option is set to "true".
This update also fixes the following bugs:
* The rsync package has been upgraded to upstream version 3.0.6, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#339971)
* When running an rsync daemon that was receiving files, a deferred info,
error or log message could have been sent directly to the sender instead of
being handled by the "rwrite()" function in the generator. Also, under
certain circumstances, a deferred info or error message from the receiver
could have bypassed the log file and could have been sent only to the
client process. As a result, an "unexpected tag 3" fatal error could have
been displayed. These problems have been fixed in this update so that an
rsync daemon receiving files now works as expected. (BZ#471182)
* Prior to this update, the rsync daemon called a number of timezone-using
functions after doing a chroot. As a result, certain C libraries were
unable to generate proper timestamps from inside a chrooted daemon. This
bug has been fixed in this update so that the rsync daemon now calls the
respective timezone-using functions prior to doing a chroot, and proper
timestamps are now generated as expected. (BZ#575022)
* When running rsync under a non-root user with the "-A" ("--acls") option
and without using the "--numeric-ids" option, if there was an Access
Control List (ACL) that included a group entry for a group that the
respective user was not a member of on the receiving side, the
"acl_set_file()" function returned an invalid argument value ("EINVAL").
This was caused by rsync mistakenly mapping the group name to the Group ID
"GID_NONE" ("-1"), which failed. The bug has been fixed in this update so
that no invalid argument is returned and rsync works as expected.
(BZ#616093)
* When creating a sparse file that was zero blocks long, the "rsync
--sparse" command did not properly truncate the sparse file at the end of
the copy transaction. As a result, the file size was bigger than expected.
This bug has been fixed in this update by properly truncating the file so
that rsync now copies such files as expected. (BZ#530866)
* Under certain circumstances, when using rsync in daemon mode, rsync
generator instances could have entered an infinitive loop, trying to write
an error message for the receiver to an invalid socket. This problem has
been fixed in this update by adding a new sibling message: when the
receiver is reporting a socket-read error, the generator will notice this
fact and avoid writing an error message down the socket, allowing it to
close down gracefully when the pipe from the receiver closes. (BZ#690148)
* Prior to this update, there were missing deallocations found in the
"start_client()" function. This bug has been fixed in this update and no
longer occurs. (BZ#700450)
All users of rsync are advised to upgrade to this updated package, which
resolves these issues and adds enhancements.
|
RHSA-2011:1000: rgmanager security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20111000 lowRHSA-2011:1000 CVE-2010-3389
RHSA-2011:1000: rgmanager security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111000 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1000, CVE-2010-3389 |
| Description | The rgmanager package contains the Red Hat Resource Group Manager, which provides the ability to create and manage high-availability server applications in the event of system downtime. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library. (CVE-2010-3389) Red Hat would like to thank Raphael Geissert for reporting this issue. This update also fixes the following bugs: * The failover domain "nofailback" option was not honored if a service was in the "starting" state. This bug has been fixed. (BZ#669440) * PID files with white spaces in the file name are now handled correctly. (BZ#632704) * The /usr/sbin/rhev-check.sh script can now be used from within Cron. (BZ#634225) * The clustat utility now reports the correct version. (BZ#654160) * The oracledb.sh agent now attempts to try the "shutdown immediate" command instead of using the "shutdown abort" command. (BZ#633992) * The SAPInstance and SAPDatabase scripts now use proper directory name quoting so they no longer collide with directory names like "/u". (BZ#637154) * The clufindhostname utility now returns the correct value in all cases. (BZ#592613) * The nfsclient resource agent now handles paths with trailing slashes correctly. (BZ#592624) * The last owner of a service is now reported correctly after a failover. (BZ#610483) * The /usr/share/cluster/fs.sh script no longer runs the "quotaoff" command if quotas were not configured. (BZ#637678) * The "listen" line in the /etc/httpd/conf/httpd.conf file generated by the Apache resource agent is now correct. (BZ#675739) * The tomcat-5 resource agent no longer generates incorrect configurations. (BZ#637802) * The time required to stop an NFS resource when the server is unavailable has been reduced. (BZ#678494) * When using exclusive prioritization, a higher priority service now preempts a lower priority service after status check failures. (BZ#680256) * The postgres-8 resource agent now correctly detects failed start operations. (BZ#663827) * The handling of reference counts passed by rgmanager to resource agents now works properly, as expected. (BZ#692771) As well, this update adds the following enhancements: * It is now possible to disable updates to static routes by the IP resource agent. (BZ#620700) * It is now possible to use XFS as a file system within a cluster service. (BZ#661893) * It is now possible to use the "clustat" command as a non-root user, so long as that user is in the "root" group. (BZ#510300) * It is now possible to migrate virtual machines when central processing is enabled. (BZ#525271) * The rgmanager init script will now delay after stopping services in order to allow time for other nodes to restart them. (BZ#619468) * The handling of failed independent subtrees has been corrected. (BZ#711521) All users of Red Hat Resource Group Manager are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. |
RHSA-2011:1005: sysstat security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20111005 lowRHSA-2011:1005 CVE-2007-3852
RHSA-2011:1005: sysstat security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111005 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1005, CVE-2007-3852 |
| Description | The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack. (CVE-2007-3852) This update fixes the following bugs: * On systems under heavy load, the sadc utility would sometimes output the following error message if a write() call was unable to write all of the requested input: "Cannot write data to system activity file: Success." In this updated package, the sadc utility tries to write the remaining input, resolving this issue. (BZ#454617) * On the Itanium architecture, the "sar -I" command provided incorrect information about the interrupt statistics of the system. With this update, the "sar -I" command has been disabled for this architecture, preventing this bug. (BZ#468340) * Previously, the "iostat -n" command used invalid data to create statistics for read and write operations. With this update, the data source for these statistics has been fixed, and the iostat utility now returns correct information. (BZ#484439) * The "sar -d" command used to output invalid data about block devices. With this update, the sar utility recognizes disk registration and disk overflow statistics properly, and only correct and relevant data is now displayed. (BZ#517490) * Previously, the sar utility set the maximum number of days to be logged in one month too high. Consequently, data from a month was appended to data from the preceding month. With this update, the maximum number of days has been set to 25, and data from a month now correctly replaces data from the preceding month. (BZ#578929) * In previous versions of the iostat utility, the number of NFS mount points was hard-coded. Consequently, various issues occurred while iostat was running and NFS mount points were mounted or unmounted; certain values in iostat reports overflowed and some mount points were not reported at all. With this update, iostat properly recognizes when an NFS mount point mounts or unmounts, fixing these issues. (BZ#675058, BZ#706095, BZ#694767) * When a device name was longer than 13 characters, the iostat utility printed a redundant new line character, making its output less readable. This bug has been fixed and now, no extra characters are printed if a long device name occurs in iostat output. (BZ#604637) * Previously, if kernel interrupt counters overflowed, the sar utility provided confusing output. This bug has been fixed and the sum of interrupts is now reported correctly. (BZ#622557) * When some processors were disabled on a multi-processor system, the sar utility sometimes failed to provide information about the CPU activity. With this update, the uptime of a single processor is used to compute the statistics, rather than the total uptime of all processors, and this bug no longer occurs. (BZ#630559) * Previously, the mpstat utility wrongly interpreted data about processors in the system. Consequently, it reported a processor that did not exist. This bug has been fixed and non-existent CPUs are no longer reported by mpstat. (BZ#579409) * Previously, there was no easy way to enable the collection of statistics about disks and interrupts. Now, the SADC_OPTIONS variable can be used to set parameters for the sadc utility, fixing this bug. (BZ#598794) * The read_uptime() function failed to close its open file upon exit. A patch has been provided to fix this bug. (BZ#696672) This update also adds the following enhancement: * With this update, the cifsiostat utility has been added to the sysstat package to provide CIFS (Common Internet File System) mount point I/O statistics. (BZ#591530) All sysstat users are advised to upgrade to this updated package, which contains backported patches to correct these issues and add this enhancement. |
RHSA-2011:1019: libvirt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20111019 mediumRHSA-2011:1019 CVE-2011-2511
RHSA-2011:1019: libvirt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111019 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1019, CVE-2011-2511 |
| Description | The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems.
An integer overflow flaw was found in libvirtd's RPC call handling. An
attacker able to establish read-only connections to libvirtd could trigger
this flaw by calling virDomainGetVcpus() with specially-crafted parameters,
causing libvirtd to crash. (CVE-2011-2511)
This update fixes the following bugs:
* libvirt was rebased from version 0.6.3 to version 0.8.2 in Red Hat
Enterprise Linux 5.6. A code audit found a minor API change that effected
error messages seen by libvirt 0.8.2 clients talking to libvirt 0.7.1 –
0.7.7 (0.7.x) servers. A libvirt 0.7.x server could send
VIR_ERR_BUILD_FIREWALL errors where a libvirt 0.8.2 client expected
VIR_ERR_CONFIG_UNSUPPORTED errors. In other circumstances, a libvirt 0.8.2
client saw a "Timed out during operation" message where it should see an
"Invalid network filter" error. This update adds a backported patch that
allows libvirt 0.8.2 clients to interoperate with the API as used by
libvirt 0.7.x servers, ensuring correct error messages are sent.
(BZ#665075)
* libvirt could crash if the maximum number of open file descriptors
(_SC_OPEN_MAX) grew larger than the FD_SETSIZE value because it accessed
file descriptors outside the bounds of the set. With this update the
maximum number of open file descriptors can no longer grow larger than the
FD_SETSIZE value. (BZ#665549)
* A libvirt race condition was found. An array in the libvirt event
handlers was accessed with a lock temporarily released. In rare cases, if
one thread attempted to access this array but a second thread reallocated
the array before the first thread reacquired a lock, it could lead to the
first thread attempting to access freed memory, potentially causing libvirt
to crash. With this update libvirt no longer refers to the old array and,
consequently, behaves as expected. (BZ#671569)
* Guests connected to a passthrough NIC would kernel panic if a
system_reset signal was sent through the QEMU monitor. With this update you
can reset such guests as expected. (BZ#689880)
* When using the Xen kernel, the rpmbuild command failed on the xencapstest
test. With this update you can run rpmbuild successfully when using the Xen
kernel. (BZ#690459)
* When a disk was hot unplugged, "ret >= 0" was passed to the qemuAuditDisk
calls in disk hotunplug operations before ret was, in fact, set to 0. As
well, the error path jumped to the "cleanup" label prematurely. As a
consequence, hotunplug failures were not audited and hotunplug successes
were audited as failures. This was corrected and hot unplugging checks now
behave as expected. (BZ#710151)
* A conflict existed between filter update locking sequences and virtual
machine startup locking sequences. When a filter update occurred on one or
more virtual machines, a deadlock could consequently occur if a virtual
machine referencing a filter was started. This update changes and makes
more flexible several qemu locking sequences ensuring this deadlock no
longer occurs. (BZ#697749)
* qemudDomainSaveImageStartVM closed some incoming file descriptor (fd)
arguments without informing the caller. The consequent double-closes could
cause Domain restoration failure. This update alters the
qemudDomainSaveImageStartVM signature to prevent the double-closes.
(BZ#681623)
This update also adds the following enhancements:
* The libvirt Xen driver now supports more than one serial port.
(BZ#670789)
* Enabling and disabling the High Precision Event Timer (HPET) in Xen
domains is now possible. (BZ#703193)
All libvirt users should install this update which addresses this
vulnerability, fixes these bugs and adds these enhancements. After
installing the updated packages, libvirtd must be restarted ("service
libvirtd restart") for this update to take effect.
|
RHSA-2011:1065: Red Hat Enterprise Linux 5.7 kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20111065 highRHSA-2011:1065 CVE-2011-1780 CVE-2011-2525 CVE-2011-2689
RHSA-2011:1065: Red Hat Enterprise Linux 5.7 kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111065 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1065, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important) * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service. (CVE-2011-2525, Moderate) * A flaw was found in the way space was allocated in the Linux kernel's Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Note: Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate) These updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Refer to the Red Hat Enterprise Linux 5.7 Technical Notes for information about the most significant bug fixes and enhancements included in this update: https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html/5.7_Technical_Notes/kernel.html#RHSA-2011-1065 All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2011:1073: bash security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20111073 lowRHSA-2011:1073 CVE-2008-5374
RHSA-2011:1073: bash security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111073 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1073, CVE-2008-5374 |
| Description | Bash is the default shell for Red Hat Enterprise Linux. It was found that certain scripts bundled with the Bash documentation created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the scripts. (CVE-2008-5374) This update fixes the following bugs: * When using the source builtin at location ".", occasionally, bash opted to preserve internal consistency and abort scripts. This caused bash to abort scripts that assigned values to read-only variables. This is now fixed to ensure that such scripts are now executed as written and not aborted. (BZ#448508) * When the tab key was pressed for auto-completion options for the typed text, the cursor moved to an unexpected position on a previous line if the prompt contained characters that cannot be viewed and a "\]". This is now fixed to retain the cursor at the expected position at the end of the target line after autocomplete options correctly display. (BZ#463880) * Bash attempted to interpret the NOBITS .dynamic section of the ELF header. This resulted in a "^D: bad ELF interpreter: No such file or directory" message. This is fixed to ensure that the invalid "^D" does not appear in the error message. (BZ#484809) * The $RANDOM variable in Bash carried over values from a previous execution for later jobs. This is fixed and the $RANDOM variable generates a new random number for each use. (BZ#492908) * When Bash ran a shell script with an embedded null character, bash's source builtin parsed the script incorrectly. This is fixed and bash's source builtin correctly parses shell script null characters. (BZ#503701) * The bash manual page for "trap" did not mention that signals ignored upon entry cannot be listed later. The manual page was updated for this update and now specifically notes that "Signals ignored upon entry to the shell cannot be trapped, reset or listed". (BZ#504904) * Bash's readline incorrectly displayed additional text when resizing the terminal window when text spanned more than one line, which caused incorrect display output. This is now fixed to ensure that text in more than one line in a resized window displays as expected. (BZ#525474) * Previously, bash incorrectly displayed "Broken pipe" messages for builtins like "echo" and "printf" when output did not succeed due to EPIPE. This is fixed to ensure that the unnecessary "Broken pipe" messages no longer display. (BZ#546529) * Inserts with the repeat function were not possible after a deletion in vi-mode. This has been corrected and, with this update, the repeat function works as expected after a deletion. (BZ#575076) * In some situations, bash incorrectly appended "/" to files instead of just directories during tab-completion, causing incorrect auto-completions. This is fixed and auto-complete appends "/" only to directories. (BZ#583919) * Bash had a memory leak in the "read" builtin when the number of fields being read was not equal to the number of variables passed as arguments, causing a shell script crash. This is fixed to prevent a memory leak and shell script crash. (BZ#618393) * /usr/share/doc/bash-3.2/loadables in the bash package contained source files which would not build due to missing C header files. With this update, the unusable (and unbuildable) source files were removed from the package. (BZ#663656) This update also adds the following enhancement: * The system-wide "/etc/bash.bash_logout" bash logout file is now enabled. This allows administrators to write system-wide logout actions for all users. (BZ#592979) Users of bash are advised to upgrade to this updated package, which contains backported patches to resolve these issues and add this enhancement. |
RHSA-2011:1083: fuse security update (Moderate)oval-com.redhat.rhsa-def-20111083 mediumRHSA-2011:1083 CVE-2010-3879 CVE-2011-0541 CVE-2011-0542 CVE-2011-0543
RHSA-2011:1083: fuse security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111083 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1083, CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543 |
| Description | FUSE (Filesystem in Userspace) can implement a fully functional file system in a user-space program. These packages provide the mount utility, fusermount, the tool used to mount FUSE file systems. Multiple flaws were found in the way fusermount handled the mounting and unmounting of directories when symbolic links were present. A local user in the fuse group could use these flaws to unmount file systems, which they would otherwise not be able to unmount and that were not mounted using FUSE, via a symbolic link attack. (CVE-2010-3879, CVE-2011-0541, CVE-2011-0542, CVE-2011-0543) Note: The util-linux-ng RHBA-2011:0699 update must also be installed to fully correct the above flaws. All users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:1084: libsndfile security update (Moderate)oval-com.redhat.rhsa-def-20111084 mediumRHSA-2011:1084 CVE-2011-2696
RHSA-2011:1084: libsndfile security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111084 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1084, CVE-2011-2696 |
| Description | The libsndfile packages provide a library for reading and writing sound files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the libsndfile library processed certain Ensoniq PARIS Audio Format (PAF) audio files. An attacker could create a specially-crafted PAF file that, when opened, could cause an application using libsndfile to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2696) Users of libsndfile are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libsndfile must be restarted for the update to take effect. |
RHSA-2011:1085: freetype security update (Important)oval-com.redhat.rhsa-def-20111085 highRHSA-2011:1085 CVE-2011-0226
RHSA-2011:1085: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111085 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1085, CVE-2011-0226 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide the FreeType 2 font engine. A flaw was found in the way the FreeType font rendering engine processed certain PostScript Type 1 fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0226) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2011:1088: systemtap security update (Moderate)oval-com.redhat.rhsa-def-20111088 mediumRHSA-2011:1088 CVE-2011-2502 CVE-2011-2503
RHSA-2011:1088: systemtap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111088 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1088, CVE-2011-2502, CVE-2011-2503 |
| Description | SystemTap is an instrumentation system for systems running the Linux
kernel. The system allows developers to write scripts to collect data on
the operation of the system.
It was found that SystemTap did not perform proper module path sanity
checking if a user specified a custom path to the uprobes module, used
when performing user-space probing ("staprun -u"). A local user who is a
member of the stapusr group could use this flaw to bypass intended
module-loading restrictions, allowing them to escalate their privileges by
loading an arbitrary, unsigned module. (CVE-2011-2502)
A race condition flaw was found in the way the staprun utility performed
module loading. A local user who is a member of the stapusr group could
use this flaw to modify a signed module while it is being loaded,
allowing them to escalate their privileges. (CVE-2011-2503)
SystemTap users should upgrade to these updated packages, which contain
backported patches to correct these issues.
|
RHSA-2011:1089: systemtap security update (Moderate)oval-com.redhat.rhsa-def-20111089 mediumRHSA-2011:1089 CVE-2011-2503
RHSA-2011:1089: systemtap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111089 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1089, CVE-2011-2503 |
| Description | SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. A race condition flaw was found in the way the staprun utility performed module loading. A local user who is a member of the stapusr group could use this flaw to modify a signed module while it is being loaded, allowing them to escalate their privileges. (CVE-2011-2503) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2011:1100: icedtea-web security update (Moderate)oval-com.redhat.rhsa-def-20111100 mediumRHSA-2011:1100 CVE-2011-2513 CVE-2011-2514
RHSA-2011:1100: icedtea-web security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111100 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1100, CVE-2011-2513, CVE-2011-2514 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was discovered in the JNLP (Java Network Launching Protocol) implementation in IcedTea-Web. An unsigned Java Web Start application could use this flaw to manipulate the content of a Security Warning dialog box, to trick a user into granting the application unintended access permissions to local files. (CVE-2011-2514) An information disclosure flaw was discovered in the JNLP implementation in IcedTea-Web. An unsigned Java Web Start application or Java applet could use this flaw to determine the path to the cache directory used to store downloaded Java class and archive files, and therefore determine the user's login name. (CVE-2011-2513) All icedtea-web users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:1102: libsoup security update (Moderate)oval-com.redhat.rhsa-def-20111102 mediumRHSA-2011:1102 CVE-2011-2524
RHSA-2011:1102: libsoup security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111102 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1102, CVE-2011-2524 |
| Description | libsoup is an HTTP client/library implementation for GNOME. A directory traversal flaw was found in libsoup's SoupServer. If an application used SoupServer to implement an HTTP service, a remote attacker who is able to connect to that service could use this flaw to access any local files accessible to that application via a specially-crafted request. (CVE-2011-2524) All users of libsoup should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running applications using libsoup's SoupServer must be restarted for the update to take effect. |
RHSA-2011:1103: libpng security update (Moderate)oval-com.redhat.rhsa-def-20111103 mediumRHSA-2011:1103 CVE-2011-2692
RHSA-2011:1103: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111103 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1103, CVE-2011-2692 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect. |
RHSA-2011:1104: libpng security update (Moderate)oval-com.redhat.rhsa-def-20111104 mediumRHSA-2011:1104 CVE-2011-2690 CVE-2011-2692
RHSA-2011:1104: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111104 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1104, CVE-2011-2690, CVE-2011-2692 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng must be restarted for the update to take effect. |
RHSA-2011:1105: libpng security update (Moderate)oval-com.redhat.rhsa-def-20111105 mediumRHSA-2011:1105 CVE-2011-2501 CVE-2011-2690 CVE-2011-2692
RHSA-2011:1105: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111105 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1105, CVE-2011-2501, CVE-2011-2690, CVE-2011-2692 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A buffer overflow flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2690) Note: The application behavior required to exploit CVE-2011-2690 is rarely used. No application shipped with Red Hat Enterprise Linux behaves this way, for example. An out-of-bounds memory read flaw was found in the way libpng processed certain PNG image files. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2501) An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash. (CVE-2011-2692) Users of libpng should upgrade to these updated packages, which upgrade libpng to version 1.2.46 to correct these issues. All running applications using libpng must be restarted for the update to take effect. |
RHSA-2011:1109: foomatic security update (Moderate)oval-com.redhat.rhsa-def-20111109 mediumRHSA-2011:1109 CVE-2011-2697
RHSA-2011:1109: foomatic security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111109 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1109, CVE-2011-2697 |
| Description | Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in Perl. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the "lp" user. (CVE-2011-2697) All foomatic users should upgrade to this updated package, which contains a backported patch to resolve this issue. |
RHSA-2011:1110: foomatic security update (Moderate)oval-com.redhat.rhsa-def-20111110 mediumRHSA-2011:1110 CVE-2011-2964
RHSA-2011:1110: foomatic security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111110 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1110, CVE-2011-2964 |
| Description | Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. foomatic-rip is a print filter written in C. An input sanitization flaw was found in the foomatic-rip print filter. An attacker could submit a print job with the username, title, or job options set to appear as a command line option that caused the filter to use a specified PostScript printer description (PPD) file, rather than the administrator-set one. This could lead to arbitrary code execution with the privileges of the "lp" user. (CVE-2011-2964) All foomatic users should upgrade to this updated package, which contains a backported patch to resolve this issue. |
RHSA-2011:1132: dbus security update (Moderate)oval-com.redhat.rhsa-def-20111132 mediumRHSA-2011:1132 CVE-2011-2200
RHSA-2011:1132: dbus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111132 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1132, CVE-2011-2200 |
| Description | D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. A denial of service flaw was found in the way the D-Bus library handled endianness conversion when receiving messages. A local user could use this flaw to send a specially-crafted message to dbus-daemon or to a service using the bus, such as Avahi or NetworkManager, possibly causing the daemon to exit or the service to disconnect from the bus. (CVE-2011-2200) All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. |
RHSA-2011:1154: libXfont security update (Important)oval-com.redhat.rhsa-def-20111154 highRHSA-2011:1154 CVE-2011-2895
RHSA-2011:1154: libXfont security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111154 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1154, CVE-2011-2895 |
| Description | The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2011-2895) Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. |
RHSA-2011:1155: xorg-x11 security update (Important)oval-com.redhat.rhsa-def-20111155 highRHSA-2011:1155 CVE-2011-2895
RHSA-2011:1155: xorg-x11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111155 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1155, CVE-2011-2895 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. These xorg-x11 packages also provide the X.Org libXfont runtime library. A buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2011-2895) Users of xorg-x11 should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. |
RHSA-2011:1160: dhcp security update (Moderate)oval-com.redhat.rhsa-def-20111160 mediumRHSA-2011:1160 CVE-2011-2748 CVE-2011-2749
RHSA-2011:1160: dhcp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111160 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1160, CVE-2011-2748, CVE-2011-2749 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. Two denial of service flaws were found in the way the dhcpd daemon handled certain incomplete request packets. A remote attacker could use these flaws to crash dhcpd via a specially-crafted request. (CVE-2011-2748, CVE-2011-2749) Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing this update, all DHCP servers will be restarted automatically. |
RHSA-2011:1161: freetype security update (Moderate)oval-com.redhat.rhsa-def-20111161 mediumRHSA-2011:1161 CVE-2011-2895
RHSA-2011:1161: freetype security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111161 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1161, CVE-2011-2895 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. These packages provide both the FreeType 1 and FreeType 2 font engines. A buffer overflow flaw was found in the way the FreeType library handled malformed font files compressed using UNIX compress. If a user loaded a specially-crafted compressed font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-2895) Note: This issue only affects the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2011:1163: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20111163 highRHSA-2011:1163 CVE-2011-1780 CVE-2011-2525
RHSA-2011:1163: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1163, CVE-2011-1780, CVE-2011-2525 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update includes backported fixes for two security issues. These issues only affected users of Red Hat Enterprise Linux 5.6 Extended Update Support, as they have already been addressed for users of Red Hat Enterprise Linux 5 in the 5.7 update, RHSA-2011:1065. This update fixes the following security issues: * A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one that caused the virtual machine to exit. An unprivileged guest user could trigger this flaw to crash the host. This only affects systems with both an AMD x86 processor and the AMD Virtualization (AMD-V) extensions enabled. (CVE-2011-1780, Important) * A flaw allowed the tc_fill_qdisc() function in the Linux kernel's packet scheduler API implementation to be called on built-in qdisc structures. A local, unprivileged user could use this flaw to trigger a NULL pointer dereference, resulting in a denial of service. (CVE-2011-2525, Moderate) This update also fixes the following bugs: * A bug was found in the way the x86_emulate() function handled the IMUL instruction in the Xen hypervisor. On systems without support for hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), this bug could cause fully-virtualized guests to crash or lead to silent memory corruption. In reported cases, this issue occurred when booting fully-virtualized Red Hat Enterprise Linux 6.1 guests with memory cgroups enabled. (BZ#712884) * A bug in the way the ibmvscsi driver handled interrupts may have prevented automatic path recovery for multipath devices. This bug only affected 64-bit PowerPC systems. (BZ#720929) * The RHSA-2009:1243 update introduced a regression in the way file locking on NFS (Network File System) was handled. This caused applications to hang if they made a lock request on a file on an NFS version 2 or 3 file system that was mounted with the "sec=krb5" option. With this update, the original behavior of using mixed RPC authentication flavors for NFS and locking requests has been restored. (BZ#722854) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect. |
RHSA-2011:1164: firefox security update (Critical)oval-com.redhat.rhsa-def-20111164 highRHSA-2011:1164 CVE-2011-0084 CVE-2011-2378 CVE-2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984
RHSA-2011:1164: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1164, CVE-2011-0084, CVE-2011-2378, CVE-2011-2981, CVE-2011-2982, CVE-2011-2983, CVE-2011-2984 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2982) A dangling pointer flaw was found in the Firefox Scalable Vector Graphics (SVG) text manipulation routine. A web page containing a malicious SVG image could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-0084) A dangling pointer flaw was found in the way Firefox handled a certain Document Object Model (DOM) element. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2378) A flaw was found in the event management code in Firefox. A website containing malicious JavaScript could cause Firefox to execute that JavaScript with the privileges of the user running Firefox. (CVE-2011-2981) A flaw was found in the way Firefox handled malformed JavaScript. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2983) It was found that a malicious web page could execute arbitrary code with the privileges of the user running Firefox if the user dropped a tab onto the malicious web page. (CVE-2011-2984) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.20. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.20, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2011:1165: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20111165 highRHSA-2011:1165 CVE-2011-2982 CVE-2011-2983
RHSA-2011:1165: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111165 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1165, CVE-2011-2982, CVE-2011-2983 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2983) Note: This update disables support for Scalable Vector Graphics (SVG) images in Thunderbird on Red Hat Enterprise Linux 5. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:1166: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20111166 highRHSA-2011:1166 CVE-2011-0084 CVE-2011-2378 CVE-2011-2982
RHSA-2011:1166: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111166 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1166, CVE-2011-0084, CVE-2011-2378, CVE-2011-2982 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2982) A dangling pointer flaw was found in the Thunderbird Scalable Vector Graphics (SVG) text manipulation routine. An HTML mail message containing a malicious SVG image could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-0084) A dangling pointer flaw was found in the way Thunderbird handled a certain Document Object Model (DOM) element. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2378) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:1167: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20111167 highRHSA-2011:1167 CVE-2011-2982 CVE-2011-2983
RHSA-2011:1167: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111167 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1167, CVE-2011-2982, CVE-2011-2983 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2982) A flaw was found in the way SeaMonkey handled malformed JavaScript. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2983) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2011:1187: dovecot security update (Moderate)oval-com.redhat.rhsa-def-20111187 mediumRHSA-2011:1187 CVE-2011-1929
RHSA-2011:1187: dovecot security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111187 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1187, CVE-2011-1929 |
| Description | Dovecot is an IMAP server for Linux, UNIX, and similar operating systems, primarily written with security in mind. A denial of service flaw was found in the way Dovecot handled NULL characters in certain header names. A mail message with specially-crafted headers could cause the Dovecot child process handling the target user's connection to crash, blocking them from downloading the message successfully and possibly leading to the corruption of their mailbox. (CVE-2011-1929) Users of dovecot are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the dovecot service will be restarted automatically. |
RHSA-2011:1189: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20111189 highRHSA-2011:1189 CVE-2011-1182 CVE-2011-1576 CVE-2011-1593 CVE-2011-1776 CVE-2011-1898 CVE-2011-2183 CVE-2011-2213 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2497 CVE-2011-2517 CVE-2011-2689 CVE-2011-2695
RHSA-2011:1189: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111189 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1189, CVE-2011-1182, CVE-2011-1576, CVE-2011-1593, CVE-2011-1776, CVE-2011-1898, CVE-2011-2183, CVE-2011-2213, CVE-2011-2491, CVE-2011-2492, CVE-2011-2495, CVE-2011-2497, CVE-2011-2517, CVE-2011-2689, CVE-2011-2695 |
| Description | Security issues: * Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important) * Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially-crafted request to a target system via Bluetooth. (CVE-2011-2497, Important) * Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. (CVE-2011-1576, Moderate) * Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate) * Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate) * Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2213, Moderate) * Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate) * Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low) * Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low) * Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low) * /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low) Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491; Dan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495. |
RHSA-2011:1196: system-config-printer security update (Moderate)oval-com.redhat.rhsa-def-20111196 mediumRHSA-2011:1196 CVE-2011-2899
RHSA-2011:1196: system-config-printer security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111196 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1196, CVE-2011-2899 |
| Description | system-config-printer is a print queue configuration tool with a graphical user interface. It was found that system-config-printer did not properly sanitize NetBIOS and workgroup names when searching for network printers. A remote attacker could use this flaw to execute arbitrary code with the privileges of the user running system-config-printer. (CVE-2011-2899) All users of system-config-printer are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Running instances of system-config-printer must be restarted for this update to take effect. |
RHSA-2011:1197: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20111197 mediumRHSA-2011:1197 CVE-2011-2511
RHSA-2011:1197: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1197, CVE-2011-2511 |
| Description | The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remotely managing virtualized systems.
An integer overflow flaw was found in libvirtd's RPC call handling. An
attacker able to establish read-only connections to libvirtd could trigger
this flaw by calling virDomainGetVcpus() with specially-crafted parameters,
causing libvirtd to crash. (CVE-2011-2511)
This update also fixes the following bugs:
* Previously, when the "virsh vol-create-from" command was run on an LVM
(Logical Volume Manager) storage pool, performance of the command was very
low and the operation consumed an excessive amount of time. This bug has
been fixed in the virStorageVolCreateXMLFrom() function, and the
performance problem of the command no longer occurs.
* Due to a regression, libvirt used undocumented command line options,
instead of the recommended ones. Consequently, the qemu-img utility used an
invalid argument while creating an encrypted volume, and the process
eventually failed. With this update, the bug in the backing format of the
storage back end has been fixed, and encrypted volumes can now be created
as expected. (BZ#726617)
* Due to a bug in the qemuAuditDisk() function, hot unplug failures were
never audited, and a hot unplug success was audited as a failure. This bug
has been fixed, and auditing of disk hot unplug operations now works as
expected. (BZ#728516)
* Previously, when a debug process was being activated, the act of
preparing a debug message ended up with dereferencing a UUID (universally
unique identifier) prior to the NULL argument check. Consequently, an API
running the debug process sometimes terminated with a segmentation fault.
With this update, a patch has been provided to address this issue, and the
crashes no longer occur in the described scenario. (BZ#728546)
* The libvirt library uses the "boot=on" option to mark which disk is
bootable but it only uses that option if Qemu advertises its support. The
qemu-kvm utility in Red Hat Enterprise Linux 6.1 removed support for that
option and libvirt could not use it. As a consequence, when an IDE disk was
added as the second storage with a virtio disk being set up as the first
one by default, the operating system tried to boot from the IDE disk rather
than the virtio disk and either failed to boot with the "No bootable disk"
error message returned, or the system booted whatever operating system was
on the IDE disk. With this update, the boot configuration is translated
into bootindex, which provides control over which device is used for
booting a guest operating system, thus fixing this bug.
All users of libvirt are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, libvirtd must be restarted ("service libvirtd
restart") for this update to take effect.
|
RHSA-2011:1212: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20111212 highRHSA-2011:1212 CVE-2011-2482 CVE-2011-2491 CVE-2011-2495 CVE-2011-2517 CVE-2011-2519 CVE-2011-2901
RHSA-2011:1212: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111212 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1212, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A NULL pointer dereference flaw was found in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. A remote attacker could send a specially-crafted SCTP packet to a target system, resulting in a denial of service. (CVE-2011-2482, Important) * A flaw in the Linux kernel's client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * Buffer overflow flaws in the Linux kernel's netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate) * An off-by-one flaw was found in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems. A privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2901, Moderate) * /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low) Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:1219: samba security update (Moderate)oval-com.redhat.rhsa-def-20111219 mediumRHSA-2011:1219 CVE-2010-0547 CVE-2010-0787 CVE-2011-1678 CVE-2011-2522 CVE-2011-2694 CVE-2011-3585
RHSA-2011:1219: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111219 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1219, CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694, CVE-2011-3585 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. (CVE-2011-2694) It was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522) A race condition flaw was found in the way the mount.cifs tool mounted CIFS (Common Internet File System) shares. If mount.cifs had the setuid bit set, a local attacker could conduct a symbolic link attack to trick mount.cifs into mounting a share over an arbitrary directory they were otherwise not allowed to mount to, possibly allowing them to escalate their privileges. (CVE-2010-0787) It was found that the mount.cifs tool did not properly handle share or directory names containing a newline character. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab (mounted file systems table) file via a specially-crafted CIFS share mount request. (CVE-2010-0547) It was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678) Note: mount.cifs from the samba packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. Red Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522; the Debian Security Team for reporting CVE-2010-0787; and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694; Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522; and the Debian Security Team acknowledges Ronald Volgers as the original reporter of CVE-2010-0787. Users of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2011:1220: samba3x security update (Moderate)oval-com.redhat.rhsa-def-20111220 mediumRHSA-2011:1220 CVE-2011-1678 CVE-2011-2522 CVE-2011-2694 CVE-2011-2724
RHSA-2011:1220: samba3x security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111220 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1220, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694, CVE-2011-2724 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. A cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's SWAT session. (CVE-2011-2694) It was found that SWAT web pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, the attacker could perform Samba configuration changes with the privileges of the logged in user. (CVE-2011-2522) It was found that the fix for CVE-2010-0547, provided by the Samba rebase in RHBA-2011:0054, was incomplete. The mount.cifs tool did not properly handle share or directory names containing a newline character, allowing a local attacker to corrupt the mtab (mounted file systems table) file via a specially-crafted CIFS (Common Internet File System) share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724) It was found that the mount.cifs tool did not handle certain errors correctly when updating the mtab file. If mount.cifs had the setuid bit set, a local attacker could corrupt the mtab file by setting a small file size limit before running mount.cifs. (CVE-2011-1678) Note: mount.cifs from the samba3x packages distributed by Red Hat does not have the setuid bit set. We recommend that administrators do not manually set the setuid bit for mount.cifs. Red Hat would like to thank the Samba project for reporting CVE-2011-2694 and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter of CVE-2011-2522. Users of Samba are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2011:1221: samba and cifs-utils security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20111221 mediumRHSA-2011:1221 CVE-2011-1678 CVE-2011-2522 CVE-2011-2694 CVE-2011-2724 CVE-2011-3585
RHSA-2011:1221: samba and cifs-utils security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111221 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1221, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694, CVE-2011-2724, CVE-2011-3585 |
| Description | Samba is a suite of programs used by machines to share files, printers, and
other information. The cifs-utils package contains utilities for mounting
and managing CIFS (Common Internet File System) shares.
A cross-site scripting (XSS) flaw was found in the password change page of
the Samba Web Administration Tool (SWAT). If a remote attacker could trick
a user, who was logged into the SWAT interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's SWAT session. (CVE-2011-2694)
It was found that SWAT web pages did not protect against Cross-Site
Request Forgery (CSRF) attacks. If a remote attacker could trick a user,
who was logged into the SWAT interface, into visiting a specially-crafted
URL, the attacker could perform Samba configuration changes with the
privileges of the logged in user. (CVE-2011-2522)
It was found that the fix for CVE-2010-0547, provided in the cifs-utils
package included in the GA release of Red Hat Enterprise Linux 6, was
incomplete. The mount.cifs tool did not properly handle share or directory
names containing a newline character, allowing a local attacker to corrupt
the mtab (mounted file systems table) file via a specially-crafted CIFS
share mount request, if mount.cifs had the setuid bit set. (CVE-2011-2724)
It was found that the mount.cifs tool did not handle certain errors
correctly when updating the mtab file. If mount.cifs had the setuid bit
set, a local attacker could corrupt the mtab file by setting a small file
size limit before running mount.cifs. (CVE-2011-1678)
Note: mount.cifs from the cifs-utils package distributed by Red Hat does
not have the setuid bit set. We recommend that administrators do not
manually set the setuid bit for mount.cifs.
Red Hat would like to thank the Samba project for reporting CVE-2011-2694
and CVE-2011-2522, and Dan Rosenberg for reporting CVE-2011-1678. Upstream
acknowledges Nobuhiro Tsuji of NTT DATA Security Corporation as the
original reporter of CVE-2011-2694, and Yoshihiro Ishikawa of LAC Co., Ltd.
as the original reporter of CVE-2011-2522.
This update also fixes the following bug:
* If plain text passwords were used ("encrypt passwords = no" in
"/etc/samba/smb.conf"), Samba clients running the Windows XP or Windows
Server 2003 operating system may not have been able to access Samba shares
after installing the Microsoft Security Bulletin MS11-043. This update
corrects this issue, allowing such clients to use plain text passwords to
access Samba shares. (BZ#728517)
Users of samba and cifs-utils are advised to upgrade to these updated
packages, which contain backported patches to resolve these issues. After
installing this update, the smb service will be restarted automatically.
|
RHSA-2011:1240: Red Hat Enterprise Linux 4 - 6-Month End Of Life Notice (Low)oval-com.redhat.rhsa-def-20111240 lowRHSA-2011:1240
RHSA-2011:1240: Red Hat Enterprise Linux 4 - 6-Month End Of Life Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111240 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1240 |
| Description | In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life-cycle of Red Hat Enterprise Linux 4 will end on February 29, 2012. After this date, Red Hat will discontinue the regular subscription services for Red Hat Enterprise Linux 4. Therefore, new bug fix, enhancement, and security errata updates, as well as technical support services will no longer be available for the following products: * Red Hat Enterprise Linux AS 4 * Red Hat Enterprise Linux ES 4 * Red Hat Enterprise Linux WS 4 * Red Hat Enterprise Linux Extras 4 * Red Hat Desktop 4 * Red Hat Global File System 4 * Red Hat Cluster Suite 4 Customers still running production workloads on Red Hat Enterprise Linux 4 are advised to begin planning the upgrade to Red Hat Enterprise Linux 5 or 6. Active subscribers of Red Hat Enterprise Linux already have access to all currently maintained versions of Red Hat Enterprise Linux, as part of their subscription without additional fees. For customers who are unable to migrate off Red Hat Enterprise Linux 4 before its end-of-life date, Red Hat intends to offer a limited, optional extension program. For more information, contact your Red Hat sales representative or channel partner. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ |
RHSA-2011:1241: ecryptfs-utils security update (Moderate)oval-com.redhat.rhsa-def-20111241 mediumRHSA-2011:1241 CVE-2011-1831 CVE-2011-1832 CVE-2011-1834 CVE-2011-1835 CVE-2011-1837 CVE-2011-3145
RHSA-2011:1241: ecryptfs-utils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111241 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1241, CVE-2011-1831, CVE-2011-1832, CVE-2011-1834, CVE-2011-1835, CVE-2011-1837, CVE-2011-3145 |
| Description | eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the "ecryptfs" group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory. (CVE-2011-1831) A race condition flaw in umount.ecryptfs_private could allow a local attacker to unmount an arbitrary file system. (CVE-2011-1832) It was found that mount.ecryptfs_private did not handle certain errors correctly when updating the mtab (mounted file systems table) file, allowing a local attacker to corrupt the mtab file and possibly unmount an arbitrary file system. (CVE-2011-1834) An insecure temporary file use flaw was found in the ecryptfs-setup-private script. A local attacker could use this script to insert their own key that will subsequently be used by a new user, possibly giving the attacker access to the user's encrypted data if existing file permissions allow access. (CVE-2011-1835) A race condition flaw in mount.ecryptfs_private could allow a local attacker to overwrite arbitrary files. (CVE-2011-1837) A race condition flaw in the way temporary files were accessed in mount.ecryptfs_private could allow a malicious, local user to make arbitrary modifications to the mtab file. (CVE-2011-3145) A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of the directory to mount. A local attacker could use this flaw to mount (and then access) a directory they would otherwise not have access to. Note: The fix for this issue is incomplete until a kernel-space change is made. Future Red Hat Enterprise Linux 5 and 6 kernel updates will correct this issue. (CVE-2011-1833) Red Hat would like to thank the Ubuntu Security Team for reporting these issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1831, CVE-2011-1832, and CVE-2011-1833; Dan Rosenberg and Marc Deslauriers as the original reporters of CVE-2011-1834; Marc Deslauriers as the original reporter of CVE-2011-1835; and Vasiliy Kulikov of Openwall as the original reporter of CVE-2011-1837. Users of ecryptfs-utils are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:1245: httpd security update (Important)oval-com.redhat.rhsa-def-20111245 highRHSA-2011:1245 CVE-2011-3192
RHSA-2011:1245: httpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111245 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1245, CVE-2011-3192 |
| Description | The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2011:1247: rsyslog security update (Moderate)oval-com.redhat.rhsa-def-20111247 mediumRHSA-2011:1247 CVE-2011-3200
RHSA-2011:1247: rsyslog security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111247 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1247, CVE-2011-3200 |
| Description | The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A two byte buffer overflow flaw was found in the rsyslog daemon's parseLegacySyslogMsg function. An attacker able to submit log messages to rsyslogd could use this flaw to crash the daemon. (CVE-2011-3200) All rsyslog users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the rsyslog daemon will be restarted automatically. |
RHSA-2011:1248: ca-certificates security update (Important)oval-com.redhat.rhsa-def-20111248 highRHSA-2011:1248
RHSA-2011:1248: ca-certificates security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111248 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1248 |
| Description | This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure (PKI). It was found that a Certificate Authority (CA) issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed by that CA as untrusted. (BZ#734381) All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect. |
RHSA-2011:1264: gstreamer-plugins security update (Important)oval-com.redhat.rhsa-def-20111264 highRHSA-2011:1264 CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915
RHSA-2011:1264: gstreamer-plugins security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111264 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1264, CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915 |
| Description | The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect. |
RHSA-2011:1289: librsvg2 security update (Moderate)oval-com.redhat.rhsa-def-20111289 mediumRHSA-2011:1289 CVE-2011-3146
RHSA-2011:1289: librsvg2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111289 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1289, CVE-2011-3146 |
| Description | The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. A flaw was found in the way librsvg2 parsed certain SVG files. An attacker could create a specially-crafted SVG file that, when opened, would cause applications that use librsvg2 (such as Eye of GNOME) to crash or, potentially, execute arbitrary code. (CVE-2011-3146) Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter. All librsvg2 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect. |
RHSA-2011:1293: squid security update (Moderate)oval-com.redhat.rhsa-def-20111293 mediumRHSA-2011:1293 CVE-2011-3205
RHSA-2011:1293: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111293 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1293, CVE-2011-3205 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A buffer overflow flaw was found in the way Squid parsed replies from remote Gopher servers. A remote user allowed to send Gopher requests to a Squid proxy could possibly use this flaw to cause the squid child process to crash or execute arbitrary code with the privileges of the squid user, by making Squid perform a request to an attacker-controlled Gopher server. (CVE-2011-3205) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. |
RHSA-2011:1294: httpd security update (Important)oval-com.redhat.rhsa-def-20111294 highRHSA-2011:1294 CVE-2011-3192
RHSA-2011:1294: httpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111294 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1294, CVE-2011-3192 |
| Description | The Apache HTTP Server is a popular web server. A flaw was found in the way the Apache HTTP Server handled Range HTTP headers. A remote attacker could use this flaw to cause httpd to use an excessive amount of memory and CPU time via HTTP requests with a specially-crafted Range header. (CVE-2011-3192) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2011:1317: cyrus-imapd security update (Important)oval-com.redhat.rhsa-def-20111317 highRHSA-2011:1317 CVE-2011-3208
RHSA-2011:1317: cyrus-imapd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111317 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1317, CVE-2011-3208 |
| Description | The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. A buffer overflow flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to crash the nntpd child process or, possibly, execute arbitrary code with the privileges of the cyrus user. (CVE-2011-3208) Red Hat would like to thank Greg Banks for reporting this issue. Users of cyrus-imapd are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, cyrus-imapd will be restarted automatically. |
RHSA-2011:1321: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20111321 mediumRHSA-2011:1321 CVE-2011-2723
RHSA-2011:1321: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111321 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1321, CVE-2011-2723 |
| Description | The kernel packages contain the Linux kernel. Security fix: * A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. (CVE-2011-2723, Moderate) Red Hat would like to thank Brent Meshier for reporting this issue. Bug fixes: * When reading a file from a subdirectory in /proc/bus/pci/ while hot-unplugging the device related to that file, the system will crash. Now, the kernel correctly handles the simultaneous removal of a device and access to the representation of that device in the proc file system. (BZ#713454) * RHSA-2011:0017 introduced a regression: Non-disk SCSI devices (except for tape drives) such as enclosure or CD-ROM devices were hidden when attached to a SAS based RAID controller that uses the megaraid_sas driver. With this update, such devices are accessible, as expected. (BZ#726487) * The fix for CVE-2010-3432 provided in RHSA-2011:0004 introduced a regression: Information in sctp_packet_config(), which was called before appending data chunks to a packet, was not reset, causing considerably poor SCTP (Stream Control Transmission Protocol) performance. With this update, the packet information is reset after transmission. (BZ#727591) * Certain systems do not correctly set the ACPI FADT APIC mode bit. They set the bit to "cluster" mode instead of "physical" mode which caused these systems to boot without the TSC (Time Stamp Counter). With this update, the ACPI FADT check has been removed due to its unreliability. (BZ#728162) * Performance when invalidating and rereading cached data as a glock moves around the cluster with GFS2 is improved. (BZ#729082) * Performance issues occurred when multiple nodes attempted to call mmap() on the same inode at the same time on a GFS2 file system, as it was using an exclusive glock. With this update, a shared lock is used when "noatime" is set on the mount, allowing mmap() operations to occur in parallel, fixing this bug. Note that this issue only refers to mmap() system calls, and not to subsequent page faults. (BZ#729090) * Some of the functions in the GFS2 file system were not reserving enough space for the resource group header in a transaction and for resource groups bit blocks that get added when a memory allocation is performed. That resulted in failed write and allocation operations. With this update, GFS2 makes sure to reserve space in the described scenario, using the new gfs2_rg_blocks() inline function. (BZ#729092) * When GFS2 grew the file system, it never reread the rindex file during the grow. This is necessary for large grows when the file system is almost full, and GFS2 needs to use some of the space allocated earlier in the grow to complete it. Now, if GFS2 fails to reserve the necessary space and the rindex data is not up-to-date, it rereads it. (BZ#729094) * Previously, when the Xen hypervisor split a 2 MB page into 4 KB pages, it linked the new page from PDE (Page Directory Entry) before it filled entries of the page with appropriate data. Consequently, when doing a live migration with EPT (Extended Page Tables) enabled on a non-idle guest running with more than two virtual CPUs, the guest often terminated unexpectedly. With this update, the Xen hypervisor prepares the page table entry first, and then links it in. (BZ#730684) * Changes made to TSC as a clock source for IRQs caused virtual machines running under the VMware ESX or ESXi hypervisors to become unresponsive during the initial kernel boot process. With this update, the enable_tsc_timer flag enables the do_timer_tsc_timekeeping() function to be called in the do_timer_interrupt_hook() function, preventing a deadlock in the timer interrupt handler. (BZ#730688) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2011:1323: qt security update (Moderate)oval-com.redhat.rhsa-def-20111323 mediumRHSA-2011:1323 CVE-2011-3193 CVE-2011-3194
RHSA-2011:1323: qt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111323 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1323, CVE-2011-3193, CVE-2011-3194 |
| Description | Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3194) Users of Qt should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt libraries must be restarted for this update to take effect. |
RHSA-2011:1324: qt4 security update (Moderate)oval-com.redhat.rhsa-def-20111324 mediumRHSA-2011:1324 CVE-2007-0242 CVE-2011-3193
RHSA-2011:1324: qt4 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111324 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1324, CVE-2007-0242, CVE-2011-3193 |
| Description | Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially-crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect. |
RHSA-2011:1325: evolution28-pango security update (Moderate)oval-com.redhat.rhsa-def-20111325 mediumRHSA-2011:1325 CVE-2011-3193
RHSA-2011:1325: evolution28-pango security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111325 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1325, CVE-2011-3193 |
| Description | Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of evolution28-pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. |
RHSA-2011:1326: pango security update (Moderate)oval-com.redhat.rhsa-def-20111326 mediumRHSA-2011:1326 CVE-2011-3193
RHSA-2011:1326: pango security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111326 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1326, CVE-2011-3193 |
| Description | Pango is a library used for the layout and rendering of internationalized text. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in Pango. If a user loaded a specially-crafted font file with an application that uses Pango, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of pango are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, you must restart your system or restart the X server for the update to take effect. |
RHSA-2011:1327: frysk security update (Moderate)oval-com.redhat.rhsa-def-20111327 mediumRHSA-2011:1327 CVE-2011-3193
RHSA-2011:1327: frysk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111327 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1327, CVE-2011-3193 |
| Description | frysk is an execution-analysis technology implemented using native Java and C++. It provides developers and system administrators with the ability to examine and analyze multi-host, multi-process, and multithreaded systems while they are running. frysk is released as a Technology Preview for Red Hat Enterprise Linux 4. A buffer overflow flaw was found in HarfBuzz, an OpenType text shaping engine used in the embedded Pango library. If a frysk application were used to debug or trace a process that uses HarfBuzz while it loaded a specially-crafted font file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of frysk are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running frysk applications must be restarted for this update to take effect. |
RHSA-2011:1328: qt security update (Moderate)oval-com.redhat.rhsa-def-20111328 mediumRHSA-2011:1328 CVE-2011-3193 CVE-2011-3194
RHSA-2011:1328: qt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111328 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1328, CVE-2011-3193, CVE-2011-3194 |
| Description | Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) A buffer overflow flaw was found in the way Qt handled certain gray-scale image files. If a user loaded a specially-crafted gray-scale image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3194) Users of Qt should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt libraries must be restarted for this update to take effect. |
RHSA-2011:1338: NetworkManager security update (Moderate)oval-com.redhat.rhsa-def-20111338 mediumRHSA-2011:1338 CVE-2011-3364
RHSA-2011:1338: NetworkManager security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111338 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1338, CVE-2011-3364 |
| Description | NetworkManager is a network link manager that attempts to keep a wired or
wireless network connection active at all times. The ifcfg-rh
NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to
read and write configuration information from the
/etc/sysconfig/network-scripts/ifcfg-* files.
An input sanitization flaw was found in the way the ifcfg-rh NetworkManager
plug-in escaped network connection names containing special characters. If
PolicyKit was configured to allow local, unprivileged users to create and
save new network connections, they could create a connection with a
specially-crafted name, leading to the escalation of their privileges.
Note: By default, PolicyKit prevents unprivileged users from creating and
saving network connections. (CVE-2011-3364)
Red Hat would like to thank Matt McCutchen for reporting this issue.
Users of NetworkManager should upgrade to these updated packages, which
contain a backported patch to correct this issue. Running instances of
NetworkManager must be restarted ("service NetworkManager restart") for
this update to take effect.
|
RHSA-2011:1341: firefox security update (Critical)oval-com.redhat.rhsa-def-20111341 highRHSA-2011:1341 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000
RHSA-2011:1341: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111341 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1341, CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2995) A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content. (CVE-2011-2372) A flaw was found in the way Firefox handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Firefox now treats two copies of the Location, Content-Length, or Content-Disposition header as an error condition. (CVE-2011-3000) A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way Firefox handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause Firefox to access already freed memory, causing Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-2998) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.23. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.23, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2011:1342: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20111342 highRHSA-2011:1342 CVE-2011-2372 CVE-2011-2995 CVE-2011-2998 CVE-2011-2999 CVE-2011-3000
RHSA-2011:1342: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111342 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1342, CVE-2011-2372, CVE-2011-2995, CVE-2011-2998, CVE-2011-2999, CVE-2011-3000 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2995) A flaw was found in the way Thunderbird processed the "Enter" keypress event. A malicious HTML mail message could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the mail client to open malicious web content. (CVE-2011-2372) A flaw was found in the way Thunderbird handled Location headers in redirect responses. Two copies of this header with different values could be a symptom of a CRLF injection attack against a vulnerable server. Thunderbird now treats two copies of the Location, Content-Length, or Content-Disposition header as an error condition. (CVE-2011-3000) A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2998) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:1343: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20111343 highRHSA-2011:1343 CVE-2011-2998 CVE-2011-2999
RHSA-2011:1343: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111343 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1343, CVE-2011-2998, CVE-2011-2999 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way Thunderbird handled large JavaScript regular expressions. An HTML mail message containing malicious JavaScript could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-2998) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:1344: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20111344 highRHSA-2011:1344 CVE-2011-2998 CVE-2011-2999
RHSA-2011:1344: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111344 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1344, CVE-2011-2998, CVE-2011-2999 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the way SeaMonkey handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy. (CVE-2011-2999) An integer underflow flaw was found in the way SeaMonkey handled large JavaScript regular expressions. A web page containing malicious JavaScript could cause SeaMonkey to access already freed memory, causing SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-2998) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2011:1349: rpm security update (Important)oval-com.redhat.rhsa-def-20111349 highRHSA-2011:1349 CVE-2011-3378
RHSA-2011:1349: rpm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111349 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1349, CVE-2011-3378 |
| Description | The RPM Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way the RPM library parsed package headers. An attacker could create a specially-crafted RPM package that, when queried or installed, would cause rpm to crash or, potentially, execute arbitrary code. (CVE-2011-3378) Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially-crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network remain secure due to certificate checks performed on the secure connection. All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect. |
RHSA-2011:1350: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20111350 highRHSA-2011:1350 CVE-2011-1160 CVE-2011-1745 CVE-2011-1746 CVE-2011-1833 CVE-2011-2022 CVE-2011-2484 CVE-2011-2496 CVE-2011-2521 CVE-2011-2723 CVE-2011-2898 CVE-2011-2918
RHSA-2011:1350: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111350 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1350, CVE-2011-1160, CVE-2011-1745, CVE-2011-1746, CVE-2011-1833, CVE-2011-2022, CVE-2011-2484, CVE-2011-2496, CVE-2011-2521, CVE-2011-2723, CVE-2011-2898, CVE-2011-2918 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Flaws in the AGPGART driver implementation when handling certain IOCTL commands could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1745, CVE-2011-2022, Important) * An integer overflow flaw in agp_allocate_memory() could allow a local user to cause a denial of service or escalate their privileges. (CVE-2011-1746, Important) * A race condition flaw was found in the Linux kernel's eCryptfs implementation. A local attacker could use the mount.ecryptfs_private utility to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update, which provides the user-space part of the fix, must also be installed. (CVE-2011-1833, Moderate) * A denial of service flaw was found in the way the taskstats subsystem handled the registration of process exit handlers. A local, unprivileged user could register an unlimited amount of these handlers, leading to excessive CPU time and memory use. (CVE-2011-2484, Moderate) * A flaw was found in the way mapping expansions were handled. A local, unprivileged user could use this flaw to cause a wrapping condition, triggering a denial of service. (CVE-2011-2496, Moderate) * A flaw was found in the Linux kernel's Performance Events implementation. It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a lockup and panic the system. A local, unprivileged user could use this flaw to cause a denial of service (kernel panic) using the perf tool. (CVE-2011-2521, Moderate) * A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO (Generic Receive Offload) fields being left in an inconsistent state. An attacker on the local network could use this flaw to trigger a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate) * A flaw was found in the way the Linux kernel's Performance Events implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-2918, Moderate) * A flaw was found in the Linux kernel's Trusted Platform Module (TPM) implementation. A local, unprivileged user could use this flaw to leak information to user-space. (CVE-2011-1160, Low) * Flaws were found in the tpacket_rcv() and packet_recvmsg() functions in the Linux kernel. A local, unprivileged user could use these flaws to leak information to user-space. (CVE-2011-2898, Low) Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, and CVE-2011-2484; the Ubuntu Security Team for reporting CVE-2011-1833; Robert Swiecki for reporting CVE-2011-2496; Li Yu for reporting CVE-2011-2521; Brent Meshier for reporting CVE-2011-2723; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833. This update also fixes various bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:1356: openswan security update (Moderate)oval-com.redhat.rhsa-def-20111356 mediumRHSA-2011:1356 CVE-2011-3380
RHSA-2011:1356: openswan security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111356 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1356, CVE-2011-3380 |
| Description | Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was found in the way Openswan's pluto IKE daemon handled certain error conditions. A remote, unauthenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. (CVE-2011-3380) Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Paul Wouters as the original reporter. All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the ipsec service will be restarted automatically. |
RHSA-2011:1359: xorg-x11-server security update (Moderate)oval-com.redhat.rhsa-def-20111359 mediumRHSA-2011:1359 CVE-2010-4818 CVE-2010-4819
RHSA-2011:1359: xorg-x11-server security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111359 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1359, CVE-2010-4818, CVE-2010-4819 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX (OpenGL extension to the X Window System) extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-4818) An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server. (CVE-2010-4819) Users of xorg-x11-server should upgrade to these updated packages, which contain backported patches to resolve these issues. All running X.Org server instances must be restarted for this update to take effect. |
RHSA-2011:1360: xorg-x11 security update (Moderate)oval-com.redhat.rhsa-def-20111360 mediumRHSA-2011:1360 CVE-2010-4818 CVE-2010-4819
RHSA-2011:1360: xorg-x11 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111360 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1360, CVE-2010-4818, CVE-2010-4819 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple input sanitization flaws were found in the X.Org GLX (OpenGL extension to the X Window System) extension. A malicious, authorized client could use these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2010-4818) An input sanitization flaw was found in the X.Org Render extension. A malicious, authorized client could use this flaw to leak arbitrary memory from the X.Org server process, or possibly crash the X.Org server. (CVE-2010-4819) Users of xorg-x11 should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running X.Org server instances must be restarted for this update to take effect. |
RHSA-2011:1364: kdelibs security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20111364 mediumRHSA-2011:1364 CVE-2011-3365
RHSA-2011:1364: kdelibs security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111364 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1364, CVE-2011-3365 |
| Description | The kdelibs packages provide libraries for the K Desktop Environment (KDE). An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365) This update also adds the following enhancement: * kdelibs provided its own set of trusted Certificate Authority (CA) certificates. This update makes kdelibs use the system set from the ca-certificates package, instead of its own copy. (BZ#743951) Users should upgrade to these updated packages, which contain backported patches to correct this issue and add this enhancement. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2011:1371: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20111371 mediumRHSA-2011:1371 CVE-2011-1091 CVE-2011-3594
RHSA-2011:1371: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111371 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1371, CVE-2011-1091, CVE-2011-3594 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the Pidgin SILC (Secure Internet Live Conferencing) protocol plug-in escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. (CVE-2011-3594) Multiple NULL pointer dereference flaws were found in the way the Pidgin Yahoo! Messenger Protocol plug-in handled malformed YMSG packets. A remote attacker could use these flaws to crash Pidgin via a specially-crafted notification message. (CVE-2011-1091) Red Hat would like to thank the Pidgin project for reporting CVE-2011-1091. Upstream acknowledges Marius Wachtler as the original reporter of CVE-2011-1091. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2011:1377: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20111377 mediumRHSA-2011:1377 CVE-2011-2483
RHSA-2011:1377: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111377 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1377, CVE-2011-2483 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to "$2x$". For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html For Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2011:1378: postgresql84 security update (Moderate)oval-com.redhat.rhsa-def-20111378 mediumRHSA-2011:1378 CVE-2011-2483
RHSA-2011:1378: postgresql84 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111378 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1378, CVE-2011-2483 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to "$2x$". These updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2011:1379: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20111379 mediumRHSA-2011:1379 CVE-2011-1527 CVE-2011-1528 CVE-2011-1529
RHSA-2011:1379: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111379 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1379, CVE-2011-1527, CVE-2011-1528, CVE-2011-1529 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). Multiple NULL pointer dereference and assertion failure flaws were found in the MIT Kerberos KDC when it was configured to use an LDAP (Lightweight Directory Access Protocol) or Berkeley Database (Berkeley DB) back end. A remote attacker could use these flaws to crash the KDC. (CVE-2011-1527, CVE-2011-1528, CVE-2011-1529) Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2011-1527 issue. Upstream acknowledges Andrej Ota as the original reporter of CVE-2011-1527. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2011:1380: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20111380 highRHSA-2011:1380 CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560
RHSA-2011:1380: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111380 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1380, CVE-2011-3389, CVE-2011-3521, CVE-2011-3544, CVE-2011-3547, CVE-2011-3548, CVE-2011-3551, CVE-2011-3552, CVE-2011-3553, CVE-2011-3554, CVE-2011-3556, CVE-2011-3557, CVE-2011-3558, CVE-2011-3560 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command. An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547) A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558) The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553) It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552) This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2011:1385: kdelibs and kdelibs3 security update (Moderate)oval-com.redhat.rhsa-def-20111385 mediumRHSA-2011:1385 CVE-2011-3365
RHSA-2011:1385: kdelibs and kdelibs3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111385 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1385, CVE-2011-3365 |
| Description | The kdelibs and kdelibs3 packages provide libraries for the K Desktop Environment (KDE). An input sanitization flaw was found in the KSSL (KDE SSL Wrapper) API. An attacker could supply a specially-crafted SSL certificate (for example, via a web page) to an application using KSSL, such as the Konqueror web browser, causing misleading information to be presented to the user, possibly tricking them into accepting the certificate as valid. (CVE-2011-3365) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2011:1386: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20111386 highRHSA-2011:1386 CVE-2009-4067 CVE-2011-1160 CVE-2011-1585 CVE-2011-1833 CVE-2011-2484 CVE-2011-2496 CVE-2011-2695 CVE-2011-2699 CVE-2011-2723 CVE-2011-2942 CVE-2011-3131 CVE-2011-3188 CVE-2011-3191 CVE-2011-3209 CVE-2011-3347
RHSA-2011:1386: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111386 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1386, CVE-2009-4067, CVE-2011-1160, CVE-2011-1585, CVE-2011-1833, CVE-2011-2484, CVE-2011-2496, CVE-2011-2695, CVE-2011-2699, CVE-2011-2723, CVE-2011-2942, CVE-2011-3131, CVE-2011-3188, CVE-2011-3191, CVE-2011-3209, CVE-2011-3347 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important) * A malicious CIFS (Common Internet File System) server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important) * A local attacker could use mount.ecryptfs_private to mount (and then access) a directory they would otherwise not have access to. Note: To correct this issue, the RHSA-2011:1241 ecryptfs-utils update must also be installed. (CVE-2011-1833, Moderate) * A flaw in the taskstats subsystem could allow a local, unprivileged user to cause excessive CPU time and memory use. (CVE-2011-2484, Moderate) * Mapping expansion handling could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2496, Moderate) * GRO (Generic Receive Offload) fields could be left in an inconsistent state. An attacker on the local network could use this flaw to cause a denial of service. GRO is enabled by default in all network drivers that support it. (CVE-2011-2723, Moderate) * RHSA-2011:1065 introduced a regression in the Ethernet bridge implementation. If a system had an interface in a bridge, and an attacker on the local network could send packets to that interface, they could cause a denial of service on that system. Xen hypervisor and KVM (Kernel-based Virtual Machine) hosts often deploy bridge interfaces. (CVE-2011-2942, Moderate) * A flaw in the Xen hypervisor IOMMU error handling implementation could allow a privileged guest user, within a guest operating system that has direct control of a PCI device, to cause performance degradation on the host and possibly cause it to hang. (CVE-2011-3131, Moderate) * IPv4 and IPv6 protocol sequence number and fragment ID generation could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence number and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A flaw in the kernel's clock implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-3209, Moderate) * Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) * A flaw in the auerswald USB driver could allow a local, unprivileged user to cause a denial of service or escalate their privileges by inserting a specially-crafted USB device. (CVE-2009-4067, Low) * A flaw in the Trusted Platform Module (TPM) implementation could allow a local, unprivileged user to leak information to user space. (CVE-2011-1160, Low) * A local, unprivileged user could possibly mount a CIFS share that requires authentication without knowing the correct password if the mount was already mounted by another local user. (CVE-2011-1585, Low) Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699; Darren Lavender for reporting CVE-2011-3191; the Ubuntu Security Team for reporting CVE-2011-1833; Vasiliy Kulikov of Openwall for reporting CVE-2011-2484; Robert Swiecki for reporting CVE-2011-2496; Brent Meshier for reporting CVE-2011-2723; Dan Kaminsky for reporting CVE-2011-3188; Yasuaki Ishimatsu for reporting CVE-2011-3209; Somnath Kotur for reporting CVE-2011-3347; Rafael Dominguez Vega for reporting CVE-2009-4067; and Peter Huewe for reporting CVE-2011-1160. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters of CVE-2011-1833. |
RHSA-2011:1391: httpd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20111391 mediumRHSA-2011:1391 CVE-2011-3348 CVE-2011-3368
RHSA-2011:1391: httpd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111391 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1391, CVE-2011-3348, CVE-2011-3368 |
| Description | The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an "Internal Server Error" response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348) Red Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue. This update also fixes the following bug: * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736592) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2011:1392: httpd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20111392 mediumRHSA-2011:1392 CVE-2011-3368
RHSA-2011:1392: httpd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111392 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1392, CVE-2011-3368 |
| Description | The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) Red Hat would like to thank Context Information Security for reporting this issue. This update also fixes the following bug: * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736593, BZ#736594) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2011:1401: xen security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20111401 mediumRHSA-2011:1401 CVE-2011-3346
RHSA-2011:1401: xen security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111401 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1401, CVE-2011-3346 |
| Description | The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A buffer overflow flaw was found in the Xen hypervisor SCSI subsystem emulation. An unprivileged, local guest user could provide a large number of bytes that are used to zero out a fixed-sized buffer via a SAI READ CAPACITY SCSI command, overwriting memory and causing the guest to crash. (CVE-2011-3346) This update also fixes the following bugs: * Prior to this update, the vif-bridge script used a maximum transmission unit (MTU) of 1500 for a new Virtual Interface (VIF). As a result, the MTU of the VIF could differ from that of the target bridge. This update fixes the VIF hot-plug script so that the default MTU for new VIFs will match that of the target Xen hypervisor bridge. In combination with a new enough kernel (RHSA-2011:1386), this enables the use of jumbo frames in Xen hypervisor guests. (BZ#738608) * Prior to this update, the network-bridge script set the MTU of the bridge to 1500. As a result, the MTU of the Xen hypervisor bridge could differ from that of the physical interface. This update fixes the network script so the MTU of the bridge can be set higher than 1500, thus also providing support for jumbo frames. Now, the MTU of the Xen hypervisor bridge will match that of the physical interface. (BZ#738610) * Red Hat Enterprise Linux 5.6 introduced an optimized migration handling that speeds up the migration of guests with large memory. However, the new migration procedure can theoretically cause data corruption. While no cases were observed in practice, with this update, the xend daemon properly waits for correct device release before the guest is started on a destination machine, thus fixing this bug. (BZ#743850) Note: Before a guest is using a new enough kernel (RHSA-2011:1386), the MTU of the VIF will drop back to 1500 (if it was set higher) after migration. All xen users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the xend service must be restarted for this update to take effect. |
RHSA-2011:1402: freetype security update (Important)oval-com.redhat.rhsa-def-20111402 highRHSA-2011:1402 CVE-2011-3256
RHSA-2011:1402: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111402 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1402, CVE-2011-3256 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed bitmap font files. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3256) Note: These issues only affected the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2011:1409: openssl security update (Moderate)oval-com.redhat.rhsa-def-20111409 mediumRHSA-2011:1409 CVE-2011-3207
RHSA-2011:1409: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111409 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1409, CVE-2011-3207 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An uninitialized variable use flaw was found in OpenSSL. This flaw could cause an application using the OpenSSL Certificate Revocation List (CRL) checking functionality to incorrectly accept a CRL that has a nextUpdate date in the past. (CVE-2011-3207) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2011:1422: openswan security update (Moderate)oval-com.redhat.rhsa-def-20111422 mediumRHSA-2011:1422 CVE-2011-4073
RHSA-2011:1422: openswan security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111422 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1422, CVE-2011-4073 |
| Description | Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A use-after-free flaw was found in the way Openswan's pluto IKE daemon used cryptographic helpers. A remote, authenticated attacker could send a specially-crafted IKE packet that would crash the pluto daemon. This issue only affected SMP (symmetric multiprocessing) systems that have the cryptographic helpers enabled. The helpers are disabled by default on Red Hat Enterprise Linux 5, but enabled by default on Red Hat Enterprise Linux 6. (CVE-2011-4073) Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin of the information security group at ETH Zurich as the original reporters. All users of openswan are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the ipsec service will be restarted automatically. |
RHSA-2011:1423: php53 and php security update (Moderate)oval-com.redhat.rhsa-def-20111423 mediumRHSA-2011:1423 CVE-2011-0708 CVE-2011-1148 CVE-2011-1466 CVE-2011-1468 CVE-2011-1469 CVE-2011-1471 CVE-2011-1938 CVE-2011-2202 CVE-2011-2483
RHSA-2011:1423: php53 and php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111423 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1423, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1468, CVE-2011-1469, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream "CRYPT_BLOWFISH security fix details" document, linked to in the References, for details. An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially-crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) Multiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468) A use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148) A bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469) An integer signedness issue was found in the PHP zip extension. An attacker could use a specially-crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471) A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the "apache" user, preventing it from writing to the root directory. (CVE-2011-2202) All php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2011:1424: perl security update (Moderate)oval-com.redhat.rhsa-def-20111424 mediumRHSA-2011:1424 CVE-2011-2939 CVE-2011-3597
RHSA-2011:1424: perl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111424 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1424, CVE-2011-2939, CVE-2011-3597 |
| Description | Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939) It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597) All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect. |
RHSA-2011:1437: firefox security update (Critical)oval-com.redhat.rhsa-def-20111437 highRHSA-2011:1437 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650
RHSA-2011:1437: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111437 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1437, CVE-2011-3647, CVE-2011-3648, CVE-2011-3650 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the way Firefox handled certain add-ons. A web page containing malicious content could cause an add-on to grant itself full browser privileges, which could lead to arbitrary code execution with the privileges of the user running Firefox. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2011-3648) A flaw was found in the way Firefox handled large JavaScript scripts. A web page containing malicious JavaScript could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3650) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.24. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.24, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2011:1438: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20111438 mediumRHSA-2011:1438 CVE-2011-3648
RHSA-2011:1438: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111438 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1438, CVE-2011-3648 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648) Note: This issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:1439: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20111439 highRHSA-2011:1439 CVE-2011-3647 CVE-2011-3648 CVE-2011-3650
RHSA-2011:1439: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111439 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1439, CVE-2011-3647, CVE-2011-3648, CVE-2011-3650 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. (CVE-2011-3647) A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. (CVE-2011-3648) A flaw was found in the way Thunderbird handled large JavaScript scripts. Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3650) All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2011:1440: seamonkey security update (Moderate)oval-com.redhat.rhsa-def-20111440 mediumRHSA-2011:1440 CVE-2011-3648
RHSA-2011:1440: seamonkey security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111440 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1440, CVE-2011-3648 |
| Description | SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting (XSS) flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. (CVE-2011-3648) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2011:1441: icedtea-web security update (Moderate)oval-com.redhat.rhsa-def-20111441 mediumRHSA-2011:1441 CVE-2011-3377
RHSA-2011:1441: icedtea-web security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111441 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1441, CVE-2011-3377 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. (CVE-2011-3377) All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect. |
RHSA-2011:1455: freetype security update (Important)oval-com.redhat.rhsa-def-20111455 highRHSA-2011:1455 CVE-2011-3439
RHSA-2011:1455: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111455 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1455, CVE-2011-3439 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. The freetype packages for Red Hat Enterprise Linux 4 provide both the FreeType 1 and FreeType 2 font engines. The freetype packages for Red Hat Enterprise Linux 5 and 6 provide only the FreeType 2 font engine. Multiple input validation flaws were found in the way FreeType processed CID-keyed fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3439) Note: These issues only affected the FreeType 2 font engine. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2011:1458: bind security update (Important)oval-com.redhat.rhsa-def-20111458 highRHSA-2011:1458 CVE-2011-4313
RHSA-2011:1458: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111458 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1458, CVE-2011-4313 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313) Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2011:1459: bind97 security update (Important)oval-com.redhat.rhsa-def-20111459 highRHSA-2011:1459 CVE-2011-4313
RHSA-2011:1459: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1459, CVE-2011-4313 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313) Users of bind97 are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2011:1465: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20111465 highRHSA-2011:1465 CVE-2011-1162 CVE-2011-1577 CVE-2011-2494 CVE-2011-2699 CVE-2011-2905 CVE-2011-3188 CVE-2011-3191 CVE-2011-3353 CVE-2011-3359 CVE-2011-3363 CVE-2011-3593 CVE-2011-4326
RHSA-2011:1465: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111465 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1465, CVE-2011-1162, CVE-2011-1577, CVE-2011-2494, CVE-2011-2699, CVE-2011-2905, CVE-2011-3188, CVE-2011-3191, CVE-2011-3353, CVE-2011-3359, CVE-2011-3363, CVE-2011-3593, CVE-2011-4326 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. (CVE-2011-2699, Important) * A signedness issue was found in the Linux kernel's CIFS (Common Internet File System) implementation. A malicious CIFS server could send a specially-crafted response to a directory read request that would result in a denial of service or privilege escalation on a system that has a CIFS share mounted. (CVE-2011-3191, Important) * A flaw was found in the way the Linux kernel handled fragmented IPv6 UDP datagrams over the bridge with UDP Fragmentation Offload (UFO) functionality on. A remote attacker could use this flaw to cause a denial of service. (CVE-2011-4326, Important) * The way IPv4 and IPv6 protocol sequence numbers and fragment IDs were generated could allow a man-in-the-middle attacker to inject packets and possibly hijack connections. Protocol sequence numbers and fragment IDs are now more random. (CVE-2011-3188, Moderate) * A buffer overflow flaw was found in the Linux kernel's FUSE (Filesystem in Userspace) implementation. A local user in the fuse group who has access to mount a FUSE file system could use this flaw to cause a denial of service. (CVE-2011-3353, Moderate) * A flaw was found in the b43 driver in the Linux kernel. If a system had an active wireless interface that uses the b43 driver, an attacker able to send a specially-crafted frame to that interface could cause a denial of service. (CVE-2011-3359, Moderate) * A flaw was found in the way CIFS shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A flaw was found in the way the Linux kernel handled VLAN 0 frames with the priority tag set. When using certain network drivers, an attacker on the local network could use this flaw to cause a denial of service. (CVE-2011-3593, Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * A heap overflow flaw was found in the Linux kernel's EFI GUID Partition Table (GPT) implementation. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1577, Low) * The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) * It was found that the perf tool, a part of the Linux kernel's Performance Events implementation, could load its configuration file from the current working directory. If a local user with access to the perf tool were tricked into running perf in a directory that contains a specially-crafted configuration file, it could cause perf to overwrite arbitrary files and directories accessible to that user. (CVE-2011-2905, Low) Red Hat would like to thank Fernando Gont for reporting CVE-2011-2699; Darren Lavender for reporting CVE-2011-3191; Dan Kaminsky for reporting CVE-2011-3188; Yogesh Sharma for reporting CVE-2011-3363; Gideon Naim for reporting CVE-2011-3593; Peter Huewe for reporting CVE-2011-1162; Timo Warns for reporting CVE-2011-1577; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494. This update also fixes various bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. |
RHSA-2011:1479: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20111479 highRHSA-2011:1479 CVE-2011-1162 CVE-2011-1898 CVE-2011-2203 CVE-2011-2494 CVE-2011-3363 CVE-2011-4110
RHSA-2011:1479: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111479 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1479, CVE-2011-1162, CVE-2011-1898, CVE-2011-2203, CVE-2011-2494, CVE-2011-3363, CVE-2011-4110 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Using PCI passthrough without interrupt remapping support allowed Xen hypervisor guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important) * A flaw was found in the way CIFS (Common Internet File System) shares with DFS referrals at their root were handled. An attacker on the local network who is able to deploy a malicious CIFS server could create a CIFS network share that, when mounted, would cause the client system to crash. (CVE-2011-3363, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate) * A flaw in the way memory containing security-related data was handled in tpm_read() could allow a local, unprivileged user to read the results of a previously run TPM command. (CVE-2011-1162, Low) * A NULL pointer dereference flaw was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service by mounting a disk that contains a specially-crafted HFS file system with a corrupted MDB extent record. (CVE-2011-2203, Low) * The I/O statistics from the taskstats subsystem could be read without any restrictions. A local, unprivileged user could use this flaw to gather confidential information, such as the length of a password used in a process. (CVE-2011-2494, Low) Red Hat would like to thank Yogesh Sharma for reporting CVE-2011-3363; Peter Huewe for reporting CVE-2011-1162; Clement Lecigne for reporting CVE-2011-2203; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2494. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:1496: bind security update (Important)oval-com.redhat.rhsa-def-20111496 highRHSA-2011:1496 CVE-2011-4313
RHSA-2011:1496: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111496 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1496, CVE-2011-4313 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was discovered in the way BIND handled certain DNS queries, which caused it to cache an invalid record. A remote attacker could use this flaw to send repeated queries for this invalid record, causing the resolvers to exit unexpectedly due to a failed assertion. (CVE-2011-4313) Users of bind are advised to upgrade to these updated packages, which resolve this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2011:1506: Red Hat Enterprise Linux 4 - 3-Month End Of Life Notice (Low)oval-com.redhat.rhsa-def-20111506 lowRHSA-2011:1506
RHSA-2011:1506: Red Hat Enterprise Linux 4 - 3-Month End Of Life Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111506 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1506 |
| Description | In accordance with the Red Hat Enterprise Linux Errata Support Policy, the regular 7 year life-cycle of Red Hat Enterprise Linux 4 will end on February 29, 2012. After this date, Red Hat will discontinue the regular subscription services for Red Hat Enterprise Linux 4. Therefore, new bug fix, enhancement, and security errata updates, as well as technical support services will no longer be available for the following products: * Red Hat Enterprise Linux AS 4 * Red Hat Enterprise Linux ES 4 * Red Hat Enterprise Linux WS 4 * Red Hat Enterprise Linux Extras 4 * Red Hat Desktop 4 * Red Hat Global File System 4 * Red Hat Cluster Suite 4 Customers still running production workloads on Red Hat Enterprise Linux 4 are advised to begin planning the upgrade to Red Hat Enterprise Linux 5 or 6. Active subscribers of Red Hat Enterprise Linux already have access to all currently maintained versions of Red Hat Enterprise Linux, as part of their subscription without additional fees. For customers who are unable to migrate off Red Hat Enterprise Linux 4 before its end-of-life date, Red Hat intends to offer a limited, optional extension program. For more information, contact your Red Hat sales representative or channel partner. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ |
RHSA-2011:1507: libarchive security update (Moderate)oval-com.redhat.rhsa-def-20111507 mediumRHSA-2011:1507 CVE-2011-1777 CVE-2011-1778
RHSA-2011:1507: libarchive security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111507 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1507, CVE-2011-1777, CVE-2011-1778 |
| Description | The libarchive programming library can create and read several different streaming archive formats, including GNU tar and cpio. It can also read ISO 9660 CD-ROM images. Two heap-based buffer overflow flaws were discovered in libarchive. If a user were tricked into expanding a specially-crafted ISO 9660 CD-ROM image or tar archive with an application using libarchive, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-1777, CVE-2011-1778) All libarchive users should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libarchive must be restarted for this update to take effect. |
RHSA-2011:1508: cyrus-imapd security update (Moderate)oval-com.redhat.rhsa-def-20111508 mediumRHSA-2011:1508 CVE-2011-3372 CVE-2011-3481
RHSA-2011:1508: cyrus-imapd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111508 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1508, CVE-2011-3372, CVE-2011-3481 |
| Description | The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and Sieve support. An authentication bypass flaw was found in the cyrus-imapd NNTP server, nntpd. A remote user able to use the nntpd service could use this flaw to read or post newsgroup messages on an NNTP server configured to require user authentication, without providing valid authentication credentials. (CVE-2011-3372) A NULL pointer dereference flaw was found in the cyrus-imapd IMAP server, imapd. A remote attacker could send a specially-crafted mail message to a victim that would possibly prevent them from accessing their mail normally, if they were using an IMAP client that relies on the server threading IMAP feature. (CVE-2011-3481) Red Hat would like to thank the Cyrus IMAP project for reporting the CVE-2011-3372 issue. Upstream acknowledges Stefan Cornelius of Secunia Research as the original reporter of CVE-2011-3372. Users of cyrus-imapd are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, cyrus-imapd will be restarted automatically. |
RHSA-2011:1526: glibc security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20111526 lowRHSA-2011:1526 CVE-2009-5064 CVE-2011-1089
RHSA-2011:1526: glibc security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111526 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1526, CVE-2009-5064, CVE-2011-1089 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) Red Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089 issue. This update also fixes several bugs and adds various enhancements. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. Users are advised to upgrade to these updated glibc packages, which contain backported patches to resolve these issues and add these enhancements. |
RHSA-2011:1530: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20111530 mediumRHSA-2011:1530 CVE-2011-1020 CVE-2011-3347 CVE-2011-3638 CVE-2011-4110
RHSA-2011:1530: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111530 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1530, CVE-2011-1020, CVE-2011-3347, CVE-2011-3638, CVE-2011-4110 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * Non-member VLAN (virtual LAN) packet handling for interfaces in promiscuous mode and also using the be2net driver could allow an attacker on the local network to cause a denial of service. (CVE-2011-3347, Moderate) * A flaw was found in the Linux kernel in the way splitting two extents in ext4_ext_convert_to_initialized() worked. A local, unprivileged user with access to mount and unmount ext4 file systems could use this flaw to cause a denial of service. (CVE-2011-3638, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's key management facility handled user-defined key types. A local, unprivileged user could use the keyctl utility to cause a denial of service. (CVE-2011-4110, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2011-1020; Somnath Kotur for reporting CVE-2011-3347; and Zheng Liu for reporting CVE-2011-3638. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.2 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.2 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2011:1531: qemu-kvm security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20111531 mediumRHSA-2011:1531 CVE-2011-2527
RHSA-2011:1531: qemu-kvm security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111531 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1531, CVE-2011-2527 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
for running virtual machines using KVM.
It was found that qemu-kvm did not properly drop supplemental group
privileges when the root user started guests from the command line
("/usr/libexec/qemu-kvm") with the "-runas" option. A qemu-kvm process
started this way could use this flaw to gain access to files on the host
that are accessible to the supplementary groups and not accessible to the
primary group. (CVE-2011-2527)
Note: This issue only affected qemu-kvm when it was started directly from
the command line. It did not affect the Red Hat Enterprise Virtualization
platform or applications that start qemu-kvm via libvirt, such as the
Virtual Machine Manager (virt-manager).
This update also fixes several bugs and adds various enhancements.
Documentation for these bug fixes and enhancements will be available
shortly from the Technical Notes document, linked to in the References
section.
All users of qemu-kvm are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add these
enhancements. After installing this update, shut down all running virtual
machines. Once all virtual machines have shut down, start them again for
this update to take effect.
|
RHSA-2011:1532: kexec-tools security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20111532 mediumRHSA-2011:1532 CVE-2011-3588 CVE-2011-3589 CVE-2011-3590
RHSA-2011:1532: kexec-tools security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111532 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1532, CVE-2011-3588, CVE-2011-3589, CVE-2011-3590 |
| Description | Kexec allows for booting a Linux kernel from the context of an already running kernel. Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps. (CVE-2011-3588) mkdumprd created initrd files with world-readable permissions. A local user could possibly use this flaw to gain access to sensitive information, such as the private SSH key used to authenticate to a remote server when kdump was configured to dump to an SSH target. (CVE-2011-3589) mkdumprd included unneeded sensitive files (such as all files from the "/root/.ssh/" directory and the host's private SSH keys) in the resulting initrd. This could lead to an information leak when initrd files were previously created with world-readable permissions. Note: With this update, only the SSH client configuration, known hosts files, and the SSH key configured via the newly introduced sshkey option in "/etc/kdump.conf" are included in the initrd. The default is the key generated when running the "service kdump propagate" command, "/root/.ssh/kdump_id_rsa". (CVE-2011-3590) Red Hat would like to thank Kevan Carstensen for reporting these issues. This update also fixes several bugs and adds various enhancements. Space precludes documenting all of these changes in this advisory. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. All kexec-tools users should upgrade to this updated package, which contains backported patches to resolve these issues and add these enhancements. |
RHSA-2011:1533: ipa security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20111533 mediumRHSA-2011:1533 CVE-2011-3636
RHSA-2011:1533: ipa security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111533 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1533, CVE-2011-3636 |
| Description | Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large scale Linux and UNIX deployments. A Cross-Site Request Forgery (CSRF) flaw was found in Red Hat Identity Management. If a remote attacker could trick a user, who was logged into the management web interface, into visiting a specially-crafted URL, the attacker could perform Red Hat Identity Management configuration changes with the privileges of the logged in user. (CVE-2011-3636) Due to the changes required to fix CVE-2011-3636, client tools will need to be updated for client systems to communicate with updated Red Hat Identity Management servers. New client systems will need to have the updated ipa-client package installed to be enrolled. Already enrolled client systems will need to have the updated certmonger package installed to be able to renew their system certificate. Note that system certificates are valid for two years by default. Updated ipa-client and certmonger packages for Red Hat Enterprise Linux 6 were released as part of Red Hat Enterprise Linux 6.2. Future updates will provide updated packages for Red Hat Enterprise Linux 5. This update includes several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.2 Technical Notes for information on the most significant of these changes, linked to in the References section. Users of Red Hat Identity Management should upgrade to these updated packages, which correct these issues. |
RHSA-2011:1534: nfs-utils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20111534 lowRHSA-2011:1534 CVE-2011-1749 CVE-2011-2500
RHSA-2011:1534: nfs-utils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111534 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1534, CVE-2011-1749, CVE-2011-2500 |
| Description | The nfs-utils packages provide a daemon for the kernel Network File System (NFS) server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. A flaw was found in the way nfs-utils performed IP based authentication of mount requests. In configurations where a directory was exported to a group of systems using a DNS wildcard or NIS (Network Information Service) netgroup, an attacker could possibly gain access to other directories exported to a specific host or subnet, bypassing intended access restrictions. (CVE-2011-2500) It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab (mounted file systems table) file. A local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1749) This update also fixes several bugs and adds an enhancement. Documentation for these bug fixes and the enhancement will be available shortly from the Technical Notes document, linked to in the References section. Users of nfs-utils are advised to upgrade to these updated packages, which contain backported patches to resolve these issues and add this enhancement. After installing this update, the nfs service will be restarted automatically. |
RHSA-2011:1536: sos security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20111536 lowRHSA-2011:1536 CVE-2011-4083
RHSA-2011:1536: sos security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111536 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1536, CVE-2011-4083 |
| Description | Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. (CVE-2011-4083) This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Documentation for these bug fixes and enhancements will be available shortly from the Technical Notes document, linked to in the References section. All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. |
RHSA-2011:1580: resource-agents security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20111580 lowRHSA-2011:1580 CVE-2010-3389
RHSA-2011:1580: resource-agents security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1580, CVE-2010-3389 |
| Description | The resource-agents package contains a set of scripts to interface with several services to operate in a High Availability environment for both Pacemaker and rgmanager service managers. It was discovered that certain resource agent scripts set the LD_LIBRARY_PATH environment variable to an insecure value containing empty path elements. A local user able to trick a user running those scripts to run them while working from an attacker-writable directory could use this flaw to escalate their privileges via a specially-crafted dynamic library. (CVE-2010-3389) Red Hat would like to thank Raphael Geissert for reporting this issue. This update also fixes the following bugs: * When using the Sybase database and the ASEHAagent resource in the cluster.conf file, it was not possible to run more than one ASEHAagent per Sybase installation. Consequently, a second ASEHA (Sybase Adaptive Server Enterprise (ASE) with the High Availability Option) agent could not be run. This bug has been fixed and it is now possible to use two ASEHA agents using the same Sybase installation. (BZ#711852) * The s/lang scripts, which implement internal functionality for the rgmanager package, while the central_processing option is in use, were included in the wrong package. Now, the rgmanager and resource-agents packages require each other for installation to prevent problems when they are used separately. (BZ#693518) * Previously, the oracledb.sh script was using the "shutdown abort" command as the first attempt to shut down a database. With this update, oracledb.sh first attempts a graceful shutdown via the "shutdown immediate" command before forcing the shutdown. (BZ#689801) * Previously, when setting up a service on a cluster with a shared IP resource and an Apache resource, the generated httpd.conf file contained a bug in the line describing the shared IP address (the "Listen" line). Now, the Apache resource agent generates the "Listen" line properly. (BZ#667217) * If a high-availability (HA) cluster service was defined with an Apache resource and was named with two words, such as "kickstart httpd", the service never started because it could not find a directory with the space character in its name escaped. Now, Apache resources work properly if a name contains a space as described above. (BZ#667222) * When inheritance was used in the cluster.conf file, a bug in the /usr/share/cluster/nfsclient.sh file prevented it from monitoring NFS exports properly. Consequently, monitoring of NFS exports to NFS clients resulted in an endless loop. This bug has been fixed and the monitoring now works as expected. (BZ#691814) * Previously, the postgres-8 resource agent did not detect when a PostgreSQL server failed to start. This bug has been fixed and postgres-8 now works as expected in the described scenario. (BZ#694816) * When using the Pacemaker resource manager, the fs.sh resource agent reported an error condition, if called with the "monitor" parameter and the referenced device did not exist. Consequently, the error condition prevented the resource from being started. Now, fs.sh returns the proper response code in the described scenario, thus fixing this bug. (BZ#709400) * Previously, numerous RGManager resource agents returned incorrect response codes when coupled with the Pacemaker resource manager. Now, the agents have been updated to work with Pacemaker properly. (BZ#727643) This update also adds the following enhancement: * With this update, when the network is removed from a node using the netfs.sh resource agent, it now recovers faster than previously. (BZ#678497) As well, this update upgrades the resource-agents package to upstream version 3.9.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#707127) All users of resource-agents are advised to upgrade to this updated package, which corrects these issues and adds these enhancements. |
RHSA-2011:1581: ruby security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20111581 lowRHSA-2011:1581 CVE-2011-2705 CVE-2011-3009
RHSA-2011:1581: ruby security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111581 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1581, CVE-2011-2705, CVE-2011-3009 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes (as long as the parent process persisted). (CVE-2011-2705) This update also fixes the following bugs: * The ruby package has been upgraded to upstream point release 1.8.7-p352, which provides a number of bug fixes over the previous version. (BZ#706332) * The MD5 message-digest algorithm is not a FIPS-approved algorithm. Consequently, when a Ruby script attempted to calculate an MD5 checksum in FIPS mode, the interpreter terminated unexpectedly. This bug has been fixed and an exception is now raised in the described scenario. (BZ#717709) * Due to inappropriately handled line continuations in the mkconfig.rb source file, an attempt to build the ruby package resulted in unexpected termination. An upstream patch has been applied to address this issue and the ruby package can now be built properly. (BZ#730287) * When the 32-bit ruby-libs library was installed on a 64-bit machine, the mkmf library failed to load various modules necessary for building Ruby-related packages. This bug has been fixed and mkmf now works properly in the described scenario. (BZ#674787) * Previously, the load paths for scripts and binary modules were duplicated on the i386 architecture. Consequently, an ActiveSupport test failed. With this update, the load paths are no longer stored in duplicates on the i386 architecture. (BZ#722887) This update also adds the following enhancement: * With this update, SystemTap probes have been added to the ruby package. (BZ#673162) All users of ruby are advised to upgrade to these updated packages, which resolve these issues and add this enhancement. |
RHSA-2011:1615: virt-v2v security and bug fix update (Low)oval-com.redhat.rhsa-def-20111615 lowRHSA-2011:1615 CVE-2011-1773
RHSA-2011:1615: virt-v2v security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111615 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1615, CVE-2011-1773 |
| Description | virt-v2v is a tool for converting and importing virtual machines to libvirt-managed KVM (Kernel-based Virtual Machine), or Red Hat Enterprise Virtualization. Using virt-v2v to convert a guest that has a password-protected VNC console to a KVM guest removed that password protection from the converted guest: after conversion, a password was not required to access the converted guest's VNC console. Now, converted guests will require the same VNC console password as the original guest. Note that when converting a guest to run on Red Hat Enterprise Virtualization, virt-v2v will display a warning that VNC passwords are not supported. (CVE-2011-1773) Note: The Red Hat Enterprise Linux 6.2 perl-Sys-Virt update must also be installed to correct CVE-2011-1773. Bug fixes: * When converting a guest virtual machine (VM), whose name contained certain characters, virt-v2v would create a converted guest with a corrupted name. Now, virt-v2v will not corrupt guest names. (BZ#665883) * There were numerous usability issues when running virt-v2v as a non-root user. This update makes it simpler to run virt-v2v as a non-root user. (BZ#671094) * virt-v2v failed to convert a Microsoft Windows guest with Windows Recovery Console installed in a separate partition. Now, virt-v2v will successfully convert a guest with Windows Recovery Console installed in a separate partition by ignoring that partition. (BZ#673066) * virt-v2v failed to convert a Red Hat Enterprise Linux guest which did not have the symlink "/boot/grub/menu.lst". With this update, virt-v2v can select a grub configuration file from several places. (BZ#694364) * This update removes information about the usage of deprecated command line options in the virt-v2v man page. (BZ#694370) * virt-v2v would fail to correctly change the allocation policy, (sparse or preallocated) when converting a guest with QCOW2 image format. The error message "Cannot import VM, The selected disk configuration is not supported" was displayed. With this update, allocation policy changes to a guest with QCOW2 storage will work correctly. (BZ#696089) * The options "--network" and "--bridge" can not be used in conjunction when converting a guest, but no error message was displayed. With this update, virt-v2v will now display an error message if the mutually exclusive "--network" and "--bridge" command line options are both specified. (BZ#700759) * virt-v2v failed to convert a multi-boot guest, and did not clean up temporary storage and mount points after failure. With this update, virt-v2v will prompt for which operating system to convert from a multi-boot guest, and will correctly clean up if the process fails. (BZ#702007) * virt-v2v failed to correctly configure modprobe aliases when converting a VMware ESX guest with VMware Tools installed. With this update, modprobe aliases will be correctly configured. (BZ#707261) * When converting a guest with preallocated raw storage using the libvirtxml input method, virt-v2v failed with the erroneous error message "size(X) < usage(Y)". This update removes this erroneous error. (BZ#727489) * When converting a Red Hat Enterprise Linux guest, virt-v2v did not check that the Cirrus X driver was available before configuring it. With this update, virt-v2v will attempt to install the Cirrus X driver if it is required. (BZ#708961) * VirtIO systems do not support the Windows Recovery Console on 32-bit Windows XP. The virt-v2v man page has been updated to note this. On Windows XP Professional x64 Edition, however, if Windows Recovery Console is re-installed after conversion, it will work as expected. (BZ#732421) * Placing comments in the guest fstab file by means of the leading "#" symbol caused an "unknown filesystem" error after conversion of a guest. With this update comments can now be used and error messages will not be displayed. (BZ#677870) Users of virt-v2v should upgrade to this updated package, which fixes these issues and upgrades virt-v2v to version 0.8.3. |
RHSA-2011:1635: cups security and bug fix update (Low)oval-com.redhat.rhsa-def-20111635 lowRHSA-2011:1635 CVE-2011-2896
RHSA-2011:1635: cups security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111635 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1635, CVE-2011-2896 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user. (CVE-2011-2896) These updated cups packages also provide fixes for the following bugs: * Previously CUPS was not correctly handling the language setting LANG=en_US.ASCII. As a consequence lpadmin, lpstat and lpinfo binaries were not displaying any output when the LANG=en_US.ASCII environment variable was used. As a result of this update the problem is fixed and the expected output is now displayed. (BZ#681836) * Previously the scheduler did not check for empty values of several configuration directives. As a consequence it was possible for the CUPS daemon (cupsd) to crash when a configuration file contained certain empty values. With this update the problem is fixed and cupsd no longer crashes when reading such a configuration file. (BZ#706673) * Previously when printing to a raw print queue, when using certain printer models, CUPS was incorrectly sending SNMP queries. As a consequence there was a noticeable 4-second delay between queueing the job and the start of printing. With this update the problem is fixed and CUPS no longer tries to collect SNMP supply and status information for raw print queues. (BZ#709896) * Previously when using the BrowsePoll directive it could happen that the CUPS printer polling daemon (cups-polld) began polling before the network interfaces were set up after a system boot. CUPS was then caching the failed hostname lookup. As a consequence no printers were found and the error, "Host name lookup failure", was logged. With this update the code that re-initializes the resolver after failure in cups-polld is fixed and as a result CUPS will obtain the correct network settings to use in printer discovery. (BZ#712430) * The MaxJobs directive controls the maximum number of print jobs that are kept in memory. Previously, once the number of jobs reached the limit, the CUPS system failed to automatically purge the data file associated with the oldest completed job from the system in order to make room for a new print job. This bug has been fixed, and the jobs beyond the set limit are now properly purged. (BZ#735505) * The cups init script (/etc/rc.d/init.d/cups) uses the daemon function (from /etc/rc.d/init.d/functions) to start the cups process, but previously it did not source a configuration file from the /etc/sysconfig/ directory. As a consequence, it was difficult to cleanly set the nice level or cgroup for the cups daemon by setting the NICELEVEL or CGROUP_DAEMON variables. With this update, the init script is fixed. (BZ#744791) All users of CUPS are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2011:1691: util-linux-ng security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20111691 lowRHSA-2011:1691 CVE-2011-1675 CVE-2011-1677
RHSA-2011:1691: util-linux-ng security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111691 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1691, CVE-2011-1675, CVE-2011-1677 |
| Description | The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs: * Due to a hard coded limit of 128 devices, an attempt to run the "blkid -c" command on more than 128 devices caused blkid to terminate unexpectedly. This update increases the maximum number of devices to 8192 so that blkid no longer crashes in this scenario. (BZ#675999) * Previously, the "swapon -a" command did not detect device-mapper devices that were already in use. This update corrects the swapon utility to detect such devices as expected. (BZ#679741) * Prior to this update, the presence of an invalid line in the /etc/fstab file could cause the umount utility to terminate unexpectedly with a segmentation fault. This update applies a patch that corrects this error so that umount now correctly reports invalid lines and no longer crashes. (BZ#684203) * Previously, an attempt to use the wipefs utility on a partitioned device caused the utility to terminate unexpectedly with an error. This update adapts wipefs to only display a warning message in this situation. (BZ#696959) * When providing information on interprocess communication (IPC) facilities, the ipcs utility could previously display a process owner as a negative number if the user's UID was too large. This update adapts the underlying source code to make sure the UID values are now displayed correctly. (BZ#712158) * In the installation scriptlets, the uuidd package uses the chkconfig utility to enable and disable the uuidd service. Previously, this package did not depend on the chkconfig package, which could lead to errors during installation if chkconfig was not installed. This update adds chkconfig to the list of dependencies so that such errors no longer occur. (BZ#712808) * The previous version of the /etc/udev/rules.d/60-raw.rules file contained a statement that both this file and raw devices are deprecated. This is no longer true and the Red Hat Enterprise Linux kernel supports this functionality. With this update, the aforementioned file no longer contains this incorrect statement. (BZ#716995) * Previously, an attempt to use the cfdisk utility to read the default Red Hat Enterprise Linux 6 partition layout failed with an error. This update corrects this error and the cfdisk utility can now read the default partition layout as expected. (BZ#723352) * The previous version of the tailf(1) manual page incorrectly stated that users can use the "--lines=NUMBER" command line option to limit the number of displayed lines. However, the tailf utility does not allow the use of the equals sign (=) between the option and its argument. This update corrects this error. (BZ#679831) * The fstab(5) manual page has been updated to clarify that empty lines in the /etc/fstab configuration file are ignored. (BZ#694648) As well, this update adds the following enhancements: * A new fstrim utility has been added to the package. This utility allows the root user to discard unused blocks on a mounted file system. (BZ#692119) * The login utility has been updated to provide support for failed login attempts that are reported by PAM. (BZ#696731) * The lsblk utility has been updated to provide additional information about the topology and status of block devices. (BZ#723638) * The agetty utility has been updated to pass the hostname to the login utility. (BZ#726092) All users of util-linux-ng are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2011:1694: libcap security and bug fix update (Low)oval-com.redhat.rhsa-def-20111694 lowRHSA-2011:1694 CVE-2011-4099
RHSA-2011:1694: libcap security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111694 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1694, CVE-2011-4099 |
| Description | The libcap packages provide a library and tools for getting and setting POSIX capabilities. It was found that capsh did not change into the new root when using the "--chroot" option. An application started via the "capsh --chroot" command could use this flaw to escape the chroot restrictions. (CVE-2011-4099) This update also fixes the following bug: * Previously, the libcap packages did not contain the capsh(1) manual page. With this update, the capsh(1) manual page is included. (BZ#730957) All libcap users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:1741: php-pear security and bug fix update (Low)oval-com.redhat.rhsa-def-20111741 lowRHSA-2011:1741 CVE-2011-1072
RHSA-2011:1741: php-pear security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111741 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1741, CVE-2011-1072 |
| Description | The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components. It was found that the "pear" command created temporary files in an insecure way when installing packages. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files accessible to the victim running the "pear install" command. (CVE-2011-1072) This update also fixes the following bugs: * The php-pear package has been upgraded to version 1.9.4, which provides a number of bug fixes over the previous version. (BZ#651897) * Prior to this update, php-pear created a cache in the "/var/cache/php-pear/" directory when attempting to list all packages. As a consequence, php-pear failed to create or update the cache file as a regular user without sufficient file permissions and could not list all packages. With this update, php-pear no longer fails if writing to the cache directory is not permitted. Now, all packages are listed as expected. (BZ#747361) All users of php-pear are advised to upgrade to this updated package, which corrects these issues. |
RHSA-2011:1749: libxml2 security and bug fix update (Low)oval-com.redhat.rhsa-def-20111749 lowRHSA-2011:1749 CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834
RHSA-2011:1749: libxml2 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20111749 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2011:1749, CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Multiple flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. This update also fixes the following bugs: * A number of patches have been applied to harden the XPath processing code in libxml2, such as fixing memory leaks, rounding errors, XPath numbers evaluations, and a potential error in encoding conversion. (BZ#732335) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2011:1777: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20111777 highRHSA-2011:1777 CVE-2011-4111
RHSA-2011:1777: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111777 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1777, CVE-2011-4111 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID (Chip/Smart Card Interface Devices) USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2011-4111) All users of qemu-kvm should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2011:1780: tomcat6 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20111780 mediumRHSA-2011:1780 CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064
RHSA-2011:1780: tomcat6 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111780 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1780, CVE-2011-1184, CVE-2011-2204, CVE-2011-2526, CVE-2011-3190, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. APR (Apache Portable Runtime) as mentioned in the CVE-2011-3190 and CVE-2011-2526 descriptions does not refer to APR provided by the apr packages. It refers to the implementation of APR provided by the Tomcat Native library, which provides support for using APR with Tomcat. This library is not shipped with Red Hat Enterprise Linux 6. This update includes fixes for users who have elected to use APR with Tomcat by taking the Tomcat Native library from a different product. Such a configuration is not supported by Red Hat, however. Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184) A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially-crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190) A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204) A flaw was found in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP blocking IO (BIO) connector, which is not vulnerable to this issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2011-2526) Red Hat would like to thank the Apache Tomcat project for reporting the CVE-2011-2526 issue. This update also fixes the following bug: * Previously, in certain cases, if "LANG=fr_FR" or "LANG=fr_FR.UTF-8" was set as an environment variable or in "/etc/sysconfig/tomcat6" on 64-bit PowerPC systems, Tomcat may have failed to start correctly. With this update, Tomcat works as expected when LANG is set to "fr_FR" or "fr_FR.UTF-8". (BZ#748807) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2011:1790: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20111790 mediumRHSA-2011:1790 CVE-2011-1530
RHSA-2011:1790: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111790 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1790, CVE-2011-1530 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request. (CVE-2011-1530) Red Hat would like to thank the MIT Kerberos project for reporting this issue. All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2011:1791: squid security update (Moderate)oval-com.redhat.rhsa-def-20111791 mediumRHSA-2011:1791 CVE-2011-4096
RHSA-2011:1791: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111791 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1791, CVE-2011-4096 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. An input validation flaw was found in the way Squid calculated the total number of resource records in the answer section of multiple name server responses. An attacker could use this flaw to cause Squid to crash. (CVE-2011-4096) Users of squid should upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. |
RHSA-2011:1797: perl security update (Moderate)oval-com.redhat.rhsa-def-20111797 mediumRHSA-2011:1797 CVE-2010-2761 CVE-2010-4410 CVE-2011-3597
RHSA-2011:1797: perl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111797 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1797, CVE-2010-2761, CVE-2010-4410, CVE-2011-3597 |
| Description | Perl is a high-level programming language commonly used for system administration utilities and web programming. It was found that the "new" constructor of the Digest module used its argument as part of the string expression passed to the eval() function. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl program that uses untrusted input as an argument to the constructor. (CVE-2011-3597) It was found that the Perl CGI module used a hard-coded value for the MIME boundary string in multipart/x-mixed-replace content. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. (CVE-2010-2761) A CRLF injection flaw was found in the way the Perl CGI module processed a sequence of non-whitespace preceded by newline characters in the header. A remote attacker could use this flaw to conduct an HTTP response splitting attack via a specially-crafted sequence of characters provided to the CGI module. (CVE-2010-4410) All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect. |
RHSA-2011:1801: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20111801 highRHSA-2011:1801 CVE-2011-4111
RHSA-2011:1801: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111801 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1801, CVE-2011-4111 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID (Chip/Smart Card Interface Devices) USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host. (CVE-2011-4111) All users of qemu-kvm should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2011:1807: jasper security update (Important)oval-com.redhat.rhsa-def-20111807 highRHSA-2011:1807 CVE-2011-4516 CVE-2011-4517
RHSA-2011:1807: jasper security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111807 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1807, CVE-2011-4516, CVE-2011-4517 |
| Description | JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Two heap-based buffer overflow flaws were found in the way JasPer decoded JPEG 2000 compressed image files. An attacker could create a malicious JPEG 2000 compressed image file that, when opened, would cause applications that use JasPer (such as Nautilus) to crash or, potentially, execute arbitrary code. (CVE-2011-4516, CVE-2011-4517) Red Hat would like to thank Jonathan Foote of the CERT Coordination Center for reporting these issues. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. All applications using the JasPer libraries (such as Nautilus) must be restarted for the update to take effect. |
RHSA-2011:1811: netpbm security update (Important)oval-com.redhat.rhsa-def-20111811 highRHSA-2011:1811 CVE-2009-4274 CVE-2011-4516 CVE-2011-4517
RHSA-2011:1811: netpbm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111811 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1811, CVE-2009-4274, CVE-2011-4516, CVE-2011-4517 |
| Description | The netpbm packages contain a library of functions which support programs for handling various graphics file formats, including .pbm (Portable Bit Map), .pgm (Portable Gray Map), .pnm (Portable Any Map), .ppm (Portable Pixel Map), and others. Two heap-based buffer overflow flaws were found in the embedded JasPer library, which is used to provide support for Part 1 of the JPEG 2000 image compression standard in the jpeg2ktopam and pamtojpeg2k tools. An attacker could create a malicious JPEG 2000 compressed image file that could cause jpeg2ktopam to crash or, potentially, execute arbitrary code with the privileges of the user running jpeg2ktopam. These flaws do not affect pamtojpeg2k. (CVE-2011-4516, CVE-2011-4517) A stack-based buffer overflow flaw was found in the way the xpmtoppm tool processed X PixMap (XPM) image files. An attacker could create a malicious XPM file that would cause xpmtoppm to crash or, potentially, execute arbitrary code with the privileges of the user running xpmtoppm. (CVE-2009-4274) Red Hat would like to thank Jonathan Foote of the CERT Coordination Center for reporting the CVE-2011-4516 and CVE-2011-4517 issues. All users of netpbm are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2011:1814: ipmitool security update (Moderate)oval-com.redhat.rhsa-def-20111814 mediumRHSA-2011:1814 CVE-2011-4339
RHSA-2011:1814: ipmitool security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111814 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1814, CVE-2011-4339 |
| Description | The ipmitool package contains a command line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control. It was discovered that the IPMI event daemon (ipmievd) created its process ID (PID) file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. (CVE-2011-4339) All users of ipmitool are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the IPMI event daemon (ipmievd) will be restarted automatically. |
RHSA-2011:1815: icu security update (Moderate)oval-com.redhat.rhsa-def-20111815 mediumRHSA-2011:1815 CVE-2011-4599
RHSA-2011:1815: icu security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111815 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1815, CVE-2011-4599 |
| Description | The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-4599) All users of ICU should upgrade to these updated packages, which contain a backported patch to resolve this issue. All applications linked against ICU must be restarted for this update to take effect. |
RHSA-2011:1819: dhcp security update (Moderate)oval-com.redhat.rhsa-def-20111819 mediumRHSA-2011:1819 CVE-2011-4539
RHSA-2011:1819: dhcp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111819 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1819, CVE-2011-4539 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled DHCP request packets when regular expression matching was used in "/etc/dhcp/dhcpd.conf". A remote attacker could use this flaw to crash dhcpd. (CVE-2011-4539) Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all DHCP servers will be restarted automatically. |
RHSA-2011:1820: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20111820 mediumRHSA-2011:1820 CVE-2011-4601 CVE-2011-4602 CVE-2011-4603
RHSA-2011:1820: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111820 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1820, CVE-2011-4601, CVE-2011-4602, CVE-2011-4603 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime (OSCAR) protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. (CVE-2011-4601) An input sanitization flaw was found in the way the Pidgin SILC (Secure Internet Live Conferencing) protocol plug-in escaped certain UTF-8 characters in channel messages. A remote attacker could use this flaw to crash Pidgin via a specially-crafted SILC message. (CVE-2011-4603) Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol (XMPP) protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message. (CVE-2011-4602) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Evgeny Boger as the original reporter of CVE-2011-4601; Diego Bauche Madero from IOActive as the original reporter of CVE-2011-4603; and Thijs Alkemade as the original reporter of CVE-2011-4602. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2011:1821: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20111821 mediumRHSA-2011:1821 CVE-2011-4601 CVE-2011-4602
RHSA-2011:1821: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111821 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1821, CVE-2011-4601, CVE-2011-4602 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. An input sanitization flaw was found in the way the AOL Open System for Communication in Realtime (OSCAR) protocol plug-in in Pidgin, used by the AOL ICQ and AIM instant messaging systems, escaped certain UTF-8 characters. A remote attacker could use this flaw to crash Pidgin via a specially-crafted OSCAR message. (CVE-2011-4601) Multiple NULL pointer dereference flaws were found in the Jingle extension of the Extensible Messaging and Presence Protocol (XMPP) protocol plug-in in Pidgin. A remote attacker could use these flaws to crash Pidgin via a specially-crafted Jingle multimedia message. (CVE-2011-4602) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Evgeny Boger as the original reporter of CVE-2011-4601, and Thijs Alkemade as the original reporter of CVE-2011-4602. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2011:1845: tomcat5 security update (Moderate)oval-com.redhat.rhsa-def-20111845 mediumRHSA-2011:1845 CVE-2010-3718 CVE-2011-0013 CVE-2011-1184 CVE-2011-2204 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064
RHSA-2011:1845: tomcat5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20111845 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2011:1845, CVE-2010-3718, CVE-2011-0013, CVE-2011-1184, CVE-2011-2204, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that web applications could modify the location of the Tomcat host's work directory. As web applications deployed on Tomcat have read and write access to this directory, a malicious web application could use this flaw to trick Tomcat into giving it read and write access to an arbitrary directory on the file system. (CVE-2010-3718) A cross-site scripting (XSS) flaw was found in the Manager application, used for managing web applications on Apache Tomcat. A malicious web application could use this flaw to conduct an XSS attack, leading to arbitrary web script execution with the privileges of victims who are logged into and viewing Manager application web pages. (CVE-2011-0013) Multiple flaws were found in the way Tomcat handled HTTP DIGEST authentication. These flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184) A flaw was found in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204) Users of Tomcat should upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2011:1849: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20111849 highRHSA-2011:1849 CVE-2011-4127 CVE-2011-4621
RHSA-2011:1849: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20111849 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1849, CVE-2011-4127, CVE-2011-4621 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * Using the SG_IO IOCTL to issue SCSI requests to partitions or LVM volumes resulted in the requests being passed to the underlying block device. If a privileged user only had access to a single partition or LVM volume, they could use this flaw to bypass those restrictions and gain read and write access (and be able to issue other SCSI commands) to the entire block device. In KVM (Kernel-based Virtual Machine) environments using raw format virtio disks backed by a partition or LVM volume, a privileged guest user could bypass intended restrictions and issue read and write requests (and other SCSI commands) on the host, and possibly access the data of other guests that reside on the same underlying block device. Partition-based and LVM-based storage pools are not used by default. Refer to Red Hat Bugzilla bug 752375 for further details and a mitigation script for users who cannot apply this update immediately. (CVE-2011-4127, Important) Bug fixes: * Previously, idle load balancer kick requests from other CPUs could be serviced without first receiving an inter-processor interrupt (IPI). This could have led to a deadlock. (BZ#750459) * This update fixes a performance regression that may have caused processes (including KVM guests) to hang for a number of seconds. (BZ#751403) * When md_raid1_unplug_device() was called while holding a spinlock, under certain device failure conditions, it was possible for the lock to be requested again, deeper in the call chain, causing a deadlock. Now, md_raid1_unplug_device() is no longer called while holding a spinlock. (BZ#755545) * In hpet_next_event(), an interrupt could have occurred between the read and write of the HPET (High Performance Event Timer) and the value of HPET_COUNTER was then beyond that being written to the comparator (HPET_Tn_CMP). Consequently, the timers were overdue for up to several minutes. Now, a comparison is performed between the value of the counter and the comparator in the HPET code. If the counter is beyond the comparator, the "-ETIME" error code is returned. (BZ#756426) * Index allocation in the virtio-blk module was based on a monotonically increasing variable "index". Consequently, released indexes were not reused and after a period of time, no new were available. Now, virtio-blk uses the ida API to allocate indexes. (BZ#756427) * A bug related to Context Caching existed in the Intel IOMMU support module. On some newer Intel systems, the Context Cache mode has changed from previous hardware versions, potentially exposing a Context coherency race. The bug was exposed when performing a series of hot plug and unplug operations of a Virtual Function network device which was immediately configured into the network stack, i.e., successfully performed dynamic host configuration protocol (DHCP). When the coherency race occurred, the assigned device would not work properly in the guest virtual machine. With this update, the Context coherency is corrected and the race and potentially resulting device assignment failure no longer occurs. (BZ#757671) * The align_va_addr kernel parameter was ignored if secondary CPUs were initialized. This happened because the parameter settings were overridden during the initialization of secondary CPUs. Also, the align_va_addr parameter documentation contained incorrect parameter arguments. With this update, the underlying code has been modified to prevent the overriding and the documentation has been updated. This update also removes the unused code introduced by the patch for BZ#739456. (BZ#758028) * Dell systems based on a future Intel processor with graphics acceleration required the selection of the install system with basic video driver installation option. This update removes this requirement. (BZ#758513) |
RHSA-2011:1851: krb5 security update (Critical)oval-com.redhat.rhsa-def-20111851 highRHSA-2011:1851 CVE-2011-4862
RHSA-2011:1851: krb5 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111851 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1851, CVE-2011-4862 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third- party, the Key Distribution Center (KDC). A buffer overflow flaw was found in the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. (CVE-2011-4862) Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package. For users who have installed the krb5-workstation package, have enabled the telnet daemon, and have it accessible remotely, this update should be applied immediately. All krb5-workstation users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2011:1852: krb5-appl security update (Critical)oval-com.redhat.rhsa-def-20111852 highRHSA-2011:1852 CVE-2011-4862
RHSA-2011:1852: krb5-appl security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20111852 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2011:1852, CVE-2011-4862 |
| Description | The krb5-appl packages provide Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A buffer overflow flaw was found in the MIT krb5 telnet daemon (telnetd). A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root. (CVE-2011-4862) Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package. For users who have installed the krb5-appl-servers package, have enabled the krb5 telnet daemon, and have it accessible remotely, this update should be applied immediately. All krb5-appl-server users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2012:0007: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20120007 highRHSA-2012:0007 CVE-2011-1020 CVE-2011-3637 CVE-2011-4077 CVE-2011-4132 CVE-2011-4324 CVE-2011-4325 CVE-2011-4330 CVE-2011-4348
RHSA-2012:0007: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120007 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0007, CVE-2011-1020, CVE-2011-3637, CVE-2011-4077, CVE-2011-4132, CVE-2011-4324, CVE-2011-4325, CVE-2011-4330, CVE-2011-4348 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2011-4077, Important) * The fix for CVE-2011-2482 provided by RHSA-2011:1212 introduced a regression: on systems that do not have Security-Enhanced Linux (SELinux) in Enforcing mode, a socket lock race could occur between sctp_rcv() and sctp_accept(). A remote attacker could use this flaw to cause a denial of service. By default, SELinux runs in Enforcing mode on Red Hat Enterprise Linux 5. (CVE-2011-4348, Important) * The proc file system could allow a local, unprivileged user to obtain sensitive information or possibly cause integrity issues. (CVE-2011-1020, Moderate) * A missing validation flaw was found in the Linux kernel's m_stop() implementation. A local, unprivileged user could use this flaw to trigger a denial of service. (CVE-2011-3637, Moderate) * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local attacker could use this flaw to crash the system by mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * A flaw was found in the Linux kernel's encode_share_access() implementation. A local, unprivileged user could use this flaw to trigger a denial of service by creating a regular file on an NFSv4 (Network File System version 4) file system via mknod(). (CVE-2011-4324, Moderate) * A flaw was found in the Linux kernel's NFS implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4325, Moderate) * A missing boundary check was found in the Linux kernel's HFS file system implementation. A local attacker could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2011-4330, Moderate) Red Hat would like to thank Kees Cook for reporting CVE-2011-1020, and Clement Lecigne for reporting CVE-2011-4330. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:0016: libxml2 security update (Important)oval-com.redhat.rhsa-def-20120016 highRHSA-2012:0016 CVE-2011-0216 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919
RHSA-2012:0016: libxml2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0016, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) A flaw was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2011-2834) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-2834 flaw to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger this flaw. An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2012:0017: libxml2 security update (Important)oval-com.redhat.rhsa-def-20120017 highRHSA-2012:0017 CVE-2010-4008 CVE-2011-0216 CVE-2011-1944 CVE-2011-2834 CVE-2011-3905 CVE-2011-3919
RHSA-2012:0017: libxml2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120017 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0017, CVE-2010-4008, CVE-2011-0216, CVE-2011-1944, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. One of those standards is the XML Path Language (XPath), which is a language for addressing parts of an XML document. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An off-by-one error, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) Flaws were found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2011-2834) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Note: Red Hat does not ship any applications that use libxml2 in a way that would allow the CVE-2011-1944, CVE-2010-4008, and CVE-2011-2834 flaws to be exploited; however, third-party applications may allow XPath expressions to be passed which could trigger these flaws. Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2012:0018: libxml2 security update (Important)oval-com.redhat.rhsa-def-20120018 highRHSA-2012:0018 CVE-2011-3905 CVE-2011-3919
RHSA-2012:0018: libxml2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120018 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0018, CVE-2011-3905, CVE-2011-3919 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2012:0019: php53 and php security update (Moderate)oval-com.redhat.rhsa-def-20120019 mediumRHSA-2012:0019 CVE-2011-4566 CVE-2011-4885
RHSA-2012:0019: php53 and php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120019 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0019, CVE-2011-4566, CVE-2011-4885 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000. (CVE-2011-4885) An integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially-crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566) Red Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4885. All php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:0033: php security update (Moderate)oval-com.redhat.rhsa-def-20120033 mediumRHSA-2012:0033 CVE-2011-0708 CVE-2011-1148 CVE-2011-1466 CVE-2011-1469 CVE-2011-2202 CVE-2011-4566 CVE-2011-4885
RHSA-2012:0033: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120033 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0033, CVE-2011-0708, CVE-2011-1148, CVE-2011-1466, CVE-2011-1469, CVE-2011-2202, CVE-2011-4566, CVE-2011-4885 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000. (CVE-2011-4885) A use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148) An integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially-crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566) An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially-crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) A bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the "apache" user, preventing it from writing to the root directory. (CVE-2011-2202) Red Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4885. All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:0050: qemu-kvm security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20120050 highRHSA-2012:0050 CVE-2012-0029
RHSA-2012:0050: qemu-kvm security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120050 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0050, CVE-2012-0029 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) Red Hat would like to thank Nicolae Mogoreanu for reporting this issue. This update also fixes the following bug: * qemu-kvm has a "scsi" option, to be used, for example, with the "-device" option: "-device virtio-blk-pci,drive=[drive name],scsi=off". Previously, however, it only masked the feature bit, and did not reject SCSI commands if a malicious guest ignored the feature bit and issued a request. This update corrects this issue. The "scsi=off" option can be used to mitigate the virtualization aspect of CVE-2011-4127 before the RHSA-2011:1849 kernel update is installed on the host. This mitigation is only required if you do not have the RHSA-2011:1849 kernel update installed on the host and you are using raw format virtio disks backed by a partition or LVM volume. If you run guests by invoking /usr/libexec/qemu-kvm directly, use the "-global virtio-blk-pci.scsi=off" option to apply the mitigation. If you are using libvirt, as recommended by Red Hat, and have the RHBA-2012:0013 libvirt update installed, no manual action is required: guests will automatically use "scsi=off". (BZ#767721) Note: After installing the RHSA-2011:1849 kernel update, SCSI requests issued by guests via the SG_IO IOCTL will not be passed to the underlying block device when using raw format virtio disks backed by a partition or LVM volume, even if "scsi=on" is used. As well, this update adds the following enhancement: * Prior to this update, qemu-kvm was not built with RELRO or PIE support. qemu-kvm is now built with full RELRO and PIE support as a security enhancement. (BZ#767906) All users of qemu-kvm should upgrade to these updated packages, which correct these issues and add this enhancement. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2012:0051: kvm security update (Important)oval-com.redhat.rhsa-def-20120051 highRHSA-2012:0051 CVE-2011-4622 CVE-2012-0029
RHSA-2012:0051: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120051 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0051, CVE-2011-4622, CVE-2012-0029 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-0029) A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A malicious user in the kvm group on the host could force this situation to occur, resulting in the host crashing. (CVE-2011-4622) Red Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029. All KVM users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2012:0052: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20120052 highRHSA-2012:0052 CVE-2012-0056
RHSA-2012:0052: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120052 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0052, CVE-2012-0056 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user could use this flaw to escalate their privileges. Refer to Red Hat Knowledgebase article DOC-69129, linked to in the References, for further information. (CVE-2012-0056, Important) Red Hat would like to thank Jüri Aedla for reporting this issue. This update fixes the following bugs: * The RHSA-2011:1849 kernel update introduced a bug in the Linux kernel scheduler, causing a "WARNING: at kernel/sched.c:5915 thread_return" message and a call trace to be logged. This message was harmless, and was not due to any system malfunctions or adverse behavior. With this update, the WARN_ON_ONCE() call in the scheduler that caused this harmless message has been removed. (BZ#768288) * The RHSA-2011:1530 kernel update introduced a regression in the way the Linux kernel maps ELF headers for kernel modules into kernel memory. If a third-party kernel module is compiled on a Red Hat Enterprise Linux system with a kernel prior to RHSA-2011:1530, then loading that module on a system with RHSA-2011:1530 kernel would result in corruption of one byte in the memory reserved for the module. In some cases, this could prevent the module from functioning correctly. (BZ#769595) * On some SMP systems the tsc may erroneously be marked as unstable during early system boot or while the system is under heavy load. A "Clocksource tsc unstable" message was logged when this occurred. As a result the system would switch to the slower access, but higher precision HPET clock. The "tsc=reliable" kernel parameter is supposed to avoid this problem by indicating that the system has a known good clock, however, the parameter only affected run time checks. A fix has been put in to avoid the boot time checks so that the TSC remains as the clock for the duration of system runtime. (BZ#755867) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2012:0058: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120058 mediumRHSA-2012:0058 CVE-2009-5029 CVE-2011-4609
RHSA-2012:0058: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120058 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0058, CVE-2009-5029, CVE-2011-4609 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) This update also fixes the following bugs: * glibc had incorrect information for numeric separators and groupings for specific French, Spanish, and German locales. Therefore, applications utilizing glibc's locale support printed numbers with the wrong separators and groupings when those locales were in use. With this update, the separator and grouping information has been fixed. (BZ#754116) * The RHBA-2011:1179 glibc update introduced a regression, causing glibc to incorrectly parse groups with more than 126 members, resulting in applications such as "id" failing to list all the groups a particular user was a member of. With this update, group parsing has been fixed. (BZ#766484) * glibc incorrectly allocated too much memory due to a race condition within its own malloc routines. This could cause a multi-threaded application to allocate more memory than was expected. With this update, the race condition has been fixed, and malloc's behavior is now consistent with the documentation regarding the MALLOC_ARENA_TEST and MALLOC_ARENA_MAX environment variables. (BZ#769594) Users should upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2012:0059: openssl security update (Moderate)oval-com.redhat.rhsa-def-20120059 mediumRHSA-2012:0059 CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619
RHSA-2012:0059: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120059 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0059, CVE-2011-4108, CVE-2011-4576, CVE-2011-4577, CVE-2011-4619 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2012:0060: openssl security update (Moderate)oval-com.redhat.rhsa-def-20120060 mediumRHSA-2012:0060 CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4619
RHSA-2012:0060: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120060 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0060, CVE-2011-4108, CVE-2011-4109, CVE-2011-4576, CVE-2011-4619 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data. (CVE-2011-4109) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2012:0062: t1lib security update (Moderate)oval-com.redhat.rhsa-def-20120062 mediumRHSA-2012:0062 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554
RHSA-2012:0062: t1lib security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120062 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0062, CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554 |
| Description | The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash. (CVE-2011-1552) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of t1lib are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications linked against t1lib must be restarted for this update to take effect. |
RHSA-2012:0069: ruby security update (Moderate)oval-com.redhat.rhsa-def-20120069 mediumRHSA-2012:0069 CVE-2011-4815
RHSA-2012:0069: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120069 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0069, CVE-2011-4815 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters. All users of ruby are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2012:0070: ruby security update (Moderate)oval-com.redhat.rhsa-def-20120070 mediumRHSA-2012:0070 CVE-2011-3009 CVE-2011-4815
RHSA-2012:0070: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120070 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0070, CVE-2011-3009, CVE-2011-4815 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) Red Hat would like to thank oCERT for reporting CVE-2011-4815. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4815. All users of ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2012:0071: php security update (Moderate)oval-com.redhat.rhsa-def-20120071 mediumRHSA-2012:0071 CVE-2011-0708 CVE-2011-1466 CVE-2011-2202 CVE-2011-4566 CVE-2011-4885
RHSA-2012:0071: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120071 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0071, CVE-2011-0708, CVE-2011-1466, CVE-2011-2202, CVE-2011-4566, CVE-2011-4885 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that the hashing routine used by PHP arrays was susceptible to predictable hash collisions. If an HTTP POST request to a PHP application contained many parameters whose names map to the same hash value, a large amount of CPU time would be consumed. This flaw has been mitigated by adding a new configuration directive, max_input_vars, that limits the maximum number of parameters processed per request. By default, max_input_vars is set to 1000. (CVE-2011-4885) An integer overflow flaw was found in the PHP exif extension. On 32-bit systems, a specially-crafted image file could cause the PHP interpreter to crash or disclose portions of its memory when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-4566) An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially-crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially-crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the "apache" user, preventing it from writing to the root directory. (CVE-2011-2202) Red Hat would like to thank oCERT for reporting CVE-2011-4885. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4885. All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:0073: Red Hat Enterprise Linux 4 - 30 day End Of Life Notice (Low)oval-com.redhat.rhsa-def-20120073 lowRHSA-2012:0073
RHSA-2012:0073: Red Hat Enterprise Linux 4 - 30 day End Of Life Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120073 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0073 |
| Description | In accordance with the Red Hat Enterprise Linux Errata Support Policy, the 7 year life-cycle of Red Hat Enterprise Linux 4 will end on February 29, 2012 and your subscription services for that version will change. Active Red Hat Enterprise Linux subscribers using Red Hat Enterprise Linux 4 will have the option to upgrade to currently supported versions of Red Hat Enterprise Linux and receive the full benefits of the subscription. After February 29, 2012, Red Hat will discontinue technical support services as well as software maintenance services for Red Hat Enterprise Linux 4 meaning that new bug fixes, security errata and product enhancements will no longer be provided for the following products: * Red Hat Enterprise Linux AS 4 * Red Hat Enterprise Linux ES 4 * Red Hat Enterprise Linux WS 4 * Red Hat Desktop 4 * Red Hat Global File System 4 * Red Hat Cluster Suite 4 Customers who choose to continue to deploy Red Hat Enterprise Linux 4 offerings will continue to have access via Red Hat Network (RHN) to the following content as part of their active Red Hat Enterprise Linux subscription: - Previously released bug fixes, security errata and product enhancements. - Red Hat Knowledge Base and other content (whitepapers, reference architectures, etc) found in the Red Hat Customer Portal. - All Red Hat Enterprise Linux 4 documentation. Customers are strongly encouraged to take advantage of the upgrade benefits of their active Red Hat Enterprise Linux subscription and migrate to an active version of Red Hat Enterprise Linux such as version 5 or 6. For customers who are unable to migrate off Red Hat Enterprise Linux 4 before its end-of-life date and require software maintenance and/or technical support, Red Hat offers an optional support extension called the Extended Life-cycle Support (ELS) Add-On Subscription. The ELS Subscription provides up to three additional years of limited Software Maintenance (Production 3 Phase) for Red Hat Enterprise Linux 4 with unlimited technical support, critical Security Advisories (RHSAs) and selected Urgent Priority Bug Advisories (RHBAs). For more information, contact your Red Hat sales representative or channel partner. Details of the Red Hat Enterprise Linux life-cycle can be found on the Red Hat website: https://access.redhat.com/support/policy/updates/errata/ |
RHSA-2012:0079: firefox security update (Critical)oval-com.redhat.rhsa-def-20120079 highRHSA-2012:0079 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449
RHSA-2012:0079: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120079 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0079, CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3659) Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0442) A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web page containing a malicious Ogg Vorbis media file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0444) A flaw was found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files that contained eXtensible Style Sheet Language Transformations (XSLT). A web page containing a malicious SVG image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0449) The same-origin policy in Firefox treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client's IP and user e-mail address, or httpOnly cookies) that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets. (CVE-2011-3670) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.26. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.26, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:0080: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20120080 highRHSA-2012:0080 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0449
RHSA-2012:0080: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120080 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0080, CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0449 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A use-after-free flaw was found in the way Thunderbird removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3659) Several flaws were found in the processing of malformed content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0442) A flaw was found in the way Thunderbird parsed certain Scalable Vector Graphics (SVG) image files that contained eXtensible Style Sheet Language Transformations (XSLT). An HTML mail message containing a malicious SVG image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0449) The same-origin policy in Thunderbird treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client's IP and user e-mail address, or httpOnly cookies) that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets. (CVE-2011-3670) Note: The CVE-2011-3659 and CVE-2011-3670 issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 3.1.18. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to these updated packages, which contain Thunderbird version 3.1.18, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:0084: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20120084 highRHSA-2012:0084 CVE-2011-3670 CVE-2012-0442
RHSA-2012:0084: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120084 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0084, CVE-2011-3670, CVE-2012-0442 |
| Description | SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2012-0442) The same-origin policy in SeaMonkey treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client's IP and user e-mail address, or httpOnly cookies) that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets. (CVE-2011-3670) All SeaMonkey users should upgrade to these updated packages, which correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2012:0085: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20120085 highRHSA-2012:0085 CVE-2011-3670 CVE-2012-0442
RHSA-2012:0085: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120085 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0085, CVE-2011-3670, CVE-2012-0442 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0442) The same-origin policy in Thunderbird treated http://example.com and http://[example.com] as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information (such as a client's IP and user e-mail address, or httpOnly cookies) that may be included in HTTP proxy error replies, generated in response to invalid URLs using square brackets. (CVE-2011-3670) Note: The CVE-2011-3670 issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which resolves these issues. All running instances of Thunderbird must be restarted for the update to take effect. |
RHSA-2012:0086: openssl security update (Moderate)oval-com.redhat.rhsa-def-20120086 mediumRHSA-2012:0086 CVE-2011-4576 CVE-2011-4619
RHSA-2012:0086: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120086 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0086, CVE-2011-4576, CVE-2011-4619 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2012:0092: php53 security update (Critical)oval-com.redhat.rhsa-def-20120092 highRHSA-2012:0092 CVE-2012-0830
RHSA-2012:0092: php53 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120092 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0092, CVE-2012-0830 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0019 for php53 packages in Red Hat Enterprise Linux 5) introduced an uninitialized memory use flaw. A remote attacker could send a specially- crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:0093: php security update (Critical)oval-com.redhat.rhsa-def-20120093 highRHSA-2012:0093 CVE-2012-0830
RHSA-2012:0093: php security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120093 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0093, CVE-2012-0830 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the fix for CVE-2011-4885 (released via RHSA-2012:0071, RHSA-2012:0033, and RHSA-2012:0019 for php packages in Red Hat Enterprise Linux 4, 5, and 6 respectively) introduced an uninitialized memory use flaw. A remote attacker could send a specially-crafted HTTP request to cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-0830) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:0095: ghostscript security update (Moderate)oval-com.redhat.rhsa-def-20120095 mediumRHSA-2012:0095 CVE-2009-3743 CVE-2010-2055 CVE-2010-4054 CVE-2010-4820
RHSA-2012:0095: ghostscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120095 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0095, CVE-2009-3743, CVE-2010-2055, CVE-2010-4054, CVE-2010-4820 |
| Description | Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw was found in Ghostscript's TrueType bytecode interpreter. An attacker could create a specially-crafted PostScript or PDF file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2009-3743) It was found that Ghostscript always tried to read Ghostscript system initialization files from the current working directory before checking other directories, even if a search path that did not contain the current working directory was specified with the "-I" option, or the "-P-" option was used (to prevent the current working directory being searched first). If a user ran Ghostscript in an attacker-controlled directory containing a system initialization file, it could cause Ghostscript to execute arbitrary PostScript code. (CVE-2010-2055) Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default. (CVE-2010-4820) Note: The fix for CVE-2010-4820 could possibly break existing configurations. To use the previous, vulnerable behavior, run Ghostscript with the "-P" option (to always search the current working directory first). A flaw was found in the way Ghostscript interpreted PostScript Type 1 and PostScript Type 2 font files. An attacker could create a specially-crafted PostScript Type 1 or PostScript Type 2 font file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2010-4054) Users of Ghostscript are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2012:0096: ghostscript security update (Moderate)oval-com.redhat.rhsa-def-20120096 mediumRHSA-2012:0096 CVE-2010-4054 CVE-2010-4820
RHSA-2012:0096: ghostscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120096 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0096, CVE-2010-4054, CVE-2010-4820 |
| Description | Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. Ghostscript included the current working directory in its library search path by default. If a user ran Ghostscript without the "-P-" option in an attacker-controlled directory containing a specially-crafted PostScript library file, it could cause Ghostscript to execute arbitrary PostScript code. With this update, Ghostscript no longer searches the current working directory for library files by default. (CVE-2010-4820) Note: The fix for CVE-2010-4820 could possibly break existing configurations. To use the previous, vulnerable behavior, run Ghostscript with the "-P" option (to always search the current working directory first). A flaw was found in the way Ghostscript interpreted PostScript Type 1 and PostScript Type 2 font files. An attacker could create a specially-crafted PostScript Type 1 or PostScript Type 2 font file that, when interpreted, could cause Ghostscript to crash or, potentially, execute arbitrary code. (CVE-2010-4054) Users of Ghostscript are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2012:0103: squirrelmail security update (Moderate)oval-com.redhat.rhsa-def-20120103 mediumRHSA-2012:0103 CVE-2010-1637 CVE-2010-2813 CVE-2010-4554 CVE-2010-4555 CVE-2011-2023 CVE-2011-2752 CVE-2011-2753
RHSA-2012:0103: squirrelmail security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120103 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0103, CVE-2010-1637, CVE-2010-2813, CVE-2010-4554, CVE-2010-4555, CVE-2011-2023, CVE-2011-2752, CVE-2011-2753 |
| Description | SquirrelMail is a standards-based webmail package written in PHP. A cross-site scripting (XSS) flaw was found in the way SquirrelMail performed the sanitization of HTML style tag content. A remote attacker could use this flaw to send a specially-crafted Multipurpose Internet Mail Extensions (MIME) message that, when opened by a victim, would lead to arbitrary web script execution in the context of their SquirrelMail session. (CVE-2011-2023) Multiple cross-site scripting (XSS) flaws were found in SquirrelMail. A remote attacker could possibly use these flaws to execute arbitrary web script in the context of a victim's SquirrelMail session. (CVE-2010-4555) An input sanitization flaw was found in the way SquirrelMail handled the content of various HTML input fields. A remote attacker could use this flaw to alter user preference values via a newline character contained in the input for these fields. (CVE-2011-2752) It was found that the SquirrelMail Empty Trash and Index Order pages did not protect against Cross-Site Request Forgery (CSRF) attacks. If a remote attacker could trick a user, who was logged into SquirrelMail, into visiting a specially-crafted URL, the attacker could empty the victim's trash folder or alter the ordering of the columns on the message index page. (CVE-2011-2753) SquirrelMail was allowed to be loaded into an HTML sub-frame, allowing a remote attacker to perform a clickjacking attack against logged in users and possibly gain access to sensitive user data. With this update, the SquirrelMail main frame can only be loaded into the top most browser frame. (CVE-2010-4554) A flaw was found in the way SquirrelMail handled failed log in attempts. A user preference file was created when attempting to log in with a password containing an 8-bit character, even if the username was not valid. A remote attacker could use this flaw to eventually consume all hard disk space on the target SquirrelMail server. (CVE-2010-2813) A flaw was found in the SquirrelMail Mail Fetch plug-in. If an administrator enabled this plug-in, a SquirrelMail user could use this flaw to port scan the local network the server was on. (CVE-2010-1637) Users of SquirrelMail should upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2012:0105: mysql security update (Important)oval-com.redhat.rhsa-def-20120105 highRHSA-2012:0105 CVE-2011-2262 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0112 CVE-2012-0113 CVE-2012-0114 CVE-2012-0115 CVE-2012-0116 CVE-2012-0118 CVE-2012-0119 CVE-2012-0120 CVE-2012-0484 CVE-2012-0485 CVE-2012-0490 CVE-2012-0492 CVE-2012-0583
RHSA-2012:0105: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120105 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0105, CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492, CVE-2012-0583 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0112, CVE-2012-0113, CVE-2012-0114, CVE-2012-0115, CVE-2012-0116, CVE-2012-0118, CVE-2012-0119, CVE-2012-0120, CVE-2012-0484, CVE-2012-0485, CVE-2012-0490, CVE-2012-0492) These updated packages upgrade MySQL to version 5.1.61. Refer to the MySQL release notes for a full list of changes: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-x.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2012:0107: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20120107 highRHSA-2012:0107 CVE-2011-3638 CVE-2011-4086 CVE-2011-4127 CVE-2012-0028 CVE-2012-0207
RHSA-2012:0107: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120107 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0107, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127, CVE-2012-0028, CVE-2012-0207 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* Using the SG_IO ioctl to issue SCSI requests to partitions or LVM volumes
resulted in the requests being passed to the underlying block device. If a
privileged user only had access to a single partition or LVM volume, they
could use this flaw to bypass those restrictions and gain read and write
access (and be able to issue other SCSI commands) to the entire block
device. Refer to Red Hat Knowledgebase article DOC-67874, linked to in the
References, for further details about this issue. (CVE-2011-4127,
Important)
* A flaw was found in the way the Linux kernel handled robust list pointers
of user-space held futexes across exec() calls. A local, unprivileged user
could use this flaw to cause a denial of service or, eventually, escalate
their privileges. (CVE-2012-0028, Important)
* A flaw was found in the Linux kernel in the way splitting two extents in
ext4_ext_convert_to_initialized() worked. A local, unprivileged user with
the ability to mount and unmount ext4 file systems could use this flaw to
cause a denial of service. (CVE-2011-3638, Moderate)
* A flaw was found in the way the Linux kernel's journal_unmap_buffer()
function handled buffer head states. On systems that have an ext4 file
system with a journal mounted, a local, unprivileged user could use this
flaw to cause a denial of service. (CVE-2011-4086, Moderate)
* A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query()
function. An attacker able to send certain IGMP (Internet Group Management
Protocol) packets to a target system could use this flaw to cause a denial
of service. (CVE-2012-0207, Moderate)
Red Hat would like to thank Zheng Liu for reporting CVE-2011-3638, and
Simon McVittie for reporting CVE-2012-0207.
This update also fixes the following bugs:
* When a host was in recovery mode and a SCSI scan operation was initiated,
the scan operation failed and provided no error output. This bug has been
fixed and the SCSI layer now waits for recovery of the host to complete
scan operations for devices. (BZ#772162)
* SG_IO ioctls were not implemented correctly in the Red Hat Enterprise
Linux 5 virtio-blk driver. Sending an SG_IO ioctl request to a virtio-blk
disk caused the sending thread to enter an uninterruptible sleep state ("D"
state). With this update, SG_IO ioctls are rejected by the virtio-blk
driver: the ioctl system call will simply return an ENOTTY ("Inappropriate
ioctl for device") error and the thread will continue normally. (BZ#773322)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
|
RHSA-2012:0125: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120125 mediumRHSA-2012:0125 CVE-2009-5029 CVE-2009-5064 CVE-2010-0296 CVE-2010-0830 CVE-2011-1071 CVE-2011-1089 CVE-2011-1095 CVE-2011-1659 CVE-2011-4609
RHSA-2012:0125: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120125 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0125, CVE-2009-5029, CVE-2009-5064, CVE-2010-0296, CVE-2010-0830, CVE-2011-1071, CVE-2011-1089, CVE-2011-1095, CVE-2011-1659, CVE-2011-4609 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) It was discovered that the glibc addmntent() function, used by various mount helper utilities, did not sanitize its input properly. A local attacker could possibly use this flaw to inject malformed lines into the mtab (mounted file systems table) file via certain setuid mount helpers, if the attacker were allowed to mount to an arbitrary directory under their control. (CVE-2010-0296) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095) An integer overflow flaw was found in the glibc fnmatch() function. If an attacker supplied a long UTF-8 string to an application linked against glibc, it could cause the application to crash. (CVE-2011-1659) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830. This update also fixes the following bug: * When using an nscd package that is a different version than the glibc package, the nscd service could fail to start. This update makes the nscd package require a specific glibc version to prevent this problem. (BZ#657009) Users should upgrade to these updated packages, which resolve these issues. |
RHSA-2012:0126: glibc security update (Moderate)oval-com.redhat.rhsa-def-20120126 mediumRHSA-2012:0126 CVE-2009-5029 CVE-2009-5064 CVE-2010-0830 CVE-2011-1089 CVE-2011-4609
RHSA-2012:0126: glibc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120126 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0126, CVE-2009-5029, CVE-2009-5064, CVE-2010-0830, CVE-2011-1089, CVE-2011-4609 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5029) A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd. (CVE-2009-5064) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-0830) It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1089) A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time. (CVE-2011-4609) Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830. Users should upgrade to these updated packages, which resolve these issues. |
RHSA-2012:0127: mysql security update (Moderate)oval-com.redhat.rhsa-def-20120127 mediumRHSA-2012:0127 CVE-2010-1849 CVE-2012-0075 CVE-2012-0087 CVE-2012-0101 CVE-2012-0102 CVE-2012-0114 CVE-2012-0484 CVE-2012-0490
RHSA-2012:0127: mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120127 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0127, CVE-2010-1849, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0114, CVE-2012-0484, CVE-2012-0490 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102, CVE-2012-0114, CVE-2012-0484, CVE-2012-0490) These updated packages upgrade MySQL to version 5.0.95. Refer to the MySQL release notes for a full list of changes: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-x.html All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2012:0128: httpd security update (Moderate)oval-com.redhat.rhsa-def-20120128 mediumRHSA-2012:0128 CVE-2011-3607 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053
RHSA-2012:0128: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120128 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0128, CVE-2011-3607, CVE-2011-3639, CVE-2011-4317, CVE-2012-0031, CVE-2012-0053 |
| Description | The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. (CVE-2011-3639, CVE-2011-4317) The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607) A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2012:0135: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20120135 highRHSA-2012:0135 CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507
RHSA-2012:0135: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0135, CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:0136: libvorbis security update (Important)oval-com.redhat.rhsa-def-20120136 highRHSA-2012:0136 CVE-2012-0444
RHSA-2012:0136: libvorbis security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120136 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0136, CVE-2012-0444 |
| Description | The libvorbis packages contain runtime libraries for use in programs that support Ogg Vorbis. Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format. A heap-based buffer overflow flaw was found in the way the libvorbis library parsed Ogg Vorbis media files. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0444) Users of libvorbis should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2012:0137: texlive security update (Moderate)oval-com.redhat.rhsa-def-20120137 mediumRHSA-2012:0137 CVE-2010-2642 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554
RHSA-2012:0137: texlive security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120137 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0137, CVE-2010-2642, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554 |
| Description | TeX Live is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. The texlive packages provide a number of utilities, including dvips. TeX Live embeds a copy of t1lib. The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by a TeX Live utility, it could cause the utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash or, potentially, execute arbitrary code with the privileges of the user running the utility. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause a TeX Live utility to crash. (CVE-2011-1552) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of texlive are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2012:0140: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20120140 highRHSA-2012:0140 CVE-2011-3026
RHSA-2012:0140: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120140 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0140, CVE-2011-3026 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A heap-based buffer overflow flaw was found in the way Thunderbird handled PNG (Portable Network Graphics) images. An HTML mail message or remote content containing a specially-crafted PNG image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3026) All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:0141: seamonkey security update (Critical)oval-com.redhat.rhsa-def-20120141 highRHSA-2012:0141 CVE-2011-3026
RHSA-2012:0141: seamonkey security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120141 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0141, CVE-2011-3026 |
| Description | SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. (CVE-2011-3026) All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect. |
RHSA-2012:0142: firefox security update (Critical)oval-com.redhat.rhsa-def-20120142 highRHSA-2012:0142 CVE-2011-3026
RHSA-2012:0142: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120142 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0142, CVE-2011-3026 |
| Description | Mozilla Firefox is an open source web browser. A heap-based buffer overflow flaw was found in the way Firefox handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3026) All Firefox users should upgrade to this updated package, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:0143: xulrunner security update (Critical)oval-com.redhat.rhsa-def-20120143 highRHSA-2012:0143 CVE-2011-3026
RHSA-2012:0143: xulrunner security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120143 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0143, CVE-2011-3026 |
| Description | XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A heap-based buffer overflow flaw was found in the way XULRunner handled PNG (Portable Network Graphics) images. A web page containing a malicious PNG image could cause an application linked against XULRunner (such as Firefox) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. |
RHSA-2012:0149: kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120149 mediumRHSA-2012:0149 CVE-2011-4347
RHSA-2012:0149: kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120149 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0149, CVE-2011-4347 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347) Red Hat would like to thank Sasha Levin for reporting this issue. These updated kvm packages include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to in the References, for information on the most significant of these changes. All KVM users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2012:0150: Red Hat Enterprise Linux 5.8 kernel update (Moderate)oval-com.redhat.rhsa-def-20120150 mediumRHSA-2012:0150 CVE-2011-1083
RHSA-2012:0150: Red Hat Enterprise Linux 5.8 kernel update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120150 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0150, CVE-2011-1083 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1083, Moderate) Red Hat would like to thank Nelson Elhage for reporting this issue. These updated kernel packages include a number of bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to in the References, for information on the most significant of these changes. All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2012:0151: conga security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20120151 mediumRHSA-2012:0151 CVE-2010-1104 CVE-2011-1948
RHSA-2012:0151: conga security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120151 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0151, CVE-2010-1104, CVE-2011-1948 |
| Description | The conga packages provide a web-based administration tool for remote
cluster and storage management.
Multiple cross-site scripting (XSS) flaws were found in luci, the conga
web-based administration application. If a remote attacker could trick a
user, who was logged into the luci interface, into visiting a
specially-crafted URL, it would lead to arbitrary web script execution in
the context of the user's luci session. (CVE-2010-1104, CVE-2011-1948)
These updated conga packages include several bug fixes and an enhancement.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to
in the References, for information on the most significant of these
changes.
Users of conga are advised to upgrade to these updated packages, which
correct these issues and add this enhancement. After installing the updated
packages, luci must be restarted ("service luci restart") for the update to
take effect.
|
RHSA-2012:0152: kexec-tools security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20120152 mediumRHSA-2012:0152 CVE-2011-3588 CVE-2011-3589 CVE-2011-3590
RHSA-2012:0152: kexec-tools security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120152 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0152, CVE-2011-3588, CVE-2011-3589, CVE-2011-3590 |
| Description | The kexec-tools package contains the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. Kdump used the SSH (Secure Shell) "StrictHostKeyChecking=no" option when dumping to SSH targets, causing the target kdump server's SSH host key not to be checked. This could make it easier for a man-in-the-middle attacker on the local network to impersonate the kdump SSH target server and possibly gain access to sensitive information in the vmcore dumps. (CVE-2011-3588) The mkdumprd utility created initrd files with world-readable permissions. A local user could possibly use this flaw to gain access to sensitive information, such as the private SSH key used to authenticate to a remote server when kdump was configured to dump to an SSH target. (CVE-2011-3589) The mkdumprd utility included unneeded sensitive files (such as all files from the "/root/.ssh/" directory and the host's private SSH keys) in the resulting initrd. This could lead to an information leak when initrd files were previously created with world-readable permissions. Note: With this update, only the SSH client configuration, known hosts files, and the SSH key configured via the newly introduced sshkey option in "/etc/kdump.conf" are included in the initrd. The default is the key generated when running the "service kdump propagate" command, "/root/.ssh/kdump_id_rsa". (CVE-2011-3590) Red Hat would like to thank Kevan Carstensen for reporting these issues. This updated kexec-tools package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of kexec-tools are advised to upgrade to this updated package, which resolves these security issues, fixes these bugs and adds these enhancements. |
RHSA-2012:0153: sos security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120153 lowRHSA-2012:0153 CVE-2011-4083
RHSA-2012:0153: sos security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120153 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0153, CVE-2011-4083 |
| Description | Sos is a set of tools that gather information about system hardware and configuration. The sosreport utility incorrectly included Certificate-based Red Hat Network private entitlement keys in the resulting archive of debugging information. An attacker able to access the archive could use the keys to access Red Hat Network content available to the host. This issue did not affect users of Red Hat Network Classic. (CVE-2011-4083) This updated sos package also includes numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to in the References, for information on the most significant of these changes. All sos users are advised to upgrade to this updated package, which resolves these issues and adds these enhancements. |
RHSA-2012:0301: ImageMagick security and bug fix update (Low)oval-com.redhat.rhsa-def-20120301 lowRHSA-2012:0301 CVE-2010-4167
RHSA-2012:0301: ImageMagick security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120301 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0301, CVE-2010-4167 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker-controlled directory containing a specially-crafted ImageMagick configuration file, it could cause the utility to execute arbitrary code. (CVE-2010-4167) This update also fixes the following bugs: * Previously, the "identify -verbose" command failed with an assertion if there was no image information available. An upstream patch has been applied, so that GetImageOption() is now called correctly. Now, the "identify -verbose" command works correctly even if no image information is available. (BZ#502626) * Previously, an incorrect use of the semaphore data type led to a deadlock. As a consequence, the ImageMagick utility could become unresponsive when converting JPEG files to PDF (Portable Document Format) files. A patch has been applied to address the deadlock issue, and JPEG files can now be properly converted to PDF files. (BZ#530592) * Previously, running the "convert" command with the "-color" option failed with a memory allocation error. The source code has been modified to fix problems with memory allocation. Now, using the "convert" command with the "-color" option works correctly. (BZ#616538) * Previously, ImageMagick could become unresponsive when using the "display" command on damaged GIF files. The source code has been revised to prevent the issue. ImageMagick now produces an error message in the described scenario. A file selector is now opened so the user can choose another image to display. (BZ#693989) * Prior to this update, the "convert" command did not handle rotated PDF files correctly. As a consequence, the output was rendered as a portrait with the content being cropped. With this update, the PDF render geometry is modified, and the output produced by the "convert" command is properly rendered as a landscape. (BZ#694922) All users of ImageMagick are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of ImageMagick must be restarted for this update to take effect. |
RHSA-2012:0302: cups security and bug fix update (Low)oval-com.redhat.rhsa-def-20120302 lowRHSA-2012:0302 CVE-2011-2896
RHSA-2012:0302: cups security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120302 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0302, CVE-2011-2896 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the CUPS GIF image format reader. An attacker could create a malicious GIF image file that, when printed, could possibly cause CUPS to crash or, potentially, execute arbitrary code with the privileges of the "lp" user. (CVE-2011-2896) This update also fixes the following bugs: * Prior to this update, the "Show Completed Jobs," "Show All Jobs," and "Show Active Jobs" buttons returned results globally across all printers and not the results for the specified printer. With this update, jobs from only the selected printer are shown. (BZ#625900) * Prior to this update, the code of the serial backend contained a wrong condition. As a consequence, print jobs on the raw print queue could not be canceled. This update modifies the condition in the serial backend code. Now, the user can cancel these print jobs. (BZ#625955) * Prior to this update, the textonly filter did not work if used as a pipe, for example when the command line did not specify the filename and the number of copies was always 1. This update modifies the condition in the textonly filter. Now, the data are sent to the printer regardless of the number of copies specified. (BZ#660518) * Prior to this update, the file descriptor count increased until it ran out of resources when the cups daemon was running with enabled Security-Enhanced Linux (SELinux) features. With this update, all resources are allocated only once. (BZ#668009) * Prior to this update, CUPS incorrectly handled the en_US.ASCII value for the LANG environment variable. As a consequence, the lpadmin, lpstat, and lpinfo binaries failed to write to standard output if using LANG with the value. This update fixes the handling of the en_US.ASCII value and the binaries now write to standard output properly. (BZ#759081) All users of cups are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2012:0303: xorg-x11-server security and bug fix update (Low)oval-com.redhat.rhsa-def-20120303 lowRHSA-2012:0303 CVE-2011-4028
RHSA-2012:0303: xorg-x11-server security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120303 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0303, CVE-2011-4028 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) Red Hat would like to thank the researcher with the nickname vladz for reporting this issue. This update also fixes the following bugs: * In rare cases, if the front and back buffer of the miDbePositionWindow() function were not both allocated in video memory, or were both allocated in system memory, the X Window System sometimes terminated unexpectedly. A patch has been provided to address this issue and X no longer crashes in the described scenario. (BZ#596899) * Previously, when the miSetShape() function called the miRegionDestroy() function with a NULL region, X terminated unexpectedly if the backing store was enabled. Now, X no longer crashes in the described scenario. (BZ#676270) * On certain workstations running in 32-bit mode, the X11 mouse cursor occasionally became stuck near the left edge of the X11 screen. A patch has been provided to address this issue and the mouse cursor no longer becomes stuck in the described scenario. (BZ#529717) * On certain workstations with a dual-head graphics adapter using the r500 driver in Zaphod mode, the mouse pointer was confined to one monitor screen and could not move to the other screen. A patch has been provided to address this issue and the mouse cursor works properly across both screens. (BZ#559964) * Due to a double free operation, Xvfb (X virtual framebuffer) terminated unexpectedly with a segmentation fault randomly when the last client disconnected, that is when the server reset. This bug has been fixed in the miDCCloseScreen() function and Xvfb no longer crashes. (BZ#674741) * Starting the Xephyr server on an AMD64 or Intel 64 architecture with an integrated graphics adapter caused the server to terminate unexpectedly. This bug has been fixed in the code and Xephyr no longer crashes in the described scenario. (BZ#454409) * Previously, when a client made a request bigger than 1/4th of the limit advertised in the BigRequestsEnable reply, the X server closed the connection unexpectedly. With this update, the maxBigRequestSize variable has been added to the code to check the size of client requests, thus fixing this bug. (BZ#555000) * When an X client running on a big-endian system called the XineramaQueryScreens() function, the X server terminated unexpectedly. This bug has been fixed in the xf86Xinerama module and the X server no longer crashes in the described scenario. (BZ#588346) * When installing Red Hat Enterprise Linux 5 on an IBM eServer System p blade server, the installer did not set the correct mode on the built-in KVM (Keyboard-Video-Mouse). Consequently, the graphical installer took a very long time to appear and then was displayed incorrectly. A patch has been provided to address this issue and the graphical installer now works as expected in the described scenario. Note that this fix requires the Red Hat Enterprise Linux 5.8 kernel update. (BZ#740497) * Lines longer than 46,340 pixels can be drawn with one of the coordinates being negative. However, for dashed lines, the miPolyBuildPoly() function overflowed the "int" type when setting up edges for a section of a dashed line. Consequently, dashed segments were not drawn at all. An upstream patch has been applied to address this issue and dashed lines are now drawn correctly. (BZ#649810) All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect. |
RHSA-2012:0304: vixie-cron security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120304 lowRHSA-2012:0304 CVE-2010-0424
RHSA-2012:0304: vixie-cron security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120304 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0304, CVE-2010-0424 |
| Description | The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. The vixie-cron package adds improved security and more powerful configuration options to the standard version of cron. A race condition was found in the way the crontab program performed file time stamp updates on a temporary file created when editing a user crontab file. A local attacker could use this flaw to change the modification time of arbitrary system files via a symbolic link attack. (CVE-2010-0424) Red Hat would like to thank Dan Rosenberg for reporting this issue. This update also fixes the following bugs: * Cron jobs of users with home directories mounted on a Lightweight Directory Access Protocol (LDAP) server or Network File System (NFS) were often refused because jobs were marked as orphaned (typically due to a temporary NSS lookup failure, when NIS and LDAP servers were unreachable). With this update, a database of orphans is created, and cron jobs are performed as expected. (BZ#455664) * Previously, cron did not log any errors if a cron job file located in the /etc/cron.d/ directory contained invalid entries. An upstream patch has been applied to address this problem and invalid entries in the cron job files now produce warning messages. (BZ#460070) * Previously, the "@reboot" crontab macro incorrectly ran jobs when the crond daemon was restarted. If the user used the macro on multiple machines, all entries with the "@reboot" option were executed every time the crond daemon was restarted. With this update, jobs are executed only when the machine is rebooted. (BZ#476972) * The crontab utility is now compiled as a position-independent executable (PIE), which enhances the security of the system. (BZ#480930) * When the parent crond daemon was stopped, but a child crond daemon was running (executing a program), the "service crond status" command incorrectly reported that crond was running. The source code has been modified, and the "service crond status" command now correctly reports that crond is stopped. (BZ#529632) * According to the pam(8) manual page, the cron daemon, crond, supports access control with PAM (Pluggable Authentication Module). However, the PAM configuration file for crond did not export environment variables correctly and, consequently, setting PAM variables via cron did not work. This update includes a corrected /etc/pam.d/crond file that exports environment variables correctly. Setting pam variables via cron now works as documented in the pam(8) manual page. (BZ#541189) * Previously, the mcstransd daemon modified labels for the crond daemon. When the crond daemon attempted to use the modified label and mcstransd was not running, crond used an incorrect label. Consequently, Security-Enhanced Linux (SELinux) denials filled up the cron log, no jobs were executed, and crond had to be restarted. With this update, both mcstransd and crond use raw SELinux labels, which prevents the problem. (BZ#625016) * Previously, the crontab(1) and cron(8) manual pages contained multiple typographical errors. This update fixes those errors. (BZ#699620, BZ#699621) In addition, this update adds the following enhancement: * Previously, the crontab utility did not use the Pluggable Authentication Module (PAM) for verification of users. As a consequence, a user could access crontab even if access had been restricted (usually by being denied in the access.conf file). With this update, crontab returns an error message that the user is not allowed to access crontab because of PAM configuration. (BZ#249512) All vixie-cron users should upgrade to this updated package, which resolves these issues and adds this enhancement. |
RHSA-2012:0305: boost security and bug fix update (Low)oval-com.redhat.rhsa-def-20120305 lowRHSA-2012:0305 CVE-2008-0171 CVE-2008-0172
RHSA-2012:0305: boost security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120305 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0305, CVE-2008-0171, CVE-2008-0172 |
| Description | The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2008-0171) NULL pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash. (CVE-2008-0172) Red Hat would like to thank Will Drewry for reporting these issues. This update also fixes the following bugs: * Prior to this update, the construction of a regular expression object could fail when several regular expression objects were created simultaneously, such as in a multi-threaded program. With this update, the object variables have been moved from the shared memory to the stack. Now, the constructing function is thread safe. (BZ#472384) * Prior to this update, header files in several Boost libraries contained preprocessor directives that the GNU Compiler Collection (GCC) 4.4 could not handle. This update instead uses equivalent constructs that are standard C. (BZ#567722) All users of boost are advised to upgrade to these updated packages, which fix these issues. |
RHSA-2012:0306: krb5 security and bug fix update (Low)oval-com.redhat.rhsa-def-20120306 lowRHSA-2012:0306 CVE-2011-1526
RHSA-2012:0306: krb5 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120306 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0306, CVE-2011-1526 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that ftpd, a Kerberos-aware FTP server, did not properly drop privileges. On Red Hat Enterprise Linux 5, the ftpd daemon did not check for the potential failure of the effective group ID change system call. If the group ID change failed, a remote FTP user could use this flaw to gain unauthorized read or write access to files that are owned by the root group. (CVE-2011-1526) Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Tim Zingelman as the original reporter. This update also fixes the following bugs: * Due to a mistake in the Kerberos libraries, a client could fail to contact a Key Distribution Center (KDC) or terminate unexpectedly if the client had already more than 1024 file descriptors in use. This update backports modifications to the Kerberos libraries and the libraries use the poll() function instead of the select() function, as poll() does not have this limitation. (BZ#701444) * The KDC failed to release memory when processing a TGS (ticket-granting server) request from a client if the client request included an authenticator with a subkey. As a result, the KDC consumed an excessive amount of memory. With this update, the code releasing the memory has been added and the problem no longer occurs. (BZ#708516) * Under certain circumstances, if services requiring Kerberos authentication sent two authentication requests to the authenticating server, the second authentication request was flagged as a replay attack. As a result, the second authentication attempt was denied. This update applies an upstream patch that fixes this bug. (BZ#713500) * Previously, if Kerberos credentials had expired, the klist command could terminate unexpectedly with a segmentation fault when invoked with the -s option. This happened when klist encountered and failed to process an entry with no realm name while scanning the credential cache. With this update, the underlying code has been modified and the command handles such entries correctly. (BZ#729067) * Due to a regression, multi-line FTP macros terminated prematurely with a segmentation fault. This occurred because the previously-added patch failed to properly support multi-line macros. This update restores the support for multi-line macros and the problem no longer occurs. (BZ#735363, BZ#736132) All users of krb5 are advised to upgrade to these updated packages, which resolve these issues. |
RHSA-2012:0307: util-linux security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120307 lowRHSA-2012:0307 CVE-2011-1675 CVE-2011-1677
RHSA-2012:0307: util-linux security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120307 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0307, CVE-2011-1675, CVE-2011-1677 |
| Description | The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, util-linux contains the fdisk configuration tool and the login program. Multiple flaws were found in the way the mount and umount commands performed mtab (mounted file systems table) file updates. A local, unprivileged user allowed to mount or unmount file systems could use these flaws to corrupt the mtab file and create a stale lock file, preventing other users from mounting and unmounting file systems. (CVE-2011-1675, CVE-2011-1677) This update also fixes the following bugs: * When the user logged into a telnet server, the login utility did not update the utmp database properly if the utility was executed from the telnetd daemon. This was due to telnetd not creating an appropriate entry in a utmp file before executing login. With this update, correct entries are created and the database is updated properly. (BZ#646300) * Various options were not described on the blockdev(8) manual page. With this update, the blockdev(8) manual page includes all the relevant options. (BZ#650937) * Prior to this update, the build process of the util-linux package failed in the po directory with the following error message: "@MKINSTALLDIRS@: No such file or directory". An upstream patch has been applied to address this issue, and the util-linux package now builds successfully. (BZ#677452) * Previously, the ipcs(1) and ipcrm(1) manual pages mentioned an invalid option, "-b". With this update, only valid options are listed on those manual pages. (BZ#678407) * Previously, the mount(8) manual page contained incomplete information about the ext4 and XFS file systems. With this update, the mount(8) manual page contains the missing information. (BZ#699639) In addition, this update adds the following enhancements: * Previously, if DOS mode was enabled on a device, the fdisk utility could report error messages similar to the following: Partition 1 has different physical/logical beginnings (non-Linux?): phys=(0, 1, 1) logical=(0, 2, 7) This update enables users to switch off DOS compatible mode (by specifying the "-c" option), and such error messages are no longer displayed. (BZ#678430) * This update adds the "fsfreeze" command which halts access to a file system on a disk. (BZ#726572) All users of util-linux are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. |
RHSA-2012:0308: busybox security and bug fix update (Low)oval-com.redhat.rhsa-def-20120308 lowRHSA-2012:0308 CVE-2006-1168 CVE-2011-2716
RHSA-2012:0308: busybox security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120308 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0308, CVE-2006-1168, CVE-2011-2716 |
| Description | BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168) The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716) This update also fixes the following bugs: * Prior to this update, the cp command wrongly returned the exit code 0 to indicate success if a device ran out of space while attempting to copy files of more than 4 gigabytes. This update modifies BusyBox, so that in such situations, the exit code 1 is returned. Now, the cp command shows correctly whether a process failed. (BZ#689659) * Prior to this update, the findfs command failed to check all existing block devices on a system with thousands of block device nodes in "/dev/". This update modifies BusyBox so that findfs checks all block devices even in this case. (BZ#756723) All users of busybox are advised to upgrade to these updated packages, which correct these issues. |
RHSA-2012:0309: sudo security and bug fix update (Low)oval-com.redhat.rhsa-def-20120309 lowRHSA-2012:0309 CVE-2011-0010
RHSA-2012:0309: sudo security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120309 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0309, CVE-2011-0010 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. (CVE-2011-0010) In addition, this update fixes the following bugs: * A NULL pointer dereference bug caused the sudo utility to terminate unexpectedly with a segmentation fault. This happened if the utility was run with the -g option and configured not to demand the password from the user who ran the sudo utility. With this update, the code has been modified and the problem no longer occurs. (BZ#673072) * The sudo utility failed to load sudoers from an LDAP (Lightweight Directory Access Protocol) server after the sudo tool was upgraded. This happened because the upgraded nsswitch.conf file did not contain the instruction to search for sudoers on the LDAP server. This update adds the lost instruction to /etc/nsswitch.conf and the system searches for sources of sudoers on the local file system and then on LDAP, if applicable. (BZ#617061) * The sudo tool interpreted a Runas alias specifying a group incorrectly as a user alias and the alias seemed to be ignored. With this update, the code for interpreting such aliases has been modified and the Runas group aliases are honored as expected. (BZ#627543) * Prior to this update, sudo did not parse comment characters (#) in the ldap.conf file correctly and could fail to work. With this update, parsing of the LDAP configuration file has been modified and the comment characters are parsed correctly. (BZ#750318) * The sudo utility formats its output to fit the width of the terminal window. However, this behavior is undesirable if the output is redirected through a pipeline. With this update, the output formatting is not applied in the scenario described. (BZ#697111) * Previously, the sudo utility performed Security-Enhanced Linux (SELinux) related initialization after switching to an unprivileged user. This prevented the correct setup of the SELinux environment before executing the specified command and could potentially cause an access denial. The bug has been fixed by backporting the SELinux related code and the execution model from a newer version of sudo. (BZ#477185) * On execv(3) function failure, the sudo tool executed an auditing call before reporting the failure. The call reset the error state and, consequently, the tool incorrectly reported that the command succeeded. With this update, the code has been modified and the problem no longer occurs. (BZ#673157) All users of sudo are advised to upgrade to this updated package, which resolves these issues. |
RHSA-2012:0310: nfs-utils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120310 lowRHSA-2012:0310 CVE-2011-1749
RHSA-2012:0310: nfs-utils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120310 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0310, CVE-2011-1749 |
| Description | The nfs-utils package provides a daemon for the kernel Network File System (NFS) server, and related tools such as the mount.nfs, umount.nfs, and showmount programs. It was found that the mount.nfs tool did not handle certain errors correctly when updating the mtab (mounted file systems table) file. A local attacker could use this flaw to corrupt the mtab file. (CVE-2011-1749) This update also fixes the following bugs: * The nfs service failed to start if the NFSv1, NFSv2, and NFSv4 support was disabled (the MOUNTD_NFS_V1="no", MOUNTD_NFS_V2="no" MOUNTD_NFS_V3="no" lines in /etc/sysconfig/nfs were uncommented) because the mountd daemon failed to handle the settings correctly. With this update, the underlying code has been modified and the nfs service starts successfully in the described scenario. (BZ#529588) * When a user's Kerberos ticket expired, the "sh rpc.gssd" messages flooded the /var/log/messages file. With this update, the excessive logging has been suppressed. (BZ#593097) * The crash simulation (SM_SIMU_CRASH) of the rpc.statd service had a vulnerability that could be detected by ISS (Internet Security Scanner). As a result, the rpc.statd service terminated unexpectedly with the following error after an ISS scan: rpc.statd[xxxx]: recv_rply: can't decode RPC message! rpc.statd[xxxx]: *** SIMULATING CRASH! *** rpc.statd[xxxx]: unable to register (statd, 1, udp). However, the rpc.statd service ignored SM_SIMU_CRASH. This update removes the simulation crash support from the service and the problem no longer occurs. (BZ#600497) * The nfs-utils init scripts returned incorrect status codes in the following cases: if the rpcgssd and rpcsvcgssd daemon were not configured, were provided an unknown argument, their function call failed, if a program was no longer running and a /var/lock/subsys/$SERVICE file existed, if starting a service under an unprivileged user, if a program was no longer running and its pid file still existed in the /var/run/ directory. With this update, the correct codes are returned in these scenarios. (BZ#710020) * The "nfsstat -m" command did not display NFSv4 mounts. With this update, the underlying code has been modified and the command returns the list of all mounts, including any NFSv4 mounts, as expected. (BZ#712438) * Previously, the nfs manual pages described the fsc mount option; however, this option is not supported. This update removes the option description from the manual pages. (BZ#715523) * The nfs-utils preinstall scriptlet failed to change the default group ID for the nfsnobody user to 65534. This update modifies the preinstall scriptlet and the default group ID is changed to 65534 after nfs-utils upgrade as expected. (BZ#729603) * The mount.nfs command with the "-o retry" option did not try to mount for the time specified in the "retry=X" configuration option. This occurred due to incorrect error handling by the command. With this update, the underlying code has been fixed and the "-o retry" option works as expected. (BZ#736677) In addition, this update adds the following enhancement: * The noresvport option, which allows NFS clients to use insecure ports (ports above 1023), has been added to the NFS server configuration options. (BZ#513094) All nfs-utils users are advised to upgrade to this updated package, which resolves these issues and adds this enhancement. After installing this update, the nfs service will be restarted automatically. |
RHSA-2012:0311: ibutils security and bug fix update (Low)oval-com.redhat.rhsa-def-20120311 lowRHSA-2012:0311 CVE-2008-3277
RHSA-2012:0311: ibutils security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120311 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0311, CVE-2008-3277 |
| Description | The ibutils packages provide InfiniBand network and path diagnostics. It was found that the ibmssh executable had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user able to convince another user to run ibmssh in an attacker-controlled directory could run arbitrary code with the privileges of the victim. (CVE-2008-3277) This update also fixes the following bug: * Under certain circumstances, the "ibdiagnet -r" command could suffer from memory corruption and terminate with a "double free or corruption" message and a backtrace. With this update, the correct memory management function is used to prevent the corruption. (BZ#711779) All users of ibutils are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2012:0312: initscripts security and bug fix update (Low)oval-com.redhat.rhsa-def-20120312 lowRHSA-2012:0312 CVE-2008-1198
RHSA-2012:0312: initscripts security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120312 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0312, CVE-2008-1198 |
| Description | The initscripts package contains system scripts to boot your system, change runlevels, activate and deactivate most network interfaces, and shut the system down cleanly. With the default IPsec (Internet Protocol Security) ifup script configuration, the racoon IKE key management daemon used aggressive IKE mode instead of main IKE mode. This resulted in the preshared key (PSK) hash being sent unencrypted, which could make it easier for an attacker able to sniff network traffic to obtain the plain text PSK from a transmitted hash. (CVE-2008-1198) Red Hat would like to thank Aleksander Adamowski for reporting this issue. This update also fixes the following bugs: * Prior to this update, the DHCPv6 client was not terminated when the network service was stopped. This update modifies the source so that the client is now terminated when stopping the network service. (BZ#568896) * Prior to this update, on some systems the rm command failed and reported the error message "rm: cannot remove directory `/var/run/dovecot/login/': Is a directory" during system boot. This update modifies the source so that this error message no longer appears. (BZ#679998) * Prior to this update, the netconsole script could not discover and resolve the MAC address of the router specified in the /etc/sysconfig/netconsole file. This update modifies the netconsole script so that the script no longer fails when the arping tool returns the MAC address of the router more than once. (BZ#744734) * Prior to this update, the arp_ip_target was, due to a logic error, not correctly removed via sysfs. As a consequence, the error "ifdown-eth: line 64: echo: write error: Invalid argument" was reported when attempting to shut down a bonding device. This update modifies the script so that the error no longer appears and arp_ip_target is now correctly removed. (BZ#745681) All users of initscripts are advised to upgrade to this updated package, which fixes these issues. |
RHSA-2012:0313: samba security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120313 lowRHSA-2012:0313 CVE-2010-0926
RHSA-2012:0313: samba security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120313 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0313, CVE-2010-0926 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. The default Samba server configuration enabled both the "wide links" and "unix extensions" options, allowing Samba clients with write access to a share to create symbolic links that point to any location on the file system. Clients connecting with CIFS UNIX extensions disabled could have such links resolved on the server, allowing them to access and possibly overwrite files outside of the share. With this update, "wide links" is set to "no" by default. In addition, the update ensures "wide links" is disabled for shares that have "unix extensions" enabled. (CVE-2010-0926) Warning: This update may cause files and directories that are only linked to Samba shares using symbolic links to become inaccessible to Samba clients. In deployments where support for CIFS UNIX extensions is not needed (such as when files are exported to Microsoft Windows clients), administrators may prefer to set the "unix extensions" option to "no" to allow the use of symbolic links to access files out of the shared directories. All existing symbolic links in a share should be reviewed before re-enabling "wide links". These updated samba packages also fix the following bug: * The smbclient tool sometimes failed to return the proper exit status code. Consequently, using smbclient in a script caused some scripts to fail. With this update, an upstream patch has been applied and smbclient now returns the correct exit status. (BZ#768908) In addition, these updated samba packages provide the following enhancement: * With this update, support for Windows Server 2008 R2 domains has been added. (BZ#736124) Users are advised to upgrade to these updated samba packages, which correct these issues and add this enhancement. After installing this update, the smb service will be restarted automatically. |
RHSA-2012:0317: libpng security update (Important)oval-com.redhat.rhsa-def-20120317 highRHSA-2012:0317 CVE-2011-3026
RHSA-2012:0317: libpng security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120317 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0317, CVE-2011-3026 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026) Users of libpng and libpng10 should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libpng or libpng10 must be restarted for the update to take effect. |
RHSA-2012:0321: cvs security update (Moderate)oval-com.redhat.rhsa-def-20120321 mediumRHSA-2012:0321 CVE-2012-0804
RHSA-2012:0321: cvs security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120321 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0321, CVE-2012-0804 |
| Description | Concurrent Version System (CVS) is a version control system that can record the history of your files. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. (CVE-2012-0804) All users of cvs are advised to upgrade to these updated packages, which contain a patch to correct this issue. |
RHSA-2012:0322: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20120322 highRHSA-2012:0322 CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507
RHSA-2012:0322: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120322 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0322, CVE-2011-3563, CVE-2011-3571, CVE-2011-5035, CVE-2012-0497, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497) It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505) The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571) It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503) The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035) The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563) A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502) It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506) An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:0323: httpd security update (Moderate)oval-com.redhat.rhsa-def-20120323 mediumRHSA-2012:0323 CVE-2011-3607 CVE-2011-3639 CVE-2012-0031 CVE-2012-0053
RHSA-2012:0323: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120323 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0323, CVE-2011-3607, CVE-2011-3639, CVE-2012-0031, CVE-2012-0053 |
| Description | The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1392) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request. (CVE-2011-3639) The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies. (CVE-2012-0053) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way httpd performed substitutions in regular expressions. An attacker able to set certain httpd settings, such as a user permitted to override the httpd configuration for a specific directory using a ".htaccess" file, could use this flaw to crash the httpd child process or, possibly, execute arbitrary code with the privileges of the "apache" user. (CVE-2011-3607) A flaw was found in the way httpd handled child process status information. A malicious program running with httpd child process privileges (such as a PHP or CGI script) could use this flaw to cause the parent httpd process to crash during httpd service shutdown. (CVE-2012-0031) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2012:0324: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20120324 mediumRHSA-2012:0324 CVE-2012-0841
RHSA-2012:0324: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120324 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0324, CVE-2012-0841 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2012:0332: samba security update (Critical)oval-com.redhat.rhsa-def-20120332 highRHSA-2012:0332 CVE-2012-0870
RHSA-2012:0332: samba security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120332 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0332, CVE-2012-0870 |
| Description | Samba is a suite of programs used by machines to share files, printers, and other information. An input validation flaw was found in the way Samba handled Any Batched (AndX) requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server (root). (CVE-2012-0870) Red Hat would like to thank the Samba team for reporting this issue. Upstream acknowledges Andy Davis of NGS Secure as the original reporter. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2012:0349: Red Hat Enterprise Linux 4 - Transition to Extended Life Phase Notice (Low)oval-com.redhat.rhsa-def-20120349 lowRHSA-2012:0349
RHSA-2012:0349: Red Hat Enterprise Linux 4 - Transition to Extended Life Phase Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120349 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0349 |
| Description | On March 01, 2012, all Red Hat Enterprise Linux 4-based products listed below transition from the Production Phase to the Extended Life Phase: Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux ES 4 Red Hat Enterprise Linux WS 4 Red Hat Desktop 4 Red Hat Global File System 4 Red Hat Cluster Suite 4 Red Hat offers support and services for each major release of Red Hat Enterprise Linux throughout four phases – Production 1, 2, and 3, and Extended Life Phase. For Red Hat Enterprise Linux 4, the Production Phase spans seven years, followed by a three-year Extended Life Phase. Together, these four phases constitute the "life cycle". The specific support and services provided during each phase is described in detail at: http://redhat.com/rhel/lifecycle On March 01, 2012, Red Hat Enterprise Linux 4 systems continue to be subscribed to Red Hat Enterprise Linux 4 channels on Red Hat Network (RHN), continue to require a Red Hat Enterprise Linux entitlement, and continue to have access to: * Limited technical support for existing Red Hat Enterprise Linux 4 deployments (for customers with Basic, Premium, or Standard support). * Previously released bug fixes (RHBAs), security errata (RHSAs), and product enhancements (RHEAs) via RHN. Software maintenance (new bug fix and security errata) are no longer provided for the Red Hat Enterprise Linux 4 product family. * Red Hat Knowledgebase and other content (white papers, reference architectures, etc.) found in the Red Hat Customer Portal. * Red Hat Enterprise Linux 4 documentation. Please also note that new bug fix, security, or product enhancements advisories (RHBAs, RHSAs, and RHEAs) are no longer provided for the Red Hat Enterprise Linux 4 Add-Ons after March 01. After March 01, you have several options. Your Red Hat subscription gives you continuous access to all active versions of the Red Hat software in both binary and source form, including all security updates and bug fixes. As Red Hat Enterprise Linux 4 transitions out of the Production Phase, we strongly recommend that you take full advantage of your subscription services and upgrade to Red Hat Enterprise Linux 5 or 6, which contain compelling new features and enablement for modern hardware platforms and ISV applications. If you must remain on Red Hat Enterprise Linux 4, we recommend that you add the Red Hat Enterprise Linux Extended Life Cycle Support (ELS) Add-On subscription to your current Red Hat Enterprise Linux subscription. The ELS Add-On complements your Red Hat Enterprise Linux subscription and provides software maintenance services not otherwise available in the Extended Life Phase. Customers who purchase the ELS Add-On continue to receive software maintenance (critical impact security and urgent priority bug fixes) and technical support as provided in the Production 3 Phase. ELS is available for up to three years and requires that you have an existing Red Hat Enterprise Linux subscription with equivalent subscription terms and support level. For more information on the Red Hat Enterprise Linux ELS Add-On, visit: http://www.redhat.com/products/enterprise-linux-add-ons/extended-lifecycle-support/ |
RHSA-2012:0350: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120350 mediumRHSA-2012:0350 CVE-2011-4077 CVE-2011-4081 CVE-2011-4132 CVE-2011-4347 CVE-2011-4594 CVE-2011-4611 CVE-2011-4622 CVE-2012-0038 CVE-2012-0045 CVE-2012-0207
RHSA-2012:0350: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120350 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0350, CVE-2011-4077, CVE-2011-4081, CVE-2011-4132, CVE-2011-4347, CVE-2011-4594, CVE-2011-4611, CVE-2011-4622, CVE-2012-0038, CVE-2012-0045, CVE-2012-0207 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A buffer overflow flaw was found in the way the Linux kernel's XFS file system implementation handled links with overly long path names. A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2011-4077, Moderate) * Flaws in ghash_update() and ghash_final() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-4081, Moderate) * A flaw was found in the Linux kernel's Journaling Block Device (JBD). A local, unprivileged user could use this flaw to crash the system by mounting a specially-crafted ext3 or ext4 disk. (CVE-2011-4132, Moderate) * It was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347, Moderate) * Two flaws were found in the way the Linux kernel's __sys_sendmsg() function, when invoked via the sendmmsg() system call, accessed user-space memory. A local, unprivileged user could use these flaws to cause a denial of service. (CVE-2011-4594, Moderate) * The RHSA-2011:1530 kernel update introduced an integer overflow flaw in the Linux kernel. On PowerPC systems, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4611, Moderate) * A flaw was found in the way the KVM subsystem of a Linux kernel handled PIT (Programmable Interval Timer) IRQs (interrupt requests) when there was no virtual interrupt controller set up. A local, unprivileged user on the host could force this situation to occur, resulting in the host crashing. (CVE-2011-4622, Moderate) * A flaw was found in the way the Linux kernel's XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially-crafted disk. (CVE-2012-0038, Moderate) * A flaw was found in the way the Linux kernel's KVM hypervisor implementation emulated the syscall instruction for 32-bit guests. An unprivileged guest user could trigger this flaw to crash the guest. (CVE-2012-0045, Moderate) * A divide-by-zero flaw was found in the Linux kernel's igmp_heard_query() function. An attacker able to send certain IGMP (Internet Group Management Protocol) packets to a target system could use this flaw to cause a denial of service. (CVE-2012-0207, Moderate) Red Hat would like to thank Nick Bowler for reporting CVE-2011-4081; Sasha Levin for reporting CVE-2011-4347; Tetsuo Handa for reporting CVE-2011-4594; Maynard Johnson for reporting CVE-2011-4611; Wang Xi for reporting CVE-2012-0038; Stephan Bärwolf for reporting CVE-2012-0045; and Simon McVittie for reporting CVE-2012-0207. Upstream acknowledges Mathieu Desnoyers as the original reporter of CVE-2011-4594. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:0369: python-sqlalchemy security update (Moderate)oval-com.redhat.rhsa-def-20120369 mediumRHSA-2012:0369 CVE-2012-0805
RHSA-2012:0369: python-sqlalchemy security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120369 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0369, CVE-2012-0805 |
| Description | SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. (CVE-2012-0805) All users of python-sqlalchemy are advised to upgrade to this updated package, which contains a patch to correct this issue. All running applications using SQLAlchemy must be restarted for this update to take effect. |
RHSA-2012:0370: xen security and bug fix update (Important)oval-com.redhat.rhsa-def-20120370 highRHSA-2012:0370 CVE-2012-0029
RHSA-2012:0370: xen security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120370 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0370, CVE-2012-0029 |
| Description | The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap overflow flaw was found in the way QEMU emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash QEMU or, possibly, escalate their privileges on the host. (CVE-2012-0029) Red Hat would like to thank Nicolae Mogoreanu for reporting this issue. This update also fixes the following bugs: * Adding support for jumbo frames introduced incorrect network device expansion when a bridge is created. The expansion worked correctly with the default configuration, but could have caused network setup failures when a user-defined network script was used. This update changes the expansion so network setup will not fail, even when a user-defined network script is used. (BZ#797191) * A bug was found in xenconsoled, the Xen hypervisor console daemon. If timestamp logging for this daemon was enabled (using both the XENCONSOLED_TIMESTAMP_HYPERVISOR_LOG and XENCONSOLED_TIMESTAMP_GUEST_LOG options in "/etc/sysconfig/xend"), xenconsoled could crash if the guest emitted a lot of information to its serial console in a short period of time. Eventually, the guest would freeze after the console buffer was filled due to the crashed xenconsoled. Timestamp logging is disabled by default. (BZ#797836) All xen users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2012:0376: systemtap security update (Moderate)oval-com.redhat.rhsa-def-20120376 mediumRHSA-2012:0376 CVE-2012-0875
RHSA-2012:0376: systemtap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120376 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0376, CVE-2012-0875 |
| Description | SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When SystemTap unprivileged mode was enabled, an unprivileged user in the stapusr group could use this flaw to crash the system or, potentially, read arbitrary kernel memory. Additionally, a privileged user (root, or a member of the stapdev group) could trigger this flaw when tricked into instrumenting a specially-crafted ELF binary, even when unprivileged mode was not enabled. (CVE-2012-0875) SystemTap users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2012:0387: firefox security and bug fix update (Critical)oval-com.redhat.rhsa-def-20120387 highRHSA-2012:0387 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464
RHSA-2012:0387: firefox security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120387 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0387, CVE-2012-0451, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464 |
| Description | Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0461, CVE-2012-0462, CVE-2012-0464) Two flaws were found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files. A web page containing a malicious SVG image file could cause an information leak, or cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0456, CVE-2012-0457) A flaw could allow a malicious site to bypass intended restrictions, possibly leading to a cross-site scripting (XSS) attack if a user were tricked into dropping a "javascript:" link onto a frame. (CVE-2012-0455) It was found that the home page could be set to a "javascript:" link. If a user were tricked into setting such a home page by dragging a link to the home button, it could cause Firefox to repeatedly crash, eventually leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2012-0458) A flaw was found in the way Firefox parsed certain web content containing "cssText". A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0459) It was found that by using the DOM fullscreen API, untrusted content could bypass the mozRequestFullscreen security protections. A web page containing malicious web content could exploit this API flaw to cause user interface spoofing. (CVE-2012-0460) A flaw was found in the way Firefox handled pages with multiple Content Security Policy (CSP) headers. This could lead to a cross-site scripting attack if used in conjunction with a website that has a header injection flaw. (CVE-2012-0451) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.3 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. This update also fixes the following bugs: * When using the Traditional Chinese locale (zh-TW), a segmentation fault sometimes occurred when closing Firefox. (BZ#729632) * Inputting any text in the Web Console (Tools -> Web Developer -> Web Console) caused Firefox to crash. (BZ#784048) * The java-1.6.0-ibm-plugin and java-1.6.0-sun-plugin packages require the "/usr/lib/mozilla/plugins/" directory on 32-bit systems, and the "/usr/lib64/mozilla/plugins/" directory on 64-bit systems. These directories are created by the xulrunner package; however, they were missing from the xulrunner package provided by the RHEA-2012:0327 update. Therefore, upgrading to RHEA-2012:0327 removed those directories, causing dependency errors when attempting to install the java-1.6.0-ibm-plugin or java-1.6.0-sun-plugin package. With this update, xulrunner once again creates the plugins directory. This issue did not affect users of Red Hat Enterprise Linux 6. (BZ#799042) All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:0388: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20120388 highRHSA-2012:0388 CVE-2012-0451 CVE-2012-0455 CVE-2012-0456 CVE-2012-0457 CVE-2012-0458 CVE-2012-0459 CVE-2012-0460 CVE-2012-0461 CVE-2012-0462 CVE-2012-0464
RHSA-2012:0388: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120388 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0388, CVE-2012-0451, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0461, CVE-2012-0462, CVE-2012-0464) Two flaws were found in the way Thunderbird parsed certain Scalable Vector Graphics (SVG) image files. An HTML mail message containing a malicious SVG image file could cause an information leak, or cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0456, CVE-2012-0457) A flaw could allow malicious content to bypass intended restrictions, possibly leading to a cross-site scripting (XSS) attack if a user were tricked into dropping a "javascript:" link onto a frame. (CVE-2012-0455) It was found that the home page could be set to a "javascript:" link. If a user were tricked into setting such a home page by dragging a link to the home button, it could cause Firefox to repeatedly crash, eventually leading to arbitrary code execution with the privileges of the user running Firefox. A similar flaw was found and fixed in Thunderbird. (CVE-2012-0458) A flaw was found in the way Thunderbird parsed certain, remote content containing "cssText". Malicious, remote content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0459) It was found that by using the DOM fullscreen API, untrusted content could bypass the mozRequestFullscreen security protections. Malicious content could exploit this API flaw to cause user interface spoofing. (CVE-2012-0460) A flaw was found in the way Thunderbird handled content with multiple Content Security Policy (CSP) headers. This could lead to a cross-site scripting attack if used in conjunction with a website that has a header injection flaw. (CVE-2012-0451) Note: All issues except CVE-2012-0456 and CVE-2012-0457 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.3 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:0393: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120393 mediumRHSA-2012:0393 CVE-2012-0864
RHSA-2012:0393: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120393 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0393, CVE-2012-0864 |
| Description | The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) This update also fixes the following bugs: * Previously, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. This could result in incorrect ordering of DSO constructors and destructors. With this update, dependency resolution has been fixed. (BZ#783999) * Previously, locking of the main malloc arena was incorrect in the retry path. This could result in a deadlock if an sbrk request failed. With this update, locking of the main arena in the retry path has been fixed. This issue was exposed by a bug fix provided in the RHSA-2012:0058 update. (BZ#795328) * Calling memcpy with overlapping arguments on certain processors would generate unexpected results. While such code is a clear violation of ANSI/ISO standards, this update restores prior memcpy behavior. (BZ#799259) All users of glibc are advised to upgrade to these updated packages, which contain patches to resolve these issues. |
RHSA-2012:0397: glibc security update (Moderate)oval-com.redhat.rhsa-def-20120397 mediumRHSA-2012:0397 CVE-2012-0864
RHSA-2012:0397: glibc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120397 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0397, CVE-2012-0864 |
| Description | The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An integer overflow flaw was found in the implementation of the printf functions family. This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-0864) All users of glibc are advised to upgrade to these updated packages, which contain a patch to resolve this issue. |
RHSA-2012:0407: libpng security update (Moderate)oval-com.redhat.rhsa-def-20120407 mediumRHSA-2012:0407 CVE-2011-3045
RHSA-2012:0407: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120407 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0407, CVE-2011-3045 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3045) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.48. All running applications using libpng must be restarted for the update to take effect. |
RHSA-2012:0410: raptor security update (Important)oval-com.redhat.rhsa-def-20120410 highRHSA-2012:0410 CVE-2012-0037
RHSA-2012:0410: raptor security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120410 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0410, CVE-2012-0037 |
| Description | Raptor provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All Raptor users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Raptor must be restarted for this update to take effect. |
RHSA-2012:0411: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20120411 highRHSA-2012:0411 CVE-2012-0037
RHSA-2012:0411: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120411 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0411, CVE-2012-0037 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file (such as an OpenDocument Format or OpenDocument Presentation file), it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2012:0426: openssl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120426 mediumRHSA-2012:0426 CVE-2012-0884 CVE-2012-1165
RHSA-2012:0426: openssl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120426 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0426, CVE-2012-0884, CVE-2012-1165 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. (CVE-2012-1165) A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS) implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times. (CVE-2012-0884) This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail. All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2012:0427: libtasn1 security update (Important)oval-com.redhat.rhsa-def-20120427 highRHSA-2012:0427 CVE-2012-1569
RHSA-2012:0427: libtasn1 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120427 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0427, CVE-2012-1569 |
| Description | libtasn1 is a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input (such as an X.509 certificate) that, when parsed by an application that uses libtasn1 (such as applications using GnuTLS), could cause the application to crash. (CVE-2012-1569) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue. Users of libtasn1 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the libtasn1 library must be restarted, or the system rebooted. |
RHSA-2012:0428: gnutls security update (Important)oval-com.redhat.rhsa-def-20120428 highRHSA-2012:0428 CVE-2011-4128 CVE-2012-1569 CVE-2012-1573
RHSA-2012:0428: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120428 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0428, CVE-2011-4128, CVE-2012-1569, CVE-2012-1573 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). GnuTLS includes libtasn1, a library developed for ASN.1 (Abstract Syntax Notation One) structures management that includes DER (Distinguished Encoding Rules) encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash. (CVE-2012-1569) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573 and CVE-2012-1569. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted. |
RHSA-2012:0429: gnutls security update (Important)oval-com.redhat.rhsa-def-20120429 highRHSA-2012:0429 CVE-2011-4128 CVE-2012-1573
RHSA-2012:0429: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120429 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0429, CVE-2011-4128, CVE-2012-1573 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. (CVE-2012-1573) A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server. (CVE-2011-4128) Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting CVE-2012-1573. Users of GnuTLS are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted. |
RHSA-2012:0451: rpm security update (Important)oval-com.redhat.rhsa-def-20120451 highRHSA-2012:0451 CVE-2012-0060 CVE-2012-0061 CVE-2012-0815
RHSA-2012:0451: rpm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120451 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0451, CVE-2012-0060, CVE-2012-0061, CVE-2012-0815 |
| Description | The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library (such as the rpm command line tool, or the yum and up2date package managers) to crash or, potentially, execute arbitrary code. (CVE-2012-0060, CVE-2012-0061, CVE-2012-0815) Note: Although an RPM package can, by design, execute arbitrary code when installed, this issue would allow a specially-crafted RPM package to execute arbitrary code before its digital signature has been verified. Package downloads from the Red Hat Network are protected by the use of a secure HTTPS connection in addition to the RPM package signature checks. All RPM users should upgrade to these updated packages, which contain a backported patch to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect. |
RHSA-2012:0465: samba security update (Critical)oval-com.redhat.rhsa-def-20120465 highRHSA-2012:0465 CVE-2012-1182
RHSA-2012:0465: samba security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120465 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0465, CVE-2012-1182 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2012:0466: samba3x security update (Critical)oval-com.redhat.rhsa-def-20120466 highRHSA-2012:0466 CVE-2012-1182
RHSA-2012:0466: samba3x security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120466 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0466, CVE-2012-1182 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon (smbd) to crash or, possibly, execute arbitrary code with the privileges of the root user. (CVE-2012-1182) Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2012:0467: freetype security update (Important)oval-com.redhat.rhsa-def-20120467 highRHSA-2012:0467 CVE-2012-1126 CVE-2012-1127 CVE-2012-1130 CVE-2012-1131 CVE-2012-1132 CVE-2012-1134 CVE-2012-1136 CVE-2012-1137 CVE-2012-1139 CVE-2012-1140 CVE-2012-1141 CVE-2012-1142 CVE-2012-1143 CVE-2012-1144
RHSA-2012:0467: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120467 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0467, CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1134, CVE-2012-1136, CVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple flaws were found in the way FreeType handled TrueType Font (TTF), Glyph Bitmap Distribution Format (BDF), Windows .fnt and .fon, and PostScript Type 1 fonts. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1134, CVE-2012-1136, CVE-2012-1142, CVE-2012-1144) Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially-crafted font file was loaded by an application linked against FreeType, it could cause the application to crash. (CVE-2012-1126, CVE-2012-1127, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1137, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1143) Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting these issues. Users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2012:0468: libtiff security update (Important)oval-com.redhat.rhsa-def-20120468 highRHSA-2012:0468 CVE-2012-1173
RHSA-2012:0468: libtiff security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120468 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0468, CVE-2012-1173 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Two integer overflow flaws, leading to heap-based buffer overflows, were found in the way libtiff attempted to allocate space for a tile in a TIFF image file. An attacker could use these flaws to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-1173) All libtiff users should upgrade to these updated packages, which contain a backported patch to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. |
RHSA-2012:0474: tomcat5 security update (Moderate)oval-com.redhat.rhsa-def-20120474 mediumRHSA-2012:0474 CVE-2011-4858 CVE-2012-0022
RHSA-2012:0474: tomcat5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120474 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0474, CVE-2011-4858, CVE-2012-0022 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2012:0475: tomcat6 security update (Moderate)oval-com.redhat.rhsa-def-20120475 mediumRHSA-2012:0475 CVE-2011-4858 CVE-2012-0022
RHSA-2012:0475: tomcat6 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120475 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0475, CVE-2011-4858, CVE-2012-0022 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858) It was found that Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022) Red Hat would like to thank oCERT for reporting CVE-2011-4858. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4858. Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2012:0480: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20120480 highRHSA-2012:0480 CVE-2012-1583
RHSA-2012:0480: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120480 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0480, CVE-2012-1583 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw in the xfrm6_tunnel_rcv() function in the Linux kernel's IPv6 implementation could lead to a use-after-free or double free flaw in tunnel6_rcv(). A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the xfrm6_tunnel kernel module loaded, causing it to crash. (CVE-2012-1583, Important) If you do not run applications that use xfrm6_tunnel, you can prevent the xfrm6_tunnel module from being loaded by creating (as the root user) a "/etc/modprobe.d/xfrm6_tunnel.conf" file, and adding the following line to it: blacklist xfrm6_tunnel This way, the xfrm6_tunnel module cannot be loaded accidentally. A reboot is not necessary for this change to take effect. This update also fixes various bugs and adds an enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:0481: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20120481 mediumRHSA-2012:0481 CVE-2011-4080 CVE-2012-0879 CVE-2012-1090 CVE-2012-1097
RHSA-2012:0481: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120481 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0481, CVE-2011-4080, CVE-2012-0879, CVE-2012-1090, CVE-2012-1097 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Numerous reference count leaks were found in the Linux kernel's block layer I/O context handling implementation. This could allow a local, unprivileged user to cause a denial of service. (CVE-2012-0879, Moderate) * A flaw was found in the Linux kernel's cifs_lookup() implementation. POSIX open during lookup should only be supported for regular files. When non-regular files (for example, a named (FIFO) pipe or other special files) are opened on lookup, it could cause a denial of service. (CVE-2012-1090, Moderate) * It was found that the Linux kernel's register set (regset) common infrastructure implementation did not check if the required get and set handlers were initialized. A local, unprivileged user could use this flaw to cause a denial of service by performing a register set operation with a ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET request. (CVE-2012-1097, Moderate) Red Hat would like to thank H. Peter Anvin for reporting CVE-2012-1097. This update also fixes several bugs and adds various enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancements noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:0509: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20120509 mediumRHSA-2012:0509 CVE-2011-1143 CVE-2011-1590 CVE-2011-1957 CVE-2011-1958 CVE-2011-1959 CVE-2011-2174 CVE-2011-2175 CVE-2011-2597 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 CVE-2012-1595
RHSA-2012:0509: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120509 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0509, CVE-2011-1143, CVE-2011-1590, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2011-4102, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-1595 |
| Description | Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. Several flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-1590, CVE-2011-4102, CVE-2012-1595) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1143, CVE-2011-1957, CVE-2011-1958, CVE-2011-1959, CVE-2011-2174, CVE-2011-2175, CVE-2011-2597, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0067, CVE-2012-0066) Users of Wireshark should upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2012:0515: firefox security update (Critical)oval-com.redhat.rhsa-def-20120515 highRHSA-2012:0515 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479
RHSA-2012:0515: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120515 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0515, CVE-2011-3062, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in Sanitiser for OpenType (OTS), used by Firefox to help prevent potential exploits in malformed OpenType fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3062) A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469) A web page containing a malicious Scalable Vector Graphics (SVG) image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0470) A flaw was found in the way Firefox used its embedded Cairo library to render certain fonts. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0472) A flaw was found in the way Firefox rendered certain images using WebGL. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0478) A cross-site scripting (XSS) flaw was found in the way Firefox handled certain multibyte character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-0471) A flaw was found in the way Firefox rendered certain graphics using WebGL. A web page containing malicious content could cause Firefox to crash. (CVE-2012-0473) A flaw in Firefox allowed the address bar to display a different website than the one the user was visiting. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site, or allowing scripts to be loaded from the attacker's site, possibly leading to cross-site scripting (XSS) attacks. (CVE-2012-0474) A flaw was found in the way Firefox decoded the ISO-2022-KR and ISO-2022-CN character sets. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-0477) A flaw was found in the way Firefox handled RSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused Firefox to display the address of said content in the location bar, but not the content in the main window. The previous content continued to be displayed. An attacker could use this flaw to perform phishing attacks, or trick users into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker. (CVE-2012-0479) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.4 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter of CVE-2011-3062; Aki Helin from OUSPG as the original reporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original reporter of CVE-2012-0470; wushi of team509 via iDefense as the original reporter of CVE-2012-0472; Ms2ger as the original reporter of CVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter of CVE-2012-0471; Matias Juntunen as the original reporter of CVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the original reporters of CVE-2012-0474; Masato Kinugawa as the original reporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter of CVE-2012-0479. |
RHSA-2012:0516: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20120516 highRHSA-2012:0516 CVE-2011-3062 CVE-2012-0467 CVE-2012-0468 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0472 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479
RHSA-2012:0516: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120516 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0516, CVE-2011-3062, CVE-2012-0467, CVE-2012-0468, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2012-0479 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in Sanitiser for OpenType (OTS), used by Thunderbird to help prevent potential exploits in malformed OpenType fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3062) Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0467, CVE-2012-0468, CVE-2012-0469) Content containing a malicious Scalable Vector Graphics (SVG) image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0470) A flaw was found in the way Thunderbird used its embedded Cairo library to render certain fonts. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0472) A flaw was found in the way Thunderbird rendered certain images using WebGL. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-0478) A cross-site scripting (XSS) flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. (CVE-2012-0471) A flaw was found in the way Thunderbird rendered certain graphics using WebGL. Malicious content could cause Thunderbird to crash. (CVE-2012-0473) A flaw in the built-in feed reader in Thunderbird allowed the Website field to display the address of different content than the content the user was visiting. An attacker could use this flaw to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site, or allowing scripts to be loaded from the attacker's site, possibly leading to cross-site scripting (XSS) attacks. (CVE-2012-0474) A flaw was found in the way Thunderbird decoded the ISO-2022-KR and ISO-2022-CN character sets. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. (CVE-2012-0477) A flaw was found in the way the built-in feed reader in Thunderbird handled RSS and Atom feeds. Invalid RSS or Atom content loaded over HTTPS caused Thunderbird to display the address of said content, but not the content. The previous content continued to be displayed. An attacker could use this flaw to perform phishing attacks, or trick users into thinking they are visiting the site reported by the Website field, when the page is actually content controlled by an attacker. (CVE-2012-0479) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter of CVE-2011-3062; Aki Helin from OUSPG as the original reporter of CVE-2012-0469; Atte Kettunen from OUSPG as the original reporter of CVE-2012-0470; wushi of team509 via iDefense as the original reporter of CVE-2012-0472; Ms2ger as the original reporter of CVE-2012-0478; Anne van Kesteren of Opera Software as the original reporter of CVE-2012-0471; Matias Juntunen as the original reporter of CVE-2012-0473; Jordi Chancel and Eddy Bordi, and Chris McGowen as the original reporters of CVE-2012-0474; Masato Kinugawa as the original reporter of CVE-2012-0477; and Jeroen van der Gun as the original reporter of CVE-2012-0479. Note: All issues except CVE-2012-0470, CVE-2012-0472, and CVE-2011-3062 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. |
RHSA-2012:0518: openssl security update (Important)oval-com.redhat.rhsa-def-20120518 highRHSA-2012:0518 CVE-2012-2110
RHSA-2012:0518: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120518 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0518, CVE-2012-2110 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. Multiple numeric conversion errors, leading to a buffer overflow, were found in the way OpenSSL parsed ASN.1 (Abstract Syntax Notation One) data from BIO (OpenSSL's I/O abstraction) inputs. Specially-crafted DER (Distinguished Encoding Rules) encoded data read from a file or other BIO input could cause an application using the OpenSSL library to crash or, potentially, execute arbitrary code. (CVE-2012-2110) All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2012:0523: libpng security update (Moderate)oval-com.redhat.rhsa-def-20120523 mediumRHSA-2012:0523 CVE-2011-3048
RHSA-2012:0523: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120523 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0523, CVE-2011-3048 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect. |
RHSA-2012:0533: samba and samba3x security update (Important)oval-com.redhat.rhsa-def-20120533 highRHSA-2012:0533 CVE-2012-2111
RHSA-2012:0533: samba and samba3x security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120533 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0533, CVE-2012-2111 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority (LSA) Remote Procedure Calls (RPC). An authenticated user could use this flaw to issue an RPC call that would modify the privileges database on the Samba server, allowing them to steal the ownership of files and directories that are being shared by the Samba server, and create, delete, and modify user accounts, as well as other Samba server administration tasks. (CVE-2012-2111) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Ivano Cristofolini as the original reporter. Users of Samba are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2012:0544: ImageMagick security update (Moderate)oval-com.redhat.rhsa-def-20120544 mediumRHSA-2012:0544 CVE-2010-4167 CVE-2012-0247 CVE-2012-0248 CVE-2012-0259 CVE-2012-0260 CVE-2012-1798
RHSA-2012:0544: ImageMagick security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120544 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0544, CVE-2010-4167, CVE-2012-0247, CVE-2012-0248, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2012-0247) A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. (CVE-2012-0248) It was found that ImageMagick utilities tried to load ImageMagick configuration files from the current working directory. If a user ran an ImageMagick utility in an attacker-controlled directory containing a specially-crafted ImageMagick configuration file, it could cause the utility to execute arbitrary code. (CVE-2010-4167) An integer overflow flaw was found in the way ImageMagick processed certain Exif tags with a large components count. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to access invalid memory and crash. (CVE-2012-0259) A denial of service flaw was found in the way ImageMagick decoded certain JPEG images. A remote attacker could provide a JPEG image with specially-crafted sequences of RST0 up to RST7 restart markers (used to indicate the input stream to be corrupted), which once processed by ImageMagick, would cause it to consume excessive amounts of memory and CPU time. (CVE-2012-0260) An out-of-bounds buffer read flaw was found in the way ImageMagick processed certain TIFF image files. A remote attacker could provide a TIFF image with a specially-crafted Exif IFD value (the set of tags for recording Exif-specific attribute information), which once opened by ImageMagick, would cause it to crash. (CVE-2012-1798) Red Hat would like to thank CERT-FI for reporting CVE-2012-0259, CVE-2012-0260, and CVE-2012-1798. CERT-FI acknowledges Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa and Lasse Ylivainio of Codenomicon's CROSS project as the original reporters. Users of ImageMagick are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of ImageMagick must be restarted for this update to take effect. |
RHSA-2012:0545: ImageMagick security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120545 mediumRHSA-2012:0545 CVE-2012-0247 CVE-2012-0248 CVE-2012-0260
RHSA-2012:0545: ImageMagick security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120545 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0545, CVE-2012-0247, CVE-2012-0248, CVE-2012-0260 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. (CVE-2012-0247) A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. (CVE-2012-0248) A denial of service flaw was found in the way ImageMagick decoded certain JPEG images. A remote attacker could provide a JPEG image with specially-crafted sequences of RST0 up to RST7 restart markers (used to indicate the input stream to be corrupted), which once processed by ImageMagick, would cause it to consume excessive amounts of memory and CPU time. (CVE-2012-0260) Red Hat would like to thank CERT-FI for reporting CVE-2012-0260. CERT-FI acknowledges Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa and Lasse Ylivainio of Codenomicon's CROSS project as the original reporters. This update also fixes the following bug: * The fix for Red Hat Bugzilla bug 694922, provided by the RHSA-2012:0301 ImageMagick update, introduced a regression. Attempting to use the "convert" utility to convert a PostScript document could fail with a "/undefinedfilename" error. With this update, conversion works as expected. (BZ#804546) Users of ImageMagick are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of ImageMagick must be restarted for this update to take effect. |
RHSA-2012:0546: php security update (Critical)oval-com.redhat.rhsa-def-20120546 highRHSA-2012:0546 CVE-2012-1823
RHSA-2012:0546: php security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120546 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0546, CVE-2012-1823 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. (CVE-2012-1823) Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration in Red Hat Enterprise Linux 5 and 6 using the PHP module for Apache httpd to handle PHP scripts. All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:0547: php53 security update (Critical)oval-com.redhat.rhsa-def-20120547 highRHSA-2012:0547 CVE-2012-1823
RHSA-2012:0547: php53 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120547 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0547, CVE-2012-1823 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the php-cgi executable processed command line arguments when running in CGI mode. A remote attacker could send a specially-crafted request to a PHP script that would result in the query string being parsed by php-cgi as command line options and arguments. This could lead to the disclosure of the script's source code or arbitrary code execution with the privileges of the PHP interpreter. (CVE-2012-1823) Red Hat is aware that a public exploit for this issue is available that allows remote code execution in affected PHP CGI configurations. This flaw does not affect the default configuration using the PHP module for Apache httpd to handle PHP scripts. All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:0571: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120571 mediumRHSA-2012:0571 CVE-2011-4086 CVE-2012-1601
RHSA-2012:0571: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120571 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0571, CVE-2011-4086, CVE-2012-1601 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's journal_unmap_buffer() function handled buffer head states. On systems that have an ext4 file system with a journal mounted, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-4086, Moderate) * A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU (VCPU) already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A local, unprivileged user on a KVM host could use this flaw to crash the host. (CVE-2012-1601, Moderate) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:0676: kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120676 mediumRHSA-2012:0676 CVE-2012-1601 CVE-2012-2121
RHSA-2012:0676: kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120676 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0676, CVE-2012-1601, CVE-2012-2121 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way the KVM_CREATE_IRQCHIP ioctl was handled. Calling this ioctl when at least one virtual CPU (VCPU) already existed could lead to a NULL pointer dereference later when the VCPU is scheduled to run. A malicious user in the kvm group on the host could use this flaw to crash the host. (CVE-2012-1601) A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user in the kvm group on the host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121) This update also fixes the following bug: * An off-by-one error in the QEMU guest's memory management could, in rare cases, cause QEMU-KVM to crash due to a segmentation fault in tb_invalidate_phys_page_range() if a device initiated DMA into a specific guest address. In a reported case, this issue presented on a system that had a guest using the 8139cp network driver. (BZ#816207) All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note that the procedure in the Solution section must be performed before this update will take effect. |
RHSA-2012:0677: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20120677 mediumRHSA-2012:0677 CVE-2012-0866 CVE-2012-0868
RHSA-2012:0677: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120677 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0677, CVE-2012-0866, CVE-2012-0868 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. (CVE-2012-0868) CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing. (CVE-2012-0866) All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2012:0678: postgresql and postgresql84 security update (Moderate)oval-com.redhat.rhsa-def-20120678 mediumRHSA-2012:0678 CVE-2012-0866 CVE-2012-0867 CVE-2012-0868
RHSA-2012:0678: postgresql and postgresql84 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120678 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0678, CVE-2012-0866, CVE-2012-0867, CVE-2012-0868 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The pg_dump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by an SQL command. This SQL command might then be executed by a privileged user during later restore of the backup dump, allowing privilege escalation. (CVE-2012-0868) When configured to do SSL certificate verification, PostgreSQL only checked the first 31 characters of the certificate's Common Name field. Depending on the configuration, this could allow an attacker to impersonate a server or a client using a certificate from a trusted Certificate Authority issued for a different name. (CVE-2012-0867) CREATE TRIGGER did not do a permissions check on the trigger function to be called. This could possibly allow an authenticated database user to call a privileged trigger function on data of their choosing. (CVE-2012-0866) These updated packages upgrade PostgreSQL to version 8.4.11, which fixes these issues as well as several data-corruption issues and lesser non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2012:0683: bind-dyndb-ldap security update (Important)oval-com.redhat.rhsa-def-20120683 highRHSA-2012:0683 CVE-2012-2134
RHSA-2012:0683: bind-dyndb-ldap security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120683 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0683, CVE-2012-2134 |
| Description | The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap handled LDAP query errors. If a remote attacker were able to send DNS queries to a named server that is configured to use bind-dyndb-ldap, they could trigger such an error with a DNS query leveraging bind-dyndb-ldap's insufficient escaping of the LDAP base DN (distinguished name). This would result in an invalid LDAP query that named would retry in a loop, preventing it from responding to other DNS queries. With this update, bind-dyndb-ldap only attempts to retry one time when an LDAP search returns an unexpected error. (CVE-2012-2134) Red Hat would like to thank Ronald van Zantvoort for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted. |
RHSA-2012:0690: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20120690 highRHSA-2012:0690 CVE-2012-2136
RHSA-2012:0690: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120690 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0690, CVE-2012-2136 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A local user with access to a TUN/TAP virtual interface could use this flaw to crash the system or, potentially, escalate their privileges. Note that unprivileged users cannot access TUN/TAP devices until the root user grants them access. (CVE-2012-2136, Important) This update also fixes various bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:0699: openssl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120699 mediumRHSA-2012:0699 CVE-2012-2333
RHSA-2012:0699: openssl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120699 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0699, CVE-2012-2333 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS (Datagram Transport Layer Security) application data record lengths when using a block cipher in CBC (cipher-block chaining) mode. A malicious DTLS client or server could use this flaw to crash its DTLS connection peer. (CVE-2012-2333) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Codenomicon as the original reporter. On Red Hat Enterprise Linux 6, this update also fixes an uninitialized variable use bug, introduced by the fix for CVE-2012-0884 (released via RHSA-2012:0426). This bug could possibly cause an attempt to create an encrypted message in the CMS (Cryptographic Message Syntax) format to fail. All OpenSSL users should upgrade to these updated packages, which contain a backported patch to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2012:0705: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20120705 highRHSA-2012:0705 CVE-2012-1149 CVE-2012-2334
RHSA-2012:0705: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120705 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0705, CVE-2012-1149, CVE-2012-2334 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2012-2334) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the JPEG, PNG, and BMP image file reader implementations in OpenOffice.org. An attacker could provide a specially-crafted JPEG, PNG, or BMP image file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1149) Upstream acknowledges Sven Jacobi as the original reporter of CVE-2012-2334, and Tielei Wang via Secunia SVCRP as the original reporter of CVE-2012-1149. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2012:0710: firefox security update (Critical)oval-com.redhat.rhsa-def-20120710 highRHSA-2012:0710 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-3105
RHSA-2012:0710: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120710 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0710, CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947, CVE-2012-3105 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Firefox no longer blocked Firefox inline event handlers. A remote attacker could use this flaw to possibly bypass a web application's intended restrictions, if that application relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted HTML files that are stored on a Microsoft Windows share, or a Samba share, loading such files with Firefox could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening HTML files from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.5 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.5 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:0715: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20120715 highRHSA-2012:0715 CVE-2011-3101 CVE-2012-1937 CVE-2012-1938 CVE-2012-1939 CVE-2012-1940 CVE-2012-1941 CVE-2012-1944 CVE-2012-1945 CVE-2012-1946 CVE-2012-1947 CVE-2012-3105
RHSA-2012:0715: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120715 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0715, CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945, CVE-2012-1946, CVE-2012-1947, CVE-2012-3105 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2011-3101, CVE-2012-1937, CVE-2012-1938, CVE-2012-1939, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1947) Note: CVE-2011-3101 only affected users of certain NVIDIA display drivers with graphics cards that have hardware acceleration enabled. It was found that the Content Security Policy (CSP) implementation in Thunderbird no longer blocked Thunderbird inline event handlers. Malicious content could possibly bypass intended restrictions if that content relied on CSP to protect against flaws such as cross-site scripting (XSS). (CVE-2012-1944) If a web server hosted content that is stored on a Microsoft Windows share, or a Samba share, loading such content with Thunderbird could result in Windows shortcut files (.lnk) in the same share also being loaded. An attacker could use this flaw to view the contents of local files and directories on the victim's system. This issue also affected users opening content from Microsoft Windows shares, or Samba shares, that are mounted on their systems. (CVE-2012-1945) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ken Russell of Google as the original reporter of CVE-2011-3101; Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse Ruderman as the original reporters of CVE-2012-1937; Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters of CVE-2012-1938; Christian Holler as the original reporter of CVE-2012-1939; security researcher Abhishek Arya of Google as the original reporter of CVE-2012-1940, CVE-2012-1941, and CVE-2012-1947; security researcher Arthur Gerkis as the original reporter of CVE-2012-1946; security researcher Adam Barth as the original reporter of CVE-2012-1944; and security researcher Paul Stone as the original reporter of CVE-2012-1945. Note: None of the issues in this advisory can be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.5 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:0716: bind security update (Important)oval-com.redhat.rhsa-def-20120716 highRHSA-2012:0716 CVE-2012-1033 CVE-2012-1667
RHSA-2012:0716: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120716 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0716, CVE-2012-1033, CVE-2012-1667 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:0717: bind97 security update (Important)oval-com.redhat.rhsa-def-20120717 highRHSA-2012:0717 CVE-2012-1033 CVE-2012-1667
RHSA-2012:0717: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120717 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0717, CVE-2012-1033, CVE-2012-1667 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled zero length resource data records. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records that would cause a recursive resolver or secondary server to crash or, possibly, disclose portions of its memory. (CVE-2012-1667) A flaw was found in the way BIND handled the updating of cached name server (NS) resource records. A malicious owner of a DNS domain could use this flaw to keep the domain resolvable by the BIND server even after the delegation was removed from the parent DNS zone. With this update, BIND limits the time-to-live of the replacement record to that of the time-to-live of the record being replaced. (CVE-2012-1033) Users of bind97 are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:0721: kernel security update (Important)oval-com.redhat.rhsa-def-20120721 highRHSA-2012:0721 CVE-2012-0217 CVE-2012-2934
RHSA-2012:0721: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120721 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0721, CVE-2012-0217, CVE-2012-2934 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* It was found that the Xen hypervisor implementation as shipped with Red
Hat Enterprise Linux 5 did not properly restrict the syscall return
addresses in the sysret return path to canonical addresses. An unprivileged
user in a 64-bit para-virtualized guest, that is running on a 64-bit host
that has an Intel CPU, could use this flaw to crash the host or,
potentially, escalate their privileges, allowing them to execute arbitrary
code at the hypervisor level. (CVE-2012-0217, Important)
* It was found that guests could trigger a bug in earlier AMD CPUs, leading
to a CPU hard lockup, when running on the Xen hypervisor implementation. An
unprivileged user in a 64-bit para-virtualized guest could use this flaw to
crash the host. Warning: After installing this update, hosts that are using
an affected AMD CPU (refer to Red Hat Bugzilla bug #824966 for a list) will
fail to boot. In order to boot such hosts, the new kernel parameter,
allow_unsafe, can be used ("allow_unsafe=on"). This option should only be
used with hosts that are running trusted guests, as setting it to "on"
reintroduces the flaw (allowing guests to crash the host). (CVE-2012-2934,
Moderate)
Note: For Red Hat Enterprise Linux guests, only privileged guest users can
exploit the CVE-2012-0217 and CVE-2012-2934 issues.
Red Hat would like to thank the Xen project for reporting these issues.
Upstream acknowledges Rafal Wojtczuk as the original reporter of
CVE-2012-0217.
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
|
RHSA-2012:0729: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20120729 highRHSA-2012:0729 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725
RHSA-2012:0729: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20120729 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0729, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1716) Multiple flaws were discovered in the font manager's layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. (CVE-2012-1713) Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725) It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. (CVE-2012-1724) It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. (CVE-2012-1718) It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files. (CVE-2012-1717) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.3. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:0730: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20120730 highRHSA-2012:0730 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725
RHSA-2012:0730: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120730 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0730, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1716) Multiple flaws were discovered in the font manager's layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. (CVE-2012-1713) Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725) It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. (CVE-2012-1724) It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. (CVE-2012-1718) It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files. (CVE-2012-1717) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:0731: expat security update (Moderate)oval-com.redhat.rhsa-def-20120731 mediumRHSA-2012:0731 CVE-2012-0876 CVE-2012-1148
RHSA-2012:0731: expat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120731 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0731, CVE-2012-0876, CVE-2012-1148 |
| Description | Expat is a C library written by James Clark for parsing XML documents. A denial of service flaw was found in the implementation of hash arrays in Expat. An attacker could use this flaw to make an application using Expat consume an excessive amount of CPU time by providing a specially-crafted XML file that triggers multiple hash function collisions. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0876) A memory leak flaw was found in Expat. If an XML file processed by an application linked against Expat triggered a memory re-allocation failure, Expat failed to free the previously allocated memory. This could cause the application to exit unexpectedly or crash when all available memory is exhausted. (CVE-2012-1148) All Expat users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, applications using the Expat library must be restarted for the update to take effect. |
RHSA-2012:0743: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20120743 highRHSA-2012:0743 CVE-2012-0044 CVE-2012-1179 CVE-2012-2119 CVE-2012-2121 CVE-2012-2123 CVE-2012-2136 CVE-2012-2137 CVE-2012-2372 CVE-2012-2373
RHSA-2012:0743: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20120743 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:0743, CVE-2012-0044, CVE-2012-1179, CVE-2012-2119, CVE-2012-2121, CVE-2012-2123, CVE-2012-2136, CVE-2012-2137, CVE-2012-2372, CVE-2012-2373 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) * A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) * A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) * A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:0744: python security update (Moderate)oval-com.redhat.rhsa-def-20120744 mediumRHSA-2012:0744 CVE-2011-4940 CVE-2011-4944 CVE-2012-0845 CVE-2012-1150
RHSA-2012:0744: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120744 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0744, CVE-2011-4940, CVE-2011-4944, CVE-2012-0845, CVE-2012-1150 |
| Description | Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new "PYTHONHASHSEED" environment variable or the Python interpreter's "-R" command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleXMLRPCServer module handled clients disconnecting prematurely. A remote attacker could use this flaw to cause excessive CPU consumption on a server using SimpleXMLRPCServer. (CVE-2012-0845) A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2012:0745: python security update (Moderate)oval-com.redhat.rhsa-def-20120745 mediumRHSA-2012:0745 CVE-2011-4940 CVE-2011-4944 CVE-2012-1150
RHSA-2012:0745: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120745 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0745, CVE-2011-4940, CVE-2011-4944, CVE-2012-1150 |
| Description | Python is an interpreted, interactive, object-oriented programming language. A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python. An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-1150) Note: The hash randomization is not enabled by default as it may break applications that incorrectly depend on dictionary ordering. To enable the protection, the new "PYTHONHASHSEED" environment variable or the Python interpreter's "-R" command line option can be used. Refer to the python(1) manual page for details. The RHSA-2012:0731 expat erratum must be installed with this update, which adds hash randomization to the Expat library used by the Python pyexpat module. A flaw was found in the way the Python SimpleHTTPServer module generated directory listings. An attacker able to upload a file with a specially-crafted name to a server could possibly perform a cross-site scripting (XSS) attack against victims visiting a listing page generated by SimpleHTTPServer, for a directory containing the crafted file (if the victims were using certain web browsers). (CVE-2011-4940) A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local user had access to the home directory of another user who is running distutils, they could use this flaw to gain access to that user's .pypirc file, which can contain usernames and passwords for code repositories. (CVE-2011-4944) Red Hat would like to thank oCERT for reporting CVE-2012-1150. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2012-1150. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2012:0748: libvirt security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120748 lowRHSA-2012:0748 CVE-2012-2693
RHSA-2012:0748: libvirt security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120748 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0748, CVE-2012-2693 |
| Description | The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.
Bus and device IDs were ignored when attempting to attach multiple USB
devices with identical vendor or product IDs to a guest. This could result
in the wrong device being attached to a guest, giving that guest root
access to the device. (CVE-2012-2693)
These updated libvirt packages include numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for
information on the most significant of these changes.
All users of libvirt are advised to upgrade to these updated packages,
which fix these issues and add these enhancements. After installing the
updated packages, libvirtd must be restarted ("service libvirtd restart")
for this update to take effect.
|
RHSA-2012:0774: libguestfs security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120774 lowRHSA-2012:0774 CVE-2012-2690
RHSA-2012:0774: libguestfs security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120774 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0774, CVE-2012-2690 |
| Description | libguestfs is a library for accessing and modifying guest disk images. It was found that editing files with virt-edit left said files in a world-readable state (and did not preserve the file owner or Security-Enhanced Linux context). If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to. (CVE-2012-2690) These updated libguestfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users of libguestfs are advised to upgrade to these updated packages, which fix these issues and add these enhancements. |
RHSA-2012:0796: rsyslog security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20120796 mediumRHSA-2012:0796 CVE-2011-4623
RHSA-2012:0796: rsyslog security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120796 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0796, CVE-2011-4623 |
| Description | The rsyslog packages provide an enhanced, multi-threaded syslog daemon. A numeric truncation error, leading to a heap-based buffer overflow, was found in the way the rsyslog imfile module processed text files containing long lines. An attacker could use this flaw to crash the rsyslogd daemon or, possibly, execute arbitrary code with the privileges of rsyslogd, if they are able to cause a long line to be written to a log file that rsyslogd monitors with imfile. The imfile module is not enabled by default. (CVE-2011-4623) Bug fixes: * Several variables were incorrectly deinitialized with Transport Layer Security (TLS) transport and keys in PKCS#8 format. The rsyslogd daemon aborted with a segmentation fault when keys in this format were provided. Now, the variables are correctly deinitialized. (BZ#727380) * Previously, the imgssapi plug-in initialization was incomplete. As a result, the rsyslogd daemon aborted when configured to provide a GSSAPI listener. Now, the plug-in is correctly initialized. (BZ#756664) * The fully qualified domain name (FQDN) for the localhost used in messages was the first alias found. This did not always produce the expected result on multihomed hosts. With this update, the algorithm uses the alias that corresponds to the hostname. (BZ#767527) * The gtls module leaked a file descriptor every time it was loaded due to an error in the GnuTLS library. No new files or network connections could be opened when the limit for the file descriptor count was reached. This update modifies the gtls module so that it is not unloaded during the process lifetime. (BZ#803550) * rsyslog could not override the hostname to set an alternative hostname for locally generated messages. Now, the local hostname can be overridden. (BZ#805424) * The rsyslogd init script did not pass the lock file path to the 'status' action. As a result, the lock file was ignored and a wrong exit code was returned. This update modifies the init script to pass the lock file to the 'status' action. Now, the correct exit code is returned. (BZ#807608) * Data could be incorrectly deinitialized when rsyslogd was supplied with malformed spool files. The rsyslogd daemon could be aborted with a segmentation fault. This update modifies the underlying code to correctly deinitialize the data. (BZ#813079) * Previously, deinitialization of non-existent data could, in certain error cases, occur. As a result, rsyslogd could abort with a segmentation fault when rsyslog was configured to use a disk assisted queue without specifying a spool file. With this update, the error cases are handled gracefully. (BZ#813084) * The manual page wrongly stated that the '-d' option to turn on debugging caused the daemon to run in the foreground, which was misleading as the current behavior is to run in the background. Now, the manual page reflects the correct behavior. (BZ#820311) * rsyslog attempted to write debugging messages to standard output even when run in the background. This resulted in the debugging information being written to some other output. This was corrected and the debug messages are no longer written to standard output when run in the background. (BZ#820996) * The string buffer to hold the distinguished name (DN) of a certificate was too small. DNs with more than 128 characters were not displayed. This update enlarges the buffer to process longer DNs. (BZ#822118) Enhancements: * Support for rate limiting and multi-line message capability. Now, rsyslogd can limit the number of messages it accepts through a UNIX socket. (BZ#672182) * The addition of the "/etc/rsyslog.d/" configuration directory to supply syslog configuration files. (BZ#740420) All users of rsyslog are advised to upgrade to these updated packages, which upgrade rsyslog to version 5.8.10 and correct these issues and add these enhancements. After installing this update, the rsyslog daemon will be restarted automatically. |
RHSA-2012:0810: busybox security and bug fix update (Low)oval-com.redhat.rhsa-def-20120810 lowRHSA-2012:0810 CVE-2006-1168 CVE-2011-2716
RHSA-2012:0810: busybox security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120810 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0810, CVE-2006-1168, CVE-2011-2716 |
| Description | BusyBox provides a single binary that includes versions of a large number of system commands, including a shell. This can be very useful for recovering from certain types of system failures, particularly those involving broken shared libraries. A buffer underflow flaw was found in the way the uncompress utility of BusyBox expanded certain archive files compressed using Lempel-Ziv compression. If a user were tricked into expanding a specially-crafted archive file with uncompress, it could cause BusyBox to crash or, potentially, execute arbitrary code with the privileges of the user running BusyBox. (CVE-2006-1168) The BusyBox DHCP client, udhcpc, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. Note: udhcpc is not used on Red Hat Enterprise Linux by default, and no DHCP client script is provided with the busybox packages. (CVE-2011-2716) This update also fixes the following bugs: * Prior to this update, the "findfs" command did not recognize Btrfs partitions. As a consequence, an error message could occur when dumping a core file. This update adds support for recognizing such partitions so the problem no longer occurs. (BZ#751927) * If the "grep" command was used with the "-F" and "-i" options at the same time, the "-i" option was ignored. As a consequence, the "grep -iF" command incorrectly performed a case-sensitive search instead of an insensitive search. A patch has been applied to ensure that the combination of the "-F" and "-i" options works as expected. (BZ#752134) * Prior to this update, the msh shell did not support the "set -o pipefail" command. This update adds support for this command. (BZ#782018) * Previously, the msh shell could terminate unexpectedly with a segmentation fault when attempting to execute an empty command as a result of variable substitution (for example msh -c '$nonexistent_variable'). With this update, msh has been modified to correctly interpret such commands and no longer crashes in this scenario. (BZ#809092) * Previously, the msh shell incorrectly executed empty loops. As a consequence, msh never exited such a loop even if the loop condition was false, which could cause scripts using the loop to become unresponsive. With this update, msh has been modified to execute and exit empty loops correctly, so that hangs no longer occur. (BZ#752132) All users of busybox are advised to upgrade to these updated packages, which contain backported patches to fix these issues. |
RHSA-2012:0811: php-pecl-apc security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120811 lowRHSA-2012:0811 CVE-2010-3294
RHSA-2012:0811: php-pecl-apc security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120811 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0811, CVE-2010-3294 |
| Description | The php-pecl-apc packages contain APC (Alternative PHP Cache), the framework for caching and optimization of intermediate PHP code. A cross-site scripting (XSS) flaw was found in the "apc.php" script, which provides a detailed analysis of the internal workings of APC and is shipped as part of the APC extension documentation. A remote attacker could possibly use this flaw to conduct a cross-site scripting attack. (CVE-2010-3294) Note: The administrative script is not deployed upon package installation. It must manually be copied to the web root (the default is "/var/www/html/", for example). In addition, the php-pecl-apc packages have been upgraded to upstream version 3.1.9, which provides a number of bug fixes and enhancements over the previous version. (BZ#662655) All users of php-pecl-apc are advised to upgrade to these updated packages, which fix these issues and add these enhancements. If the "apc.php" script was previously deployed in the web root, it must manually be re-deployed to replace the vulnerable version to resolve this issue. |
RHSA-2012:0813: 389-ds-base security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120813 lowRHSA-2012:0813 CVE-2012-0833
RHSA-2012:0813: 389-ds-base security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120813 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0813, CVE-2012-0833 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way the 389 Directory Server daemon (ns-slapd) handled access control instructions (ACIs) using certificate groups. If an LDAP user that had a certificate group defined attempted to bind to the directory server, it would cause ns-slapd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-0833) Red Hat would like to thank Graham Leggett for reporting this issue. These updated 389-ds-base packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users are advised to upgrade to these updated 389-ds-base packages, which resolve these issues and add these enhancements. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2012:0841: abrt, libreport, btparser, and python-meh security and bug fix update (Low)oval-com.redhat.rhsa-def-20120841 lowRHSA-2012:0841 CVE-2011-4088 CVE-2012-1106
RHSA-2012:0841: abrt, libreport, btparser, and python-meh security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120841 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0841, CVE-2011-4088, CVE-2012-1106 |
| Description | ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. The btparser utility is a backtrace parser and analyzer library, which works with backtraces produced by the GNU Project Debugger. It can parse a text file with a backtrace to a tree of C structures, allowing to analyze the threads and frames of the backtrace and process them. The python-meh package provides a python library for handling exceptions. If the C handler plug-in in ABRT was enabled (the abrt-addon-ccpp package installed and the abrt-ccpp service running), and the sysctl fs.suid_dumpable option was set to "2" (it is "0" by default), core dumps of set user ID (setuid) programs were created with insecure group ID permissions. This could allow local, unprivileged users to obtain sensitive information from the core dump files of setuid processes they would otherwise not be able to access. (CVE-2012-1106) ABRT did not allow users to easily search the collected crash information for sensitive data prior to submitting it. This could lead to users unintentionally exposing sensitive information via the submitted crash reports. This update adds functionality to search across all the collected data. Note that this fix does not apply to the default configuration, where reports are sent to Red Hat Customer Support. It only takes effect for users sending information to Red Hat Bugzilla. (CVE-2011-4088) Red Hat would like to thank Jan Iven for reporting CVE-2011-4088. These updated packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of abrt, libreport, btparser, and python-meh are advised to upgrade to these updated packages, which correct these issues. |
RHSA-2012:0862: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20120862 mediumRHSA-2012:0862 CVE-2011-1083 CVE-2011-4131
RHSA-2012:0862: Red Hat Enterprise Linux 6 kernel security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120862 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0862, CVE-2011-1083, CVE-2011-4131 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's Event Poll (epoll) subsystem handled large, nested epoll structures. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2011-1083, Moderate) * A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2011-4131, Moderate) Red Hat would like to thank Nelson Elhage for reporting CVE-2011-1083, and Andy Adamson for reporting CVE-2011-4131. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.3 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.3 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:0874: mysql security and enhancement update (Low)oval-com.redhat.rhsa-def-20120874 lowRHSA-2012:0874 CVE-2012-2102
RHSA-2012:0874: mysql security and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120874 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0874, CVE-2012-2102 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A flaw was found in the way MySQL processed HANDLER READ NEXT statements after deleting a record. A remote, authenticated attacker could use this flaw to provide such requests, causing mysqld to crash. This issue only caused a temporary denial of service, as mysqld was automatically restarted after the crash. (CVE-2012-2102) This update also adds the following enhancement: * The InnoDB storage engine is built-in for all architectures. This update adds InnoDB Plugin, the InnoDB storage engine as a plug-in for the 32-bit x86, AMD64, and Intel 64 architectures. The plug-in offers additional features and better performance than when using the built-in InnoDB storage engine. Refer to the MySQL documentation, linked to in the References section, for information about enabling the plug-in. (BZ#740224) All MySQL users should upgrade to these updated packages, which add this enhancement and contain a backported patch to correct this issue. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2012:0876: net-snmp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120876 mediumRHSA-2012:0876 CVE-2012-2141
RHSA-2012:0876: net-snmp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120876 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0876, CVE-2012-2141 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. An array index error, leading to an out-of-bounds buffer read flaw, was found in the way the net-snmp agent looked up entries in the extension table. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the "extend" directive (in "/etc/snmp/snmpd.conf") could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) These updated net-snmp packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. All users of net-snmp are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically. |
RHSA-2012:0880: qt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20120880 mediumRHSA-2012:0880 CVE-2010-5076 CVE-2011-3922
RHSA-2012:0880: qt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120880 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0880, CVE-2010-5076, CVE-2011-3922 |
| Description | Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A buffer overflow flaw was found in the harfbuzz module in Qt. If a user loaded a specially-crafted font file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3922) A flaw was found in the way Qt handled X.509 certificates with IP address wildcards. An attacker able to obtain a certificate with a Common Name containing an IP wildcard could possibly use this flaw to impersonate an SSL server to client applications that are using Qt. This update also introduces more strict handling for hostname wildcard certificates by disallowing the wildcard character to match more than one hostname component. (CVE-2010-5076) This update also fixes the following bugs: * The Phonon API allowed premature freeing of the media object. Consequently, GStreamer could terminate unexpectedly as it failed to access the released media object. This update modifies the underlying Phonon API code and the problem no longer occurs. (BZ#694684) * Previously, Qt could output the "Unrecognized OpenGL version" error and fall back to OpenGL-version-1 compatibility mode. This happened because Qt failed to recognize the version of OpenGL installed on the system if the system was using a version of OpenGL released later than the Qt version in use. This update adds the code for recognition of OpenGL versions to Qt and if the OpenGL version is unknown, Qt assumes that the last-known version of OpenGL is available. (BZ#757793) * Previously Qt included a compiled-in list of trusted CA (Certificate Authority) certificates, that could have been used if Qt failed to open a system's ca-bundle.crt file. With this update, Qt no longer includes compiled-in CA certificates and only uses the system bundle. (BZ#734444) Users of Qt should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt libraries must be restarted for this update to take effect. |
RHSA-2012:0884: openssh security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120884 lowRHSA-2012:0884 CVE-2011-5000
RHSA-2012:0884: openssh security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120884 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0884, CVE-2011-5000 |
| Description | OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These
packages include the core files necessary for the OpenSSH client and
server.
A denial of service flaw was found in the OpenSSH GSSAPI authentication
implementation. A remote, authenticated user could use this flaw to make
the OpenSSH server daemon (sshd) use an excessive amount of memory, leading
to a denial of service. GSSAPI authentication is enabled by default
("GSSAPIAuthentication yes" in "/etc/ssh/sshd_config"). (CVE-2011-5000)
These updated openssh packages also provide fixes for the following bugs:
* SSH X11 forwarding failed if IPv6 was enabled and the parameter
X11UseLocalhost was set to "no". Consequently, users could not set X
forwarding. This update fixes sshd and ssh to correctly bind the port for
the IPv6 protocol. As a result, X11 forwarding now works as expected with
IPv6. (BZ#732955)
* The sshd daemon was killed by the OOM killer when running a stress test.
Consequently, a user could not log in. With this update, the sshd daemon
sets its oom_adj value to -17. As a result, sshd is not chosen by OOM
killer and users are able to log in to solve problems with memory.
(BZ#744236)
* If the SSH server is configured with a banner that contains a backslash
character, then the client will escape it with another "\" character, so it
prints double backslashes. An upstream patch has been applied to correct
the problem and the SSH banner is now correctly displayed. (BZ#809619)
In addition, these updated openssh packages provide the following
enhancements:
* Previously, SSH allowed multiple ways of authentication of which only one
was required for a successful login. SSH can now be set up to require
multiple ways of authentication. For example, logging in to an SSH-enabled
machine requires both a passphrase and a public key to be entered. The
RequiredAuthentications1 and RequiredAuthentications2 options can be
configured in the /etc/ssh/sshd_config file to specify authentications that
are required for a successful login. For example, to set key and password
authentication for SSH version 2, type:
echo "RequiredAuthentications2 publickey,password" >> /etc/ssh/sshd_config
For more information on the aforementioned /etc/ssh/sshd_config options,
refer to the sshd_config man page. (BZ#657378)
* Previously, OpenSSH could use the Advanced Encryption Standard New
Instructions (AES-NI) instruction set only with the AES Cipher-block
chaining (CBC) cipher. This update adds support for Counter (CTR) mode
encryption in OpenSSH so the AES-NI instruction set can now be used
efficiently also with the AES CTR cipher. (BZ#756929)
* Prior to this update, an unprivileged slave sshd process was run as
the sshd_t context during privilege separation (privsep). sshd_t is the
SELinux context used for running the sshd daemon. Given that the
unprivileged slave process is run under the user's UID, it is fitting to
run this process under the user's SELinux context instead of the privileged
sshd_t context. With this update, the unprivileged slave process is now run
as the user's context instead of the sshd_t context in accordance with the
principle of privilege separation. The unprivileged process, which might be
potentially more sensitive to security threats, is now run under the user's
SELinux context. (BZ#798241)
Users are advised to upgrade to these updated openssh packages, which
contain backported patches to resolve these issues and add these
enhancements. After installing this update, the OpenSSH server daemon
(sshd) will be restarted automatically.
|
RHSA-2012:0899: openldap security and bug fix update (Low)oval-com.redhat.rhsa-def-20120899 lowRHSA-2012:0899 CVE-2012-1164
RHSA-2012:0899: openldap security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120899 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0899, CVE-2012-1164 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) processed certain search queries requesting only attributes and no values. In certain configurations, a remote attacker could issue a specially-crafted LDAP search query that, when processed by slapd, would cause slapd to crash due to an assertion failure. (CVE-2012-1164) These updated openldap packages include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for information on the most significant of these changes. Users of OpenLDAP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. |
RHSA-2012:0902: cifs-utils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120902 lowRHSA-2012:0902 CVE-2012-1586
RHSA-2012:0902: cifs-utils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120902 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0902, CVE-2012-1586 |
| Description | The cifs-utils package contains tools for mounting and managing shares on
Linux using the SMB/CIFS protocol. The CIFS shares can be used as standard
Linux file systems.
A file existence disclosure flaw was found in mount.cifs. If the tool was
installed with the setuid bit set, a local attacker could use this flaw to
determine the existence of files or directories in directories not
accessible to the attacker. (CVE-2012-1586)
Note: mount.cifs from the cifs-utils package distributed by Red Hat does
not have the setuid bit set. We recommend that administrators do not
manually set the setuid bit for mount.cifs.
This update also fixes the following bugs:
* The cifs.mount(8) manual page was previously missing documentation for
several mount options. With this update, the missing entries have been
added to the manual page. (BZ#769923)
* Previously, the mount.cifs utility did not properly update the
"/etc/mtab" system information file when remounting an existing CIFS
mount. Consequently, mount.cifs created a duplicate entry of the existing
mount entry. This update adds the del_mtab() function to cifs.mount, which
ensures that the old mount entry is removed from "/etc/mtab" before adding
the updated mount entry. (BZ#770004)
* The mount.cifs utility did not properly convert user and group names to
numeric UIDs and GIDs. Therefore, when the "uid", "gid" or "cruid" mount
options were specified with user or group names, CIFS shares were mounted
with default values. This caused shares to be inaccessible to the intended
users because UID and GID is set to "0" by default. With this update, user
and group names are properly converted so that CIFS shares are now mounted
with specified user and group ownership as expected. (BZ#796463)
* The cifs.upcall utility did not respect the "domain_realm" section in
the "krb5.conf" file and worked only with the default domain.
Consequently, an attempt to mount a CIFS share from a different than the
default domain failed with the following error message:
mount error(126): Required key not available
This update modifies the underlying code so that cifs.upcall handles
multiple Kerberos domains correctly and CIFS shares can now be mounted as
expected in a multi-domain environment. (BZ#805490)
In addition, this update adds the following enhancements:
* The cifs.upcall utility previously always used the "/etc/krb5.conf" file
regardless of whether the user had specified a custom Kerberos
configuration file. This update adds the "--krb5conf" option to
cifs.upcall allowing the administrator to specify an alternate
krb5.conf file. For more information on this option, refer to the
cifs.upcall(8) manual page. (BZ#748756)
* The cifs.upcall utility did not optimally determine the correct service
principal name (SPN) used for Kerberos authentication, which occasionally
caused krb5 authentication to fail when mounting a server's unqualified
domain name. This update improves cifs.upcall so that the method used to
determine the SPN is now more versatile. (BZ#748757)
* This update adds the "backupuid" and "backupgid" mount options to the
mount.cifs utility. When specified, these options grant a user or a group
the right to access files with the backup intent. For more information on
these options, refer to the mount.cifs(8) manual page. (BZ#806337)
All users of cifs-utils are advised to upgrade to this updated package,
which contains backported patches to fix these issues and add these
enhancements.
|
RHSA-2012:0939: xorg-x11-server security and bug fix update (Low)oval-com.redhat.rhsa-def-20120939 lowRHSA-2012:0939 CVE-2011-4028 CVE-2011-4029
RHSA-2012:0939: xorg-x11-server security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120939 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0939, CVE-2011-4028, CVE-2011-4029 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.Org server handled lock files. A local user with access to the system console could use this flaw to determine the existence of a file in a directory not accessible to the user, via a symbolic link attack. (CVE-2011-4028) A race condition was found in the way the X.Org server managed temporary lock files. A local attacker could use this flaw to perform a symbolic link attack, allowing them to make an arbitrary file world readable, leading to the disclosure of sensitive information. (CVE-2011-4029) Red Hat would like to thank the researcher with the nickname vladz for reporting these issues. This update also fixes the following bugs: * Prior to this update, the KDE Display Manager (KDM) could pass invalid 24bpp pixmap formats to the X server. As a consequence, the X server could unexpectedly abort. This update modifies the underlying code to pass the correct formats. (BZ#651934, BZ#722860) * Prior to this update, absolute input devices, like the stylus of a graphic tablet, could become unresponsive in the right-most or bottom-most screen if the X server was configured as a multi-screen setup through multiple "Device" sections in the xorg.conf file. This update changes the screen crossing behavior so that absolute devices are always mapped across all screens. (BZ#732467) * Prior to this update, the misleading message "Session active, not inhibited, screen idle. If you see this test, your display server is broken and you should notify your distributor." could be displayed after resuming the system or re-enabling the display, and included a URL to an external web page. This update removes this message. (BZ#748704) * Prior to this update, the erroneous input handling code of the Xephyr server disabled screens on a screen crossing event. The focus was only on the screen where the mouse was located and only this screen was updated when the Xephyr nested X server was configured in a multi-screen setup. This update removes this code and Xephyr now correctly updates screens in multi-screen setups. (BZ#757792) * Prior to this update, raw events did not contain relative axis values. As a consequence, clients which relied on relative values for functioning did not behave as expected. This update sets the values to the original driver values instead of the already transformed values. Now, raw events contain relative axis values as expected. (BZ#805377) All users of xorg-x11-server are advised to upgrade to these updated packages, which correct these issues. All running X.Org server instances must be restarted for this update to take effect. |
RHSA-2012:0958: sos security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20120958 lowRHSA-2012:0958 CVE-2012-2664
RHSA-2012:0958: sos security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120958 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0958, CVE-2012-2664 |
| Description | The sos package contains a set of tools that gather information from system
hardware, logs and configuration files. The information can then be used
for diagnostic purposes and debugging.
The sosreport utility collected the Kickstart configuration file
("/root/anaconda-ks.cfg"), but did not remove the root user's password from
it before adding the file to the resulting archive of debugging
information. An attacker able to access the archive could possibly use this
flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually
only contains a hash of the password, not the plain text password.
(CVE-2012-2664)
Note: This issue affected all installations, not only systems installed via
Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation
types.
This updated sos package also includes numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 6.3 Technical Notes for
information on the most significant of these changes.
All users of sos are advised to upgrade to this updated package, which
contains backported patches to correct these issues and add these
enhancements.
|
RHSA-2012:0987: sblim-cim-client2 security update (Low)oval-com.redhat.rhsa-def-20120987 lowRHSA-2012:0987 CVE-2012-2328
RHSA-2012:0987: sblim-cim-client2 security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20120987 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:0987, CVE-2012-2328 |
| Description | The SBLIM (Standards-Based Linux Instrumentation for Manageability) CIM (Common Information Model) Client is a class library for Java applications that provides access to CIM servers using the CIM Operations over HTTP protocol defined by the DMTF (Distributed Management Task Force) standards. It was found that the Java HashMap implementation was susceptible to predictable hash collisions. SBLIM uses HashMap when parsing XML inputs. A specially-crafted CIM-XML message from a WBEM (Web-Based Enterprise Management) server could cause a SBLIM client to use an excessive amount of CPU. Randomization has been added to help avoid collisions. (CVE-2012-2328) All users of sblim-cim-client2 are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. |
RHSA-2012:0997: 389-ds-base security update (Moderate)oval-com.redhat.rhsa-def-20120997 mediumRHSA-2012:0997 CVE-2012-2678 CVE-2012-2746
RHSA-2012:0997: 389-ds-base security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20120997 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:0997, CVE-2012-2678, CVE-2012-2746 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server handled password changes. If an LDAP user has changed their password, and the directory server has not been restarted since that change, an attacker able to bind to the directory server could obtain the plain text version of that user's password via the "unhashed#user#password" attribute. (CVE-2012-2678) It was found that when the password for an LDAP user was changed, and audit logging was enabled (it is disabled by default), the new password was written to the audit log in plain text form. This update introduces a new configuration parameter, "nsslapd-auditlog-logging-hide-unhashed-pw", which when set to "on" (the default option), prevents 389 Directory Server from writing plain text passwords to the audit log. This option can be configured in "/etc/dirsrv/slapd-[ID]/dse.ldif". (CVE-2012-2746) All users of 389-ds-base are advised to upgrade to these updated packages, which resolve these issues. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2012:1009: java-1.7.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20121009 highRHSA-2012:1009 CVE-2012-1711 CVE-2012-1713 CVE-2012-1716 CVE-2012-1717 CVE-2012-1718 CVE-2012-1719 CVE-2012-1723 CVE-2012-1724 CVE-2012-1725 CVE-2012-1726
RHSA-2012:1009: java-1.7.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121009 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1009, CVE-2012-1711, CVE-2012-1713, CVE-2012-1716, CVE-2012-1717, CVE-2012-1718, CVE-2012-1719, CVE-2012-1723, CVE-2012-1724, CVE-2012-1725, CVE-2012-1726 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the CORBA (Common Object Request Broker Architecture) implementation in Java. A malicious Java application or applet could use these flaws to bypass Java sandbox restrictions or modify immutable object data. (CVE-2012-1711, CVE-2012-1719) It was discovered that the SynthLookAndFeel class from Swing did not properly prevent access to certain UI elements from outside the current application context. A malicious Java application or applet could use this flaw to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1716) Multiple flaws were discovered in the font manager's layout lookup implementation. A specially-crafted font file could cause the Java Virtual Machine to crash or, possibly, execute arbitrary code with the privileges of the user running the virtual machine. (CVE-2012-1713) Multiple flaws were found in the way the Java HotSpot Virtual Machine verified the bytecode of the class file to be executed. A specially-crafted Java application or applet could use these flaws to crash the Java Virtual Machine, or bypass Java sandbox restrictions. (CVE-2012-1723, CVE-2012-1725) It was discovered that java.lang.invoke.MethodHandles.Lookup did not properly honor access modes. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-1726) It was discovered that the Java XML parser did not properly handle certain XML documents. An attacker able to make a Java application parse a specially-crafted XML file could use this flaw to make the XML parser enter an infinite loop. (CVE-2012-1724) It was discovered that the Java security classes did not properly handle Certificate Revocation Lists (CRL). CRL containing entries with duplicate certificate serial numbers could have been ignored. (CVE-2012-1718) It was discovered that various classes of the Java Runtime library could create temporary files with insecure permissions. A local attacker could use this flaw to gain access to the content of such temporary files. (CVE-2012-1717) This update also fixes the following bug: * Attempting to compile a SystemTap script using the jstack tapset could have failed with an error similar to the following: error: the frame size of 272 bytes is larger than 256 bytes This update corrects the jstack tapset and resolves this issue. (BZ#833035) This erratum also upgrades the OpenJDK package to IcedTea7 2.2.1. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:1036: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20121036 mediumRHSA-2012:1036 CVE-2012-2143
RHSA-2012:1036: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121036 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1036, CVE-2012-2143 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of this issue. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2012:1037: postgresql and postgresql84 security update (Moderate)oval-com.redhat.rhsa-def-20121037 mediumRHSA-2012:1037 CVE-2012-2143 CVE-2012-2655
RHSA-2012:1037: postgresql and postgresql84 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121037 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1037, CVE-2012-2143, CVE-2012-2655 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). A flaw was found in the way the crypt() password hashing function from the optional PostgreSQL pgcrypto contrib module performed password transformation when used with the DES algorithm. If the password string to be hashed contained the 0x80 byte value, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. This made brute-force guessing more efficient as the whole password was not required to gain access to protected resources. (CVE-2012-2143) Note: With this update, the rest of the string is properly included in the DES hash; therefore, any previously stored password values that are affected by this issue will no longer match. In such cases, it will be necessary for those stored password hashes to be updated. A denial of service flaw was found in the way the PostgreSQL server performed a user privileges check when applying SECURITY DEFINER or SET attributes to a procedural language's (such as PL/Perl or PL/Python) call handler function. A non-superuser database owner could use this flaw to cause the PostgreSQL server to crash due to infinite recursion. (CVE-2012-2655) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of the CVE-2012-2143 issue. These updated packages upgrade PostgreSQL to version 8.4.12, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2012:1043: libwpd security update (Important)oval-com.redhat.rhsa-def-20121043 highRHSA-2012:1043 CVE-2012-2149
RHSA-2012:1043: libwpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121043 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1043, CVE-2012-2149 |
| Description | libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents (.wpd files). An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2149) All libwpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that are linked against libwpd must be restarted for this update to take effect. |
RHSA-2012:1045: php security update (Moderate)oval-com.redhat.rhsa-def-20121045 mediumRHSA-2012:1045 CVE-2011-4153 CVE-2012-0057 CVE-2012-0789 CVE-2012-1172 CVE-2012-2336
RHSA-2012:1045: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121045 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1045, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2336 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:1046: php security update (Moderate)oval-com.redhat.rhsa-def-20121046 mediumRHSA-2012:1046 CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 CVE-2012-0781 CVE-2012-0789 CVE-2012-1172 CVE-2012-2143 CVE-2012-2336 CVE-2012-2386
RHSA-2012:1046: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121046 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1046, CVE-2010-2950, CVE-2011-4153, CVE-2012-0057, CVE-2012-0781, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386) A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. (CVE-2010-2950) A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143) Note: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated. It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0546, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) A NULL pointer dereference flaw was found in the PHP tidy_diagnose() function. A remote attacker could use specially-crafted input to crash an application that uses tidy::diagnose. (CVE-2012-0781) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143. All php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:1047: php53 security update (Moderate)oval-com.redhat.rhsa-def-20121047 mediumRHSA-2012:1047 CVE-2010-2950 CVE-2011-4153 CVE-2012-0057 CVE-2012-0789 CVE-2012-1172 CVE-2012-2143 CVE-2012-2336 CVE-2012-2386
RHSA-2012:1047: php53 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121047 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1047, CVE-2010-2950, CVE-2011-4153, CVE-2012-0057, CVE-2012-0789, CVE-2012-1172, CVE-2012-2143, CVE-2012-2336, CVE-2012-2386 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user running PHP, if a PHP script processed untrusted eXtensible Style Sheet Language Transformations (XSLT) content. (CVE-2012-0057) Note: This update disables file writing by default. A new PHP configuration directive, "xsl.security_prefs", can be used to enable file writing in XSLT. A flaw was found in the way PHP validated file names in file upload requests. A remote attacker could possibly use this flaw to bypass the sanitization of the uploaded file names, and cause a PHP script to store the uploaded file in an unexpected directory, by using a directory traversal attack. (CVE-2012-1172) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the PHP phar extension processed certain fields of tar archive files. A remote attacker could provide a specially-crafted tar archive file that, when processed by a PHP application using the phar extension, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running PHP. (CVE-2012-2386) A format string flaw was found in the way the PHP phar extension processed certain PHAR files. A remote attacker could provide a specially-crafted PHAR file, which once processed in a PHP application using the phar extension, could lead to information disclosure and possibly arbitrary code execution via a crafted phar:// URI. (CVE-2010-2950) A flaw was found in the DES algorithm implementation in the crypt() password hashing function in PHP. If the password string to be hashed contained certain characters, the remainder of the string was ignored when calculating the hash, significantly reducing the password strength. (CVE-2012-2143) Note: With this update, passwords are no longer truncated when performing DES hashing. Therefore, new hashes of the affected passwords will not match stored hashes generated using vulnerable PHP versions, and will need to be updated. It was discovered that the fix for CVE-2012-1823, released via RHSA-2012:0547, did not properly filter all php-cgi command line arguments. A specially-crafted request to a PHP script could cause the PHP interpreter to execute the script in a loop, or output usage information that triggers an Internal Server Error. (CVE-2012-2336) A memory leak flaw was found in the PHP strtotime() function call. A remote attacker could possibly use this flaw to cause excessive memory consumption by triggering many strtotime() function calls. (CVE-2012-0789) It was found that PHP did not check the zend_strndup() function's return value in certain cases. A remote attacker could possibly use this flaw to crash a PHP application. (CVE-2011-4153) Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of CVE-2012-2143. All php53 users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2012:1054: libtiff security update (Important)oval-com.redhat.rhsa-def-20121054 highRHSA-2012:1054 CVE-2012-2088 CVE-2012-2113
RHSA-2012:1054: libtiff security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121054 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1054, CVE-2012-2088, CVE-2012-2113 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-2088) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the tiff2pdf tool. An attacker could use these flaws to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-2113) All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. |
RHSA-2012:1061: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121061 mediumRHSA-2012:1061 CVE-2012-3375
RHSA-2012:1061: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121061 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1061, CVE-2012-3375 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fix: * The fix for CVE-2011-1083 (RHSA-2012:0150) introduced a flaw in the way the Linux kernel's Event Poll (epoll) subsystem handled resource clean up when an ELOOP error code was returned. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-3375, Moderate) Bug fixes: * The qla2xxx driver handled interrupts for QLogic Fibre Channel adapters incorrectly due to a bug in a test condition for MSI-X support. This update corrects the bug and qla2xxx now handles interrupts as expected. (BZ#816373) * A process scheduler did not handle RPC priority wait queues correctly. Consequently, the process scheduler failed to wake up all scheduled tasks as expected after RPC timeout, which caused the system to become unresponsive and could significantly decrease system performance. This update modifies the process scheduler to handle RPC priority wait queues as expected. All scheduled tasks are now properly woken up after RPC timeout and the system behaves as expected. (BZ#817571) * The kernel version 2.6.18-308.4.1.el5 contained several bugs which led to an overrun of the NFS server page array. Consequently, any attempt to connect an NFS client running on Red Hat Enterprise Linux 5.8 to the NFS server running on the system with this kernel caused the NFS server to terminate unexpectedly and the kernel to panic. This update corrects the bugs causing NFS page array overruns and the kernel no longer crashes in this scenario. (BZ#820358) * An insufficiently designed calculation in the CPU accelerator in the previous kernel caused an arithmetic overflow in the sched_clock() function when system uptime exceeded 208.5 days. This overflow led to a kernel panic on the systems using the Time Stamp Counter (TSC) or Virtual Machine Interface (VMI) clock source. This update corrects the calculation so that this arithmetic overflow and kernel panic can no longer occur under these circumstances. Note: This advisory does not include a fix for this bug for the 32-bit architecture. (BZ#824654) * Under memory pressure, memory pages that are still a part of a checkpointing transaction can be invalidated. However, when the pages were invalidated, the journal head was re-filed onto the transactions' "forget" list, which caused the current running transaction's block to be modified. As a result, block accounting was not properly performed on that modified block because it appeared to have already been modified due to the journal head being re-filed. This could trigger an assertion failure in the "journal_commit_transaction()" function on the system. The "b_modified" flag is now cleared before the journal head is filed onto any transaction; assertion failures no longer occur. (BZ#827205) * When running more than 30 instances of the cclengine utility concurrently on IBM System z with IBM Communications Controller for Linux, the system could become unresponsive. This was caused by a missing wake_up() function call in the qeth_release_buffer() function in the QETH network device driver. This update adds the missing wake_up() function call and the system now responds as expected in this scenario. (BZ#829059) * Recent changes removing support for the Flow Director from the ixgbe driver introduced bugs that caused the RSS (Receive Side Scaling) functionality to stop working correctly on Intel 82599EB 10 Gigabit Ethernet network devices. This update corrects the return code in the ixgbe_cache_ring_fdir function and setting of the registers that control the RSS redirection table. Also, obsolete code related to Flow Director support has been removed. The RSS functionality now works as expected on these devices. (BZ#832169) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2012:1064: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20121064 highRHSA-2012:1064 CVE-2012-2744 CVE-2012-2745
RHSA-2012:1064: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121064 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1064, CVE-2012-2744, CVE-2012-2745 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm()
function in the Linux kernel's netfilter IPv6 connection tracking
implementation. A remote attacker could use this flaw to send
specially-crafted packets to a target system that is using IPv6 and also
has the nf_conntrack_ipv6 kernel module loaded, causing it to crash.
(CVE-2012-2744, Important)
* A flaw was found in the way the Linux kernel's key management facility
handled replacement session keyrings on process forks. A local,
unprivileged user could use this flaw to cause a denial of service.
(CVE-2012-2745, Moderate)
Red Hat would like to thank an anonymous contributor working with the
Beyond Security SecuriTeam Secure Disclosure program for reporting
CVE-2012-2744.
This update also fixes the following bugs:
* Previously introduced firmware files required for new Realtek chipsets
contained an invalid prefix ("rtl_nic_") in the file names, for example
"/lib/firmware/rtl_nic/rtl_nic_rtl8168d-1.fw". This update corrects these
file names. For example, the aforementioned file is now correctly named
"/lib/firmware/rtl_nic/rtl8168d-1.fw". (BZ#832359)
* This update blacklists the ADMA428M revision of the 2GB ATA Flash Disk
device. This is due to data corruption occurring on the said device when
the Ultra-DMA 66 transfer mode is used. When the
"libata.force=5:pio0,6:pio0" kernel parameter is set, the aforementioned
device works as expected. (BZ#832363)
* On Red Hat Enterprise Linux 6, mounting an NFS export from a Windows 2012
server failed due to the fact that the Windows server contains support for
the minor version 1 (v4.1) of the NFS version 4 protocol only, along with
support for versions 2 and 3. The lack of the minor version 0 (v4.0)
support caused Red Hat Enterprise Linux 6 clients to fail instead of
rolling back to version 3 as expected. This update fixes this bug and
mounting an NFS export works as expected. (BZ#832365)
* On ext4 file systems, when fallocate() failed to allocate blocks due to
the ENOSPC condition (no space left on device) for a file larger than 4 GB,
the size of the file became corrupted and, consequently, caused file system
corruption. This was due to a missing cast operator in the
"ext4_fallocate()" function. With this update, the underlying source code
has been modified to address this issue, and file system corruption no
longer occurs. (BZ#833034)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
|
RHSA-2012:1068: openjpeg security update (Important)oval-com.redhat.rhsa-def-20121068 highRHSA-2012:1068 CVE-2009-5030 CVE-2012-3358
RHSA-2012:1068: openjpeg security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121068 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1068, CVE-2009-5030, CVE-2012-3358 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. An input validation flaw, leading to a heap-based buffer overflow, was found in the way OpenJPEG handled the tile number and size in an image tile header. A remote attacker could provide a specially-crafted image file that, when decoded using an application linked against OpenJPEG, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-3358) OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially-crafted image file that, when opened in an application linked against OpenJPEG (such as image_to_j2k), would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-5030) Users of OpenJPEG should upgrade to these updated packages, which contain patches to correct these issues. All running applications using OpenJPEG must be restarted for the update to take effect. |
RHSA-2012:1081: sudo security update (Moderate)oval-com.redhat.rhsa-def-20121081 mediumRHSA-2012:1081 CVE-2012-2337
RHSA-2012:1081: sudo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121081 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1081, CVE-2012-2337 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications. (CVE-2012-2337) All users of sudo are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2012:1088: firefox security update (Critical)oval-com.redhat.rhsa-def-20121088 highRHSA-2012:1088 CVE-2012-1948 CVE-2012-1950 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1965 CVE-2012-1966 CVE-2012-1967
RHSA-2012:1088: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121088 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1088, CVE-2012-1948, CVE-2012-1950, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964, CVE-2012-1965, CVE-2012-1966, CVE-2012-1967 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967) A malicious web page could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges. (CVE-2012-1959) A flaw in the context menu functionality in Firefox could allow a malicious website to bypass intended restrictions and allow a cross-site scripting attack. (CVE-2012-1966) A page different to that in the address bar could be displayed when dragging and dropping to the address bar, possibly making it easier for a malicious site or user to perform a phishing attack. (CVE-2012-1950) A flaw in the way Firefox called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing a trusted site. (CVE-2012-1955) A flaw in a parser utility class used by Firefox to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Firefox. This issue could have affected other browser components or add-ons that assume the class returns sanitized input. (CVE-2012-1957) A flaw in the way Firefox handled X-Frame-Options headers could allow a malicious website to perform a clickjacking attack. (CVE-2012-1961) A flaw in the way Content Security Policy (CSP) reports were generated by Firefox could allow a malicious web page to steal a victim's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963) A flaw in the way Firefox handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964) A flaw in the way Firefox handled feed:javascript URLs could allow output filtering to be bypassed, possibly leading to a cross-site scripting attack. (CVE-2012-1965) The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6 introduced a mitigation for the CVE-2011-3389 flaw. For compatibility reasons, it remains disabled by default in the nss packages. This update makes Firefox enable the mitigation by default. It can be disabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before launching Firefox. (BZ#838879) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby Holley, Code Audit Labs, Mariusz Mlynski, Mario Heiderich, Frédéric Buclin, Karthikeyan Bhargavan, Matt McCutchen, Mario Gomes, and Soroush Dalili as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:1089: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20121089 highRHSA-2012:1089 CVE-2012-1948 CVE-2012-1951 CVE-2012-1952 CVE-2012-1953 CVE-2012-1954 CVE-2012-1955 CVE-2012-1957 CVE-2012-1958 CVE-2012-1959 CVE-2012-1961 CVE-2012-1962 CVE-2012-1963 CVE-2012-1964 CVE-2012-1967
RHSA-2012:1089: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121089 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1089, CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1955, CVE-2012-1957, CVE-2012-1958, CVE-2012-1959, CVE-2012-1961, CVE-2012-1962, CVE-2012-1963, CVE-2012-1964, CVE-2012-1967 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-1948, CVE-2012-1951, CVE-2012-1952, CVE-2012-1953, CVE-2012-1954, CVE-2012-1958, CVE-2012-1962, CVE-2012-1967) Malicious content could bypass same-compartment security wrappers (SCSW) and execute arbitrary code with chrome privileges. (CVE-2012-1959) A flaw in the way Thunderbird called history.forward and history.back could allow an attacker to conceal a malicious URL, possibly tricking a user into believing they are viewing trusted content. (CVE-2012-1955) A flaw in a parser utility class used by Thunderbird to parse feeds (such as RSS) could allow an attacker to execute arbitrary JavaScript with the privileges of the user running Thunderbird. This issue could have affected other Thunderbird components or add-ons that assume the class returns sanitized input. (CVE-2012-1957) A flaw in the way Thunderbird handled X-Frame-Options headers could allow malicious content to perform a clickjacking attack. (CVE-2012-1961) A flaw in the way Content Security Policy (CSP) reports were generated by Thunderbird could allow malicious content to steal a victim's OAuth 2.0 access tokens and OpenID credentials. (CVE-2012-1963) A flaw in the way Thunderbird handled certificate warnings could allow a man-in-the-middle attacker to create a crafted warning, possibly tricking a user into accepting an arbitrary certificate as trusted. (CVE-2012-1964) The nss update RHBA-2012:0337 for Red Hat Enterprise Linux 5 and 6 introduced a mitigation for the CVE-2011-3389 flaw. For compatibility reasons, it remains disabled by default in the nss packages. This update makes Thunderbird enable the mitigation by default. It can be disabled by setting the NSS_SSL_CBC_RANDOM_IV environment variable to 0 before launching Thunderbird. (BZ#838879) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Abhishek Arya, Arthur Gerkis, Bill Keese, moz_bug_r_a4, Bobby Holley, Mariusz Mlynski, Mario Heiderich, Frédéric Buclin, Karthikeyan Bhargavan, and Matt McCutchen as the original reporters of these issues. Note: None of the issues in this advisory can be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:1090: nss and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20121090 mediumRHSA-2012:1090 CVE-2012-0441
RHSA-2012:1090: nss and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121090 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1090, CVE-2012-0441 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 (Abstract Syntax Notation One) decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP (Online Certificate Status Protocol) response. (CVE-2012-0441) It was found that a Certificate Authority (CA) issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted. (BZ#798533) Note: The BZ#798533 fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. In addition, the nspr package has been upgraded to upstream version 4.9.1, and the nss package has been upgraded to upstream version 3.13.5. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#834220, BZ#834219) All NSS and NSPR users should upgrade to these updated packages, which correct these issues and add these enhancements. After installing the update, applications using NSS and NSPR must be restarted for the changes to take effect. |
RHSA-2012:1091: nss, nspr, and nss-util security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20121091 mediumRHSA-2012:1091 CVE-2012-0441
RHSA-2012:1091: nss, nspr, and nss-util security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121091 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1091, CVE-2012-0441 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 (Abstract Syntax Notation One) decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP (Online Certificate Status Protocol) response. (CVE-2012-0441) The nspr package has been upgraded to upstream version 4.9.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#833762) The nss-util package has been upgraded to upstream version 3.13.5, which provides a number of bug fixes and enhancements over the previous version. (BZ#833763) The nss package has been upgraded to upstream version 3.13.5, which provides a number of bug fixes and enhancements over the previous version. (BZ#834100) All NSS, NSPR, and nss-util users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect. |
RHSA-2012:1097: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121097 mediumRHSA-2012:1097 CVE-2012-3406
RHSA-2012:1097: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121097 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1097, CVE-2012-3406 |
| Description | The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. It was discovered that the formatted printing functionality in glibc did not properly restrict the use of alloca(). This could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-3406) This update also fixes the following bug: * If a file or a string was in the IBM-930 encoding, and contained the invalid multibyte character "0xffff", attempting to use iconv() (or the iconv command) to convert that file or string to another encoding, such as UTF-8, resulted in a segmentation fault. With this update, the conversion code for the IBM-930 encoding recognizes this invalid character and calls an error handler, rather than causing a segmentation fault. (BZ#837896) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to fix these issues. |
RHSA-2012:1098: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121098 mediumRHSA-2012:1098 CVE-2012-3404 CVE-2012-3405 CVE-2012-3406
RHSA-2012:1098: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121098 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1098, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406 |
| Description | The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort. (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406) This update also fixes the following bug: * A programming error caused an internal array of nameservers to be only partially initialized when the /etc/resolv.conf file contained IPv6 nameservers. Depending on the contents of a nearby structure, this could cause certain applications to terminate unexpectedly with a segmentation fault. The programming error has been fixed, which restores proper behavior with IPv6 nameservers listed in the /etc/resolv.conf file. (BZ#837026) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to fix these issues. |
RHSA-2012:1102: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20121102 mediumRHSA-2012:1102 CVE-2012-1178 CVE-2012-2318 CVE-2012-3374
RHSA-2012:1102: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121102 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1102, CVE-2012-1178, CVE-2012-2318, CVE-2012-3374 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A flaw was found in the way the Pidgin MSN protocol plug-in processed text that was not encoded in UTF-8. A remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN message. (CVE-2012-1178) An input validation flaw was found in the way the Pidgin MSN protocol plug-in handled MSN notification messages. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted MSN notification message. (CVE-2012-2318) A buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A remote attacker could use this flaw to crash Pidgin by sending a MXit message containing specially-crafted emoticon tags. (CVE-2012-3374) Red Hat would like to thank the Pidgin project for reporting the CVE-2012-3374 issue. Upstream acknowledges Ulf Härnhammar as the original reporter of CVE-2012-3374. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2012:1116: perl-DBD-Pg security update (Moderate)oval-com.redhat.rhsa-def-20121116 mediumRHSA-2012:1116 CVE-2012-1151
RHSA-2012:1116: perl-DBD-Pg security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121116 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1116, CVE-2012-1151 |
| Description | Perl DBI is a database access Application Programming Interface (API) for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-1151) All users of perl-DBD-Pg are advised to upgrade to this updated package, which contains a backported patch to fix these issues. Applications using perl-DBD-Pg must be restarted for the update to take effect. |
RHSA-2012:1122: bind97 security update (Important)oval-com.redhat.rhsa-def-20121122 highRHSA-2012:1122 CVE-2012-3817
RHSA-2012:1122: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121122 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1122, CVE-2012-3817 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. (CVE-2012-3817) Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:1123: bind security update (Important)oval-com.redhat.rhsa-def-20121123 highRHSA-2012:1123 CVE-2012-3817
RHSA-2012:1123: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121123 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1123, CVE-2012-3817 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. An uninitialized data structure use flaw was found in BIND when DNSSEC validation was enabled. A remote attacker able to send a large number of queries to a DNSSEC validating BIND resolver could use this flaw to cause it to exit unexpectedly with an assertion failure. (CVE-2012-3817) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:1130: xen security update (Moderate)oval-com.redhat.rhsa-def-20121130 mediumRHSA-2012:1130 CVE-2012-2625
RHSA-2012:1130: xen security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121130 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1130, CVE-2012-2625 |
| Description | The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way the pyGrub boot loader handled compressed kernel images. A privileged guest user in a para-virtualized guest (a DomU) could use this flaw to create a crafted kernel image that, when attempting to boot it, could result in an out-of-memory condition in the privileged domain (the Dom0). (CVE-2012-2625) Red Hat would like to thank Xinli Niu for reporting this issue. All users of xen are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the xend service must be restarted for this update to take effect. |
RHSA-2012:1131: krb5 security update (Important)oval-com.redhat.rhsa-def-20121131 highRHSA-2012:1131 CVE-2012-1013 CVE-2012-1015
RHSA-2012:1131: krb5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121131 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1131, CVE-2012-1013, CVE-2012-1015 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). An uninitialized pointer use flaw was found in the way the MIT Kerberos KDC handled initial authentication requests (AS-REQ). A remote, unauthenticated attacker could use this flaw to crash the KDC via a specially-crafted AS-REQ request. (CVE-2012-1015) A NULL pointer dereference flaw was found in the MIT Kerberos administration daemon, kadmind. A Kerberos administrator who has the "create" privilege could use this flaw to crash kadmind. (CVE-2012-1013) Red Hat would like to thank the MIT Kerberos project for reporting CVE-2012-1015. Upstream acknowledges Emmanuel Bouillon (NCI Agency) as the original reporter of CVE-2012-1015. All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. |
RHSA-2012:1132: icedtea-web security update (Important)oval-com.redhat.rhsa-def-20121132 highRHSA-2012:1132 CVE-2012-3422 CVE-2012-3423
RHSA-2012:1132: icedtea-web security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121132 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1132, CVE-2012-3422, CVE-2012-3423 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. An uninitialized pointer use flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could possibly cause a web browser using the IcedTea-Web plug-in to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3422) It was discovered that the IcedTea-Web plug-in incorrectly assumed all strings received from the browser were NUL terminated. When using the plug-in with a web browser that does not NUL terminate strings, visiting a web page containing a Java applet could possibly cause the browser to crash, disclose a portion of its memory, or execute arbitrary code. (CVE-2012-3423) Red Hat would like to thank Chamal De Silva for reporting the CVE-2012-3422 issue. This erratum also upgrades IcedTea-Web to version 1.2.1. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect. |
RHSA-2012:1135: libreoffice security update (Important)oval-com.redhat.rhsa-def-20121135 highRHSA-2012:1135 CVE-2012-2665
RHSA-2012:1135: libreoffice security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1135, CVE-2012-2665 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2665) Upstream acknowledges Timo Warns as the original reporter of these issues. All LibreOffice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of LibreOffice applications must be restarted for this update to take effect. |
RHSA-2012:1136: openoffice.org security update (Important)oval-com.redhat.rhsa-def-20121136 highRHSA-2012:1136 CVE-2012-2665
RHSA-2012:1136: openoffice.org security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121136 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1136, CVE-2012-2665 |
| Description | OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2665) Upstream acknowledges Timo Warns as the original reporter of these issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. |
RHSA-2012:1139: bind-dyndb-ldap security update (Important)oval-com.redhat.rhsa-def-20121139 highRHSA-2012:1139 CVE-2012-3429
RHSA-2012:1139: bind-dyndb-ldap security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121139 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1139, CVE-2012-3429 |
| Description | The dynamic LDAP back end is a plug-in for BIND that provides back-end capabilities to LDAP databases. It features support for dynamic updates and internal caching that help to reduce the load on LDAP servers. A flaw was found in the way bind-dyndb-ldap performed the escaping of names from DNS requests for use in LDAP queries. A remote attacker able to send DNS queries to a named server that is configured to use bind-dyndb-ldap could use this flaw to cause named to exit unexpectedly with an assertion failure. (CVE-2012-3429) Red Hat would like to thank Sigbjorn Lie of Atea Norway for reporting this issue. All bind-dyndb-ldap users should upgrade to this updated package, which contains a backported patch to correct this issue. For the update to take effect, the named service must be restarted. |
RHSA-2012:1140: dhcp security update (Moderate)oval-com.redhat.rhsa-def-20121140 mediumRHSA-2012:1140 CVE-2012-3571
RHSA-2012:1140: dhcp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121140 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1140, CVE-2012-3571 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571) Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of this issue. Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all DHCP servers will be restarted automatically. |
RHSA-2012:1141: dhcp security update (Moderate)oval-com.redhat.rhsa-def-20121141 mediumRHSA-2012:1141 CVE-2012-3571 CVE-2012-3954
RHSA-2012:1141: dhcp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121141 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1141, CVE-2012-3571, CVE-2012-3954 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571) Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests. (CVE-2012-3954) Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as the original reporter of CVE-2012-3571, and Glen Eustace of Massey University, New Zealand, as the original reporter of CVE-2012-3954. Users of DHCP should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, all DHCP servers will be restarted automatically. |
RHSA-2012:1149: sudo security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121149 mediumRHSA-2012:1149 CVE-2012-3440
RHSA-2012:1149: sudo security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121149 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1149, CVE-2012-3440 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the "/etc/nsswitch.conf" file during the upgrade or removal of the sudo package. (CVE-2012-3440) This update also fixes the following bugs: * Previously, sudo escaped non-alphanumeric characters in commands using "sudo -s" or "sudo -" at the wrong place and interfered with the authorization process. Some valid commands were not permitted. Now, non-alphanumeric characters escape immediately before the command is executed and no longer interfere with the authorization process. (BZ#844418) * Prior to this update, the sudo utility could, under certain circumstances, fail to receive the SIGCHLD signal when it was executed from a process that blocked the SIGCHLD signal. As a consequence, sudo could become suspended and fail to exit. This update modifies the signal process mask so that sudo can exit and sends the correct output. (BZ#844419) * The sudo update RHSA-2012:0309 introduced a regression that caused the Security-Enhanced Linux (SELinux) context of the "/etc/nsswitch.conf" file to change during the installation or upgrade of the sudo package. This could cause various services confined by SELinux to no longer be permitted to access the file. In reported cases, this issue prevented PostgreSQL and Postfix from starting. (BZ#842759) * Updating the sudo package resulted in the "sudoers" line in "/etc/nsswitch.conf" being removed. This update corrects the bug in the sudo package's post-uninstall script that caused this issue. (BZ#844420) * Prior to this update, a race condition bug existed in sudo. When a program was executed with sudo, the program could possibly exit successfully before sudo started waiting for it. In this situation, the program would be left in a zombie state and sudo would wait for it endlessly, expecting it to still be running. (BZ#844978) All users of sudo are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2012:1151: openldap security and bug fix update (Low)oval-com.redhat.rhsa-def-20121151 lowRHSA-2012:1151 CVE-2012-2668
RHSA-2012:1151: openldap security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20121151 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:1151, CVE-2012-2668 |
| Description | OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security (TLS) negotiation with OpenLDAP clients. (CVE-2012-2668) This update also fixes the following bug: * When the smbk5pwd overlay was enabled in an OpenLDAP server, and a user changed their password, the Microsoft NT LAN Manager (NTLM) and Microsoft LAN Manager (LM) hashes were not computed correctly. This led to the sambaLMPassword and sambaNTPassword attributes being updated with incorrect values, preventing the user logging in using a Windows-based client or a Samba client. With this update, the smbk5pwd overlay is linked against OpenSSL. As such, the NTLM and LM hashes are computed correctly, and password changes work as expected when using smbk5pwd. (BZ#844428) Users of OpenLDAP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenLDAP daemons will be restarted automatically. |
RHSA-2012:1156: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121156 mediumRHSA-2012:1156 CVE-2011-1078 CVE-2012-2383
RHSA-2012:1156: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121156 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1156, CVE-2011-1078, CVE-2012-2383 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw was found in the i915_gem_execbuffer2() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2383, Moderate) * A missing initialization flaw was found in the sco_sock_getsockopt_old() function in the Linux kernel's Bluetooth implementation. A local, unprivileged user could use this flaw to cause an information leak. (CVE-2011-1078, Low) Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting the CVE-2011-1078 issue. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:1174: kernel security and bug fix update (Low)oval-com.redhat.rhsa-def-20121174 lowRHSA-2012:1174 CVE-2012-2313
RHSA-2012:1174: kernel security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20121174 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:1174, CVE-2012-2313 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). (CVE-2012-2313, Low) Red Hat would like to thank Stephan Mueller for reporting this issue. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2012:1180: gimp security update (Moderate)oval-com.redhat.rhsa-def-20121180 mediumRHSA-2012:1180 CVE-2011-2896 CVE-2012-3403 CVE-2012-3481
RHSA-2012:1180: gimp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1180, CVE-2011-2896, CVE-2012-3403, CVE-2012-3481 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Red Hat would like to thank Matthias Weckbecker of the SUSE Security Team for reporting the CVE-2012-3481 issue. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. |
RHSA-2012:1181: gimp security update (Moderate)oval-com.redhat.rhsa-def-20121181 mediumRHSA-2012:1181 CVE-2009-3909 CVE-2011-2896 CVE-2012-3402 CVE-2012-3403 CVE-2012-3481
RHSA-2012:1181: gimp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121181 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1181, CVE-2009-3909, CVE-2011-2896, CVE-2012-3402, CVE-2012-3403, CVE-2012-3481 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP's Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2009-3909, CVE-2012-3402) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3481) A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP's GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2011-2896) A heap-based buffer overflow flaw was found in the GIMP's KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-3403) Red Hat would like to thank Secunia Research for reporting CVE-2009-3909, and Matthias Weckbecker of the SUSE Security Team for reporting CVE-2012-3481. Users of the GIMP are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The GIMP must be restarted for the update to take effect. |
RHSA-2012:1201: tetex security update (Moderate)oval-com.redhat.rhsa-def-20121201 mediumRHSA-2012:1201 CVE-2010-2642 CVE-2010-3702 CVE-2010-3704 CVE-2011-0433 CVE-2011-0764 CVE-2011-1552 CVE-2011-1553 CVE-2011-1554
RHSA-2012:1201: tetex security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121201 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1201, CVE-2010-2642, CVE-2010-3702, CVE-2010-3704, CVE-2011-0433, CVE-2011-0764, CVE-2011-1552, CVE-2011-1553, CVE-2011-1554 |
| Description | teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2010-2642, CVE-2011-0433) An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-0764) A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1553) An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. (CVE-2011-1554) An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash. (CVE-2011-1552) teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code: An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3702) An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex. (CVE-2010-3704) Red Hat would like to thank the Evince development team for reporting CVE-2010-2642. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter of CVE-2010-2642. All users of tetex are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2012:1202: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121202 mediumRHSA-2012:1202 CVE-2012-3445
RHSA-2012:1202: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121202 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1202, CVE-2012-3445 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially-crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash. (CVE-2012-3445) This update also fixes the following bugs: * Previously, repeatedly migrating a guest between two machines while using the tunnelled migration could cause the libvirt daemon to lock up unexpectedly. The bug in the code for locking remote drivers has been fixed and repeated tunnelled migrations of domains now work as expected. (BZ#847946) * Previously, when certain system locales were used by the system, libvirt could issue incorrect commands to the hypervisor. This bug has been fixed and the libvirt library and daemon are no longer affected by the choice of the user locale. (BZ#847959) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2012:1206: python-paste-script security update (Moderate)oval-com.redhat.rhsa-def-20121206 mediumRHSA-2012:1206 CVE-2012-0878
RHSA-2012:1206: python-paste-script security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1206, CVE-2012-0878 |
| Description | Python Paste provides middleware for building and running Python web applications. The python-paste-script package includes paster, a tool for working with and running Python Paste applications. It was discovered that paster did not drop supplementary group privileges when started by the root user. Running "paster serve" as root to start a Python web application that will run as a non-root user and group resulted in that application running with root group privileges. This could possibly allow a remote attacker to gain access to files that should not be accessible to the application. (CVE-2012-0878) All paster users should upgrade to this updated package, which contains a backported patch to resolve this issue. All running paster instances configured to drop privileges must be restarted for this update to take effect. |
RHSA-2012:1207: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121207 mediumRHSA-2012:1207 CVE-2012-3480
RHSA-2012:1207: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121207 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1207, CVE-2012-3480 |
| Description | The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) This update also fixes the following bug: * Previously, logic errors in various mathematical functions, including exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent results when the functions were used with the non-default rounding mode. This could also cause applications to crash in some cases. With this update, the functions now give correct results across the four different rounding modes. (BZ#839411) All users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2012:1208: glibc security update (Moderate)oval-com.redhat.rhsa-def-20121208 mediumRHSA-2012:1208 CVE-2012-3480
RHSA-2012:1208: glibc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121208 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1208, CVE-2012-3480 |
| Description | The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly. Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2012-3480) All users of glibc are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2012:1210: firefox security update (Critical)oval-com.redhat.rhsa-def-20121210 highRHSA-2012:1210 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3976 CVE-2012-3978 CVE-2012-3980
RHSA-2012:1210: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121210 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1210, CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3972, CVE-2012-3976, CVE-2012-3978, CVE-2012-3980 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964) A web page containing a malicious Scalable Vector Graphics (SVG) image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3969, CVE-2012-3970) Two flaws were found in the way Firefox rendered certain images using WebGL. A web page containing malicious content could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3967, CVE-2012-3968) A flaw was found in the way Firefox decoded embedded bitmap images in Icon Format (ICO) files. A web page containing a malicious ICO file could cause Firefox to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3966) A flaw was found in the way the "eval" command was handled by the Firefox Web Console. Running "eval" in the Web Console while viewing a web page containing malicious content could possibly cause Firefox to execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3980) An out-of-bounds memory read flaw was found in the way Firefox used the format-number feature of XSLT (Extensible Stylesheet Language Transformations). A web page containing malicious content could possibly cause an information leak, or cause Firefox to crash. (CVE-2012-3972) It was found that the SSL certificate information for a previously visited site could be displayed in the address bar while the main window displayed a new page. This could lead to phishing attacks as attackers could use this flaw to trick users into believing they are viewing a trusted site. (CVE-2012-3976) A flaw was found in the location object implementation in Firefox. Malicious content could use this flaw to possibly allow restricted content to be loaded. (CVE-2012-3978) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.7 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Frédéric Hoguin, miaubiz, Arthur Gerkis, Nicolas Grégoire, Mark Poticha, moz_bug_r_a4, and Colby Russell as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.7 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:1211: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20121211 highRHSA-2012:1211 CVE-2012-1970 CVE-2012-1972 CVE-2012-1973 CVE-2012-1974 CVE-2012-1975 CVE-2012-1976 CVE-2012-3956 CVE-2012-3957 CVE-2012-3958 CVE-2012-3959 CVE-2012-3960 CVE-2012-3961 CVE-2012-3962 CVE-2012-3963 CVE-2012-3964 CVE-2012-3966 CVE-2012-3967 CVE-2012-3968 CVE-2012-3969 CVE-2012-3970 CVE-2012-3972 CVE-2012-3978 CVE-2012-3980
RHSA-2012:1211: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121211 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1211, CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3972, CVE-2012-3978, CVE-2012-3980 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-1970, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964) Content containing a malicious Scalable Vector Graphics (SVG) image file could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3969, CVE-2012-3970) Two flaws were found in the way Thunderbird rendered certain images using WebGL. Malicious content could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3967, CVE-2012-3968) A flaw was found in the way Thunderbird decoded embedded bitmap images in Icon Format (ICO) files. Content containing a malicious ICO file could cause Thunderbird to crash or, under certain conditions, possibly execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3966) A flaw was found in the way the "eval" command was handled by the Thunderbird Error Console. Running "eval" in the Error Console while viewing malicious content could possibly cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3980) An out-of-bounds memory read flaw was found in the way Thunderbird used the format-number feature of XSLT (Extensible Stylesheet Language Transformations). Malicious content could possibly cause an information leak, or cause Thunderbird to crash. (CVE-2012-3972) A flaw was found in the location object implementation in Thunderbird. Malicious content could use this flaw to possibly allow restricted content to be loaded. (CVE-2012-3978) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, John Schoenick, Vladimir Vukicevic, Daniel Holbert, Abhishek Arya, Frédéric Hoguin, miaubiz, Arthur Gerkis, Nicolas Grégoire, moz_bug_r_a4, and Colby Russell as the original reporters of these issues. Note: All issues except CVE-2012-3969 and CVE-2012-3970 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.7 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:1221: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20121221 highRHSA-2012:1221 CVE-2012-0547 CVE-2012-1682
RHSA-2012:1221: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121221 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1221, CVE-2012-0547, CVE-2012-1682 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-1682) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.4. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:1222: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20121222 highRHSA-2012:1222 CVE-2012-0547 CVE-2012-1682
RHSA-2012:1222: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121222 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1222, CVE-2012-0547, CVE-2012-1682 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. It was discovered that the Beans component in OpenJDK did not perform permission checks properly. An untrusted Java application or applet could use this flaw to use classes from restricted packages, allowing it to bypass Java sandbox restrictions. (CVE-2012-1682) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:1223: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20121223 highRHSA-2012:1223 CVE-2012-0547 CVE-2012-1682 CVE-2012-3136 CVE-2012-4681
RHSA-2012:1223: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121223 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1223, CVE-2012-0547, CVE-2012-1682, CVE-2012-3136, CVE-2012-4681 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-4681, CVE-2012-1682, CVE-2012-3136) A hardening fix was applied to the AWT component in OpenJDK, removing functionality from the restricted SunToolkit class that was used in combination with other flaws to bypass Java sandbox restrictions. (CVE-2012-0547) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:1234: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20121234 highRHSA-2012:1234 CVE-2012-3515
RHSA-2012:1234: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121234 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1234, CVE-2012-3515 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space
component for running virtual machines using KVM.
A flaw was found in the way QEMU handled VT100 terminal escape sequences
when emulating certain character devices. A guest user with privileges to
write to a character device that is emulated on the host using a virtual
console back-end could use this flaw to crash the qemu-kvm process on the
host or, possibly, escalate their privileges on the host. (CVE-2012-3515)
This flaw did not affect the default use of KVM. Affected configurations
were:
* When guests were started from the command line ("/usr/libexec/qemu-kvm")
without the "-nodefaults" option, and also without specifying a
serial or parallel device, or a virtio-console device, that specifically
does not use a virtual console (vc) back-end. (Note that Red Hat does not
support invoking "qemu-kvm" from the command line without "-nodefaults" on
Red Hat Enterprise Linux 6.)
* Guests that were managed via libvirt, such as when using Virtual Machine
Manager (virt-manager), but that have a serial or parallel device, or a
virtio-console device, that uses a virtual console back-end. By default,
guests managed via libvirt will not use a virtual console back-end
for such devices.
Red Hat would like to thank the Xen project for reporting this issue.
All users of qemu-kvm should upgrade to these updated packages, which
resolve this issue. After installing this update, shut down all running
virtual machines. Once all virtual machines have shut down, start them
again for this update to take effect.
|
RHSA-2012:1235: kvm security update (Important)oval-com.redhat.rhsa-def-20121235 highRHSA-2012:1235 CVE-2012-3515
RHSA-2012:1235: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121235 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1235, CVE-2012-3515 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built
for the standard Red Hat Enterprise Linux kernel.
A flaw was found in the way QEMU handled VT100 terminal escape sequences
when emulating certain character devices. A guest user with privileges to
write to a character device that is emulated on the host using a virtual
console back-end could use this flaw to crash the qemu-kvm process on the
host or, possibly, escalate their privileges on the host. (CVE-2012-3515)
This flaw did not affect the default use of KVM. Affected configurations
were:
* When guests were started from the command line ("/usr/libexec/qemu-kvm"),
and without specifying a serial or parallel device that specifically does
not use a virtual console (vc) back-end. (Note that Red Hat does not
support invoking "qemu-kvm" from the command line on Red Hat Enterprise
Linux 5.)
* Guests that were managed via libvirt, such as when using Virtual Machine
Manager (virt-manager), but that have a serial or parallel device that uses
a virtual console back-end. By default, guests managed via libvirt will not
use a virtual console back-end for such devices.
Red Hat would like to thank the Xen project for reporting this issue.
All KVM users should upgrade to these updated packages, which correct this
issue. Note: The procedure in the Solution section must be performed before
this update will take effect.
|
RHSA-2012:1236: xen security update (Important)oval-com.redhat.rhsa-def-20121236 highRHSA-2012:1236 CVE-2012-3515
RHSA-2012:1236: xen security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121236 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1236, CVE-2012-3515 |
| Description | The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to write to a character device that is emulated on the host using a virtual console back-end could use this flaw to crash the qemu process on the host or, possibly, escalate their privileges on the host. (CVE-2012-3515) This flaw did not affect the default use of the Xen hypervisor implementation in Red Hat Enterprise Linux 5. This problem only affected fully-virtualized guests that have a serial or parallel device that uses a virtual console (vc) back-end. By default, the virtual console back-end is not used for such devices; only guests explicitly configured to use them in this way were affected. Red Hat would like to thank the Xen project for reporting this issue. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all fully-virtualized guests must be restarted for this update to take effect. |
RHSA-2012:1255: libexif security update (Moderate)oval-com.redhat.rhsa-def-20121255 mediumRHSA-2012:1255 CVE-2012-2812 CVE-2012-2813 CVE-2012-2814 CVE-2012-2836 CVE-2012-2837 CVE-2012-2840 CVE-2012-2841
RHSA-2012:1255: libexif security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121255 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1255, CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841 |
| Description | The libexif packages provide an Exchangeable image file format (Exif) library. Exif allows metadata to be added to and read from certain types of image files. Multiple flaws were found in the way libexif processed Exif tags. An attacker could create a specially-crafted image file that, when opened in an application linked against libexif, could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2812, CVE-2012-2813, CVE-2012-2814, CVE-2012-2836, CVE-2012-2837, CVE-2012-2840, CVE-2012-2841) Red Hat would like to thank Dan Fandrich for reporting these issues. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter of CVE-2012-2812, CVE-2012-2813, and CVE-2012-2814; and Yunho Kim as the original reporter of CVE-2012-2836 and CVE-2012-2837. Users of libexif are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libexif must be restarted for the update to take effect. |
RHSA-2012:1256: ghostscript security update (Moderate)oval-com.redhat.rhsa-def-20121256 mediumRHSA-2012:1256 CVE-2012-4405
RHSA-2012:1256: ghostscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121256 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1256, CVE-2012-4405 |
| Description | Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures (the Ghostscript library, which implements the graphics capabilities in the PostScript language) and an interpreter for Portable Document Format (PDF) files. An integer overflow flaw, leading to a heap-based buffer overflow, was found in Ghostscript's International Color Consortium Format library (icclib). An attacker could create a specially-crafted PostScript or PDF file with embedded images that would cause Ghostscript to crash or, potentially, execute arbitrary code with the privileges of the user running Ghostscript. (CVE-2012-4405) Red Hat would like to thank Marc Schönefeld for reporting this issue. Users of Ghostscript are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2012:1258: quagga security update (Moderate)oval-com.redhat.rhsa-def-20121258 mediumRHSA-2012:1258 CVE-2010-1674 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250
RHSA-2012:1258: quagga security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121258 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1258, CVE-2010-1674, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327, CVE-2012-0249, CVE-2012-0250 |
| Description | Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A NULL pointer dereference flaw was found in the way the bgpd daemon processed malformed route Extended Communities attributes. A configured BGP peer could crash bgpd on a target system via a specially-crafted BGP message. (CVE-2010-1674) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249 and CVE-2012-0250. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249 and CVE-2012-0250. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. |
RHSA-2012:1259: quagga security update (Moderate)oval-com.redhat.rhsa-def-20121259 mediumRHSA-2012:1259 CVE-2011-3323 CVE-2011-3324 CVE-2011-3325 CVE-2011-3326 CVE-2011-3327 CVE-2012-0249 CVE-2012-0250 CVE-2012-0255 CVE-2012-1820
RHSA-2012:1259: quagga security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121259 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1259, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, CVE-2011-3326, CVE-2011-3327, CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, CVE-2012-1820 |
| Description | Quagga is a TCP/IP based routing software suite. The Quagga bgpd daemon implements the BGP (Border Gateway Protocol) routing protocol. The Quagga ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First) routing protocol. A heap-based buffer overflow flaw was found in the way the bgpd daemon processed malformed Extended Communities path attributes. An attacker could send a specially-crafted BGP message, causing bgpd on a target system to crash or, possibly, execute arbitrary code with the privileges of the user running bgpd. The UPDATE message would have to arrive from an explicitly configured BGP peer, but could have originated elsewhere in the BGP network. (CVE-2011-3327) A stack-based buffer overflow flaw was found in the way the ospf6d daemon processed malformed Link State Update packets. An OSPF router could use this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323) A flaw was found in the way the ospf6d daemon processed malformed link state advertisements. An OSPF neighbor could use this flaw to crash ospf6d on a target system. (CVE-2011-3324) A flaw was found in the way the ospfd daemon processed malformed Hello packets. An OSPF neighbor could use this flaw to crash ospfd on a target system. (CVE-2011-3325) A flaw was found in the way the ospfd daemon processed malformed link state advertisements. An OSPF router in the autonomous system could use this flaw to crash ospfd on a target system. (CVE-2011-3326) An assertion failure was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to cause ospfd on an adjacent router to abort. (CVE-2012-0249) A buffer overflow flaw was found in the way the ospfd daemon processed certain Link State Update packets. An OSPF router could use this flaw to crash ospfd on an adjacent router. (CVE-2012-0250) Two flaws were found in the way the bgpd daemon processed certain BGP OPEN messages. A configured BGP peer could cause bgpd on a target system to abort via a specially-crafted BGP OPEN message. (CVE-2012-0255, CVE-2012-1820) Red Hat would like to thank CERT-FI for reporting CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters of CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter of CVE-2012-0249, CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original reporter of CVE-2012-1820. Users of quagga should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the bgpd, ospfd, and ospf6d daemons will be restarted automatically. |
RHSA-2012:1261: dbus security update (Moderate)oval-com.redhat.rhsa-def-20121261 mediumRHSA-2012:1261 CVE-2012-3524
RHSA-2012:1261: dbus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121261 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1261, CVE-2012-3524 |
| Description | D-Bus is a system for sending messages between applications. It is used for the system-wide message bus service and as a per-user-login-session messaging facility. It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus). (CVE-2012-3524) Note: With this update, libdbus ignores environment variables when used by setuid or setgid applications. The environment is not ignored when an application gains privileges via file system capabilities; however, no application shipped in Red Hat Enterprise Linux 6 gains privileges via file system capabilities. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. All users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all running instances of dbus-daemon and all running applications using the libdbus library must be restarted, or the system rebooted. |
RHSA-2012:1263: postgresql and postgresql84 security update (Moderate)oval-com.redhat.rhsa-def-20121263 mediumRHSA-2012:1263 CVE-2012-3488 CVE-2012-3489
RHSA-2012:1263: postgresql and postgresql84 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121263 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1263, CVE-2012-3488, CVE-2012-3489 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database's configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query. (CVE-2012-3488) It was found that the "xml" data type allowed local files and remote URLs to be read with the privileges of the database server to resolve DTD and entity references in the provided XML. An unprivileged database user could use this flaw to read local files they would otherwise not have access to by issuing a specially-crafted SQL query. Note that the full contents of the files were not returned, but portions could be displayed to the user via error messages. (CVE-2012-3489) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Peter Eisentraut as the original reporter of CVE-2012-3488, and Noah Misch as the original reporter of CVE-2012-3489. These updated packages upgrade PostgreSQL to version 8.4.13. Refer to the PostgreSQL Release Notes for a list of changes: http://www.postgresql.org/docs/8.4/static/release-8-4-13.html All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2012:1264: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20121264 mediumRHSA-2012:1264 CVE-2012-3488
RHSA-2012:1264: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121264 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1264, CVE-2012-3488 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations (XSLT). An unprivileged database user could use this flaw to read and write to local files (such as the database's configuration files) and remote URLs they would otherwise not have access to by issuing a specially-crafted SQL query. (CVE-2012-3488) Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Peter Eisentraut as the original reporter. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2012:1265: libxslt security update (Important)oval-com.redhat.rhsa-def-20121265 highRHSA-2012:1265 CVE-2011-1202 CVE-2011-3970 CVE-2012-2825 CVE-2012-2870 CVE-2012-2871 CVE-2012-2893
RHSA-2012:1265: libxslt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121265 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1265, CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, CVE-2012-2871, CVE-2012-2893 |
| Description | libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. A heap-based buffer overflow flaw was found in the way libxslt applied templates to nodes selected by certain namespaces. An attacker could use this flaw to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2871) Several denial of service flaws were found in libxslt. An attacker could use these flaws to create a malicious XSL file that, when used by an application linked against libxslt to perform an XSL transformation, could cause the application to crash. (CVE-2012-2825, CVE-2012-2870, CVE-2011-3970) An information leak could occur if an application using libxslt processed an untrusted XPath expression, or used a malicious XSL file to perform an XSL transformation. If combined with other flaws, this leak could possibly help an attacker bypass intended memory corruption protections. (CVE-2011-1202) All libxslt users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libxslt must be restarted for this update to take effect. |
RHSA-2012:1266: bind97 security update (Important)oval-com.redhat.rhsa-def-20121266 highRHSA-2012:1266 CVE-2012-4244
RHSA-2012:1266: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121266 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1266, CVE-2012-4244 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure. (CVE-2012-4244) Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:1267: bind security and bug fix update (Important)oval-com.redhat.rhsa-def-20121267 highRHSA-2012:1267 CVE-2012-4244
RHSA-2012:1267: bind security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121267 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1267, CVE-2012-4244 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure. (CVE-2012-4244) This update also fixes the following bug: * The bind-chroot-admin script, executed when upgrading the bind-chroot package, failed to correctly update the permissions of the /var/named/chroot/etc/named.conf file. Depending on the permissions of the file, this could have prevented named from starting after installing package updates. With this update, bind-chroot-admin correctly updates the permissions and ownership of the file. (BZ#857056) Users of bind are advised to upgrade to these updated packages, which correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:1268: bind security update (Important)oval-com.redhat.rhsa-def-20121268 highRHSA-2012:1268 CVE-2012-4244
RHSA-2012:1268: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121268 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1268, CVE-2012-4244 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled resource records with a large RDATA value. A malicious owner of a DNS domain could use this flaw to create specially-crafted DNS resource records, that would cause a recursive resolver or secondary server to exit unexpectedly with an assertion failure. (CVE-2012-4244) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:1269: qpid security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20121269 mediumRHSA-2012:1269 CVE-2012-2145
RHSA-2012:1269: qpid security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121269 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1269, CVE-2012-2145 |
| Description | Apache Qpid is a reliable, cross-platform, asynchronous messaging system that supports the Advanced Message Queuing Protocol (AMQP) in several common programming languages. It was discovered that the Qpid daemon (qpidd) did not allow the number of connections from clients to be restricted. A malicious client could use this flaw to open an excessive amount of connections, preventing other legitimate clients from establishing a connection to qpidd. (CVE-2012-2145) To address CVE-2012-2145, new qpidd configuration options were introduced: max-negotiate-time defines the time during which initial protocol negotiation must succeed, connection-limit-per-user and connection-limit-per-ip can be used to limit the number of connections per user and client host IP. Refer to the qpidd manual page for additional details. In addition, the qpid-cpp, qpid-qmf, qpid-tools, and python-qpid packages have been upgraded to upstream version 0.14, which provides support for Red Hat Enterprise MRG 2.2, as well as a number of bug fixes and enhancements over the previous version. (BZ#840053, BZ#840055, BZ#840056, BZ#840058) All users of qpid are advised to upgrade to these updated packages, which fix these issues and add these enhancements. |
RHSA-2012:1283: openjpeg security update (Important)oval-com.redhat.rhsa-def-20121283 highRHSA-2012:1283 CVE-2012-3535
RHSA-2012:1283: openjpeg security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121283 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1283, CVE-2012-3535 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. It was found that OpenJPEG failed to sanity-check an image header field before using it. A remote attacker could provide a specially-crafted image file that could cause an application linked against OpenJPEG to crash or, possibly, execute arbitrary code. (CVE-2012-3535) This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. Users of OpenJPEG should upgrade to these updated packages, which contain a patch to correct this issue. All running applications using OpenJPEG must be restarted for the update to take effect. |
RHSA-2012:1284: spice-gtk security update (Moderate)oval-com.redhat.rhsa-def-20121284 mediumRHSA-2012:1284 CVE-2012-4425
RHSA-2012:1284: spice-gtk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121284 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1284, CVE-2012-4425 |
| Description | The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE (Simple Protocol for Independent Computing Environments) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. It was discovered that the spice-gtk setuid helper application, spice-client-glib-usb-acl-helper, did not clear the environment variables read by the libraries it uses. A local attacker could possibly use this flaw to escalate their privileges by setting specific environment variables before running the helper application. (CVE-2012-4425) Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. All users of spice-gtk are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2012:1288: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20121288 mediumRHSA-2012:1288 CVE-2011-3102 CVE-2012-2807
RHSA-2012:1288: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121288 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1288, CVE-2011-3102, CVE-2012-2807 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way libxml2 handled documents that enable entity expansion. A remote attacker could provide a large, specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2807) A one byte buffer overflow was found in the way libxml2 evaluated certain parts of XML Pointer Language (XPointer) expressions. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3102) All users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2012:1304: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121304 mediumRHSA-2012:1304 CVE-2012-2313 CVE-2012-2384 CVE-2012-2390 CVE-2012-3430 CVE-2012-3552
RHSA-2012:1304: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121304 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1304, CVE-2012-2313, CVE-2012-2384, CVE-2012-2390, CVE-2012-3430, CVE-2012-3552 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * An integer overflow flaw was found in the i915_gem_do_execbuffer() function in the Intel i915 driver in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. (CVE-2012-2384, Moderate) * A memory leak flaw was found in the way the Linux kernel's memory subsystem handled resource clean up in the mmap() failure path when the MAP_HUGETLB flag was set. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2390, Moderate) * A race condition was found in the way access to inet->opt ip_options was synchronized in the Linux kernel's TCP/IP protocol suite implementation. Depending on the network facing applications running on the system, a remote attacker could possibly trigger this flaw to cause a denial of service. A local, unprivileged user could use this flaw to cause a denial of service regardless of the applications the system runs. (CVE-2012-3552, Moderate) * A flaw was found in the way the Linux kernel's dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). (CVE-2012-2313, Low) * A flaw was found in the way the msg_namelen variable in the rds_recvmsg() function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation was initialized. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-3430, Low) Red Hat would like to thank Hafid Lin for reporting CVE-2012-3552, and Stephan Mueller for reporting CVE-2012-2313. The CVE-2012-3430 issue was discovered by the Red Hat InfiniBand team. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:1323: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20121323 highRHSA-2012:1323 CVE-2012-2319 CVE-2012-3412 CVE-2012-3430 CVE-2012-3510
RHSA-2012:1323: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121323 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1323, CVE-2012-2319, CVE-2012-3412, CVE-2012-3430, CVE-2012-3510 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux
operating system.
This update fixes the following security issues:
* A flaw was found in the way socket buffers (skb) requiring TSO (TCP
segment offloading) were handled by the sfc driver. If the skb did not fit
within the minimum-size of the transmission queue, the network card could
repeatedly reset itself. A remote attacker could use this flaw to cause a
denial of service. (CVE-2012-3412, Important)
* A use-after-free flaw was found in the xacct_add_tsk() function in the
Linux kernel's taskstats subsystem. A local, unprivileged user could use
this flaw to cause an information leak or a denial of service.
(CVE-2012-3510, Moderate)
* A buffer overflow flaw was found in the hfs_bnode_read() function in the
HFS Plus (HFS+) file system implementation in the Linux kernel. A local
user able to mount a specially-crafted HFS+ file system image could use
this flaw to cause a denial of service or escalate their privileges.
(CVE-2012-2319, Low)
* A flaw was found in the way the msg_namelen variable in the rds_recvmsg()
function of the Linux kernel's Reliable Datagram Sockets (RDS) protocol
implementation was initialized. A local, unprivileged user could use this
flaw to leak kernel stack memory to user-space. (CVE-2012-3430, Low)
Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting
CVE-2012-3412, and Alexander Peslyak for reporting CVE-2012-3510. The
CVE-2012-3430 issue was discovered by the Red Hat InfiniBand team.
This update also fixes the following bugs:
* The cpuid_whitelist() function, masking the Enhanced Intel SpeedStep
(EST) flag from all guests, prevented the "cpuspeed" service from working
in the privileged Xen domain (dom0). CPU scaling was therefore not
possible. With this update, cpuid_whitelist() is aware whether the domain
executing CPUID is privileged or not, and enables the EST flag for dom0.
(BZ#846125)
* If a delayed-allocation write was performed before quota was enabled,
the kernel displayed the following warning message:
WARNING: at fs/quota/dquot.c:988 dquot_claim_space+0x77/0x112()
This was because information about the delayed allocation was not recorded
in the quota structure. With this update, writes prior to enabling quota
are properly accounted for, and the message is not displayed. (BZ#847326)
* In Red Hat Enterprise Linux 5.9, the DSCP (Differentiated Services Code
Point) netfilter module now supports mangling of the DSCP field.
(BZ#847327)
* Some subsystems clear the TIF_SIGPENDING flag during error handling in
fork() paths. Previously, if the flag was cleared, the ERESTARTNOINTR error
code could be returned. The underlying source code has been modified so
that the error code is no longer returned. (BZ#847359)
* An unnecessary check for the RXCW.CW bit could cause the Intel e1000e NIC
(Network Interface Controller) to not work properly. The check has been
removed so that the Intel e1000e NIC works as expected. (BZ#852448)
Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The system must be rebooted for this
update to take effect.
|
RHSA-2012:1326: freeradius security update (Moderate)oval-com.redhat.rhsa-def-20121326 mediumRHSA-2012:1326 CVE-2012-3547
RHSA-2012:1326: freeradius security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121326 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1326, CVE-2012-3547 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. |
RHSA-2012:1327: freeradius2 security update (Moderate)oval-com.redhat.rhsa-def-20121327 mediumRHSA-2012:1327 CVE-2012-3547
RHSA-2012:1327: freeradius2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121327 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1327, CVE-2012-3547 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. A buffer overflow flaw was discovered in the way radiusd handled the expiration date field in X.509 client certificates. A remote attacker could possibly use this flaw to crash radiusd if it were configured to use the certificate or TLS tunnelled authentication methods (such as EAP-TLS, EAP-TTLS, and PEAP). (CVE-2012-3547) Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue. Users of FreeRADIUS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, radiusd will be restarted automatically. |
RHSA-2012:1350: firefox security and bug fix update (Critical)oval-com.redhat.rhsa-def-20121350 highRHSA-2012:1350 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188
RHSA-2012:1350: firefox security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121350 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1350, CVE-2012-1956, CVE-2012-3982, CVE-2012-3986, CVE-2012-3988, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4184, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188) Two flaws in Firefox could allow a malicious website to bypass intended restrictions, possibly leading to information disclosure, or Firefox executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution. (CVE-2012-3986, CVE-2012-3991) Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992, CVE-2012-3994) Two flaws were found in the way Chrome Object Wrappers were implemented. Malicious content could be used to perform cross-site scripting attacks or cause Firefox to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.8 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili, miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White, moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these issues. This update also fixes the following bug: * In certain environments, storing personal Firefox configuration files (~/.mozilla/) on an NFS share, such as when your home directory is on a NFS share, led to Firefox functioning incorrectly, for example, navigation buttons not working as expected, and bookmarks not saving. This update adds a new configuration option, storage.nfs_filesystem, that can be used to resolve this issue. If you experience this issue: 1) Start Firefox. 2) Type "about:config" (without quotes) into the URL bar and press the Enter key. 3) If prompted with "This might void your warranty!", click the "I'll be careful, I promise!" button. 4) Right-click in the Preference Name list. In the menu that opens, select New -> Boolean. 5) Type "storage.nfs_filesystem" (without quotes) for the preference name and then click the OK button. 6) Select "true" for the boolean value and then press the OK button. (BZ#809571, BZ#816234) All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.8 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:1351: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20121351 highRHSA-2012:1351 CVE-2012-1956 CVE-2012-3982 CVE-2012-3986 CVE-2012-3988 CVE-2012-3990 CVE-2012-3991 CVE-2012-3992 CVE-2012-3993 CVE-2012-3994 CVE-2012-3995 CVE-2012-4179 CVE-2012-4180 CVE-2012-4181 CVE-2012-4182 CVE-2012-4183 CVE-2012-4184 CVE-2012-4185 CVE-2012-4186 CVE-2012-4187 CVE-2012-4188
RHSA-2012:1351: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121351 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1351, CVE-2012-1956, CVE-2012-3982, CVE-2012-3986, CVE-2012-3988, CVE-2012-3990, CVE-2012-3991, CVE-2012-3992, CVE-2012-3993, CVE-2012-3994, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4184, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-3982, CVE-2012-3988, CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183, CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188) Two flaws in Thunderbird could allow malicious content to bypass intended restrictions, possibly leading to information disclosure, or Thunderbird executing arbitrary code. Note that the information disclosure issue could possibly be combined with other flaws to achieve arbitrary code execution. (CVE-2012-3986, CVE-2012-3991) Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, script injection, or spoofing attacks. (CVE-2012-1956, CVE-2012-3992, CVE-2012-3994) Two flaws were found in the way Chrome Object Wrappers were implemented. Malicious content could be used to perform cross-site scripting attacks or cause Thunderbird to execute arbitrary code. (CVE-2012-3993, CVE-2012-4184) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jesse Ruderman, Soroush Dalili, miaubiz, Abhishek Arya, Atte Kettunen, Johnny Stenback, Alice White, moz_bug_r_a4, and Mariusz Mlynski as the original reporters of these issues. Note: None of the issues in this advisory can be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.8 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:1359: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121359 mediumRHSA-2012:1359 CVE-2012-4423
RHSA-2012:1359: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121359 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1359, CVE-2012-4423 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd's RPC call handling. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd by sending an RPC message that has an event as the RPC number, or an RPC number that falls into a gap in the RPC dispatch table. (CVE-2012-4423) This issue was discovered by Wenlong Huang of the Red Hat Virtualization QE Team. This update also fixes the following bugs: * When the host_uuid option was present in the libvirtd.conf file, the augeas libvirt lens was unable to parse the file. This bug has been fixed and the augeas libvirt lens now parses libvirtd.conf as expected in the described scenario. (BZ#858988) * Disk hot plug is a two-part action: the qemuMonitorAddDrive() call is followed by the qemuMonitorAddDevice() call. When the first part succeeded but the second one failed, libvirt failed to roll back the first part and the device remained in use even though the disk hot plug failed. With this update, the rollback for the drive addition is properly performed in the described scenario and disk hot plug now works as expected. (BZ#859376) * When a virtual machine was started with an image chain using block devices and a block rebase operation was issued, the operation failed on completion in the blockJobAbort() function. This update relabels and configures cgroups for the backing files and the rebase operation now succeeds. (BZ#860720) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2012:1361: xulrunner security update (Critical)oval-com.redhat.rhsa-def-20121361 highRHSA-2012:1361 CVE-2012-4193
RHSA-2012:1361: xulrunner security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121361 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1361, CVE-2012-4193 |
| Description | XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled security wrappers. A web page containing malicious content could possibly cause an application linked against XULRunner (such as Mozilla Firefox) to execute arbitrary code with the privileges of the user running the application. (CVE-2012-4193) For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. |
RHSA-2012:1362: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20121362 highRHSA-2012:1362 CVE-2012-4193
RHSA-2012:1362: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121362 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1362, CVE-2012-4193 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled security wrappers. Malicious content could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4193) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter. Note: This issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:1363: bind security update (Important)oval-com.redhat.rhsa-def-20121363 highRHSA-2012:1363 CVE-2012-5166
RHSA-2012:1363: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121363 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1363, CVE-2012-5166 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. (CVE-2012-5166) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:1364: bind97 security update (Important)oval-com.redhat.rhsa-def-20121364 highRHSA-2012:1364 CVE-2012-5166
RHSA-2012:1364: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121364 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1364, CVE-2012-5166 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled certain combinations of resource records. A remote attacker could use this flaw to cause a recursive resolver, or an authoritative server in certain configurations, to lockup. (CVE-2012-5166) Users of bind97 are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:1366: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20121366 highRHSA-2012:1366 CVE-2012-3412
RHSA-2012:1366: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121366 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1366, CVE-2012-3412 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way socket buffers (skb) requiring TSO (TCP segment offloading) were handled by the sfc driver. If the skb did not fit within the minimum-size of the transmission queue, the network card could repeatedly reset itself. A remote attacker could use this flaw to cause a denial of service. (CVE-2012-3412, Important) Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:1384: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20121384 highRHSA-2012:1384 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089
RHSA-2012:1384: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121384 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1384, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416) It was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077) It was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. (CVE-2012-3216) This update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.5. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:1385: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20121385 highRHSA-2012:1385 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5075 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5089
RHSA-2012:1385: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121385 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1385, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5089 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5084, CVE-2012-5089) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416) It was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077) It was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. (CVE-2012-3216) This update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085) This erratum also upgrades the OpenJDK package to IcedTea6 1.10.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:1386: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20121386 highRHSA-2012:1386 CVE-2012-3216 CVE-2012-4416 CVE-2012-5068 CVE-2012-5069 CVE-2012-5070 CVE-2012-5071 CVE-2012-5072 CVE-2012-5073 CVE-2012-5074 CVE-2012-5075 CVE-2012-5076 CVE-2012-5077 CVE-2012-5079 CVE-2012-5081 CVE-2012-5084 CVE-2012-5085 CVE-2012-5086 CVE-2012-5087 CVE-2012-5088 CVE-2012-5089
RHSA-2012:1386: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121386 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1386, CVE-2012-3216, CVE-2012-4416, CVE-2012-5068, CVE-2012-5069, CVE-2012-5070, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5074, CVE-2012-5075, CVE-2012-5076, CVE-2012-5077, CVE-2012-5079, CVE-2012-5081, CVE-2012-5084, CVE-2012-5085, CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5089 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the Beans, Libraries, Swing, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-5086, CVE-2012-5087, CVE-2012-5088, CVE-2012-5084, CVE-2012-5089) The default Java security properties configuration did not restrict access to certain com.sun.org.glassfish packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. This update lists those packages as restricted. (CVE-2012-5076, CVE-2012-5074) Multiple improper permission check issues were discovered in the Scripting, JMX, Concurrency, Libraries, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2012-5068, CVE-2012-5071, CVE-2012-5069, CVE-2012-5073, CVE-2012-5072) It was discovered that java.util.ServiceLoader could create an instance of an incompatible class while performing provider lookup. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2012-5079) It was discovered that the Java Secure Socket Extension (JSSE) SSL/TLS implementation did not properly handle handshake records containing an overly large data length value. An unauthenticated, remote attacker could possibly use this flaw to cause an SSL/TLS server to terminate with an exception. (CVE-2012-5081) It was discovered that the JMX component in OpenJDK could perform certain actions in an insecure manner. An untrusted Java application or applet could possibly use these flaws to disclose sensitive information. (CVE-2012-5070, CVE-2012-5075) A bug in the Java HotSpot Virtual Machine optimization code could cause it to not perform array initialization in certain cases. An untrusted Java application or applet could use this flaw to disclose portions of the virtual machine's memory. (CVE-2012-4416) It was discovered that the SecureRandom class did not properly protect against the creation of multiple seeders. An untrusted Java application or applet could possibly use this flaw to disclose sensitive information. (CVE-2012-5077) It was discovered that the java.io.FilePermission class exposed the hash code of the canonicalized path name. An untrusted Java application or applet could possibly use this flaw to determine certain system paths, such as the current working directory. (CVE-2012-3216) This update disables Gopher protocol support in the java.net package by default. Gopher support can be enabled by setting the newly introduced property, "jdk.net.registerGopherProtocol", to true. (CVE-2012-5085) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.3. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2012:1407: firefox security update (Critical)oval-com.redhat.rhsa-def-20121407 highRHSA-2012:1407 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196
RHSA-2012:1407: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121407 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1407, CVE-2012-4194, CVE-2012-4195, CVE-2012-4196 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple flaws were found in the location object implementation in Firefox. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Firefox to execute arbitrary code. (CVE-2012-4194, CVE-2012-4195, CVE-2012-4196) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.10 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mariusz Mlynski, moz_bug_r_a4, and Antoine Delignat-Lavaud as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.10 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:1413: thunderbird security update (Important)oval-com.redhat.rhsa-def-20121413 highRHSA-2012:1413 CVE-2012-4194 CVE-2012-4195 CVE-2012-4196
RHSA-2012:1413: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121413 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1413, CVE-2012-4194, CVE-2012-4195, CVE-2012-4196 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Multiple flaws were found in the location object implementation in Thunderbird. Malicious content could be used to perform cross-site scripting attacks, bypass the same-origin policy, or cause Thunderbird to execute arbitrary code. (CVE-2012-4194, CVE-2012-4195, CVE-2012-4196) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mariusz Mlynski, moz_bug_r_a4, and Antoine Delignat-Lavaud as the original reporters of these issues. Note: None of the issues in this advisory can be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.10 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:1416: kdelibs security update (Critical)oval-com.redhat.rhsa-def-20121416 highRHSA-2012:1416 CVE-2012-4512 CVE-2012-4513
RHSA-2012:1416: kdelibs security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121416 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1416, CVE-2012-4512, CVE-2012-4513 |
| Description | The kdelibs packages provide libraries for the K Desktop Environment (KDE). Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS (Cascading Style Sheets) parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs (such as Konqueror) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4512) A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory. (CVE-2012-4513) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2012:1426: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20121426 mediumRHSA-2012:1426 CVE-2012-1568 CVE-2012-2133 CVE-2012-3400 CVE-2012-3511
RHSA-2012:1426: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121426 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1426, CVE-2012-1568, CVE-2012-2133, CVE-2012-3400, CVE-2012-3511 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the Linux kernel's memory management subsystem in the way quota handling for huge pages was performed. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-2133, Moderate) * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2012-1568, Low) * Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2012-3400, Low) Red Hat would like to thank Shachar Raindel for reporting CVE-2012-2133. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:1434: icedtea-web security update (Critical)oval-com.redhat.rhsa-def-20121434 highRHSA-2012:1434 CVE-2012-4540
RHSA-2012:1434: icedtea-web security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121434 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1434, CVE-2012-4540 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A buffer overflow flaw was found in the IcedTea-Web plug-in. Visiting a malicious web page could cause a web browser using the IcedTea-Web plug-in to crash or, possibly, execute arbitrary code. (CVE-2012-4540) Red Hat would like to thank Arthur Gerkis for reporting this issue. This erratum also upgrades IcedTea-Web to version 1.2.2. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect. |
RHSA-2012:1445: kernel security and bug fix update (Low)oval-com.redhat.rhsa-def-20121445 lowRHSA-2012:1445 CVE-2012-2100
RHSA-2012:1445: kernel security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20121445 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:1445, CVE-2012-2100 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the RHSA-2010:0178 update did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct this issue, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:1455: gegl security update (Moderate)oval-com.redhat.rhsa-def-20121455 mediumRHSA-2012:1455 CVE-2012-4433
RHSA-2012:1455: gegl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121455 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1455, CVE-2012-4433 |
| Description | GEGL (Generic Graphics Library) is a graph-based image processing framework. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the gegl utility processed .ppm (Portable Pixel Map) image files. An attacker could create a specially-crafted .ppm file that, when opened in gegl, would cause gegl to crash or, potentially, execute arbitrary code. (CVE-2012-4433) This issue was discovered by Murray McAllister of the Red Hat Security Response Team. Users of gegl should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2012:1459: nspluginwrapper security and bug fix update (Low)oval-com.redhat.rhsa-def-20121459 lowRHSA-2012:1459 CVE-2011-2486
RHSA-2012:1459: nspluginwrapper security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20121459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2012:1459, CVE-2011-2486 |
| Description | nspluginwrapper is a utility which allows 32-bit plug-ins to run in a 64-bit browser environment (a common example is Adobe's browser plug-in for presenting proprietary Flash files embedded in web pages). It includes the plug-in viewer and a tool for managing plug-in installations and updates. It was not possible for plug-ins wrapped by nspluginwrapper to discover whether the browser was running in Private Browsing mode. This flaw could lead to plug-ins wrapped by nspluginwrapper using normal mode while they were expected to run in Private Browsing mode. (CVE-2011-2486) This update also fixes the following bug: * When using the Adobe Reader web browser plug-in provided by the acroread-plugin package on a 64-bit system, opening Portable Document Format (PDF) files in Firefox could cause the plug-in to crash and a black window to be displayed where the PDF should be. Firefox had to be restarted to resolve the issue. This update implements a workaround in nspluginwrapper to automatically handle the plug-in crash, so that users no longer have to keep restarting Firefox. (BZ#869554) All users of nspluginwrapper are advised to upgrade to these updated packages, which upgrade nspluginwrapper to upstream version 1.4.4, and correct these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:1461: libproxy security update (Moderate)oval-com.redhat.rhsa-def-20121461 mediumRHSA-2012:1461 CVE-2012-4505
RHSA-2012:1461: libproxy security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121461 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1461, CVE-2012-4505 |
| Description | libproxy is a library that handles all the details of proxy configuration. A buffer overflow flaw was found in the way libproxy handled the downloading of proxy auto-configuration (PAC) files. A malicious server hosting a PAC file or a man-in-the-middle attacker could use this flaw to cause an application using libproxy to crash or, possibly, execute arbitrary code, if the proxy settings obtained by libproxy (from the environment or the desktop environment settings) instructed the use of a PAC proxy configuration. (CVE-2012-4505) This issue was discovered by the Red Hat Security Response Team. Users of libproxy should upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using libproxy must be restarted for this update to take effect. |
RHSA-2012:1462: mysql security update (Important)oval-com.redhat.rhsa-def-20121462 highRHSA-2012:1462 CVE-2012-0540 CVE-2012-1688 CVE-2012-1689 CVE-2012-1690 CVE-2012-1703 CVE-2012-1734 CVE-2012-2122 CVE-2012-2749 CVE-2012-3150 CVE-2012-3158 CVE-2012-3160 CVE-2012-3163 CVE-2012-3166 CVE-2012-3167 CVE-2012-3173 CVE-2012-3177 CVE-2012-3180 CVE-2012-3197
RHSA-2012:1462: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121462 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1462, CVE-2012-0540, CVE-2012-1688, CVE-2012-1689, CVE-2012-1690, CVE-2012-1703, CVE-2012-1734, CVE-2012-2122, CVE-2012-2749, CVE-2012-3150, CVE-2012-3158, CVE-2012-3160, CVE-2012-3163, CVE-2012-3166, CVE-2012-3167, CVE-2012-3173, CVE-2012-3177, CVE-2012-3180, CVE-2012-3197 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2012-1688, CVE-2012-1690, CVE-2012-1703, CVE-2012-2749, CVE-2012-0540, CVE-2012-1689, CVE-2012-1734, CVE-2012-3163, CVE-2012-3158, CVE-2012-3177, CVE-2012-3166, CVE-2012-3173, CVE-2012-3150, CVE-2012-3180, CVE-2012-3167, CVE-2012-3197, CVE-2012-3160) These updated packages upgrade MySQL to version 5.1.66. Refer to the MySQL release notes listed in the References section for a full list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2012:1482: firefox security update (Critical)oval-com.redhat.rhsa-def-20121482 highRHSA-2012:1482 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4210 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842
RHSA-2012:1482: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121482 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1482, CVE-2012-4201, CVE-2012-4202, CVE-2012-4207, CVE-2012-4209, CVE-2012-4210, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Firefox handled GIF (Graphics Interchange Format) images. A web page containing a malicious GIF image could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-4202) A flaw was found in the way the Style Inspector tool in Firefox handled certain Cascading Style Sheets (CSS). Running the tool (Tools -> Web Developer -> Inspect) on malicious CSS could result in the execution of HTML and CSS content with chrome privileges. (CVE-2012-4210) A flaw was found in the way Firefox decoded the HZ-GB-2312 character encoding. A web page containing malicious content could cause Firefox to run JavaScript code with the permissions of a different website. (CVE-2012-4207) A flaw was found in the location object implementation in Firefox. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Firefox. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.11 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Mariusz Mlynski, Masato Kinugawa, Bobby Holley, and moz_bug_r_a4 as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.11 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2012:1483: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20121483 highRHSA-2012:1483 CVE-2012-4201 CVE-2012-4202 CVE-2012-4207 CVE-2012-4209 CVE-2012-4214 CVE-2012-4215 CVE-2012-4216 CVE-2012-5829 CVE-2012-5830 CVE-2012-5833 CVE-2012-5835 CVE-2012-5839 CVE-2012-5840 CVE-2012-5841 CVE-2012-5842
RHSA-2012:1483: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20121483 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1483, CVE-2012-4201, CVE-2012-4202, CVE-2012-4207, CVE-2012-4209, CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5841, CVE-2012-5842 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5839, CVE-2012-5840, CVE-2012-5842) A buffer overflow flaw was found in the way Thunderbird handled GIF (Graphics Interchange Format) images. Content containing a malicious GIF image could cause Thunderbird to crash or, possibly, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2012-4202) A flaw was found in the way Thunderbird decoded the HZ-GB-2312 character encoding. Malicious content could cause Thunderbird to run JavaScript code with the permissions of different content. (CVE-2012-4207) A flaw was found in the location object implementation in Thunderbird. Malicious content could possibly use this flaw to allow restricted content to be loaded by plug-ins. (CVE-2012-4209) A flaw was found in the way cross-origin wrappers were implemented. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-5841) A flaw was found in the evalInSandbox implementation in Thunderbird. Malicious content could use this flaw to perform cross-site scripting attacks. (CVE-2012-4201) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, miaubiz, Jesse Ruderman, Andrew McCreight, Bob Clary, Kyle Huey, Atte Kettunen, Masato Kinugawa, Mariusz Mlynski, Bobby Holley, and moz_bug_r_a4 as the original reporters of these issues. Note: All issues except CVE-2012-4202 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.11 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2012:1512: libxml2 security update (Important)oval-com.redhat.rhsa-def-20121512 highRHSA-2012:1512 CVE-2012-5134
RHSA-2012:1512: libxml2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1512, CVE-2012-5134 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2012:1540: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20121540 highRHSA-2012:1540 CVE-2012-2372 CVE-2012-3552 CVE-2012-4508 CVE-2012-4535 CVE-2012-4537 CVE-2012-5513
RHSA-2012:1540: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121540 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1540, CVE-2012-2372, CVE-2012-3552, CVE-2012-4508, CVE-2012-4535, CVE-2012-4537, CVE-2012-5513 |
| Description | These packages contain the Linux kernel. Security fixes: * A race condition in the way asynchronous I/O and fallocate() interacted when using ext4 could allow a local, unprivileged user to obtain random data from a deleted file. (CVE-2012-4508, Important) * A flaw in the way the Xen hypervisor implementation range checked guest provided addresses in the XENMEM_exchange hypercall could allow a malicious, para-virtualized guest administrator to crash the hypervisor or, potentially, escalate their privileges, allowing them to execute arbitrary code at the hypervisor level. (CVE-2012-5513, Important) * A flaw in the Reliable Datagram Sockets (RDS) protocol implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition in the way access to inet->opt ip_options was synchronized in the Linux kernel's TCP/IP protocol suite implementation. Depending on the network facing applications running on the system, a remote attacker could possibly trigger this flaw to cause a denial of service. A local, unprivileged user could use this flaw to cause a denial of service regardless of the applications the system runs. (CVE-2012-3552, Moderate) * The Xen hypervisor implementation did not properly restrict the period values used to initialize per VCPU periodic timers. A privileged guest user could cause an infinite loop on the physical CPU. If the watchdog were enabled, it would detect said loop and panic the host system. (CVE-2012-4535, Moderate) * A flaw in the way the Xen hypervisor implementation handled set_p2m_entry() error conditions could allow a privileged, fully-virtualized guest user to crash the hypervisor. (CVE-2012-4537, Moderate) Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508; the Xen project for reporting CVE-2012-5513, CVE-2012-4535, and CVE-2012-4537; and Hafid Lin for reporting CVE-2012-3552. Upstream acknowledges Dmitry Monakhov as the original reporter of CVE-2012-4508. CVE-2012-2372 was discovered by Li Honggang of Red Hat. Bug fixes: * Previously, the interrupt handlers of the qla2xxx driver could clear pending interrupts right after the IRQ lines were attached during system start-up. Consequently, the kernel could miss the interrupt that reported completion of the link initialization, and the qla2xxx driver then failed to detect all attached LUNs. With this update, the qla2xxx driver has been modified to no longer clear interrupt bits after attaching the IRQ lines. The driver now correctly detects all attached LUNs as expected. (BZ#870118) * The Ethernet channel bonding driver reported the MII (Media Independent Interface) status of the bond interface in 802.3ad mode as being up even though the MII status of all of the slave devices was down. This could pose a problem if the MII status of the bond interface was used to determine if failover should occur. With this update, the agg_device_up() function has been added to the bonding driver, which allows the driver to report the link status of the bond interface correctly, that is, down when all of its slaves are down, in the 802.3ad mode. (BZ#877943) Enhancements: * This update backports several changes from the latest upstream version of the bnx2x driver. The most important change, the remote-fault link detection feature, allows the driver to periodically scan the physical link layer for remote faults. If the physical link appears to be up and a fault is detected, the driver indicates that the link is down. When the fault is cleared, the driver indicates that the link is up again. (BZ#870120) * The INET socket interface has been modified to send a warning message when the ip_options structure is allocated directly by a third-party module using the kmalloc() function. (BZ#874973) Users should upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2012:1549: bind security update (Important)oval-com.redhat.rhsa-def-20121549 highRHSA-2012:1549 CVE-2012-5688
RHSA-2012:1549: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121549 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1549, CVE-2012-5688 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv4 systems through a NAT64 server. A flaw was found in the DNS64 implementation in BIND. If a remote attacker sent a specially-crafted query to a named server, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default. (CVE-2012-5688) Users of bind are advised to upgrade to these updated packages, which correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2012:1551: mysql security update (Important)oval-com.redhat.rhsa-def-20121551 highRHSA-2012:1551 CVE-2012-5611
RHSA-2012:1551: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20121551 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2012:1551, CVE-2012-5611 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) All MySQL users should upgrade to these updated packages, which correct this issue. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2012:1580: kernel security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20121580 mediumRHSA-2012:1580 CVE-2012-2100 CVE-2012-2375 CVE-2012-4444 CVE-2012-4565 CVE-2012-5517
RHSA-2012:1580: kernel security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1580, CVE-2012-2100, CVE-2012-2375, CVE-2012-4444, CVE-2012-4565, CVE-2012-5517 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the RHSA-2012:0862 update did not correctly fix the CVE-2011-4131 issue. A malicious Network File System version 4 (NFSv4) server could return a crafted reply to a GETACL request, causing a denial of service on the client. (CVE-2012-2375, Moderate) * A divide-by-zero flaw was found in the TCP Illinois congestion control algorithm implementation in the Linux kernel. If the TCP Illinois congestion control algorithm were in use (the sysctl net.ipv4.tcp_congestion_control variable set to "illinois"), a local, unprivileged user could trigger this flaw and cause a denial of service. (CVE-2012-4565, Moderate) * A NULL pointer dereference flaw was found in the way a new node's hot added memory was propagated to other nodes' zonelists. By utilizing this newly added memory from one of the remaining nodes, a local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-5517, Moderate) * It was found that the initial release of Red Hat Enterprise Linux 6 did not correctly fix the CVE-2009-4307 issue, a divide-by-zero flaw in the ext4 file system code. A local, unprivileged user with the ability to mount an ext4 file system could use this flaw to cause a denial of service. (CVE-2012-2100, Low) * A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low) Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting CVE-2012-4444. The CVE-2012-2375 issue was discovered by Jian Li of Red Hat, and CVE-2012-4565 was discovered by Rodrigo Freire of Red Hat. This update also fixes numerous bugs and adds one enhancement. Space precludes documenting all of these changes in this advisory. Documentation for these changes will be available shortly from the Red Hat Enterprise Linux 6.3 Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, fix these bugs and add the enhancement noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2012:1590: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20121590 mediumRHSA-2012:1590 CVE-2012-3401 CVE-2012-4447 CVE-2012-4564 CVE-2012-5581
RHSA-2012:1590: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20121590 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2012:1590, CVE-2012-3401, CVE-2012-4447, CVE-2012-4564, CVE-2012-5581 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw was found in the way libtiff processed certain TIFF images using the Pixar Log Format encoding. An attacker could create a specially-crafted TIFF file that, when opened, could cause an application using libtiff to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4447) A stack-based buffer overflow flaw was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. (CVE-2012-5581) A heap-based buffer overflow flaw was found in the tiff2pdf tool. An attacker could use this flaw to create a specially-crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2012-3401) A missing return value check flaw, leading to a heap-based buffer overflow, was found in the ppm2tiff tool. An attacker could use this flaw to create a specially-crafted PPM (Portable Pixel Map) file that would cause ppm2tiff to crash or, possibly, execute arbitrary code. (CVE-2012-4564) The CVE-2012-5581, CVE-2012-3401, and CVE-2012-4564 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. All libtiff users should upgrade to these updated packages, which contain backported patches to resolve these issues. All running applications linked against libtiff must be restarted for this update to take effect. |
RHSA-2013:0120: quota security and bug fix update (Low)oval-com.redhat.rhsa-def-20130120 lowRHSA-2013:0120 CVE-2012-3417
RHSA-2013:0120: quota security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130120 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0120, CVE-2012-3417 |
| Description | The quota package provides system administration tools for monitoring and limiting user and group disk usage on file systems. It was discovered that the rpc.rquotad service did not use tcp_wrappers correctly. Certain hosts access rules defined in "/etc/hosts.allow" and "/etc/hosts.deny" may not have been honored, possibly allowing remote attackers to bypass intended access restrictions. (CVE-2012-3417) This issue was discovered by the Red Hat Security Response Team. This update also fixes the following bugs: * Prior to this update, values were not properly transported via the remote procedure call (RPC) and interpreted by the client when querying the quota usage or limits for network-mounted file systems if the quota values were 2^32 kilobytes or greater. As a consequence, the client reported mangled values. This update modifies the underlying code so that such values are correctly interpreted by the client. (BZ#667360) * Prior to this update, warnquota sent messages about exceeded quota limits from a valid domain name if the warnquota tool was enabled to send warning e-mails and the superuser did not change the default warnquota configuration. As a consequence, the recipient could reply to invalid addresses. This update modifies the default warnquota configuration to use the reserved example.com. domain. Now, warnings about exceeded quota limits are sent from the reserved domain that inform the superuser to change to the correct value. (BZ#680429) * Previously, quota utilities could not recognize the file system as having quotas enabled and refused to operate on it due to incorrect updating of /etc/mtab. This update prefers /proc/mounts to get a list of file systems with enabled quotas. Now, quota utilities recognize file systems with enabled quotas as expected. (BZ#689822) * Prior to this update, the setquota(8) tool on XFS file systems failed to set disk limits to values greater than 2^31 kilobytes. This update modifies the integer conversion in the setquota(8) tool to use a 64-bit variable big enough to store such values. (BZ#831520) All users of quota are advised to upgrade to this updated package, which contains backported patches to resolve these issues. |
RHSA-2013:0121: mysql security and bug fix update (Low)oval-com.redhat.rhsa-def-20130121 lowRHSA-2013:0121 CVE-2012-4452
RHSA-2013:0121: mysql security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130121 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0121, CVE-2012-4452 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. It was found that the fix for the CVE-2009-4030 issue, a flaw in the way MySQL checked the paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives when the "datadir" option was configured with a relative path, was incorrectly removed when the mysql packages in Red Hat Enterprise Linux 5 were updated to version 5.0.95 via RHSA-2012:0127. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. This update re-applies the fix for CVE-2009-4030. (CVE-2012-4452) Note: If the use of the DATA DIRECTORY and INDEX DIRECTORY directives were disabled as described in RHSA-2010:0109 (by adding "symbolic-links=0" to the "[mysqld]" section of the "my.cnf" configuration file), users were not vulnerable to this issue. This issue was discovered by Karel Volný of the Red Hat Quality Engineering team. This update also fixes the following bugs: * Prior to this update, the log file path in the logrotate script did not behave as expected. As a consequence, the logrotate function failed to rotate the "/var/log/mysqld.log" file. This update modifies the logrotate script to allow rotating the mysqld.log file. (BZ#647223) * Prior to this update, the mysqld daemon could fail when using the EXPLAIN flag in prepared statement mode. This update modifies the underlying code to handle the EXPLAIN flag as expected. (BZ#654000) * Prior to this update, the mysqld init script could wrongly report that mysql server startup failed when the server was actually started. This update modifies the init script to report the status of the mysqld server as expected. (BZ#703476) * Prior to this update, the "--enable-profiling" option was by default disabled. This update enables the profiling feature. (BZ#806365) All MySQL users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2013:0122: tcl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130122 mediumRHSA-2013:0122 CVE-2007-4772 CVE-2007-6067
RHSA-2013:0122: tcl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130122 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0122, CVE-2007-4772, CVE-2007-6067 |
| Description | Tcl (Tool Command Language) provides a powerful platform for creating integration applications that tie together diverse applications, protocols, devices, and frameworks. When paired with the Tk toolkit, Tcl provides a fast and powerful way to create cross-platform GUI applications. Two denial of service flaws were found in the Tcl regular expression handling engine. If Tcl or an application using Tcl processed a specially-crafted regular expression, it would lead to excessive CPU and memory consumption. (CVE-2007-4772, CVE-2007-6067) This update also fixes the following bug: * Due to a suboptimal implementation of threading in the current version of the Tcl language interpreter, an attempt to use threads in combination with fork in a Tcl script could cause the script to stop responding. At the moment, it is not possible to rewrite the source code or drop support for threading entirely. Consequent to this, this update provides a version of Tcl without threading support in addition to the standard version with this support. Users who need to use fork in their Tcl scripts and do not require threading can now switch to the version without threading support by using the alternatives command. (BZ#478961) All users of Tcl are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:0123: OpenIPMI security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20130123 lowRHSA-2013:0123 CVE-2011-4339
RHSA-2013:0123: OpenIPMI security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130123 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0123, CVE-2011-4339 |
| Description | The OpenIPMI packages provide command line tools and utilities to access platform information using Intelligent Platform Management Interface (IPMI). System administrators can use OpenIPMI to manage systems and to perform system health monitoring. It was discovered that the IPMI event daemon (ipmievd) created its process ID (PID) file with world-writable permissions. A local user could use this flaw to make the ipmievd init script kill an arbitrary process when the ipmievd daemon is stopped or restarted. (CVE-2011-4339) Note: This issue did not affect the default configuration of OpenIPMI as shipped with Red Hat Enterprise Linux 5. This update also fixes the following bugs: * Prior to this update, the ipmitool utility first checked the IPMI hardware for Dell IPMI extensions and listed only supported commands when printing command usage like the option "ipmtool delloem help". On a non-Dell platform, the usage text was incomplete and misleading. This update lists all Dell OEM extensions in usage texts on all platforms, which allows users to check for command line arguments on non-Dell hardware. (BZ#658762) * Prior to this update, the ipmitool utility tried to retrieve the Sensor Data Records (SDR) from the IPMI bus instead of the Baseboard Management Controller (BMC) bus when IPMI-enabled devices reported SDR under a different owner than the BMC. As a consequence, the timeout setting for the SDR read attempt could significantly decrease the performance and no sensor data was shown. This update modifies ipmitool to read these SDR records from the BMC and shows the correct sensor data on these platforms. (BZ#671059, BZ#749796) * Prior to this update, the exit code of the "ipmitool -o list" option was not set correctly. As a consequence, "ipmitool -o list" always returned the value 1 instead of the expected value 0. This update modifies the underlying code to return the value 0 as expected. (BZ#740780) * Prior to this update, the "ipmi" service init script did not specify the full path to the "/sbin/lsmod" and "/sbin/modprobe" system utilities. As a consequence, the init script failed when it was executed if PATH did not point to /sbin, for example, when running "sudo /etc/init.d/ipmi". This update modifies the init script so that it now contains the full path to lsmod and modrpobe. Now, it can be executed with sudo. (BZ#829705) * Prior to this update, the ipmitool man page did not list the "-b", "-B", "-l" and "-T" options. In this update, these options are documented in the ipmitool man page. (BZ#846596) This update also adds the following enhancement: * Updates to the Dell-specific IPMI extension: A new vFlash command, which allows users to display information about extended SD cards; a new setled command, which allows users to display the backplane LED status; improved error descriptions; added support for new hardware; and updated documentation of the ipmitool delloem commands in the ipmitool manual page. (BZ#797050) All users of OpenIPMI are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. |
RHSA-2013:0124: net-snmp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130124 mediumRHSA-2013:0124 CVE-2012-2141
RHSA-2013:0124: net-snmp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130124 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0124, CVE-2012-2141 |
| Description | These packages provide various libraries and tools for the Simple Network Management Protocol (SNMP). An out-of-bounds buffer read flaw was found in the net-snmp agent. A remote attacker with read privileges to a Management Information Base (MIB) subtree handled by the "extend" directive (in "/etc/snmp/snmpd.conf") could use this flaw to crash snmpd via a crafted SNMP GET request. (CVE-2012-2141) Bug fixes: * Devices that used certain file systems were not reported in the "HOST-RESOURCES-MIB::hrStorageTable" table. As a result, the snmpd daemon did not recognize devices using tmpfs, ReiserFS, and Oracle Cluster File System (OCFS2) file systems. This update recognizes these devices and reports them in the "HOST-RESOURCES-MIB::hrStorageTable" table. (BZ#754652, BZ#755958, BZ#822061) * The snmptrapd (8) man page did not correctly describe how to load multiple configuration files using the "-c" option. This update describes correctly that multiple configuration files must be separated by a comma. (BZ#760001) * Integers truncated from 64 to 32-bit were not correctly evaluated. As a consequence, the snmpd daemon could enter an endless loop when encoding the truncated integers to network format. This update modifies the underlying code so that snmpd correctly checks truncated 64-bit integers. Now, snmpd avoids an endless loop. (BZ#783892) * snmpd did not correctly check for interrupted system calls when enumerating existing IPv6 network prefixes during startup. As a consequence, snmpd could prematurely exit when receiving a signal during this enumeration. This update checks the network prefix enumeration code for interrupted system calls. Now, snmpd no longer terminates when a signal is received. (BZ#799699) * snmpd used the wrong length of COUNTER64 values in the AgentX protocol. As a consequence, snmpd could not decode two consecutive COUNTER64 values in one AgentX packet. This update uses the correct COUNTER64 size and can process two or mode COUNTER64 values in AgentX communication. (BZ#803585) * snmpd ignored the "-e" parameter of the "trapsess" option in the snmpd configuration file. As a result, outgoing traps were incorrectly sent with the default EngineID of snmpd when configuring "trapsess" with an explicit EngineID. This update modifies the underlying code to send outgoing traps using the EngineID as specified in the "trapsess -e" parameter in the configuration file. (BZ#805689) * snmpd did not correctly encode negative Request-IDs in outgoing requests, for example during trap operations. As a consequence, a 32-bit value could be encoded in 5 bytes instead of 4, and the outgoing requests were refused by certain implementations of the SNMP protocol as invalid. With this update, a Request-ID can no longer become negative and is always encoded in 4 bytes. (BZ#818259) * snmpd ignored the port number of the "clientaddr" option when specifying the source address of outgoing SNMP requests. As a consequence, the system assigned a random address. This update allows to specify both the port number and the source IP address in the "clientaddr" option. Now, administrators can increase security with firewall rules and Security-Enhanced Linux (SELinux) policies by configuring a specific source port of outgoing traps and other requests. (BZ#828691) * snmpd did not correctly process responses to internal queries when initializing monitoring enabled by the "monitor" option in the "/etc/snmp/snmpd.conf" configuration file. As a consequence, snmpd was not fully initialized and the error message "failed to run mteTrigger query" appeared in the system log 30 seconds after the snmpd startup. This update explicitly checks for responses to internal monitoring queries. (BZ#830042) Users of net-snmp should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the snmpd and snmptrapd daemons will be restarted automatically. |
RHSA-2013:0125: wireshark security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130125 mediumRHSA-2013:0125 CVE-2011-1958 CVE-2011-1959 CVE-2011-2175 CVE-2011-2698 CVE-2011-4102 CVE-2012-0041 CVE-2012-0042 CVE-2012-0066 CVE-2012-0067 CVE-2012-4285 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291
RHSA-2013:0125: wireshark security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130125 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0125, CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2011-4102, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291 |
| Description | Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. A heap-based buffer overflow flaw was found in the way Wireshark handled Endace ERF (Extensible Record Format) capture files. If Wireshark opened a specially-crafted ERF capture file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2011-4102) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, CVE-2011-2698, CVE-2012-0041, CVE-2012-0042, CVE-2012-0066, CVE-2012-0067, CVE-2012-4285, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291) The CVE-2011-1958, CVE-2011-1959, CVE-2011-2175, and CVE-2011-4102 issues were discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. This update also fixes the following bugs: * When Wireshark starts with the X11 protocol being tunneled through an SSH connection, it automatically prepares its capture filter to omit the SSH packets. If the SSH connection was to a link-local IPv6 address including an interface name (for example ssh -X [ipv6addr]%eth0), Wireshark parsed this address erroneously, constructed an incorrect capture filter and refused to capture packets. The "Invalid capture filter" message was displayed. With this update, parsing of link-local IPv6 addresses is fixed and Wireshark correctly prepares a capture filter to omit SSH packets over a link-local IPv6 connection. (BZ#438473) * Previously, Wireshark's column editing dialog malformed column names when they were selected. With this update, the dialog is fixed and no longer breaks column names. (BZ#493693) * Previously, TShark, the console packet analyzer, did not properly analyze the exit code of Dumpcap, Wireshark's packet capturing back end. As a result, TShark returned exit code 0 when Dumpcap failed to parse its command-line arguments. In this update, TShark correctly propagates the Dumpcap exit code and returns a non-zero exit code when Dumpcap fails. (BZ#580510) * Previously, the TShark "-s" (snapshot length) option worked only for a value greater than 68 bytes. If a lower value was specified, TShark captured just 68 bytes of incoming packets. With this update, the "-s" option is fixed and sizes lower than 68 bytes work as expected. (BZ#580513) This update also adds the following enhancement: * In this update, support for the "NetDump" protocol was added. (BZ#484999) All users of Wireshark are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2013:0126: squirrelmail security and bug fix update (Low)oval-com.redhat.rhsa-def-20130126 lowRHSA-2013:0126 CVE-2012-2124
RHSA-2013:0126: squirrelmail security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130126 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0126, CVE-2012-2124 |
| Description | SquirrelMail is a standards-based webmail package written in PHP. The SquirrelMail security update RHSA-2012:0103 did not, unlike the erratum text stated, correct the CVE-2010-2813 issue, a flaw in the way SquirrelMail handled failed log in attempts. A user preference file was created when attempting to log in with a password containing an 8-bit character, even if the username was not valid. A remote attacker could use this flaw to eventually consume all hard disk space on the target SquirrelMail server. (CVE-2012-2124) This update also fixes the following bugs: * Prior to this update, SquirrelMail could not decode multi-line subjects properly. Consequently, the decode header internationalization option did not properly handle new lines or tabs at the beginning of the lines. This bug has been fixed and SquirrelMail now works correctly in the described scenario. (BZ#241861) * Due to a bug, attachments written in HTML code on the Windows operating system were not displayed properly when accessed with SquirrelMail; the "!=null" string was trimmed to "!ull". This bug has been fixed and the attachments are now displayed correctly in such a case. (BZ#359791) * Previously, e-mail messages with a Unique Identifier (UID) larger than 2^31 bytes were unreadable when using the squirrelmail package. With this patch the squirrelmail package is able to read all messages regardless of the UIDs size. (BZ#450780) * Due to a bug, a PHP script did not assign the proper character set to requested variables. Consequently, SquirrelMail could not display any e-mails. The underlying source code has been modified and now the squirrelmail package assigns the correct character set. (BZ#475188) * Due to the incorrect internationalization option located at the i18n.php file, the squirrelmail package could not use the GB 2312 character set. The i18n.php file has been fixed and the GB 2312 character set works correctly in the described scenario. (BZ#508686) * Previously, the preg_split() function contained a misspelled constant, PREG_SPLIT_NI_EMPTY, which could cause SquirrelMail to produce error messages. The name of the constant has been corrected to PREG_SPLIT_NO_EMPTY, and SquirrelMail no longer produces error messages in this scenario. (BZ#528758) * Due to Security-Enhanced Linux (SELinux) settings, sending e-mails from the SquirrelMail web interface was blocked. This update adds a note to the SquirrelMail documentation that describes how to set the SELinux options to allow sending e-mails from the SquirrelMail web interface. (BZ#745380) * Previously, the squirrelmail package did not comply with the RFC 2822 specification about line length limits. Consequently, attachments with lines longer than 998 characters could not be forwarded using SquirrelMail. This patch modifies the underlying source code and now SquirrelMail complies with the RFC 2822 specification as expected. (BZ#745469) * Prior to this update, the squirrelmail package required the php-common script instead of the mod_php script during installation or upgrade of the package, which led to a dependency error. As a result, attempting to install or upgrade the squirrelmail package failed on systems using the php53 packages. With this update, the dependencies of the squirrelmail package were changed and the installation or upgrade now works correctly in the described scenario. (BZ#789353) All users of SquirrelMail are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2013:0127: libvirt security and bug fix update (Low)oval-com.redhat.rhsa-def-20130127 lowRHSA-2013:0127 CVE-2012-2693
RHSA-2013:0127: libvirt security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130127 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0127, CVE-2012-2693 |
| Description | The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.
Bus and device IDs were ignored when attempting to attach multiple USB
devices with identical vendor or product IDs to a guest. This could result
in the wrong device being attached to a guest, giving that guest root
access to the device. (CVE-2012-2693)
This update also fixes the following bugs:
* Previously, the libvirtd library failed to set the autostart flags for
already defined QEMU domains. This bug has been fixed, and the domains can
now be successfully marked as autostarted. (BZ#675319)
* Prior to this update, the virFileAbsPath() function was not taking into
account the slash ("/") directory separator when allocating memory for
combining the cwd() function and a path. This behavior could lead to a
memory corruption. With this update, a transformation to the virAsprintff()
function has been introduced into virFileAbsPath(). As a result, the
aforementioned behavior no longer occurs. (BZ#680289)
* With this update, a man page of the virsh user interface has been
enhanced with information on the "domxml-from-native" and
"domxml-to-native" commands. A correct notation of the format argument has
been clarified. As a result, confusion is avoided when setting the format
argument in the described commands. (BZ#783001)
All users of libvirt are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. After installing
the updated packages, libvirtd will be restarted automatically.
|
RHSA-2013:0128: conga security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20130128 lowRHSA-2013:0128 CVE-2012-3359
RHSA-2013:0128: conga security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130128 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0128, CVE-2012-3359 |
| Description | The Conga project is a management system for remote workstations. It
consists of luci, which is a secure web-based front end, and ricci, which
is a secure daemon that dispatches incoming messages to underlying
management modules.
It was discovered that luci stored usernames and passwords in session
cookies. This issue prevented the session inactivity timeout feature from
working correctly, and allowed attackers able to get access to a session
cookie to obtain the victim's authentication credentials. (CVE-2012-3359)
Red Hat would like to thank George Hedfors of Cybercom Sweden East AB for
reporting this issue.
This update also fixes the following bugs:
* Prior to this update, luci did not allow the fence_apc_snmp agent to be
configured. As a consequence, users could not configure or view an existing
configuration for fence_apc_snmp. This update adds a new screen that allows
fence_apc_snmp to be configured. (BZ#832181)
* Prior to this update, luci did not allow the SSL operation of the
fence_ilo fence agent to be enabled or disabled. As a consequence, users
could not configure or view an existing configuration for the 'ssl'
attribute for fence_ilo. This update adds a checkbox to show whether the
SSL operation is enabled and allows users to edit that attribute.
(BZ#832183)
* Prior to this update, luci did not allow the "identity_file" attribute of
the fence_ilo_mp fence agent to be viewed or edited. As a consequence,
users could not configure or view an existing configuration for the
"identity_file" attribute of the fence_ilo_mp fence agent. This update adds
a text input box to show the current state of the "identity_file" attribute
of fence_ilo_mp and allows users to edit that attribute. (BZ#832185)
* Prior to this update, redundant files and directories remained on the
file system at /var/lib/luci/var/pts and /usr/lib{,64}/luci/zope/var/pts
when the luci package was uninstalled. This update removes these files
and directories when the luci package is uninstalled. (BZ#835649)
* Prior to this update, the "restart-disable" recovery policy was not
displayed in the recovery policy list from which users could select when
they configure a recovery policy for a failover domain. As a consequence,
the "restart-disable" recovery policy could not be set with the luci GUI.
This update adds the "restart-disable" recovery option to the recovery
policy pulldown list. (BZ#839732)
* Prior to this update, line breaks that were not anticipated in the "yum
list" output could cause package upgrade and/or installation to fail when
creating clusters or adding nodes to existing clusters. As a consequence,
creating clusters and adding cluster nodes to existing clusters could fail.
This update modifies the ricci daemon to be able to correctly handle line
breaks in the "yum list" output. (BZ#842865)
In addition, this update adds the following enhancements:
* This update adds support for configuring the Intel iPDU fence agent to
the luci package. (BZ#741986)
* This update adds support for viewing and changing the state of the new
'nfsrestart' attribute to the FS and Cluster FS resource agent
configuration screens. (BZ#822633)
All users of conga are advised to upgrade to these updated packages, which
resolve these issues and add these enhancements. After installing this
update, the luci and ricci services will be restarted automatically.
|
RHSA-2013:0129: ruby security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130129 mediumRHSA-2013:0129 CVE-2012-4481 CVE-2012-4522
RHSA-2013:0129: ruby security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130129 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0129, CVE-2012-4481, CVE-2012-4522 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that certain methods did not sanitize file names before passing them to lower layer routines in Ruby. If a Ruby application created files with names based on untrusted input, it could result in the creation of files with different names than expected. (CVE-2012-4522) It was found that the RHSA-2011:0909 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4481) The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat. This update also fixes the following bug: * Prior to this update, the "rb_syck_mktime" option could, under certain circumstances, terminate with a segmentation fault when installing libraries with certain gems. This update modifies the underlying code so that Ruby gems can be installed as expected. (BZ#834381) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2013:0130: httpd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20130130 lowRHSA-2013:0130 CVE-2008-0455 CVE-2008-0456 CVE-2012-2687
RHSA-2013:0130: httpd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130130 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0130, CVE-2008-0455, CVE-2008-0456, CVE-2012-2687 |
| Description | The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation. Input sanitization flaws were found in the mod_negotiation module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use these flaws to conduct cross-site scripting and HTTP response splitting attacks against users visiting the site. (CVE-2008-0455, CVE-2008-0456, CVE-2012-2687) Bug fixes: * Previously, no check was made to see if the /etc/pki/tls/private/localhost.key file was a valid key prior to running the "%post" script for the "mod_ssl" package. Consequently, when /etc/pki/tls/certs/localhost.crt did not exist and "localhost.key" was present but invalid, upgrading the Apache HTTP Server daemon (httpd) with mod_ssl failed. The "%post" script has been fixed to test for an existing SSL key. As a result, upgrading httpd with mod_ssl now proceeds as expected. (BZ#752618) * The "mod_ssl" module did not support operation under FIPS mode. Consequently, when operating Red Hat Enterprise Linux 5 with FIPS mode enabled, httpd failed to start. An upstream patch has been applied to disable non-FIPS functionality if operating under FIPS mode and httpd now starts as expected. (BZ#773473) * Prior to this update, httpd exit status codes were not Linux Standard Base (LSB) compliant. When the command "service httpd reload" was run and httpd failed, the exit status code returned was "0" and not in the range 1 to 6 as expected. A patch has been applied to the init script and httpd now returns "1" as an exit status code. (BZ#783242) * Chunked Transfer Coding is described in RFC 2616. Previously, the Apache server did not correctly handle a chunked encoded POST request with a "chunk-size" or "chunk-extension" value of 32 bytes or more. Consequently, when such a POST request was made the server did not respond. An upstream patch has been applied and the problem no longer occurs. (BZ#840845) * Due to a regression, when mod_cache received a non-cacheable 304 response, the headers were served incorrectly. Consequently, compressed data could be returned to the client without the cached headers to indicate the data was compressed. An upstream patch has been applied to merge response and cached headers before data from the cache is served to the client. As a result, cached data is now correctly interpreted by the client. (BZ#845532) * In a proxy configuration, certain response-line strings were not handled correctly. If a response-line without a "description" string was received from the origin server, for a non-standard status code, such as the "450" status code, a "500 Internal Server Error" would be returned to the client. This bug has been fixed so that the original response line is returned to the client. (BZ#853128) Enhancements: * The configuration directive "LDAPReferrals" is now supported in addition to the previously introduced "LDAPChaseReferrals". (BZ#727342) * The AJP support module for "mod_proxy", "mod_proxy_ajp", now supports the "ProxyErrorOverride" directive. Consequently, it is now possible to configure customized error pages for web applications running on a backend server accessed via AJP. (BZ#767890) * The "%posttrans" scriptlet which automatically restarts the httpd service after a package upgrade can now be disabled. If the file /etc/sysconfig/httpd-disable-posttrans exists, the scriptlet will not restart the daemon. (BZ#833042) * The output of "httpd -S" now includes configured alias names for each virtual host. (BZ#833043) * New certificate variable names are now exposed by "mod_ssl" using the "_DN_userID" suffix, such as "SSL_CLIENT_S_DN_userID", which use the commonly used object identifier (OID) definition of "userID", OID 0.9.2342.19200300.100.1.1. (BZ#840036) All users of httpd are advised to upgrade to these updated packages, which fix these issues and add these enhancements. |
RHSA-2013:0131: gnome-vfs2 security and bug fix update (Low)oval-com.redhat.rhsa-def-20130131 lowRHSA-2013:0131 CVE-2009-2473
RHSA-2013:0131: gnome-vfs2 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130131 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0131, CVE-2009-2473 |
| Description | The gnome-vfs2 packages provide the GNOME Virtual File System, which is the foundation of the Nautilus file manager. neon is an HTTP and WebDAV client library embedded in the gnome-vfs2 packages. A denial of service flaw was found in the neon Extensible Markup Language (XML) parser. Visiting a malicious DAV server with an application using gnome-vfs2 (such as Nautilus) could possibly cause the application to consume an excessive amount of CPU and memory. (CVE-2009-2473) This update also fixes the following bugs: * When extracted from the Uniform Resource Identifier (URI), gnome-vfs2 returned escaped file paths. If a path, as stored in the URI, contained non-ASCII characters or ASCII characters which are parsed as something other than a file path (for example, spaces), the escaped path was inaccurate. Consequently, files with the described type of URI could not be processed. With this update, gnome-vfs2 properly unescapes paths that are required for a system call. As a result, these paths are parsed properly. (BZ#580855) * In certain cases, the trash info file was populated by foreign entries, pointing to live data. Emptying the trash caused an accidental deletion of valuable data. With this update, a workaround has been applied in order to prevent the deletion. As a result, the accidental data loss is prevented, however further information is still gathered to fully fix this problem. (BZ#586015) * Due to a wrong test checking for a destination file system, the Nautilus file manager failed to delete a symbolic link to a folder which was residing in another file system. With this update, a special test has been added. As a result, a symbolic link pointing to another file system can be trashed or deleted properly. (BZ#621394) * Prior to this update, when directories without a read permission were marked for copy, the Nautilus file manager skipped these unreadable directories without notification. With this update, Nautilus displays an error message and properly informs the user about the aforementioned problem. (BZ#772307) * Previously, gnome-vfs2 used the stat() function calls for every file on the MultiVersion File System (MVFS), used for example by IBM Rational ClearCase. This behavior significantly slowed down file operations. With this update, the unnecessary stat() operations have been limited. As a result, gnome-vfs2 user interfaces, such as Nautilus, are more responsive. (BZ#822817) All gnome-vfs2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:0132: autofs security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20130132 lowRHSA-2013:0132 CVE-2012-2697
RHSA-2013:0132: autofs security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130132 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0132, CVE-2012-2697 |
| Description | The autofs utility controls the operation of the automount daemon. The automount daemon automatically mounts and unmounts file systems. A bug fix included in RHBA-2012:0264 introduced a denial of service flaw in autofs. When using autofs with LDAP, a local user could use this flaw to crash autofs, preventing future mount requests from being processed until the autofs service was restarted. Note: This flaw did not impact existing mounts (except for preventing mount expiration). (CVE-2012-2697) Red Hat would like to thank Ray Rocker for reporting this issue. This update also fixes the following bugs: * The autofs init script sometimes timed out waiting for the automount daemon to exit and returned a shutdown failure if the daemon failed to exit in time. To resolve this problem, the amount of time that the init script waits for the daemon has been increased to allow for cases where servers are slow to respond or there are many active mounts. (BZ#585058) * Due to an omission when backporting a change, autofs attempted to download the entire LDAP map at startup. This mistake has now been corrected. (BZ#767428) * A function to check the validity of a mount location was meant to check only for a small subset of map location errors. A recent modification in error reporting inverted a logic test in this validating function. Consequently, the scope of the test was widened, which caused the automount daemon to report false positive failures. With this update, the faulty logic test has been corrected and false positive failures no longer occur. (BZ#798448) * When there were many attempts to access invalid or non-existent keys, the automount daemon used excessive CPU resources. As a consequence, systems sometimes became unresponsive. The code has been improved so that automount checks for invalid keys earlier in the process which has eliminated a significant amount of the processing overhead. (BZ#847101) * The auto.master(5) man page did not document the "-t, --timeout" option in the FORMAT options section. This update adds this information to the man page. (BZ#859890) This update also adds the following enhancement: * Previously, it was not possible to configure separate timeout values for individual direct map entries in the autofs master map. This update adds this functionality. (BZ#690404) All users of autofs are advised to upgrade to this updated package, which contains backported patches to correct these issues and add this enhancement. |
RHSA-2013:0133: hplip3 security and bug fix update (Low)oval-com.redhat.rhsa-def-20130133 lowRHSA-2013:0133 CVE-2011-2722
RHSA-2013:0133: hplip3 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130133 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0133, CVE-2011-2722 |
| Description | Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for Hewlett-Packard (HP) printers and multifunction peripherals. It was found that the HP CUPS (Common UNIX Printing System) fax filter in HPLIP created a temporary file in an insecure way. A local attacker could use this flaw to perform a symbolic link attack, overwriting arbitrary files accessible to a process using the fax filter (such as the hp3-sendfax tool). (CVE-2011-2722) This update also fixes the following bug: * Previous modifications of the hplip3 package to allow it to be installed alongside the original hplip package introduced several problems to fax support; for example, the hp-sendfax utility could become unresponsive. These problems have been fixed with this update. (BZ#501834) All users of hplip3 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:0134: freeradius2 security and bug fix update (Low)oval-com.redhat.rhsa-def-20130134 lowRHSA-2013:0134 CVE-2011-4966
RHSA-2013:0134: freeradius2 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130134 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0134, CVE-2011-4966 |
| Description | FreeRADIUS is an open-source Remote Authentication Dial-In User Service (RADIUS) server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the "unix" module ignored the password expiration setting in "/etc/shadow". If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied. (CVE-2011-4966) This update also fixes the following bugs: * After log rotation, the freeradius logrotate script failed to reload the radiusd daemon and log messages were lost. This update has added a command to the freeradius logrotate script to reload the radiusd daemon and the radiusd daemon re-initializes and reopens its log files after log rotation as expected. (BZ#787111) * The radtest script with the "eap-md5" option failed because it passed the IP family argument when invoking the radeapclient utility and the radeapclient utility did not recognize the IP family. The radeapclient utility now recognizes the IP family argument and radtest now works with eap-md5 as expected. (BZ#846476) * Previously, freeradius was compiled without the "--with-udpfromto" option. Consequently, with a multihomed server and explicitly specifying the IP address, freeradius sent the reply with the wrong IP source address. With this update, freeradius has been built with the "--with-udpfromto" configuration option and the RADIUS reply is always sourced from the IP address the request was sent to. (BZ#846471) * Due to invalid syntax in the PostgreSQL admin schema file, the FreeRADIUS PostgreSQL tables failed to be created. With this update, the syntax has been adjusted and the tables are created as expected. (BZ#818885) * FreeRADIUS has a thread pool that dynamically grows based on load. If multiple threads using the "rlm_perl()" function are spawned in quick succession, the FreeRADIUS server sometimes terminated unexpectedly with a segmentation fault due to parallel calls to the "rlm_perl_clone()" function. With this update, a mutex for the threads has been added and the problem no longer occurs. (BZ#846475) * The man page for "rlm_dbm_parser" was incorrectly installed as "rlm_dbm_parse", omitting the trailing "r". The man page now correctly appears as rlm_dbm_parser. (BZ#781877) All users of freeradius2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. They are also advised to check for RPM backup files ending in ".rpmnew" or ".rpmsave" under the /etc/raddb/ directory after the update because the FreeRADIUS server will attempt to load every file it finds in its configuration directory. The extra files will often cause the wrong configuration values to be applied resulting in either unpredictable behavior or the failure of the server to initialize and run. |
RHSA-2013:0135: gtk2 security and bug fix update (Low)oval-com.redhat.rhsa-def-20130135 lowRHSA-2013:0135 CVE-2012-2370
RHSA-2013:0135: gtk2 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0135, CVE-2012-2370 |
| Description | GIMP Toolkit (GTK+) is a multi-platform toolkit for creating graphical user interfaces. An integer overflow flaw was found in the X BitMap (XBM) image file loader in GTK+. A remote attacker could provide a specially-crafted XBM image file that, when opened in an application linked against GTK+ (such as Nautilus), would cause the application to crash. (CVE-2012-2370) This update also fixes the following bugs: * Due to a bug in the Input Method GTK+ module, the usage of the Taiwanese Big5 (zh_TW.Big-5) locale led to the unexpected termination of certain applications, such as the GDM greeter. The bug has been fixed, and the Taiwanese locale no longer causes applications to terminate unexpectedly. (BZ#487630) * When a file was initially selected after the GTK+ file chooser dialog was opened and the Location field was visible, pressing the Enter key did not open the file. With this update, the initially selected file is opened regardless of the visibility of the Location field. (BZ#518483) * When a file was initially selected after the GTK+ file chooser dialog was opened and the Location field was visible, pressing the Enter key did not change into the directory. With this update, the dialog changes into the initially selected directory regardless of the visibility of the Location field. (BZ#523657) * Previously, the GTK Print dialog did not reflect the user-defined printer preferences stored in the ~/.cups/lpoptions file, such as those set in the Default Printer preferences panel. Consequently, the first device in the printer list was always set as a default printer. With this update, the underlying source code has been enhanced to parse the option file. As a result, the default values in the print dialog are set to those previously specified by the user. (BZ#603809) * The GTK+ file chooser did not properly handle saving of nameless files. Consequently, attempting to save a file without specifying a file name caused GTK+ to become unresponsive. With this update, an explicit test for this condition has been added into the underlying source code. As a result, GTK+ no longer hangs in the described scenario. (BZ#702342) * When using certain graphics tablets, the GTK+ library incorrectly translated the input coordinates. Consequently, an offset occurred between the position of the pen and the content drawn on the screen. This issue was limited to the following configuration: a Wacom tablet with input coordinates bound to a single monitor in a dual head configuration, drawing with a pen with the pressure sensitivity option enabled. With this update, the coordinate translation method has been changed, and the offset is no longer present in the described configuration. (BZ#743658) * Previously, performing drag and drop operations on tabs in applications using the GtkNotebook widget could lead to releasing the same resource twice. Eventually, this behavior caused the applications to terminate with a segmentation fault. This bug has been fixed, and the applications using GtkNotebook no longer terminate in the aforementioned scenario. (BZ#830901) All users of GTK+ are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:0144: firefox security update (Critical)oval-com.redhat.rhsa-def-20130144 highRHSA-2013:0144 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769
RHSA-2013:0144: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130144 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0144, CVE-2013-0744, CVE-2013-0746, CVE-2013-0748, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0758, CVE-2013-0759, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Firefox to execute arbitrary code via plug-ins installed in Firefox. (CVE-2013-0758) A flaw in the way Firefox displayed URL values in the address bar could allow a malicious site or user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Firefox. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.12 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 10.0.12 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2013:0145: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20130145 highRHSA-2013:0145 CVE-2013-0744 CVE-2013-0746 CVE-2013-0748 CVE-2013-0750 CVE-2013-0753 CVE-2013-0754 CVE-2013-0758 CVE-2013-0759 CVE-2013-0762 CVE-2013-0766 CVE-2013-0767 CVE-2013-0769
RHSA-2013:0145: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130145 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0145, CVE-2013-0744, CVE-2013-0746, CVE-2013-0748, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0758, CVE-2013-0759, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762, CVE-2013-0766, CVE-2013-0767, CVE-2013-0769) A flaw was found in the way Chrome Object Wrappers were implemented. Malicious content could be used to cause Thunderbird to execute arbitrary code via plug-ins installed in Thunderbird. (CVE-2013-0758) A flaw in the way Thunderbird displayed URL values could allow malicious content or a user to perform a phishing attack. (CVE-2013-0759) An information disclosure flaw was found in the way certain JavaScript functions were implemented in Thunderbird. An attacker could use this flaw to bypass Address Space Layout Randomization (ASLR) and other security restrictions. (CVE-2013-0748) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Atte Kettunen, Boris Zbarsky, pa_kt, regenrecht, Abhishek Arya, Christoph Diehl, Christian Holler, Mats Palmgren, Chiaki Ishikawa, Mariusz Mlynski, Masato Kinugawa, and Jesse Ruderman as the original reporters of these issues. Note: All issues except CVE-2013-0744, CVE-2013-0753, and CVE-2013-0754 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 10.0.12 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:0165: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130165 highRHSA-2013:0165 CVE-2012-3174 CVE-2013-0422
RHSA-2013:0165: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130165 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0165, CVE-2012-3174, CVE-2013-0422 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Two improper permission check issues were discovered in the reflection API in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2012-3174, CVE-2013-0422) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.4. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0168: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130168 mediumRHSA-2013:0168 CVE-2012-1568 CVE-2012-4444 CVE-2012-5515
RHSA-2013:0168: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130168 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0168, CVE-2012-1568, CVE-2012-4444, CVE-2012-5515 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that the Xen hypervisor implementation did not perform range checking on the guest provided values in multiple hypercalls. A privileged guest user could use this flaw to trigger long loops, leading to a denial of service (Xen hypervisor hang). (CVE-2012-5515, Moderate) * It was found that when running a 32-bit binary that uses a large number of shared libraries, one of the libraries would always be loaded at a predictable address in memory. An attacker could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2012-1568, Low) * A flaw was found in the way the Linux kernel's IPv6 implementation handled overlapping, fragmented IPv6 packets. A remote attacker could potentially use this flaw to bypass protection mechanisms (such as a firewall or intrusion detection system (IDS)) when sending network packets to a target system. (CVE-2012-4444, Low) Red Hat would like to thank the Xen project for reporting CVE-2012-5515, and Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting CVE-2012-4444. This update also fixes several bugs. Space precludes documenting all of these changes in this advisory. Documentation for these changes will be available shortly from the Red Hat Enterprise Linux 5.9 Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:0169: vino security update (Moderate)oval-com.redhat.rhsa-def-20130169 mediumRHSA-2013:0169 CVE-2011-0904 CVE-2011-0905 CVE-2011-1164 CVE-2011-1165 CVE-2012-4429
RHSA-2013:0169: vino security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130169 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0169, CVE-2011-0904, CVE-2011-0905, CVE-2011-1164, CVE-2011-1165, CVE-2012-4429 |
| Description | Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC. It was found that Vino transmitted all clipboard activity on the system running Vino to all clients connected to port 5900, even those who had not authenticated. A remote attacker who is able to access port 5900 on a system running Vino could use this flaw to read clipboard data without authenticating. (CVE-2012-4429) Two out-of-bounds memory read flaws were found in the way Vino processed client framebuffer requests in certain encodings. An authenticated client could use these flaws to send a specially-crafted request to Vino, causing it to crash. (CVE-2011-0904, CVE-2011-0905) In certain circumstances, the vino-preferences dialog box incorrectly indicated that Vino was only accessible from the local network. This could confuse a user into believing connections from external networks are not allowed (even when they are allowed). With this update, vino-preferences no longer displays connectivity and reachable information. (CVE-2011-1164) There was no warning that Universal Plug and Play (UPnP) was used to open ports on a user's network router when the "Configure network automatically to accept connections" option was enabled (it is disabled by default) in the Vino preferences. This update changes the option's description to avoid the risk of a UPnP router configuration change without the user's consent. (CVE-2011-1165) All Vino users should upgrade to this updated package, which contains backported patches to resolve these issues. The GNOME session must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2013:0180: mysql security update (Important)oval-com.redhat.rhsa-def-20130180 highRHSA-2013:0180 CVE-2012-2749 CVE-2012-5611
RHSA-2013:0180: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0180, CVE-2012-2749, CVE-2012-5611 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. A stack-based buffer overflow flaw was found in the user permission checking code in MySQL. An authenticated database user could use this flaw to crash the mysqld daemon or, potentially, execute arbitrary code with the privileges of the user running the mysqld daemon. (CVE-2012-5611) A flaw was found in the way MySQL calculated the key length when creating a sort order index for certain queries. An authenticated database user could use this flaw to crash the mysqld daemon. (CVE-2012-2749) This update also adds a patch for a potential flaw in the MySQL password checking function, which could allow an attacker to log into any MySQL account without knowing the correct password. This problem (CVE-2012-2122) only affected MySQL packages that use a certain compiler and C library optimization. It did not affect the mysql packages in Red Hat Enterprise Linux 5. The patch is being added as a preventive measure to ensure this problem cannot get exposed in future revisions of the mysql packages. (BZ#814605) All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2013:0188: ipa security update (Important)oval-com.redhat.rhsa-def-20130188 highRHSA-2013:0188 CVE-2012-5484
RHSA-2013:0188: ipa security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130188 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0188, CVE-2012-5484 |
| Description | Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server's Certificate Authority (CA) certificate to the client during a join, the IPA client enrollment process was susceptible to man-in-the-middle attacks. This flaw could allow an attacker to obtain access to the IPA server using the credentials provided by an IPA client, including administrative access to the entire domain if the join was performed using an administrator's credentials. (CVE-2012-5484) Note: This weakness was only exposed during the initial client join to the realm, because the IPA client did not yet have the CA certificate of the server. Once an IPA client has joined the realm and has obtained the CA certificate of the IPA server, all further communication is secure. If a client were using the OTP (one-time password) method to join to the realm, an attacker could only obtain unprivileged access to the server (enough to only join the realm). Red Hat would like to thank Petr Menšík for reporting this issue. This update must be installed on both the IPA client and IPA server. When this update has been applied to the client but not the server, ipa-client-install, in unattended mode, will fail if you do not have the correct CA certificate locally, noting that you must use the "--force" option to insecurely obtain the certificate. In interactive mode, the certificate will try to be obtained securely from LDAP. If this fails, you will be prompted to insecurely download the certificate via HTTP. In the same situation when using OTP, LDAP will not be queried and you will be prompted to insecurely download the certificate via HTTP. Users of ipa are advised to upgrade to these updated packages, which correct this issue. After installing the update, changes in LDAP are handled by ipa-ldap-updater automatically and are effective immediately. |
RHSA-2013:0189: ipa-client security update (Important)oval-com.redhat.rhsa-def-20130189 highRHSA-2013:0189 CVE-2012-5484
RHSA-2013:0189: ipa-client security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130189 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0189, CVE-2012-5484 |
| Description | Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. A weakness was found in the way IPA clients communicated with IPA servers when initially attempting to join IPA domains. As there was no secure way to provide the IPA server's Certificate Authority (CA) certificate to the client during a join, the IPA client enrollment process was susceptible to man-in-the-middle attacks. This flaw could allow an attacker to obtain access to the IPA server using the credentials provided by an IPA client, including administrative access to the entire domain if the join was performed using an administrator's credentials. (CVE-2012-5484) Note: This weakness was only exposed during the initial client join to the realm, because the IPA client did not yet have the CA certificate of the server. Once an IPA client has joined the realm and has obtained the CA certificate of the IPA server, all further communication is secure. If a client were using the OTP (one-time password) method to join to the realm, an attacker could only obtain unprivileged access to the server (enough to only join the realm). Red Hat would like to thank Petr Menšík for reporting this issue. When a fix for this flaw has been applied to the client but not yet the server, ipa-client-install, in unattended mode, will fail if you do not have the correct CA certificate locally, noting that you must use the "--force" option to insecurely obtain the certificate. In interactive mode, the certificate will try to be obtained securely from LDAP. If this fails, you will be prompted to insecurely download the certificate via HTTP. In the same situation when using OTP, LDAP will not be queried and you will be prompted to insecurely download the certificate via HTTP. Users of ipa-client are advised to upgrade to this updated package, which corrects this issue. |
RHSA-2013:0199: libvirt security update (Important)oval-com.redhat.rhsa-def-20130199 highRHSA-2013:0199 CVE-2013-0170
RHSA-2013:0199: libvirt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130199 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0199, CVE-2013-0170 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in the way libvirtd handled connection cleanup (when a connection was being closed) under certain error conditions. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the root user. (CVE-2013-0170) This issue was discovered by Tingting Zheng of Red Hat. All users of libvirt are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2013:0213: nss, nss-util, and nspr security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20130213 highRHSA-2013:0213 CVE-2013-0743
RHSA-2013:0213: nss, nss-util, and nspr security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130213 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0213, CVE-2013-0743 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority (CA) mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. (BZ#890605) Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token. In addition, the nss package has been upgraded to upstream version 3.13.6, the nss-util package has been upgraded to upstream version 3.13.6, and the nspr package has been upgraded to upstream version 4.9.2. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#891663, BZ#891670, BZ#891661) Users of NSS, NSPR, and nss-util are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect. |
RHSA-2013:0215: abrt and libreport security update (Important)oval-com.redhat.rhsa-def-20130215 highRHSA-2013:0215 CVE-2012-5659 CVE-2012-5660
RHSA-2013:0215: abrt and libreport security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130215 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0215, CVE-2012-5659, CVE-2012-5660 |
| Description | ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the /usr/libexec/abrt-action-install-debuginfo-to-abrt-cache tool did not sufficiently sanitize its environment variables. This could lead to Python modules being loaded and run from non-standard directories (such as /tmp/). A local attacker could use this flaw to escalate their privileges to that of the abrt user. (CVE-2012-5659) A race condition was found in the way ABRT handled the directories used to store information about crashes. A local attacker with the privileges of the abrt user could use this flaw to perform a symbolic link attack, possibly allowing them to escalate their privileges to root. (CVE-2012-5660) Red Hat would like to thank Martin Carpenter of Citco for reporting the CVE-2012-5660 issue. CVE-2012-5659 was discovered by Miloslav Trmač of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which correct these issues. |
RHSA-2013:0216: freetype security update (Important)oval-com.redhat.rhsa-def-20130216 highRHSA-2013:0216 CVE-2012-5669
RHSA-2013:0216: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130216 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0216, CVE-2012-5669 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. A flaw was found in the way the FreeType font rendering engine processed certain Glyph Bitmap Distribution Format (BDF) fonts. If a user loaded a specially-crafted font file with an application linked against FreeType, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5669) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2013:0217: mingw32-libxml2 security update (Important)oval-com.redhat.rhsa-def-20130217 highRHSA-2013:0217 CVE-2010-4008 CVE-2010-4494 CVE-2011-0216 CVE-2011-1944 CVE-2011-2821 CVE-2011-2834 CVE-2011-3102 CVE-2011-3905 CVE-2011-3919 CVE-2012-0841 CVE-2012-5134
RHSA-2013:0217: mingw32-libxml2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130217 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0217, CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3102, CVE-2011-3905, CVE-2011-3919, CVE-2012-0841, CVE-2012-5134 |
| Description | These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. (CVE-2011-3905) Red Hat would like to thank the Google Security Team for reporting the CVE-2010-4008 issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:0218: xorg-x11-drv-qxl security update (Moderate)oval-com.redhat.rhsa-def-20130218 mediumRHSA-2013:0218 CVE-2013-0241
RHSA-2013:0218: xorg-x11-drv-qxl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130218 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0218, CVE-2013-0241 |
| Description | The xorg-x11-drv-qxl package provides an X11 video driver for the QEMU QXL video accelerator. This driver makes it possible to use Red Hat Enterprise Linux 6 as a guest operating system under the KVM kernel module and the QEMU multi-platform emulator, using the SPICE protocol. A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to "1" in the guest), crash the guest. (CVE-2013-0241) All users of xorg-x11-drv-qxl are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running X.Org server instances using the qxl driver must be restarted for this update to take effect. |
RHSA-2013:0219: mysql security update (Moderate)oval-com.redhat.rhsa-def-20130219 mediumRHSA-2013:0219 CVE-2012-0572 CVE-2012-0574 CVE-2012-1702 CVE-2012-1705 CVE-2013-0375 CVE-2013-0383 CVE-2013-0384 CVE-2013-0385 CVE-2013-0389
RHSA-2013:0219: mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130219 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0219, CVE-2012-0572, CVE-2012-0574, CVE-2012-1702, CVE-2012-1705, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0389 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-0572, CVE-2012-0574, CVE-2012-1702, CVE-2012-1705, CVE-2013-0375, CVE-2013-0383, CVE-2013-0384, CVE-2013-0385, CVE-2013-0389) These updated packages upgrade MySQL to version 5.1.67. Refer to the MySQL release notes listed in the References section for a full list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2013:0223: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130223 mediumRHSA-2013:0223 CVE-2012-4398 CVE-2012-4461 CVE-2012-4530
RHSA-2013:0223: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130223 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0223, CVE-2012-4398, CVE-2012-4461, CVE-2012-4530 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) * A flaw was found in the way the KVM (Kernel-based Virtual Machine) subsystem handled guests attempting to run with the X86_CR4_OSXSAVE CPU feature flag set. On hosts without the XSAVE CPU feature, a local, unprivileged user could use this flaw to crash the host system. (The "grep --color xsave /proc/cpuinfo" command can be used to verify if your system has the XSAVE CPU feature.) (CVE-2012-4461, Moderate) * A memory disclosure flaw was found in the way the load_script() function in the binfmt_script binary format handler handled excessive recursions. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space by executing specially-crafted scripts. (CVE-2012-4530, Low) Red Hat would like to thank Tetsuo Handa for reporting CVE-2012-4398, and Jon Howell for reporting CVE-2012-4461. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2013:0241: xen security update (Moderate)oval-com.redhat.rhsa-def-20130241 mediumRHSA-2013:0241 CVE-2012-4544
RHSA-2013:0241: xen security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130241 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0241, CVE-2012-4544 |
| Description | The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way libxc, the Xen control library, handled excessively large kernel and ramdisk images when starting new guests. A privileged guest user in a para-virtualized guest (a DomU) could create a crafted kernel or ramdisk image that, when attempting to use it during guest start, could result in an out-of-memory condition in the privileged domain (the Dom0). (CVE-2012-4544) Red Hat would like to thank the Xen project for reporting this issue. All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, the xend service must be restarted for this update to take effect. |
RHSA-2013:0245: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20130245 highRHSA-2013:0245 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480
RHSA-2013:0245: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130245 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0245, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428) Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. (CVE-2013-1478, CVE-2013-1480) A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432) The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435) Multiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434) It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424) It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2013-0440) It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0246: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130246 highRHSA-2013:0246 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480
RHSA-2013:0246: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130246 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0246, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428) Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. (CVE-2013-1478, CVE-2013-1480) A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432) The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435) Multiple improper permission check issues were discovered in the Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0427, CVE-2013-0433, CVE-2013-0434) It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424) It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2013-0440) It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.6. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0247: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130247 highRHSA-2013:0247 CVE-2013-0424 CVE-2013-0425 CVE-2013-0426 CVE-2013-0427 CVE-2013-0428 CVE-2013-0429 CVE-2013-0431 CVE-2013-0432 CVE-2013-0433 CVE-2013-0434 CVE-2013-0435 CVE-2013-0440 CVE-2013-0441 CVE-2013-0442 CVE-2013-0443 CVE-2013-0444 CVE-2013-0445 CVE-2013-0450 CVE-2013-1475 CVE-2013-1476 CVE-2013-1478 CVE-2013-1480
RHSA-2013:0247: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130247 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0247, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0429, CVE-2013-0431, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0440, CVE-2013-0441, CVE-2013-0442, CVE-2013-0443, CVE-2013-0444, CVE-2013-0445, CVE-2013-0450, CVE-2013-1475, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the AWT, CORBA, JMX, Libraries, and Beans components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-0442, CVE-2013-0445, CVE-2013-0441, CVE-2013-1475, CVE-2013-1476, CVE-2013-0429, CVE-2013-0450, CVE-2013-0425, CVE-2013-0426, CVE-2013-0428, CVE-2013-0444) Multiple flaws were found in the way image parsers in the 2D and AWT components handled image raster parameters. A specially-crafted image could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the virtual machine privileges. (CVE-2013-1478, CVE-2013-1480) A flaw was found in the AWT component's clipboard handling code. An untrusted Java application or applet could use this flaw to access clipboard data, bypassing Java sandbox restrictions. (CVE-2013-0432) The default Java security properties configuration did not restrict access to certain com.sun.xml.internal packages. An untrusted Java application or applet could use this flaw to access information, bypassing certain Java sandbox restrictions. This update lists the whole package as restricted. (CVE-2013-0435) Multiple improper permission check issues were discovered in the JMX, Libraries, Networking, and JAXP components. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-0431, CVE-2013-0427, CVE-2013-0433, CVE-2013-0434) It was discovered that the RMI component's CGIHandler class used user inputs in error messages without any sanitization. An attacker could use this flaw to perform a cross-site scripting (XSS) attack. (CVE-2013-0424) It was discovered that the SSL/TLS implementation in the JSSE component did not properly enforce handshake message ordering, allowing an unlimited number of handshake restarts. A remote attacker could use this flaw to make an SSL/TLS server using JSSE consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2013-0440) It was discovered that the JSSE component did not properly validate Diffie-Hellman public keys. An SSL/TLS client could possibly use this flaw to perform a small subgroup attack. (CVE-2013-0443) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.5. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0250: elinks security update (Moderate)oval-com.redhat.rhsa-def-20130250 mediumRHSA-2013:0250 CVE-2012-4545
RHSA-2013:0250: elinks security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130250 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0250, CVE-2012-4545 |
| Description | ELinks is a text-based web browser. ELinks does not display any images, but it does support frames, tables, and most other HTML tags. It was found that ELinks performed client credentials delegation during the client-to-server GSS security mechanisms negotiation. A rogue server could use this flaw to obtain the client's credentials and impersonate that client to other servers that are using GSSAPI. (CVE-2012-4545) This issue was discovered by Marko Myllynen of Red Hat. All ELinks users are advised to upgrade to this updated package, which contains a backported patch to resolve the issue. |
RHSA-2013:0269: axis security update (Moderate)oval-com.redhat.rhsa-def-20130269 mediumRHSA-2013:0269 CVE-2012-5784
RHSA-2013:0269: axis security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130269 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0269, CVE-2012-5784 |
| Description | Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784) All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect. |
RHSA-2013:0270: jakarta-commons-httpclient security update (Moderate)oval-com.redhat.rhsa-def-20130270 mediumRHSA-2013:0270 CVE-2012-5783
RHSA-2013:0270: jakarta-commons-httpclient security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0270, CVE-2012-5783 |
| Description | The Jakarta Commons HttpClient component can be used to build HTTP-aware client applications (such as web browsers and web service clients). The Jakarta Commons HttpClient component did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5783) All users of jakarta-commons-httpclient are advised to upgrade to these updated packages, which correct this issue. Applications using the Jakarta Commons HttpClient component must be restarted for this update to take effect. |
RHSA-2013:0271: firefox security update (Critical)oval-com.redhat.rhsa-def-20130271 highRHSA-2013:0271 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783
RHSA-2013:0271: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130271 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0271, CVE-2013-0775, CVE-2013-0776, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing a trusted site. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.3 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. Note that due to a Kerberos credentials change, the following configuration steps may be required when using Firefox 17.0.3 ESR with the Enterprise Identity Management (IPA) web interface: https://access.redhat.com/knowledge/solutions/294303 Important: Firefox 17 is not completely backwards-compatible with all Mozilla add-ons and Firefox plug-ins that worked with Firefox 10.0. Firefox 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2013:0272: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20130272 highRHSA-2013:0272 CVE-2013-0775 CVE-2013-0776 CVE-2013-0780 CVE-2013-0782 CVE-2013-0783
RHSA-2013:0272: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130272 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0272, CVE-2013-0775, CVE-2013-0776, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783) It was found that, after canceling a proxy server's authentication prompt, the address bar continued to show the requested site's address. An attacker could use this flaw to conduct phishing attacks by tricking a user into believing they are viewing trusted content. (CVE-2013-0776) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Abhishek Arya, Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, Wayne Mery, and Michal Zalewski as the original reporters of these issues. Note: All issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Important: This erratum upgrades Thunderbird to version 17.0.3 ESR. Thunderbird 17 is not completely backwards-compatible with all Mozilla add-ons and Thunderbird plug-ins that worked with Thunderbird 10.0. Thunderbird 17 checks compatibility on first-launch, and, depending on the individual configuration and the installed add-ons and plug-ins, may disable said Add-ons and plug-ins, or attempt to check for updates and upgrade them. Add-ons and plug-ins may have to be manually updated. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.3 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:0273: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20130273 highRHSA-2013:0273 CVE-2013-0169 CVE-2013-1486
RHSA-2013:0273: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130273 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0273, CVE-2013-0169, CVE-2013-1486 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) Note: If the web browser plug-in provided by the icedtea-web package was installed, CVE-2013-1486 could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0274: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130274 highRHSA-2013:0274 CVE-2013-0169 CVE-2013-1486
RHSA-2013:0274: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130274 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0274, CVE-2013-0169, CVE-2013-1486 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An improper permission check issue was discovered in the JMX component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2013-1486) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0275: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130275 highRHSA-2013:0275 CVE-2013-0169 CVE-2013-1484 CVE-2013-1485 CVE-2013-1486
RHSA-2013:0275: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130275 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0275, CVE-2013-0169, CVE-2013-1484, CVE-2013-1485, CVE-2013-1486 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple improper permission check issues were discovered in the JMX and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1486, CVE-2013-1484) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-1485) It was discovered that OpenJDK leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-0169) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.7. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0276: libvirt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130276 mediumRHSA-2013:0276 CVE-2012-3411
RHSA-2013:0276: libvirt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130276 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0276, CVE-2012-3411 |
| Description | The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remote management of virtualized
systems.
It was discovered that libvirt made certain invalid assumptions about
dnsmasq's command line options when setting up DNS masquerading for virtual
machines, resulting in dnsmasq incorrectly processing network packets from
network interfaces that were intended to be prohibited. This update
includes the changes necessary to call dnsmasq with a new command line
option, which was introduced to dnsmasq via RHSA-2013:0277. (CVE-2012-3411)
In order for libvirt to be able to make use of the new command line option
(--bind-dynamic), updated dnsmasq packages need to be installed. Refer to
RHSA-2013:0277 for additional information.
These updated libvirt packages include numerous bug fixes and enhancements.
Space precludes documenting all of these changes in this advisory. Users
are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked
to in the References, for information on the most significant of these
changes.
All users of libvirt are advised to upgrade to these updated packages,
which fix these issues and add these enhancements. After installing the
updated packages, libvirtd must be restarted ("service libvirtd restart")
for this update to take effect.
|
RHSA-2013:0277: dnsmasq security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130277 mediumRHSA-2013:0277 CVE-2012-3411
RHSA-2013:0277: dnsmasq security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130277 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0277, CVE-2012-3411 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS amplification attacks. (CVE-2012-3411) In order to fully address this issue, libvirt package users are advised to install updated libvirt packages. Refer to RHSA-2013:0276 for additional information. This update also fixes the following bug: * Due to a regression, the lease change script was disabled. Consequently, the "dhcp-script" option in the /etc/dnsmasq.conf configuration file did not work. This update corrects the problem and the "dhcp-script" option now works as expected. (BZ#815819) This update also adds the following enhancements: * Prior to this update, dnsmasq did not validate that the tftp directory given actually existed and was a directory. Consequently, configuration errors were not immediately reported on startup. This update improves the code to validate the tftp root directory option. As a result, fault finding is simplified especially when dnsmasq is called by external processes such as libvirt. (BZ#824214) * The dnsmasq init script used an incorrect Process Identifier (PID) in the "stop", "restart", and "condrestart" commands. Consequently, if there were some dnsmasq instances running besides the system one started by the init script, then repeated calling of "service dnsmasq" with "stop" or "restart" would kill all running dnsmasq instances, including ones not started with the init script. The dnsmasq init script code has been corrected to obtain the correct PID when calling the "stop", "restart", and "condrestart" commands. As a result, if there are dnsmasq instances running in addition to the system one started by the init script, then by calling "service dnsmasq" with "stop" or "restart" only the system one is stopped or restarted. (BZ#850944) * When two or more dnsmasq processes were running with DHCP enabled on one interface, DHCP RELEASE packets were sometimes lost. Consequently, when two or more dnsmasq processes were running with DHCP enabled on one interface, releasing IP addresses sometimes failed. This update sets the SO_BINDTODEVICE socket option on DHCP sockets if running dnsmasq with DHCP enabled on one interface. As a result, when two or more dnsmasq processes are running with DHCP enabled on one interface, they can release IP addresses as expected. (BZ#887156) All users of dnsmasq are advised to upgrade to these updated packages, which fix these issues and add these enhancements. |
RHSA-2013:0496: Red Hat Enterprise Linux 6 kernel update (Important)oval-com.redhat.rhsa-def-20130496 highRHSA-2013:0496 CVE-2012-4508 CVE-2012-4542 CVE-2013-0190 CVE-2013-0309 CVE-2013-0310 CVE-2013-0311
RHSA-2013:0496: Red Hat Enterprise Linux 6 kernel update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130496 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0496, CVE-2012-4508, CVE-2012-4542, CVE-2013-0190, CVE-2013-0309, CVE-2013-0310, CVE-2013-0311 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A race condition was found in the way asynchronous I/O and fallocate() interacted when using the ext4 file system. A local, unprivileged user could use this flaw to expose random data from an extent whose data blocks have not yet been written, and thus contain data from a deleted file. (CVE-2012-4508, Important) * A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user in a KVM guest could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311, Important) * It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542, Moderate) * A flaw was found in the way the xen_failsafe_callback() function in the Linux kernel handled the failed iret (interrupt return) instruction notification from the Xen hypervisor. An unprivileged user in a 32-bit para-virtualized guest could use this flaw to crash the guest. (CVE-2013-0190, Moderate) * A flaw was found in the way pmd_present() interacted with PROT_NONE memory ranges when transparent hugepages were in use. A local, unprivileged user could use this flaw to crash the system. (CVE-2013-0309, Moderate) * A flaw was found in the way CIPSO (Common IP Security Option) IP options were validated when set from user mode. A local user able to set CIPSO IP options on the socket could use this flaw to crash the system. (CVE-2013-0310, Moderate) Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508, and Andrew Cooper of Citrix for reporting CVE-2013-0190. Upstream acknowledges Dmitry Monakhov as the original reporter of CVE-2012-4508. The CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.4 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.4 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2013:0499: xinetd security and bug fix update (Low)oval-com.redhat.rhsa-def-20130499 lowRHSA-2013:0499 CVE-2012-0862
RHSA-2013:0499: xinetd security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130499 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0499, CVE-2012-0862 |
| Description | The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862) Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#790036) * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#809271) All users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2013:0500: hplip security, bug fix and enhancement update (Low)oval-com.redhat.rhsa-def-20130500 lowRHSA-2013:0500 CVE-2011-2722 CVE-2013-0200
RHSA-2013:0500: hplip security, bug fix and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130500 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0500, CVE-2011-2722, CVE-2013-0200 |
| Description | The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals. Several temporary file handling flaws were found in HPLIP. A local attacker could use these flaws to perform a symbolic link attack, overwriting arbitrary files accessible to a process using HPLIP. (CVE-2013-0200, CVE-2011-2722) The CVE-2013-0200 issues were discovered by Tim Waugh of Red Hat. The hplip packages have been upgraded to upstream version 3.12.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#731900) This update also fixes the following bugs: * Previously, the hpijs package required the obsolete cupsddk-drivers package, which was provided by the cups package. Under certain circumstances, this dependency caused hpijs installation to fail. This bug has been fixed and hpijs no longer requires cupsddk-drivers. (BZ#829453) * The configuration of the Scanner Access Now Easy (SANE) back end is located in the /etc/sane.d/dll.d/ directory, however, the hp-check utility checked only the /etc/sane.d/dll.conf file. Consequently, hp-check checked for correct installation, but incorrectly reported a problem with the way the SANE back end was installed. With this update, hp-check properly checks for installation problems in both locations as expected. (BZ#683007) All users of hplip are advised to upgrade to these updated packages, which fix these issues and add these enhancements. |
RHSA-2013:0502: Core X11 clients security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20130502 lowRHSA-2013:0502 CVE-2011-2504
RHSA-2013:0502: Core X11 clients security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130502 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0502, CVE-2011-2504 |
| Description | The Core X11 clients packages provide the xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps clients that ship with the X Window System. It was found that the x11perfcomp utility included the current working directory in its PATH environment variable. Running x11perfcomp in an attacker-controlled directory would cause arbitrary code execution with the privileges of the user running x11perfcomp. (CVE-2011-2504) Also with this update, the xorg-x11-utils and xorg-x11-server-utils packages have been upgraded to upstream version 7.5, and the xorg-x11-apps package to upstream version 7.6, which provides a number of bug fixes and enhancements over the previous versions. (BZ#835277, BZ#835278, BZ#835281) All users of xorg-x11-utils, xorg-x11-server-utils, and xorg-x11-apps are advised to upgrade to these updated packages, which fix these issues and add these enhancements. |
RHSA-2013:0503: 389-ds-base security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130503 mediumRHSA-2013:0503 CVE-2012-4450
RHSA-2013:0503: 389-ds-base security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130503 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0503, CVE-2012-4450 |
| Description | The 389-ds-base packages provide 389 Directory Server, which is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way 389 Directory Server enforced ACLs after performing an LDAP modify relative distinguished name (modrdn) operation. After modrdn was used to move part of a tree, the ACLs defined on the moved (Distinguished Name) were not properly enforced until the server was restarted. This could allow LDAP users to access information that should be restricted by the defined ACLs. (CVE-2012-4450) This issue was discovered by Noriko Hosoi of Red Hat. These updated 389-ds-base packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of 389-ds-base are advised to upgrade to these updated packages, which correct this issue and provide numerous bug fixes and enhancements. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2013:0504: dhcp security and bug fix update (Low)oval-com.redhat.rhsa-def-20130504 lowRHSA-2013:0504 CVE-2012-3955
RHSA-2013:0504: dhcp security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130504 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0504, CVE-2012-3955 |
| Description | The dhcp packages provide the Dynamic Host Configuration Protocol (DHCP) that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. A flaw was found in the way the dhcpd daemon handled the expiration time of IPv6 leases. If dhcpd's configuration was changed to reduce the default IPv6 lease time, lease renewal requests for previously assigned leases could cause dhcpd to crash. (CVE-2012-3955) This update also fixes the following bugs: * Prior to this update, the DHCP server discovered only the first IP address of a network interface if the network interface had more than one configured IP address. As a consequence, the DHCP server failed to restart if the server was configured to serve only a subnet of the following IP addresses. This update modifies network interface addresses discovery code to find all addresses of a network interface. The DHCP server can also serve subnets of other addresses. (BZ#803540) * Prior to this update, the dhclient rewrote the /etc/resolv.conf file with backup data after it was stopped even when the PEERDNS flag was set to "no" before shut down if the configuration file was changed while the dhclient ran with PEERDNS=yes. This update removes the backing up and restoring functions for this configuration file from the dhclient-script. Now, the dhclient no longer rewrites the /etc/resolv.conf file when stopped. (BZ#824622) All users of DHCP are advised to upgrade to these updated packages, which fix these issues. After installing this update, all DHCP servers will be restarted automatically. |
RHSA-2013:0505: squid security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130505 mediumRHSA-2013:0505 CVE-2012-5643
RHSA-2013:0505: squid security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130505 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0505, CVE-2012-5643 |
| Description | Squid is a high-performance proxy caching server for web clients that
supports FTP, Gopher, and HTTP data objects.
A denial of service flaw was found in the way the Squid Cache Manager
processed certain requests. A remote attacker who is able to access the
Cache Manager CGI could use this flaw to cause Squid to consume an
excessive amount of memory. (CVE-2012-5643)
This update also fixes the following bugs:
* Due to a bug in the ConnStateData::noteMoreBodySpaceAvailable() function,
child processes of Squid terminated upon encountering a failed assertion.
An upstream patch has been provided and Squid child processes no longer
terminate. (BZ#805879)
* Due to an upstream patch, which renamed the HTTP header controlling
persistent connections from "Proxy-Connection" to "Connection", the NTLM
pass-through authentication does not work, thus preventing login. This
update adds the new "http10" option to the squid.conf file, which can be
used to enable the change in the patch. This option is set to "off" by
default. When set to "on", the NTLM pass-through authentication works
properly, thus allowing login attempts to succeed. (BZ#844723)
* When the IPv6 protocol was disabled and Squid tried to handle an HTTP GET
request containing an IPv6 address, the Squid child process terminated due
to signal 6. This bug has been fixed and such requests are now handled as
expected. (BZ#832484)
* The old "stale if hit" logic did not account for cases where the stored
stale response became fresh due to a successful re-validation with the
origin server. Consequently, incorrect warning messages were returned. Now,
Squid no longer marks elements as stale in the described scenario.
(BZ#847056)
* When squid packages were installed before samba-winbind, the wbpriv group
did not include Squid. Consequently, NTLM authentication calls failed. Now,
Squid correctly adds itself into the wbpriv group if samba-winbind is
installed before Squid, thus fixing this bug. (BZ#797571)
* In FIPS mode, Squid was using private MD5 hash functions for user
authentication and network access. As MD5 is incompatible with FIPS mode,
Squid could fail to start. This update limits the use of the private MD5
functions to local disk file hash identifiers, thus allowing Squid to work
in FIPS mode. (BZ#833086)
* Under high system load, the squid process could terminate unexpectedly
with a segmentation fault during reboot. This update provides better memory
handling during reboot, thus fixing this bug. (BZ#782732)
* Squid incorrectly set the timeout limit for client HTTP connections with
the value for server-side connections, which is much higher, thus creating
unnecessary delays. With this update, Squid uses a proper value for the
client timeout limit. (BZ#798090)
* Squid did not properly release allocated memory when generating error
page contents, which caused memory leaks. Consequently, the Squid proxy
server consumed a lot of memory within a short time period. This update
fixes this memory leak. (BZ#758861)
* Squid did not pass the ident value to a URL rewriter that was configured
using the "url_rewrite_program" directive. Consequently, the URL rewriter
received the dash character ("–") as the user value instead of the correct
user name. Now, the URL rewriter receives the correct user name in the
described scenario. (BZ#797884)
* Squid, used as a transparent proxy, can only handle the HTTP protocol.
Previously, it was possible to define a URL in which the access protocol
contained the asterisk character (*) or an unknown protocol namespace URI.
Consequently, an "Invalid URL" error message was logged to access.log
during reload. This update ensures that "http://" is always used in
transparent proxy URLs, and the error message is no longer logged in this
scenario. (BZ#720504)
All users of squid are advised to upgrade to these updated packages, which
fix these issues. After installing this update, the squid service will be
restarted automatically.
|
RHSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130506 mediumRHSA-2013:0506 CVE-2012-1182
RHSA-2013:0506: samba4 security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130506 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0506, CVE-2012-1182 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. (CVE-2012-1182) The samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory (AD) domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate (PAC) issued by an AD Key Distribution Center (KDC). The Cross Realm Kerberos Trust functionality provided by Identity Management, which relies on the capabilities of the samba4 client library, is included as a Technology Preview. This functionality and server libraries, is included as a Technology Preview. This functionality uses the libndr-nbt library to prepare Connection-less Lightweight Directory Access Protocol (CLDAP) messages. Additionally, various improvements have been made to the Local Security Authority (LSA) and Net Logon services to allow verification of trust from a Windows system. Because the Cross Realm Kerberos Trust functionality is considered a Technology Preview, selected samba4 components are considered to be a Technology Preview. For more information on which Samba packages are considered a Technology Preview, refer to Table 5.1, "Samba4 Package Support" in the Release Notes, linked to from the References. (BZ#766333, BZ#882188) This update also fixes the following bug: * Prior to this update, if the Active Directory (AD) server was rebooted, Winbind sometimes failed to reconnect when requested by "wbinfo -n" or "wbinfo -s" commands. Consequently, looking up users using the wbinfo tool failed. This update applies upstream patches to fix this problem and now looking up a Security Identifier (SID) for a username, or a username for a given SID, works as expected after a domain controller is rebooted. (BZ#878564) All users of samba4 are advised to upgrade to these updated packages, which fix these issues and add these enhancements. Warning: If you upgrade from Red Hat Enterprise Linux 6.3 to Red Hat Enterprise Linux 6.4 and you have Samba in use, you should make sure that you uninstall the package named "samba4" to avoid conflicts during the upgrade. |
RHSA-2013:0508: sssd security, bug fix and enhancement update (Low)oval-com.redhat.rhsa-def-20130508 lowRHSA-2013:0508 CVE-2013-0219 CVE-2013-0220
RHSA-2013:0508: sssd security, bug fix and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130508 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0508, CVE-2013-0219, CVE-2013-0220 |
| Description | The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back-end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects such as FreeIPA. A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user. (CVE-2013-0219) Multiple out-of-bounds memory read flaws were found in the way the autofs and SSH service responders parsed certain SSSD packets. An attacker could spend a specially-crafted packet that, when processed by the autofs or SSH service responders, would cause SSSD to crash. This issue only caused a temporary denial of service, as SSSD was automatically restarted by the monitor process after the crash. (CVE-2013-0220) The CVE-2013-0219 and CVE-2013-0220 issues were discovered by Florian Weimer of the Red Hat Product Security Team. These updated sssd packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All SSSD users are advised to upgrade to these updated packages, which upgrade SSSD to upstream version 1.9 to correct these issues, fix these bugs and add these enhancements. |
RHSA-2013:0509: rdma security, bug fix and enhancement update (Low)oval-com.redhat.rhsa-def-20130509 lowRHSA-2013:0509 CVE-2012-4517 CVE-2012-4518
RHSA-2013:0509: rdma security, bug fix and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130509 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0509, CVE-2012-4517, CVE-2012-4518 |
| Description | Red Hat Enterprise Linux includes a collection of InfiniBand and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access (RDMA) technology. A denial of service flaw was found in the way ibacm managed reference counts for multicast connections. An attacker could send specially-crafted multicast packets that would cause the ibacm daemon to crash. (CVE-2012-4517) It was found that the ibacm daemon created some files with world-writable permissions. A local attacker could use this flaw to overwrite the contents of the ibacm.log or ibacm.port file, allowing them to mask certain actions from the log or cause ibacm to run on a non-default port. (CVE-2012-4518) CVE-2012-4518 was discovered by Florian Weimer of the Red Hat Product Security Team and Kurt Seifried of the Red Hat Security Response Team. The InfiniBand/iWARP/RDMA stack components have been upgraded to more recent upstream versions. This update also fixes the following bugs: * Previously, the "ibnodes -h" command did not show a proper usage message. With this update the problem is fixed and "ibnodes -h" now shows the correct usage message. (BZ#818606) * Previously, the ibv_devinfo utility erroneously showed iWARP cxgb3 hardware's physical state as invalid even when the device was working. For iWARP hardware, the phys_state field has no meaning. This update patches the utility to not print out anything for this field when the hardware is iWARP hardware. (BZ#822781) * Prior to the release of Red Hat Enterprise Linux 6.3, the kernel created the InfiniBand device files in the wrong place and a udev rules file was used to force the devices to be created in the proper place. With the update to 6.3, the kernel was fixed to create the InfiniBand device files in the proper place, and so the udev rules file was removed as no longer being necessary. However, a bug in the kernel device creation meant that, although the devices were now being created in the right place, they had incorrect permissions. Consequently, when users attempted to run an RDMA application as a non-root user, the application failed to get the necessary permissions to use the RDMA device and the application terminated. This update puts a new udev rules file in place. It no longer attempts to create the InfiniBand devices since they already exist, but it does correct the device permissions on the files. (BZ#834428) * Previously, using the "perfquery -C" command with a host name caused the perfquery utility to become unresponsive. The list of controllers to process was never cleared and the process looped infinitely on a single controller. A patch has been applied to make sure that in the case where the user passes in the -C option, the controller list is cleared out once that controller has been processed. As a result, perfquery now works as expected in the scenario described. (BZ#847129) * The OpenSM init script did not handle the case where there were no configuration files under "/etc/rdma/opensm.conf.*". With this update, the script as been patched and the InfiniBand Subnet Manager, OpenSM, now starts as expected in the scenario described. (BZ#862857) This update also adds the following enhancement: * This update provides an updated mlx4_ib Mellanox driver which includes Single Root I/O Virtualization (SR-IOV) support. (BZ#869737) All users of RDMA are advised to upgrade to these updated packages, which fix these issues and add this enhancement. |
RHSA-2013:0511: pki-core security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130511 mediumRHSA-2013:0511 CVE-2012-4543
RHSA-2013:0511: pki-core security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130511 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0511, CVE-2012-4543 |
| Description | Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem. Note: The Certificate Authority component provided by this advisory cannot be used as a standalone server. It is installed and operates as a part of Identity Management (the IPA component) in Red Hat Enterprise Linux. Multiple cross-site scripting flaws were discovered in Certificate System. An attacker could use these flaws to perform a cross-site scripting (XSS) attack against victims using Certificate System's web interface. (CVE-2012-4543) This update also fixes the following bugs: * Previously, due to incorrect conversion of large integers while generating a new serial number, some of the most significant bits in the serial number were truncated. Consequently, the serial number generated for certificates was sometimes smaller than expected and this incorrect conversion in turn led to a collision if a certificate with the smaller number already existed in the database. This update removes the incorrect integer conversion so that no serial numbers are truncated. As a result, the installation wizard proceeds as expected. (BZ#841663) * The certificate authority used a different profile for issuing the audit certificate than it used for renewing it. The issuing profile was for two years, and the renewal was for six months. They should both be for two years. This update sets the default and constraint parameters in the caSignedLogCert.cfg audit certificate renewal profile to two years. (BZ#844459) This update also adds the following enhancements: * IPA (Identity, Policy and Audit) now provides an improved way to determine that PKI is up and ready to service requests. Checking the service status was not sufficient. This update creates a mechanism for clients to determine that the PKI subsystem is up using the getStatus() function to query the cs.startup_state in CS.cfg. (BZ#858864) * This update increases the default root CA validity period from eight years to twenty years. (BZ#891985) All users of pki-core are advised to upgrade to these updated packages, which fix these issues and add these enhancements. |
RHSA-2013:0512: httpd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20130512 lowRHSA-2013:0512 CVE-2008-0455 CVE-2012-2687 CVE-2012-4557
RHSA-2013:0512: httpd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0512, CVE-2008-0455, CVE-2012-2687, CVE-2012-4557 |
| Description | The httpd packages contain the Apache HTTP Server (httpd), which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use this flaw to conduct cross-site scripting attacks against users visiting the site. (CVE-2008-0455, CVE-2012-2687) It was discovered that mod_proxy_ajp, when used in configurations with mod_proxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP (Apache JServ Protocol) CPing request was responded to by the back-end. A remote attacker able to make a back-end use an excessive amount of time to process a request could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2012-4557) These updated httpd packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of httpd are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2013:0514: php security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130514 mediumRHSA-2013:0514 CVE-2011-1398 CVE-2012-0831 CVE-2012-2688
RHSA-2013:0514: php security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130514 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0514, CVE-2011-1398, CVE-2012-0831, CVE-2012-2688 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) These updated php packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of php are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130515 mediumRHSA-2013:0515 CVE-2012-1182
RHSA-2013:0515: openchange security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130515 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0515, CVE-2012-1182 |
| Description | The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL (PIDL) compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls. With this update, the code has been generated with an updated version of PIDL to correct this issue. (CVE-2012-1182) The openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes. (BZ#767672, BZ#767678) This update also fixes the following bugs: * When the user tried to modify a meeting with one required attendee and himself as the organizer, a segmentation fault occurred in the memcpy() function. Consequently, the evolution-data-server application terminated unexpectedly with a segmentation fault. This bug has been fixed and evolution-data-server no longer crashes in the described scenario. (BZ#680061) * Prior to this update, OpenChange 1.0 was unable to send messages with a large message body or with extensive attachment. This was caused by minor issues in OpenChange's exchange.idl definitions. This bug has been fixed and OpenChange now sends extensive messages without complications. (BZ#870405) All users of openchange are advised to upgrade to these updated packages, which fix these issues and add these enhancements. |
RHSA-2013:0516: evolution security and bug fix update (Low)oval-com.redhat.rhsa-def-20130516 lowRHSA-2013:0516 CVE-2011-3201
RHSA-2013:0516: evolution security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130516 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0516, CVE-2011-3201 |
| Description | Evolution is the GNOME mailer, calendar, contact manager and communication tool. The components which make up Evolution are tightly integrated with one another and act as a seamless personal information-management tool. The way Evolution handled mailto URLs allowed any file to be attached to the new message. This could lead to information disclosure if the user did not notice the attached file before sending the message. With this update, mailto URLs cannot be used to attach certain files, such as hidden files or files in hidden directories, files in the /etc/ directory, or files specified using a path containing "..". (CVE-2011-3201) Red Hat would like to thank Matt McCutchen for reporting this issue. This update also fixes the following bugs: * Creating a contact list with contact names encoded in UTF-8 caused these names to be displayed in the contact list editor in the ASCII encoding instead of UTF-8. This bug has been fixed and the contact list editor now displays the names in the correct format. (BZ#707526) * Due to a bug in the evolution-alarm-notify process, calendar appointment alarms did not appear in some types of calendars. The underlying source code has been modified and calendar notifications work as expected. (BZ#805239) * An attempt to print a calendar month view as a PDF file caused Evolution to terminate unexpectedly. This update applies a patch to fix this bug and Evolution no longer crashes in this situation. (BZ#890642) All evolution users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Evolution must be restarted for this update to take effect. |
RHSA-2013:0517: util-linux-ng security, bug fix and enhancement update (Low)oval-com.redhat.rhsa-def-20130517 lowRHSA-2013:0517 CVE-2013-0157
RHSA-2013:0517: util-linux-ng security, bug fix and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130517 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0517, CVE-2013-0157 |
| Description | The util-linux-ng packages contain a large variety of low-level system utilities that are necessary for a Linux operating system to function. An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to. (CVE-2013-0157) These updated util-linux-ng packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of util-linux-ng are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:0519: openssh security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130519 mediumRHSA-2013:0519 CVE-2012-5536
RHSA-2013:0519: openssh security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130519 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0519, CVE-2012-5536 |
| Description | OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. Due to the way the pam_ssh_agent_auth PAM module was built in Red Hat Enterprise Linux 6, the glibc's error() function was called rather than the intended error() function in pam_ssh_agent_auth to report errors. As these two functions expect different arguments, it was possible for an attacker to cause an application using pam_ssh_agent_auth to crash, disclose portions of its memory or, potentially, execute arbitrary code. (CVE-2012-5536) Note that the pam_ssh_agent_auth module is not used in Red Hat Enterprise Linux 6 by default. This update also fixes the following bugs: * All possible options for the new RequiredAuthentications directive were not documented in the sshd_config man page. This update improves the man page to document all the possible options. (BZ#821641) * When stopping one instance of the SSH daemon (sshd), the sshd init script (/etc/rc.d/init.d/sshd) stopped all sshd processes regardless of the PID of the processes. This update improves the init script so that it only kills processes with the relevant PID. As a result, the init script now works more reliably in a multi-instance environment. (BZ#826720) * Due to a regression, the ssh-copy-id command returned an exit status code of zero even if there was an error in copying the key to a remote host. With this update, a patch has been applied and ssh-copy-id now returns a non-zero exit code if there is an error in copying the SSH certificate to a remote host. (BZ#836650) * When SELinux was disabled on the system, no on-disk policy was installed, a user account was used for a connection, and no "~/.ssh" configuration was present in that user's home directory, the SSH client terminated unexpectedly with a segmentation fault when attempting to connect to another system. A patch has been provided to address this issue and the crashes no longer occur in the described scenario. (BZ#836655) * The "HOWTO" document /usr/share/doc/openssh-ldap-5.3p1/HOWTO.ldap-keys incorrectly documented the use of the AuthorizedKeysCommand directive. This update corrects the document. (BZ#857760) This update also adds the following enhancements: * When attempting to enable SSH for use with a Common Access Card (CAC), the ssh-agent utility read all the certificates in the card even though only the ID certificate was needed. Consequently, if a user entered their PIN incorrectly, then the CAC was locked, as a match for the PIN was attempted against all three certificates. With this update, ssh-add does not try the same PIN for every certificate if the PIN fails for the first one. As a result, the CAC will not be disabled if a user enters their PIN incorrectly. (BZ#782912) * This update adds a "netcat mode" to SSH. The "ssh -W host:port ..." command connects standard input and output (stdio) on a client to a single port on a server. As a result, SSH can be used to route connections via intermediate servers. (BZ#860809) * Due to a bug, arguments for the RequiredAuthentications2 directive were not stored in a Match block. Consequently, parsing of the config file was not in accordance with the man sshd_config documentation. This update fixes the bug and users can now use the required authentication feature to specify a list of authentication methods as expected according to the man page. (BZ#869903) All users of openssh are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. |
RHSA-2013:0520: dovecot security and bug fix update (Low)oval-com.redhat.rhsa-def-20130520 lowRHSA-2013:0520 CVE-2011-2166 CVE-2011-2167 CVE-2011-4318
RHSA-2013:0520: dovecot security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130520 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0520, CVE-2011-2166, CVE-2011-2167, CVE-2011-4318 |
| Description | Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are provided as sub-packages. Two flaws were found in the way some settings were enforced by the script-login functionality of Dovecot. A remote, authenticated user could use these flaws to bypass intended access restrictions or conduct a directory traversal attack by leveraging login scripts. (CVE-2011-2166, CVE-2011-2167) A flaw was found in the way Dovecot performed remote server identity verification, when it was configured to proxy IMAP and POP3 connections to remote hosts using TLS/SSL protocols. A remote attacker could use this flaw to conduct man-in-the-middle attacks using an X.509 certificate issued by a trusted Certificate Authority (for a different name). (CVE-2011-4318) This update also fixes the following bug: * When a new user first accessed their IMAP inbox, Dovecot was, under some circumstances, unable to change the group ownership of the inbox directory in the user's Maildir location to match that of the user's mail spool (/var/mail/$USER). This correctly generated an "Internal error occurred" message. However, with a subsequent attempt to access the inbox, Dovecot saw that the directory already existed and proceeded with its operation, leaving the directory with incorrectly set permissions. This update corrects the underlying permissions setting error. When a new user now accesses their inbox for the first time, and it is not possible to set group ownership, Dovecot removes the created directory and generates an error message instead of keeping the directory with incorrect group ownership. (BZ#697620) Users of dovecot are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the dovecot service will be restarted automatically. |
RHSA-2013:0521: pam security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130521 mediumRHSA-2013:0521 CVE-2011-3148 CVE-2011-3149
RHSA-2013:0521: pam security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130521 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0521, CVE-2011-3148, CVE-2011-3149 |
| Description | Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. A stack-based buffer overflow flaw was found in the way the pam_env module parsed users' "~/.pam_environment" files. If an application's PAM configuration contained "user_readenv=1" (this is not the default), a local attacker could use this flaw to crash the application or, possibly, escalate their privileges. (CVE-2011-3148) A denial of service flaw was found in the way the pam_env module expanded certain environment variables. If an application's PAM configuration contained "user_readenv=1" (this is not the default), a local attacker could use this flaw to cause the application to enter an infinite loop. (CVE-2011-3149) Red Hat would like to thank Kees Cook of the Google ChromeOS Team for reporting the CVE-2011-3148 and CVE-2011-3149 issues. These updated pam packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. All pam users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:0522: gdb security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130522 mediumRHSA-2013:0522 CVE-2011-4355
RHSA-2013:0522: gdb security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130522 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0522, CVE-2011-4355 |
| Description | The GNU Debugger (GDB) allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355) With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the "show auto-load safe-path" and "set auto-load safe-path" GDB commands. Refer to the GDB manual, linked to in the References, for further information. This update also fixes the following bugs: * When a struct member was at an offset greater than 256 MB, the resulting bit position within the struct overflowed and caused an invalid memory access by GDB. With this update, the code has been modified to ensure that GDB can access such positions. (BZ#795424) * When a thread list of the core file became corrupted, GDB did not print this list but displayed the "Cannot find new threads: generic error" error message instead. With this update, GDB has been modified and it now prints the thread list of the core file as expected. (BZ#811648) * GDB did not properly handle debugging of multiple binaries with the same build ID. This update modifies GDB to use symbolic links created for particular binaries so that debugging of binaries that share a build ID now proceeds as expected. Debugging of live programs and core files is now more user-friendly. (BZ#836966) All users of gdb are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:0523: ccid security and bug fix update (Low)oval-com.redhat.rhsa-def-20130523 lowRHSA-2013:0523 CVE-2010-4530
RHSA-2013:0523: ccid security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130523 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0523, CVE-2010-4530 |
| Description | Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially-crafted smart card. (CVE-2010-4530) This update also fixes the following bug: * Previously, CCID only recognized smart cards with 5V power supply. With this update, CCID also supports smart cards with different power supply. (BZ#808115) All users of ccid are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2013:0525: pcsc-lite security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130525 mediumRHSA-2013:0525 CVE-2010-4531
RHSA-2013:0525: pcsc-lite security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130525 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0525, CVE-2010-4531 |
| Description | PC/SC Lite provides a Windows SCard compatible interface for communicating with smart cards, smart card readers, and other security tokens. A stack-based buffer overflow flaw was found in the way pcsc-lite decoded certain attribute values of Answer-to-Reset (ATR) messages. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the pcscd daemon (root, by default), by inserting a specially-crafted smart card. (CVE-2010-4531) This update also fixes the following bugs: * Due to an error in the init script, the chkconfig utility did not automatically place the pcscd init script after the start of the HAL daemon. Consequently, the pcscd service did not start automatically at boot time. With this update, the pcscd init script has been changed to explicitly start only after HAL is up, thus fixing this bug. (BZ#788474, BZ#814549) * Because the chkconfig settings and the startup files in the /etc/rc.d/ directory were not changed during the update described in the RHBA-2012:0990 advisory, the user had to update the chkconfig settings manually to fix the problem. Now, the chkconfig settings and the startup files in the /etc/rc.d/ directory are automatically updated as expected. (BZ#834803) * Previously, the SCardGetAttrib() function did not work properly and always returned the "SCARD_E_INSUFFICIENT_BUFFER" error regardless of the actual buffer size. This update applies a patch to fix this bug and the SCardGetAttrib() function now works as expected. (BZ#891852) All users of pcsc-lite are advised to upgrade to these updated packages, which fix these issues. After installing this update, the pcscd daemon will be restarted automatically. |
RHSA-2013:0526: automake security update (Low)oval-com.redhat.rhsa-def-20130526 lowRHSA-2013:0526 CVE-2012-3386
RHSA-2013:0526: automake security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130526 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0526, CVE-2012-3386 |
| Description | Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". (CVE-2012-3386) Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter. Users of automake are advised to upgrade to this updated package, which corrects this issue. |
RHSA-2013:0528: ipa security, bug fix and enhancement update (Low)oval-com.redhat.rhsa-def-20130528 lowRHSA-2013:0528 CVE-2012-4546
RHSA-2013:0528: ipa security, bug fix and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130528 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0528, CVE-2012-4546 |
| Description | Red Hat Identity Management is a centralized authentication, identity management and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. It was found that the current default configuration of IPA servers did not publish correct CRLs (Certificate Revocation Lists). The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica. (CVE-2012-4546) These updated ipa packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.4 Technical Notes, linked to in the References, for information on the most significant of these changes. Users are advised to upgrade to these updated ipa packages, which fix these issues and add these enhancements. |
RHSA-2013:0550: bind security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20130550 mediumRHSA-2013:0550 CVE-2012-5689
RHSA-2013:0550: bind security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130550 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0550, CVE-2012-5689 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. DNS64 is used to automatically generate DNS records so IPv6 based clients can access IPv4 systems through a NAT64 server. A flaw was found in the DNS64 implementation in BIND when using Response Policy Zones (RPZ). If a remote attacker sent a specially-crafted query to a named server that is using RPZ rewrite rules, named could exit unexpectedly with an assertion failure. Note that DNS64 support is not enabled by default. (CVE-2012-5689) This update also adds the following enhancement: * Previously, it was impossible to configure the the maximum number of responses sent per second to one client. This allowed remote attackers to conduct traffic amplification attacks using DNS queries with spoofed source IP addresses. With this update, it is possible to use the new "rate-limit" configuration option in named.conf and configure the maximum number of queries which the server responds to. Refer to the BIND documentation for more details about the "rate-limit" option. (BZ#906312) All bind users are advised to upgrade to these updated packages, which contain patches to correct this issue and add this enhancement. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2013:0567: kernel security update (Important)oval-com.redhat.rhsa-def-20130567 highRHSA-2013:0567 CVE-2013-0871
RHSA-2013:0567: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130567 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0567, CVE-2013-0871 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2013:0568: dbus-glib security update (Important)oval-com.redhat.rhsa-def-20130568 highRHSA-2013:0568 CVE-2013-0292
RHSA-2013:0568: dbus-glib security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130568 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0568, CVE-2013-0292 |
| Description | dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. A flaw was found in the way dbus-glib filtered the message sender (message source subject) when the "NameOwnerChanged" signal was received. This could trick a system service using dbus-glib (such as fprintd) into believing a signal was sent from a privileged process, when it was not. A local attacker could use this flaw to escalate their privileges. (CVE-2013-0292) All dbus-glib users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against dbus-glib, such as fprintd and NetworkManager, must be restarted for this update to take effect. |
RHSA-2013:0580: cups security update (Moderate)oval-com.redhat.rhsa-def-20130580 mediumRHSA-2013:0580 CVE-2012-5519
RHSA-2013:0580: cups security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0580, CVE-2012-5519 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. It was discovered that CUPS administrative users (members of the SystemGroups groups) who are permitted to perform CUPS configuration changes via the CUPS web interface could manipulate the CUPS configuration to gain unintended privileges. Such users could read or write arbitrary files with the privileges of the CUPS daemon, possibly allowing them to run arbitrary code with root privileges. (CVE-2012-5519) After installing this update, the ability to change certain CUPS configuration directives remotely will be disabled by default. The newly introduced ConfigurationChangeRestriction directive can be used to enable the changing of the restricted directives remotely. Refer to Red Hat Bugzilla bug 875898 for more details and the list of restricted directives. All users of cups are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2013:0581: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20130581 mediumRHSA-2013:0581 CVE-2013-0338
RHSA-2013:0581: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130581 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0581, CVE-2013-0338 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. (CVE-2013-0338) All users of libxml2 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2013:0587: openssl security update (Moderate)oval-com.redhat.rhsa-def-20130587 mediumRHSA-2013:0587 CVE-2012-4929 CVE-2013-0166 CVE-2013-0169
RHSA-2013:0587: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130587 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0587, CVE-2012-4929, CVE-2013-0166, CVE-2013-0169 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-0169) A NULL pointer dereference flaw was found in the OCSP response verification in OpenSSL. A malicious OCSP server could use this flaw to crash applications performing OCSP verification by sending a specially-crafted response. (CVE-2013-0166) It was discovered that the TLS/SSL protocol could leak information about plain text when optional compression was used. An attacker able to control part of the plain text sent over an encrypted TLS/SSL connection could possibly use this flaw to recover other portions of the plain text. (CVE-2012-4929) Note: This update disables zlib compression, which was previously enabled in OpenSSL by default. Applications using OpenSSL now need to explicitly enable zlib compression to use it. It was found that OpenSSL read certain environment variables even when used by a privileged (setuid or setgid) application. A local attacker could use this flaw to escalate their privileges. No application shipped with Red Hat Enterprise Linux 5 and 6 was affected by this problem. (BZ#839735) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2013:0588: gnutls security update (Moderate)oval-com.redhat.rhsa-def-20130588 mediumRHSA-2013:0588 CVE-2013-1619
RHSA-2013:0588: gnutls security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130588 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0588, CVE-2013-1619 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. (CVE-2013-1619) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted, or the system rebooted. |
RHSA-2013:0589: git security update (Moderate)oval-com.redhat.rhsa-def-20130589 mediumRHSA-2013:0589 CVE-2013-0308
RHSA-2013:0589: git security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130589 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0589, CVE-2013-0308 |
| Description | Git is a fast, scalable, distributed revision control system. It was discovered that Git's git-imap-send command, a tool to send a collection of patches from standard input (stdin) to an IMAP folder, did not properly perform SSL X.509 v3 certificate validation on the IMAP server's certificate, as it did not ensure that the server's hostname matched the one provided in the CN field of the server's certificate. A rogue server could use this flaw to conduct man-in-the-middle attacks, possibly leading to the disclosure of sensitive information. (CVE-2013-0308) All git users should upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2013:0590: nss-pam-ldapd security update (Important)oval-com.redhat.rhsa-def-20130590 highRHSA-2013:0590 CVE-2013-0288
RHSA-2013:0590: nss-pam-ldapd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130590 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0590, CVE-2013-0288 |
| Description | The nss-pam-ldapd packages provide the nss-pam-ldapd daemon (nslcd), which uses a directory server to lookup name service information on behalf of a lightweight nsswitch module. An array index error, leading to a stack-based buffer overflow flaw, was found in the way nss-pam-ldapd managed open file descriptors. An attacker able to make a process have a large number of open file descriptors and perform name lookups could use this flaw to cause the process to crash or, potentially, execute arbitrary code with the privileges of the user running the process. (CVE-2013-0288) Red Hat would like to thank Garth Mollett for reporting this issue. All users of nss-pam-ldapd are advised to upgrade to these updated packages, which contain a backported patch to fix this issue. |
RHSA-2013:0594: kernel security and bug fix update (Low)oval-com.redhat.rhsa-def-20130594 lowRHSA-2013:0594 CVE-2012-3400
RHSA-2013:0594: kernel security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130594 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0594, CVE-2012-3400 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Buffer overflow flaws were found in the udf_load_logicalvol() function in the Universal Disk Format (UDF) file system implementation in the Linux kernel. An attacker with physical access to a system could use these flaws to cause a denial of service or escalate their privileges. (CVE-2012-3400, Low) This update also fixes the following bugs: * Previously, race conditions could sometimes occur in interrupt handling on the Emulex BladeEngine 2 (BE2) controllers, causing the network adapter to become unresponsive. This update provides a series of patches for the be2net driver, which prevents the race from occurring. The network cards using BE2 chipsets no longer hang due to incorrectly handled interrupt events. (BZ#884704) * A boot-time memory allocation pool (the DMI heap) is used to keep the list of Desktop Management Interface (DMI) devices during the system boot. Previously, the size of the DMI heap was only 2048 bytes on the AMD64 and Intel 64 architectures and the DMI heap space could become easily depleted on some systems, such as the IBM System x3500 M2. A subsequent OOM failure could, under certain circumstances, lead to a NULL pointer entry being stored in the DMI device list. Consequently, scanning of such a corrupted DMI device list resulted in a kernel panic. The boot-time memory allocation pool for the AMD64 and Intel 64 architectures has been enlarged to 4096 bytes and the routines responsible for populating the DMI device list have been modified to skip entries if their name string is NULL. The kernel no longer panics in this scenario. (BZ#902683) * The size of the buffer used to print the kernel taint output on kernel panic was too small, which resulted in the kernel taint output not being printed completely sometimes. With this update, the size of the buffer has been adjusted and the kernel taint output is now displayed properly. (BZ#905829) * The code to print the kernel taint output contained a typographical error. Consequently, the kernel taint output, which is displayed on kernel panic, could not provide taint error messages for unsupported hardware. This update fixes the typo and the kernel taint output is now displayed correctly. (BZ#885063) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:0599: xen security update (Important)oval-com.redhat.rhsa-def-20130599 highRHSA-2013:0599 CVE-2012-6075
RHSA-2013:0599: xen security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130599 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0599, CVE-2012-6075 |
| Description | The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a fully-virtualized guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of xen are advised to upgrade to these updated packages, which correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. |
RHSA-2013:0602: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20130602 highRHSA-2013:0602 CVE-2013-0809 CVE-2013-1493
RHSA-2013:0602: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130602 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0602, CVE-2013-0809, CVE-2013-1493 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0603: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130603 highRHSA-2013:0603 CVE-2013-0809 CVE-2013-1493
RHSA-2013:0603: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130603 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0603, CVE-2013-0809, CVE-2013-1493 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.8. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0604: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130604 highRHSA-2013:0604 CVE-2013-0809 CVE-2013-1493
RHSA-2013:0604: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130604 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0604, CVE-2013-0809, CVE-2013-1493 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0605: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20130605 highRHSA-2013:0605 CVE-2013-0809 CVE-2013-1493
RHSA-2013:0605: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130605 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0605, CVE-2013-0809, CVE-2013-1493 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-0809) It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. (CVE-2013-1493) Note: If your system has not yet been upgraded to Red Hat Enterprise Linux 6.4 and the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Thus, this update has been rated as having critical security impact as a one time exception. The icedtea-web package as provided with Red Hat Enterprise Linux 6.4 uses OpenJDK 7 instead. This erratum also upgrades the OpenJDK package to IcedTea6 1.11.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0608: kvm security update (Important)oval-com.redhat.rhsa-def-20130608 highRHSA-2013:0608 CVE-2012-6075
RHSA-2013:0608: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130608 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0608, CVE-2012-6075 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Note that the procedure in the Solution section must be performed before this update will take effect. |
RHSA-2013:0609: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20130609 highRHSA-2013:0609 CVE-2012-6075
RHSA-2013:0609: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130609 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0609, CVE-2012-6075 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU-KVM emulated the e1000 network interface card when the host was configured to accept jumbo network frames, and a guest using the e1000 emulated driver was not. A remote attacker could use this flaw to crash the guest or, potentially, execute arbitrary code with root privileges in the guest. (CVE-2012-6075) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2013:0611: ruby security update (Moderate)oval-com.redhat.rhsa-def-20130611 mediumRHSA-2013:0611 CVE-2013-1821
RHSA-2013:0611: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130611 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0611, CVE-2013-1821 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory. (CVE-2013-1821) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. |
RHSA-2013:0612: ruby security update (Moderate)oval-com.redhat.rhsa-def-20130612 mediumRHSA-2013:0612 CVE-2012-4481 CVE-2013-1821
RHSA-2013:0612: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130612 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0612, CVE-2012-4481, CVE-2013-1821 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was discovered that Ruby's REXML library did not properly restrict XML entity expansion. An attacker could use this flaw to cause a denial of service by tricking a Ruby application using REXML to read text nodes from specially-crafted XML content, which will result in REXML consuming large amounts of system memory. (CVE-2013-1821) It was found that the RHSA-2011:0910 update did not correctly fix the CVE-2011-1005 issue, a flaw in the method for translating an exception message into a string in the Exception class. A remote attacker could use this flaw to bypass safe level 4 restrictions, allowing untrusted (tainted) code to modify arbitrary, trusted (untainted) strings, which safe level 4 restrictions would otherwise prevent. (CVE-2012-4481) The CVE-2012-4481 issue was discovered by Vit Ondruch of Red Hat. All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. |
RHSA-2013:0614: xulrunner security update (Critical)oval-com.redhat.rhsa-def-20130614 highRHSA-2013:0614 CVE-2013-0787
RHSA-2013:0614: xulrunner security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130614 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0614, CVE-2013-0787 |
| Description | XULRunner provides the XUL Runtime environment for applications using the Gecko layout engine. A flaw was found in the way XULRunner handled malformed web content. A web page containing malicious content could cause an application linked against XULRunner (such as Mozilla Firefox) to crash or execute arbitrary code with the privileges of the user running the application. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. For technical details regarding this flaw, refer to the Mozilla security advisories. You can find a link to the Mozilla advisories in the References section of this erratum. All XULRunner users should upgrade to these updated packages, which correct this issue. After installing the update, applications using XULRunner must be restarted for the changes to take effect. |
RHSA-2013:0621: kernel security update (Important)oval-com.redhat.rhsa-def-20130621 highRHSA-2013:0621 CVE-2013-0268 CVE-2013-0871
RHSA-2013:0621: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130621 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0621, CVE-2013-0268, CVE-2013-0871 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important) * A race condition was found in the way the Linux kernel's ptrace implementation handled PTRACE_SETREGS requests when the debuggee was woken due to a SIGKILL signal instead of being stopped. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-0871, Important) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:0623: tomcat6 security update (Important)oval-com.redhat.rhsa-def-20130623 highRHSA-2013:0623 CVE-2012-3546 CVE-2012-4534 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887
RHSA-2013:0623: tomcat6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130623 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0623, CVE-2012-3546, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887 |
| Description | Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session. (CVE-2012-3546) A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO (Non-Blocking I/O) connector and HTTPS. A remote attacker could use this flaw to cause a denial of service (infinite loop). The HTTP blocking IO (BIO) connector, which is not vulnerable to this issue, is used by default in Red Hat Enterprise Linux 6. (CVE-2012-4534) Multiple weaknesses were found in the Tomcat DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2013:0627: thunderbird security update (Important)oval-com.redhat.rhsa-def-20130627 highRHSA-2013:0627 CVE-2013-0787
RHSA-2013:0627: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130627 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0627, CVE-2013-0787 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the processing of malformed content. Malicious content could cause Thunderbird to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0787) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter. Note: This issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which corrects this issue. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:0628: 389-ds-base security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130628 mediumRHSA-2013:0628 CVE-2013-0312
RHSA-2013:0628: 389-ds-base security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130628 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0628, CVE-2013-0312 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way LDAPv3 control data was handled by 389 Directory Server. If a malicious user were able to bind to the directory (even anonymously) and send an LDAP request containing crafted LDAPv3 control data, they could cause the server to crash, denying service to the directory. (CVE-2013-0312) The CVE-2013-0312 issue was discovered by Thierry Bordaz of Red Hat. This update also fixes the following bugs: * After an upgrade from Red Hat Enterprise Linux 6.3 to version 6.4, the upgrade script did not update the schema file for the PamConfig object class. Consequently, new features for PAM such as configuration of multiple instances and pamFilter attribute could not be used because of the schema violation. With this update, the upgrade script updates the schema file for the PamConfig object class and new features function properly. (BZ#910994) * Previously, the valgrind test suite reported recurring memory leaks in the modify_update_last_modified_attr() function. The size of the leaks averaged between 60-80 bytes per modify call. In environments where modify operations were frequent, this caused significant problems. Now, memory leaks no longer occur in the modify_update_last_modified_attr() function. (BZ#910995) * The Directory Server (DS) failed when multi-valued attributes were replaced. The problem occurred when replication was enabled, while the server executing the modification was configured as a single master and there was at least one replication agreement. Consequently, the modification requests were refused by the master server, which returned a code 20 "Type or value exists" error message. These requests were replacements of multi-valued attributes, and the error only occurred when one of the new values matched one of the current values of the attribute, but had a different letter case. Now, modification requests function properly and no longer return code 20 errors. (BZ#910996) * The DNA (distributed numeric assignment) plug-in, under certain conditions, could log error messages with the "DB_LOCK_DEADLOCK" error code when attempting to create an entry with a uidNumber attribute. Now, DNA handles this case properly and errors no longer occur during attempts to create entries with uidNumber attributes. (BZ#911467) * Posix Winsync plugin was calling an internal modify function which was not necessary. The internal modify call failed and logged an error message "slapi_modify_internal_set_pb: NULL parameter" which was not clear. This patch stops calling the internal modify function if it is not necessary and the cryptic error message is not observed. (BZ#911468) * Previously, under certain conditions, the dse.ldif file had 0 bytes after a server termination or when the machine was powered off. Consequently, after the system was brought up, a DS or IdM system could be unable to restart, leading to production server outages. Now, the server mechanism by which the dse.ldif is written is more robust, and tries all available backup dse.ldif files, and outages no longer occur. (BZ#911469) * Due to an incorrect interpretation of an error code, a directory server considered an invalid chaining configuration setting as the disk full error and shut down unexpectedly. Now, a more appropriate error code is in use and the server no longer shuts down from invalid chaining configuration settings. (BZ#911474) * While trying to remove a tombstone entry, the ns-slapd daemon terminated unexpectedly with a segmentation fault. With this update, removal of tombstone entries no longer causes crashes. (BZ#914305) All 389-ds-base users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2013:0630: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20130630 highRHSA-2013:0630 CVE-2013-0228 CVE-2013-0268
RHSA-2013:0630: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130630 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0630, CVE-2013-0228, CVE-2013-0268 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the xen_iret() function in the Linux kernel used the DS (the CPU's Data Segment) register. A local, unprivileged user in a 32-bit, para-virtualized Xen hypervisor guest could use this flaw to crash the guest or, potentially, escalate their privileges. (CVE-2013-0228, Important) * A flaw was found in the way file permission checks for the "/dev/cpu/[x]/msr" files were performed in restricted root environments (for example, when using a capability-based security model). A local user with the ability to write to these files could use this flaw to escalate their privileges to kernel level, for example, by writing to the SYSENTER_EIP_MSR register. (CVE-2013-0268, Important) The CVE-2013-0228 issue was discovered by Andrew Jones of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2013:0640: tomcat5 security update (Important)oval-com.redhat.rhsa-def-20130640 highRHSA-2013:0640 CVE-2012-3546 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887
RHSA-2013:0640: tomcat5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130640 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0640, CVE-2012-3546, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887 |
| Description | Apache Tomcat is a servlet container. It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal() before the call to FormAuthenticator#authenticate() (such as the Single-Sign-On valve), it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of a URL. A remote attacker with an authenticated session on an affected application could use this flaw to circumvent authorization controls, and thereby access resources not permitted by the roles associated with their authenticated session. (CVE-2012-3546) Multiple weaknesses were found in the Tomcat DIGEST authentication implementation, effectively reducing the security normally provided by DIGEST authentication. A remote attacker could use these flaws to perform replay attacks in some circumstances. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887) Users of Tomcat should upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2013:0646: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20130646 mediumRHSA-2013:0646 CVE-2013-0272 CVE-2013-0273 CVE-2013-0274
RHSA-2013:0646: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130646 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0646, CVE-2013-0272, CVE-2013-0273, CVE-2013-0274 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A stack-based buffer overflow flaw was found in the Pidgin MXit protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted HTTP request. (CVE-2013-0272) A buffer overflow flaw was found in the Pidgin Sametime protocol plug-in. A malicious server or a remote attacker could use this flaw to crash Pidgin by sending a specially-crafted username. (CVE-2013-0273) A buffer overflow flaw was found in the way Pidgin processed certain UPnP responses. A remote attacker could send a specially-crafted UPnP response that, when processed, would crash Pidgin. (CVE-2013-0274) Red Hat would like to thank the Pidgin project for reporting the above issues. Upstream acknowledges Daniel Atallah as the original reporter of CVE-2013-0272. All Pidgin users should upgrade to these updated packages, which contain backported patches to resolve these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2013:0656: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20130656 mediumRHSA-2013:0656 CVE-2012-1016 CVE-2013-1415
RHSA-2013:0656: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130656 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0656, CVE-2012-1016, CVE-2013-1415 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). When a client attempts to use PKINIT to obtain credentials from the KDC, the client can specify, using an issuer and serial number, which of the KDC's possibly-many certificates the client has in its possession, as a hint to the KDC that it should use the corresponding key to sign its response. If that specification was malformed, the KDC could attempt to dereference a NULL pointer and crash. (CVE-2013-1415) When a client attempts to use PKINIT to obtain credentials from the KDC, the client will typically format its request to conform to the specification published in RFC 4556. For interoperability reasons, clients and servers also provide support for an older, draft version of that specification. If a client formatted its request to conform to this older version of the specification, with a non-default key agreement option, it could cause the KDC to attempt to dereference a NULL pointer and crash. (CVE-2012-1016) All krb5 users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2013:0663: sssd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130663 mediumRHSA-2013:0663 CVE-2013-0287
RHSA-2013:0663: sssd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130663 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0663, CVE-2013-0287 |
| Description | SSSD (System Security Services Daemon) provides a set of daemons to manage
access to remote directories and authentication mechanisms. It provides
NSS (Name Service Switch) and PAM (Pluggable Authentication Modules)
interfaces toward the system and a pluggable back end system to connect to
multiple different account sources.
When SSSD was configured as a Microsoft Active Directory client by using
the new Active Directory provider (introduced in RHSA-2013:0508), the
Simple Access Provider ("access_provider = simple" in
"/etc/sssd/sssd.conf") did not handle access control correctly. If any
groups were specified with the "simple_deny_groups" option (in sssd.conf),
all users were permitted access. (CVE-2013-0287)
The CVE-2013-0287 issue was discovered by Kaushik Banerjee of Red Hat.
This update also fixes the following bugs:
* If a group contained a member whose Distinguished Name (DN) pointed out
of any of the configured search bases, the search request that was
processing this particular group never ran to completion. To the user, this
bug manifested as a long timeout between requesting the group data and
receiving the result. A patch has been provided to address this bug and
SSSD now processes group search requests without delays. (BZ#907362)
* The pwd_expiration_warning should have been set for seven days, but
instead it was set to zero for Kerberos. This incorrect zero setting
returned the "always display warning if the server sends one" error message
and users experienced problems in environments like IPA or Active
Directory. Currently, the value setting for Kerberos is modified and this
issue no longer occurs. (BZ#914671)
All users of sssd are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
|
RHSA-2013:0668: boost security update (Moderate)oval-com.redhat.rhsa-def-20130668 mediumRHSA-2013:0668 CVE-2012-2677
RHSA-2013:0668: boost security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130668 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0668, CVE-2012-2677 |
| Description | The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677) All users of boost are advised to upgrade to these updated packages, which contain a backported patch to fix this issue. |
RHSA-2013:0669: qt security update (Moderate)oval-com.redhat.rhsa-def-20130669 mediumRHSA-2013:0669 CVE-2013-0254
RHSA-2013:0669: qt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130669 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0669, CVE-2013-0254 |
| Description | Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254) Red Hat would like to thank the Qt project for reporting this issue. Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters. Users of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect. |
RHSA-2013:0683: axis security update (Moderate)oval-com.redhat.rhsa-def-20130683 mediumRHSA-2013:0683 CVE-2012-5784
RHSA-2013:0683: axis security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130683 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0683, CVE-2012-5784 |
| Description | Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject's Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name. (CVE-2012-5784) All users of axis are advised to upgrade to these updated packages, which correct this issue. Applications using Apache Axis must be restarted for this update to take effect. |
RHSA-2013:0685: perl security update (Moderate)oval-com.redhat.rhsa-def-20130685 mediumRHSA-2013:0685 CVE-2012-5195 CVE-2012-5526 CVE-2012-6329 CVE-2013-1667
RHSA-2013:0685: perl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130685 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0685, CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, CVE-2013-1667 |
| Description | Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. (CVE-2013-1667) It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. (CVE-2012-5526) It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. (CVE-2012-6329) Red Hat would like to thank the Perl project for reporting CVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as the original reporter of CVE-2012-5195 and Yves Orton as the original reporter of CVE-2013-1667. All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect. |
RHSA-2013:0687: pixman security update (Moderate)oval-com.redhat.rhsa-def-20130687 mediumRHSA-2013:0687 CVE-2013-1591
RHSA-2013:0687: pixman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130687 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0687, CVE-2013-1591 |
| Description | Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1591) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect. |
RHSA-2013:0689: bind security and bug fix update (Important)oval-com.redhat.rhsa-def-20130689 highRHSA-2013:0689 CVE-2013-2266
RHSA-2013:0689: bind security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130689 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0689, CVE-2013-2266 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. This update also fixes the following bug: * Previously, rebuilding the bind-dyndb-ldap source RPM failed with a "/usr/include/dns/view.h:76:21: error: dns/rrl.h: No such file or directory" error. (BZ#928439) All bind users are advised to upgrade to these updated packages, which contain patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2013:0690: bind97 security update (Important)oval-com.redhat.rhsa-def-20130690 highRHSA-2013:0690 CVE-2013-2266
RHSA-2013:0690: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130690 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0690, CVE-2013-2266 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the libdns library. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to use an excessive amount of memory, or possibly crash. (CVE-2013-2266) Note: This update disables the syntax checking of NAPTR (Naming Authority Pointer) resource records. All bind97 users are advised to upgrade to these updated packages, which contain a patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2013:0696: firefox security update (Critical)oval-com.redhat.rhsa-def-20130696 highRHSA-2013:0696 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800
RHSA-2013:0696: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130696 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0696, CVE-2013-0788, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0800 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0788) A flaw was found in the way Same Origin Wrappers were implemented in Firefox. A malicious site could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0795) A flaw was found in the embedded WebGL library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. Note: This issue only affected systems using the Intel Mesa graphics drivers. (CVE-2013-0796) An out-of-bounds write flaw was found in the embedded Cairo library in Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0800) A flaw was found in the way Firefox handled the JavaScript history functions. A malicious site could cause a web page to be displayed that has a baseURI pointing to a different site, allowing cross-site scripting (XSS) and phishing attacks. (CVE-2013-0793) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Cody Crews, miaubiz, Abhishek Arya, and Mariusz Mlynski as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.5 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.5 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2013:0697: thunderbird security update (Important)oval-com.redhat.rhsa-def-20130697 highRHSA-2013:0697 CVE-2013-0788 CVE-2013-0793 CVE-2013-0795 CVE-2013-0796 CVE-2013-0800
RHSA-2013:0697: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130697 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0697, CVE-2013-0788, CVE-2013-0793, CVE-2013-0795, CVE-2013-0796, CVE-2013-0800 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0788) A flaw was found in the way Same Origin Wrappers were implemented in Thunderbird. Malicious content could use this flaw to bypass the same-origin policy and execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0795) A flaw was found in the embedded WebGL library in Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. Note: This issue only affected systems using the Intel Mesa graphics drivers. (CVE-2013-0796) An out-of-bounds write flaw was found in the embedded Cairo library in Thunderbird. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0800) A flaw was found in the way Thunderbird handled the JavaScript history functions. Malicious content could cause a page to be displayed that has a baseURI pointing to a different site, allowing cross-site scripting (XSS) and phishing attacks. (CVE-2013-0793) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, Joe Drew, Cody Crews, miaubiz, Abhishek Arya, and Mariusz Mlynski as the original reporters of these issues. Note: All issues except CVE-2013-0800 cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.5 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:0714: stunnel security update (Moderate)oval-com.redhat.rhsa-def-20130714 mediumRHSA-2013:0714 CVE-2013-1762
RHSA-2013:0714: stunnel security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130714 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0714, CVE-2013-1762 |
| Description | stunnel is a socket wrapper which can provide SSL (Secure Sockets Layer) support to ordinary applications. For example, it can be used in conjunction with imapd to create an SSL-secure IMAP server. An integer conversion issue was found in stunnel when using Microsoft NT LAN Manager (NTLM) authentication with the HTTP CONNECT tunneling method. With this configuration, and using stunnel in SSL client mode on a 64-bit system, an attacker could possibly execute arbitrary code with the privileges of the stunnel process via a man-in-the-middle attack or by tricking a user into using a malicious proxy. (CVE-2013-1762) All stunnel users should upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2013:0727: kvm security update (Important)oval-com.redhat.rhsa-def-20130727 highRHSA-2013:0727 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798
RHSA-2013:0727: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130727 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0727, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796) A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797) A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798) Red Hat would like to thank Andrew Honig of Google for reporting all of these issues. All users of kvm are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note that the procedure in the Solution section must be performed before this update will take effect. |
RHSA-2013:0737: subversion security update (Moderate)oval-com.redhat.rhsa-def-20130737 mediumRHSA-2013:0737 CVE-2013-1845 CVE-2013-1846 CVE-2013-1847 CVE-2013-1849
RHSA-2013:0737: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130737 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0737, CVE-2013-1845, CVE-2013-1846, CVE-2013-1847, CVE-2013-1849 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled PROPFIND requests on activity URLs. A remote attacker could use this flaw to cause the httpd process serving the request to crash. (CVE-2013-1849) A flaw was found in the way the mod_dav_svn module handled large numbers of properties (such as those set with the "svn propset" command). A malicious, remote user could use this flaw to cause the httpd process serving the request to consume an excessive amount of system memory. (CVE-2013-1845) Two NULL pointer dereference flaws were found in the way the mod_dav_svn module handled LOCK requests on certain types of URLs. A malicious, remote user could use these flaws to cause the httpd process serving the request to crash. (CVE-2013-1846, CVE-2013-1847) Note: The CVE-2013-1849, CVE-2013-1846, and CVE-2013-1847 issues only caused a temporary denial of service, as the Apache HTTP Server started a new process to replace the crashed child process. When using prefork MPM, the crash only affected the attacker. When using worker (threaded) MPM, the connections of other users may have been interrupted. Red Hat would like to thank the Apache Subversion project for reporting these issues. Upstream acknowledges Alexander Klink as the original reporter of CVE-2013-1845; Ben Reser as the original reporter of CVE-2013-1846; and Philip Martin and Ben Reser as the original reporters of CVE-2013-1847. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, you must restart the httpd daemon, if you are using mod_dav_svn, for the update to take effect. |
RHSA-2013:0742: 389-ds-base security and bug fix update (Low)oval-com.redhat.rhsa-def-20130742 lowRHSA-2013:0742 CVE-2013-1897
RHSA-2013:0742: 389-ds-base security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130742 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0742, CVE-2013-1897 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was found that the 389 Directory Server did not properly restrict access to entries when the "nsslapd-allow-anonymous-access" configuration setting was set to "rootdse". An anonymous user could connect to the LDAP database and, if the search scope is set to BASE, obtain access to information outside of the rootDSE. (CVE-2013-1897) This issue was discovered by Martin Kosek of Red Hat. This update also fixes the following bugs: * Previously, the schema-reload plug-in was not thread-safe. Consequently, executing the schema-reload.pl script under heavy load could have caused the ns-slapd process to terminate unexpectedly with a segmentation fault. Currently, the schema-reload plug-in is re-designed so that it is thread-safe, and the schema-reload.pl script can be executed along with other LDAP operations. (BZ#929107) * An out of scope problem for a local variable, in some cases, caused the modrdn operation to terminate unexpectedly with a segmentation fault. This update declares the local variable at the proper place of the function so it does not go out of scope, and the modrdn operation no longer crashes. (BZ#929111) * A task manually constructed an exact value to be removed from the configuration if the "replica-force-cleaning" option was used. Consequently, the task configuration was not cleaned up, and every time the server was restarted, the task behaved in the described manner. This update searches the configuration for the exact value to delete, instead of manually building the value, and the task does not restart when the server is restarted. (BZ#929114) * Previously, a NULL pointer dereference could have occurred when attempting to get effective rights on an entry that did not exist, leading to an unexpected termination due to a segmentation fault. This update checks for NULL entry pointers and returns the appropriate error. Now, attempts to get effective rights on an entry that does not exist no longer causes crashes, and the server returns the appropriate error message. (BZ#929115) * A problem in the lock timing in the DNA plug-in caused a deadlock if the DNA operation was executed with other plug-ins. This update moves the release timing of the problematic lock, and the DNA plug-in does not cause the deadlock. (BZ#929196) All 389-ds-base users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2013:0744: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20130744 highRHSA-2013:0744 CVE-2012-6537 CVE-2012-6538 CVE-2012-6546 CVE-2012-6547 CVE-2013-0349 CVE-2013-0913 CVE-2013-1767 CVE-2013-1773 CVE-2013-1774 CVE-2013-1792 CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 CVE-2013-1826 CVE-2013-1827
RHSA-2013:0744: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130744 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0744, CVE-2012-6537, CVE-2012-6538, CVE-2012-6546, CVE-2012-6547, CVE-2013-0349, CVE-2013-0913, CVE-2013-1767, CVE-2013-1773, CVE-2013-1774, CVE-2013-1792, CVE-2013-1796, CVE-2013-1797, CVE-2013-1798, CVE-2013-1826, CVE-2013-1827 |
| Description | Security: * An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the Intel i915 driver in the Linux kernel handled the allocation of the buffer used for relocation copies. A local user with console access could use this flaw to cause a denial of service or escalate their privileges. (CVE-2013-0913, Important) * A buffer overflow flaw was found in the way UTF-8 characters were converted to UTF-16 in the utf8s_to_utf16s() function of the Linux kernel's FAT file system implementation. A local user able to mount a FAT file system with the "utf8=1" option could use this flaw to crash the system or, potentially, to escalate their privileges. (CVE-2013-1773, Important) * A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796, Important) * A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797, Important) * A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798, Important) * A race condition in install_user_keyrings(), leading to a NULL pointer dereference, was found in the key management facility. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-1792, Moderate) * A NULL pointer dereference in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to cause a denial of service. (CVE-2013-1826, Moderate) * A NULL pointer dereference in the Datagram Congestion Control Protocol (DCCP) implementation could allow a local user to cause a denial of service. (CVE-2013-1827, Moderate) * Information leak flaws in the XFRM implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * Two information leak flaws in the Asynchronous Transfer Mode (ATM) subsystem could allow a local, unprivileged user to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak was found in the TUN/TAP device driver in the networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) * An information leak in the Bluetooth implementation could allow a local user who has the CAP_NET_ADMIN capability to leak kernel stack memory to user-space. (CVE-2013-0349, Low) * A use-after-free flaw was found in the tmpfs implementation. A local user able to mount and unmount a tmpfs file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1767, Low) * A NULL pointer dereference was found in the Linux kernel's USB Inside Out Edgeport Serial Driver implementation. An attacker with physical access to a system could use this flaw to cause a denial of service. (CVE-2013-1774, Low) Red Hat would like to thank Andrew Honig of Google for reporting CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. CVE-2013-1792 was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team. |
RHSA-2013:0747: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130747 mediumRHSA-2013:0747 CVE-2012-6537 CVE-2012-6542 CVE-2012-6546 CVE-2012-6547 CVE-2013-0216 CVE-2013-0231 CVE-2013-1826
RHSA-2013:0747: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130747 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0747, CVE-2012-6537, CVE-2012-6542, CVE-2012-6546, CVE-2012-6547, CVE-2013-0216, CVE-2013-0231, CVE-2013-1826 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the Xen netback driver implementation in the Linux kernel. A privileged guest user with access to a para-virtualized network device could use this flaw to cause a long loop in netback, leading to a denial of service that could potentially affect the entire system. (CVE-2013-0216, Moderate) * A flaw was found in the Xen PCI device back-end driver implementation in the Linux kernel. A privileged guest user in a guest that has a PCI passthrough device could use this flaw to cause a denial of service that could potentially affect the entire system. (CVE-2013-0231, Moderate) * A NULL pointer dereference flaw was found in the IP packet transformation framework (XFRM) implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-1826, Moderate) * Information leak flaws were found in the XFRM implementation in the Linux kernel. A local user who has the CAP_NET_ADMIN capability could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6537, Low) * An information leak flaw was found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6542, Low) * Two information leak flaws were found in the Linux kernel's Asynchronous Transfer Mode (ATM) subsystem. A local, unprivileged user could use these flaws to leak kernel stack memory to user-space. (CVE-2012-6546, Low) * An information leak flaw was found in the TUN/TAP device driver in the Linux kernel's networking implementation. A local user with access to a TUN/TAP virtual interface could use this flaw to leak kernel stack memory to user-space. (CVE-2012-6547, Low) Red Hat would like to thank the Xen project for reporting the CVE-2013-0216 and CVE-2013-0231 issues. This update also fixes the following bugs: * The IPv4 code did not correctly update the Maximum Transfer Unit (MTU) of the designed interface when receiving ICMP Fragmentation Needed packets. Consequently, a remote host did not respond correctly to ping attempts. With this update, the IPv4 code has been modified so the MTU of the designed interface is adjusted as expected in this situation. The ping command now provides the expected output. (BZ#923353) * Previously, the be2net code expected the last word of an MCC completion message from the firmware to be transferred by direct memory access (DMA) at once. However, this is not always true, and could therefore cause the BUG_ON() macro to be triggered in the be_mcc_compl_is_new() function, consequently leading to a kernel panic. The BUG_ON() macro has been removed from be_mcc_compl_is_new(), and the kernel panic no longer occurs in this scenario. (BZ#923910) * Previously, the NFSv3 server incorrectly converted 64-bit cookies to 32-bit. Consequently, the cookies became invalid, which affected all file system operations depending on these cookies, such as the READDIR operation that is used to read entries from a directory. This led to various problems, such as exported directories being empty or displayed incorrectly, or an endless loop of the READDIRPLUS procedure which could potentially cause a buffer overflow. This update modifies knfsd code so that 64-bit cookies are now handled correctly and all file system operations work as expected. (BZ#924087) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:0748: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20130748 mediumRHSA-2013:0748 CVE-2013-1416
RHSA-2013:0748: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130748 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0748, CVE-2013-1416 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). A NULL pointer dereference flaw was found in the way the MIT Kerberos KDC processed certain TGS (Ticket-granting Server) requests. A remote, authenticated attacker could use this flaw to crash the KDC via a specially-crafted TGS request. (CVE-2013-1416) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2013:0751: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20130751 highRHSA-2013:0751 CVE-2013-0401 CVE-2013-1488 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436
RHSA-2013:0751: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130751 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0751, CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384) Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518, CVE-2013-1557) The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code. (CVE-2013-1537) Note: The fix for CVE-2013-1537 changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Refer to Red Hat Bugzilla bug 952387 for additional details. The 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption. (CVE-2013-2420) It was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform access checks and MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421, CVE-2013-2423) It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430) The JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2013-1488, CVE-2013-2426) The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-0401) Flaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine. (CVE-2013-2417, CVE-2013-2419) The MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes. (CVE-2013-2424) It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS. (CVE-2013-2415) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0752: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130752 highRHSA-2013:0752 CVE-2013-0401 CVE-2013-1488 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2423 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431 CVE-2013-2436
RHSA-2013:0752: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130752 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0752, CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2423, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431, CVE-2013-2436 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384) Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-2436, CVE-2013-1518, CVE-2013-1557) The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code. (CVE-2013-1537) Note: The fix for CVE-2013-1537 changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Refer to Red Hat Bugzilla bug 952387 for additional details. The 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption. (CVE-2013-2420) It was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform access checks and MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421, CVE-2013-2423) It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430) The JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2013-1488, CVE-2013-2426) The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-0401) Flaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine. (CVE-2013-2417, CVE-2013-2419) The MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes. (CVE-2013-2424) It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS. (CVE-2013-2415) This erratum also upgrades the OpenJDK package to IcedTea7 2.3.9. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0753: icedtea-web security update (Moderate)oval-com.redhat.rhsa-def-20130753 mediumRHSA-2013:0753 CVE-2013-1926 CVE-2013-1927
RHSA-2013:0753: icedtea-web security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130753 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0753, CVE-2013-1926, CVE-2013-1927 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. It was discovered that the IcedTea-Web plug-in incorrectly used the same class loader instance for applets with the same value of the codebase attribute, even when they originated from different domains. A malicious applet could use this flaw to gain information about and possibly manipulate applets from different domains currently running in the browser. (CVE-2013-1926) The IcedTea-Web plug-in did not properly check the format of the downloaded Java Archive (JAR) files. This could cause the plug-in to execute code hidden in a file in a different format, possibly allowing attackers to execute code in the context of web sites that allow uploads of specific file types, known as a GIFAR attack. (CVE-2013-1927) The CVE-2013-1926 issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team, and CVE-2013-1927 was discovered by the Red Hat Security Response Team. This erratum also upgrades IcedTea-Web to version 1.2.3. Refer to the NEWS file, linked to in the References, for further information. All IcedTea-Web users should upgrade to these updated packages, which resolve these issues. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect. |
RHSA-2013:0769: glibc security and bug fix update (Low)oval-com.redhat.rhsa-def-20130769 lowRHSA-2013:0769 CVE-2013-0242 CVE-2013-1914
RHSA-2013:0769: glibc security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130769 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0769, CVE-2013-0242, CVE-2013-1914 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs: * The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993, linked to in the References, for further information. (BZ#950535) * It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. (BZ#951493) Users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:0770: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130770 highRHSA-2013:0770 CVE-2013-0401 CVE-2013-1488 CVE-2013-1518 CVE-2013-1537 CVE-2013-1557 CVE-2013-1558 CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2415 CVE-2013-2417 CVE-2013-2419 CVE-2013-2420 CVE-2013-2421 CVE-2013-2422 CVE-2013-2424 CVE-2013-2426 CVE-2013-2429 CVE-2013-2430 CVE-2013-2431
RHSA-2013:0770: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130770 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0770, CVE-2013-0401, CVE-2013-1488, CVE-2013-1518, CVE-2013-1537, CVE-2013-1557, CVE-2013-1558, CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2415, CVE-2013-2417, CVE-2013-2419, CVE-2013-2420, CVE-2013-2421, CVE-2013-2422, CVE-2013-2424, CVE-2013-2426, CVE-2013-2429, CVE-2013-2430, CVE-2013-2431 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384) Multiple improper permission check issues were discovered in the Beans, Libraries, JAXP, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-1558, CVE-2013-2422, CVE-2013-1518, CVE-2013-1557) The previous default value of the java.rmi.server.useCodebaseOnly property permitted the RMI implementation to automatically load classes from remotely specified locations. An attacker able to connect to an application using RMI could use this flaw to make the application execute arbitrary code. (CVE-2013-1537) Note: The fix for CVE-2013-1537 changes the default value of the property to true, restricting class loading to the local CLASSPATH and locations specified in the java.rmi.server.codebase property. Refer to Red Hat Bugzilla bug 952387 for additional details. The 2D component did not properly process certain images. An untrusted Java application or applet could possibly use this flaw to trigger Java Virtual Machine memory corruption. (CVE-2013-2420) It was discovered that the Hotspot component did not properly handle certain intrinsic frames, and did not correctly perform MethodHandle lookups. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2431, CVE-2013-2421) It was discovered that JPEGImageReader and JPEGImageWriter in the ImageIO component did not protect against modification of their state while performing certain native code operations. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2429, CVE-2013-2430) The JDBC driver manager could incorrectly call the toString() method in JDBC drivers, and the ConcurrentHashMap class could incorrectly call the defaultReadObject() method. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2013-1488, CVE-2013-2426) The sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2013-0401) Flaws were discovered in the Network component's InetAddress serialization, and the 2D component's font handling. An untrusted Java application or applet could possibly use these flaws to crash the Java Virtual Machine. (CVE-2013-2417, CVE-2013-2419) The MBeanInstantiator class implementation in the OpenJDK JMX component did not properly check class access before creating new instances. An untrusted Java application or applet could use this flaw to create instances of non-public classes. (CVE-2013-2424) It was discovered that JAX-WS could possibly create temporary files with insecure permissions. A local attacker could use this flaw to access temporary files created by an application using JAX-WS. (CVE-2013-2415) This erratum also upgrades the OpenJDK package to IcedTea6 1.11.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0771: curl security update (Moderate)oval-com.redhat.rhsa-def-20130771 mediumRHSA-2013:0771 CVE-2013-1944
RHSA-2013:0771: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130771 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0771, CVE-2013-1944 |
| Description | cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A flaw was found in the way libcurl matched domains associated with cookies. This could lead to cURL or an application linked against libcurl sending the wrong cookie if only part of the domain name matched the domain associated with the cookie, disclosing the cookie to unrelated hosts. (CVE-2013-1944) Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges YAMADA Yasuharu as the original reporter. Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. |
RHSA-2013:0772: mysql security update (Important)oval-com.redhat.rhsa-def-20130772 highRHSA-2013:0772 CVE-2012-5614 CVE-2013-1506 CVE-2013-1521 CVE-2013-1531 CVE-2013-1532 CVE-2013-1544 CVE-2013-1548 CVE-2013-1552 CVE-2013-1555 CVE-2013-2375 CVE-2013-2378 CVE-2013-2389 CVE-2013-2391 CVE-2013-2392 CVE-2013-3808
RHSA-2013:0772: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130772 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0772, CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392, CVE-2013-3808 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2012-5614, CVE-2013-1506, CVE-2013-1521, CVE-2013-1531, CVE-2013-1532, CVE-2013-1544, CVE-2013-1548, CVE-2013-1552, CVE-2013-1555, CVE-2013-2375, CVE-2013-2378, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392) These updated packages upgrade MySQL to version 5.1.69. Refer to the MySQL release notes listed in the References section for a full list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2013:0788: subscription-manager security update (Moderate)oval-com.redhat.rhsa-def-20130788 mediumRHSA-2013:0788 CVE-2012-6137
RHSA-2013:0788: subscription-manager security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130788 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0788, CVE-2012-6137 |
| Description | The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat Entitlement platform. It was discovered that the rhn-migrate-classic-to-rhsm tool did not verify the Red Hat Network Classic server's X.509 certificate when migrating system profiles registered with Red Hat Network Classic to Certificate-based Red Hat Network. An attacker could use this flaw to conduct man-in-the-middle attacks, allowing them to obtain the user's Red Hat Network credentials. (CVE-2012-6137) This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All users of subscription-manager are advised to upgrade to these updated packages, which contain a backported patch to fix this issue. |
RHSA-2013:0807: hypervkvpd security and bug fix update (Low)oval-com.redhat.rhsa-def-20130807 lowRHSA-2013:0807 CVE-2012-5532
RHSA-2013:0807: hypervkvpd security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20130807 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:0807, CVE-2012-5532 |
| Description | The hypervkvpd package contains hypervkvpd, the guest Microsoft Hyper-V Key-Value Pair (KVP) daemon. The daemon passes basic information to the host through VMBus, such as the guest IP address, fully qualified domain name, operating system name, and operating system release number. A denial of service flaw was found in the way hypervkvpd processed certain Netlink messages. A local, unprivileged user in a guest (running on Microsoft Hyper-V) could send a Netlink message that, when processed, would cause the guest's hypervkvpd daemon to exit. (CVE-2012-5532) The CVE-2012-5532 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This update also fixes the following bug: * The hypervkvpd daemon did not close the file descriptors for pool files when they were updated. This could eventually lead to hypervkvpd crashing with a "KVP: Failed to open file, pool: 1" error after consuming all available file descriptors. With this update, the file descriptors are closed, correcting this issue. (BZ#953502) Users of hypervkvpd are advised to upgrade to this updated package, which contains backported patches to correct these issues. After installing the update, it is recommended to reboot all guest machines. |
RHSA-2013:0815: httpd security update (Moderate)oval-com.redhat.rhsa-def-20130815 mediumRHSA-2013:0815 CVE-2012-3499 CVE-2012-4558 CVE-2013-1862
RHSA-2013:0815: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130815 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0815, CVE-2012-3499, CVE-2012-4558, CVE-2013-1862 |
| Description | The Apache HTTP Server is a popular web server. Cross-site scripting (XSS) flaws were found in the mod_proxy_balancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user's manager interface session. (CVE-2012-4558) It was found that mod_rewrite did not filter terminal escape sequences from its log file. If mod_rewrite was configured with the RewriteLog directive, a remote attacker could use specially-crafted HTTP requests to inject terminal escape sequences into the mod_rewrite log file. If a victim viewed the log file with a terminal emulator, it could result in arbitrary command execution with the privileges of that user. (CVE-2013-1862) Cross-site scripting (XSS) flaws were found in the mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp modules. An attacker could possibly use these flaws to perform XSS attacks if they were able to make the victim's browser generate an HTTP request with a specially-crafted Host header. (CVE-2012-3499) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2013:0820: firefox security update (Critical)oval-com.redhat.rhsa-def-20130820 highRHSA-2013:0820 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681
RHSA-2013:0820: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130820 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0820, CVE-2013-0801, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Firefox handled Content Level Constructors. A malicious site could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.6 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.6 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2013:0821: thunderbird security update (Important)oval-com.redhat.rhsa-def-20130821 highRHSA-2013:0821 CVE-2013-0801 CVE-2013-1670 CVE-2013-1674 CVE-2013-1675 CVE-2013-1676 CVE-2013-1677 CVE-2013-1678 CVE-2013-1679 CVE-2013-1680 CVE-2013-1681
RHSA-2013:0821: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130821 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0821, CVE-2013-0801, CVE-2013-1670, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-0801, CVE-2013-1674, CVE-2013-1675, CVE-2013-1676, CVE-2013-1677, CVE-2013-1678, CVE-2013-1679, CVE-2013-1680, CVE-2013-1681) A flaw was found in the way Thunderbird handled Content Level Constructors. Malicious content could use this flaw to perform cross-site scripting (XSS) attacks. (CVE-2013-1670) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, Jeff Walden, Nils, Ms2ger, Abhishek Arya, and Cody Crews as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.6 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:0827: openswan security update (Important)oval-com.redhat.rhsa-def-20130827 highRHSA-2013:0827 CVE-2013-2053
RHSA-2013:0827: openswan security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130827 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0827, CVE-2013-2053 |
| Description | Openswan is a free implementation of Internet Protocol Security (IPsec)
and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide
both authentication and encryption services. These services allow you to
build secure tunnels through untrusted networks. When using Opportunistic
Encryption, Openswan's pluto IKE daemon requests DNS TXT records to obtain
public RSA keys of itself and its peers.
A buffer overflow flaw was found in Openswan. If Opportunistic Encryption
were enabled ("oe=yes" in "/etc/ipsec.conf") and an RSA key configured, an
attacker able to cause a system to perform a DNS lookup for an
attacker-controlled domain containing malicious records (such as by sending
an email that triggers a DKIM or SPF DNS record lookup) could cause
Openswan's pluto IKE daemon to crash or, potentially, execute arbitrary
code with root privileges. With "oe=yes" but no RSA key configured, the
issue can only be triggered by attackers on the local network who can
control the reverse DNS entry of the target system. Opportunistic
Encryption is disabled by default. (CVE-2013-2053)
This issue was discovered by Florian Weimer of the Red Hat Product Security
Team.
All users of openswan are advised to upgrade to these updated packages,
which contain backported patches to correct this issue. After installing
this update, the ipsec service will be restarted automatically.
|
RHSA-2013:0830: kernel security update (Important)oval-com.redhat.rhsa-def-20130830 highRHSA-2013:0830 CVE-2013-2094
RHSA-2013:0830: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130830 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0830, CVE-2013-2094 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that the Red Hat Enterprise Linux 6.1 kernel update (RHSA-2011:0542) introduced an integer conversion issue in the Linux kernel's Performance Events implementation. This led to a user-supplied index into the perf_swevent_enabled array not being validated properly, resulting in out-of-bounds kernel memory access. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-2094, Important) A public exploit that affects Red Hat Enterprise Linux 6 is available. Refer to Red Hat Knowledge Solution 373743, linked to in the References, for further information and mitigation instructions for users who are unable to immediately apply this update. Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2013:0831: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130831 mediumRHSA-2013:0831 CVE-2013-1962
RHSA-2013:0831: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130831 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0831, CVE-2013-1962 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirtd leaked file descriptors when listing all volumes for a particular pool. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to cause libvirtd to consume all available file descriptors, preventing other users from using libvirtd services (such as starting a new guest) until libvirtd is restarted. (CVE-2013-1962) Red Hat would like to thank Edoardo Comar of IBM for reporting this issue. This update also fixes the following bugs: * Previously, libvirt made control group (cgroup) requests on files that it should not have. With older kernels, such nonsensical cgroup requests were ignored; however, newer kernels are stricter, resulting in libvirt logging spurious warnings and failures to the libvirtd and audit logs. The audit log failures displayed by the ausearch tool were similar to the following: root [date] - failed cgroup allow path rw /dev/kqemu With this update, libvirt no longer attempts the nonsensical cgroup actions, leaving only valid attempts in the libvirtd and audit logs (making it easier to search for real cases of failure). (BZ#958837) * Previously, libvirt used the wrong variable when constructing audit messages. This led to invalid audit messages, causing ausearch to format certain entries as having "path=(null)" instead of the correct path. This could prevent ausearch from locating events related to cgroup device ACL modifications for guests managed by libvirt. With this update, the audit messages are generated correctly, preventing loss of audit coverage. (BZ#958839) All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2013:0847: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130847 mediumRHSA-2013:0847 CVE-2013-0153
RHSA-2013:0847: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130847 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0847, CVE-2013-0153 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * A flaw was found in the way the Xen hypervisor AMD IOMMU driver handled interrupt remapping entries. By default, a single interrupt remapping table is used, and old interrupt remapping entries are not cleared, potentially allowing a privileged guest user in a guest that has a passed-through, bus-mastering capable PCI device to inject interrupt entries into others guests, including the privileged management domain (Dom0), leading to a denial of service. (CVE-2013-0153, Moderate) Red Hat would like to thank the Xen project for reporting the CVE-2013-0153 issue. This update also fixes the following bugs: * When a process is opening a file over NFSv4, sometimes an OPEN call can succeed while the following GETATTR operation fails with an NFS4ERR_DELAY error. The NFSv4 code did not handle such a situation correctly and allowed an NFSv4 client to attempt to use the buffer that should contain the GETATTR information. However, the buffer did not contain the valid GETATTR information, which caused the client to return a "-ENOTDIR" error. Consequently, the process failed to open the requested file. This update backports a patch that adds a test condition verifying validity of the GETATTR information. If the GETATTR information is invalid, it is obtained later and the process opens the requested file as expected. (BZ#947736) * Previously, the xdr routines in NFS version 2 and 3 conditionally updated the res->count variable. Read retry attempts after a short NFS read() call could fail to update the res->count variable, resulting in truncated read data being returned. With this update, the res->count variable is updated unconditionally so this bug can no longer occur. (BZ#952098) * When handling requests from Intelligent Platform Management Interface (IPMI) clients, the IPMI driver previously used two different locks for an IPMI request. If two IPMI clients sent their requests at the same time, each request could receive one of the locks and then wait for the second lock to become available. This resulted in a deadlock situation and the system became unresponsive. The problem could occur more likely in environments with many IPMI clients. This update modifies the IPMI driver to handle the received messages using tasklets so the driver now uses a safe locking technique when handling IPMI requests and the mentioned deadlock can no longer occur. (BZ#953435) * Incorrect locking around the cl_state_owners list could cause the NFSv4 state reclaimer thread to enter an infinite loop while holding the Big Kernel Lock (BLK). As a consequence, the NFSv4 client became unresponsive. With this update, safe list iteration is used, which prevents the NFSv4 client from hanging in this scenario. (BZ#954296) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:0868: haproxy security update (Moderate)oval-com.redhat.rhsa-def-20130868 mediumRHSA-2013:0868 CVE-2013-1912
RHSA-2013:0868: haproxy security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130868 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0868, CVE-2013-1912 |
| Description | HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was found in the way HAProxy handled pipelined HTTP requests. A remote attacker could send pipelined HTTP requests that would cause HAProxy to crash or, potentially, execute arbitrary code with the privileges of the user running HAProxy. This issue only affected systems using all of the following combined configuration options: HTTP keep alive enabled, HTTP keywords in TCP inspection rules, and request appending rules. (CVE-2013-1912) Red Hat would like to thank Willy Tarreau of HAProxy upstream for reporting this issue. Upstream acknowledges Yves Lafon from the W3C as the original reporter. HAProxy is released as a Technology Preview in Red Hat Enterprise Linux 6. More information about Red Hat Technology Previews is available at https://access.redhat.com/support/offerings/techpreview/ All users of haproxy are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2013:0869: tomcat6 security update (Important)oval-com.redhat.rhsa-def-20130869 highRHSA-2013:0869 CVE-2013-1976 CVE-2013-2051
RHSA-2013:0869: tomcat6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130869 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0869, CVE-2013-1976, CVE-2013-2051 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat6 init script handled the tomcat6-initd.log log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, tomcat6-initd.log has been moved from /var/log/tomcat6/ to the /var/log/ directory. It was found that the RHSA-2013:0623 update did not correctly fix CVE-2012-5887, a weakness in the Tomcat DIGEST authentication implementation. A remote attacker could use this flaw to perform replay attacks in some circumstances. Additionally, this problem also prevented users from being able to authenticate using DIGEST authentication. (CVE-2013-2051) Red Hat would like to thank Simon Fayer of Imperial College London for reporting the CVE-2013-1976 issue. Users of Tomcat are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2013:0870: tomcat5 security update (Important)oval-com.redhat.rhsa-def-20130870 highRHSA-2013:0870 CVE-2013-1976
RHSA-2013:0870: tomcat5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130870 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0870, CVE-2013-1976 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A flaw was found in the way the tomcat5 init script handled the catalina.out log file. A malicious web application deployed on Tomcat could use this flaw to perform a symbolic link attack to change the ownership of an arbitrary system file to that of the tomcat user, allowing them to escalate their privileges to root. (CVE-2013-1976) Note: With this update, /var/log/tomcat5/catalina.out has been moved to the /var/log/tomcat5-initd.log file. Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue. Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect. |
RHSA-2013:0883: gnutls security update (Important)oval-com.redhat.rhsa-def-20130883 highRHSA-2013:0883 CVE-2013-2116
RHSA-2013:0883: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130883 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0883, CVE-2013-2116 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. (CVE-2013-2116) Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted. |
RHSA-2013:0884: libtirpc security update (Moderate)oval-com.redhat.rhsa-def-20130884 mediumRHSA-2013:0884 CVE-2013-1950
RHSA-2013:0884: libtirpc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130884 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0884, CVE-2013-1950 |
| Description | These packages provide a transport-independent RPC (remote procedure call) implementation. A flaw was found in the way libtirpc decoded RPC requests. A specially-crafted RPC request could cause libtirpc to attempt to free a buffer provided by an application using the library, even when the buffer was not dynamically allocated. This could cause an application using libtirpc, such as rpcbind, to crash. (CVE-2013-1950) Red Hat would like to thank Michael Armstrong for reporting this issue. Users of libtirpc should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libtirpc must be restarted for the update to take effect. |
RHSA-2013:0896: qemu-kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20130896 mediumRHSA-2013:0896 CVE-2013-2007
RHSA-2013:0896: qemu-kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130896 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0896, CVE-2013-2007 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. It was found that QEMU Guest Agent (the "qemu-ga" service) created certain files with world-writable permissions when run in daemon mode (the default mode). An unprivileged guest user could use this flaw to consume all free space on the partition containing the qemu-ga log file, or modify the contents of the log. When a UNIX domain socket transport was explicitly configured to be used (not the default), an unprivileged guest user could potentially use this flaw to escalate their privileges in the guest. This update requires manual action. Refer below for details. (CVE-2013-2007) This update does not change the permissions of the existing log file or the UNIX domain socket. For these to be changed, stop the qemu-ga service, and then manually remove all "group" and "other" permissions on the affected files, or remove the files. Note that after installing this update, files created by the guest-file-open QEMU Monitor Protocol (QMP) command will still continue to be created with world-writable permissions for backwards compatibility. This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bugs: * Previously, due to integer overflow in code calculations, the qemu-kvm utility was reporting incorrect memory size on QMP events when using the virtio balloon driver with more than 4 GB of memory. This update fixes the overflow in the code and qemu-kvm works as expected in the described scenario. (BZ#958750) * When the set_link flag is set to "off" to change the status of a network card, the status is changed to "down" on the respective guest. Previously, with certain network cards, when such a guest was restarted, the status of the network card was unexpectedly reset to "up", even though the network was unavailable. A patch has been provided to address this bug and the link status change is now preserved across restarts for all network cards. (BZ#927591) All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2013:0897: mesa security update (Important)oval-com.redhat.rhsa-def-20130897 highRHSA-2013:0897 CVE-2013-1872 CVE-2013-1993
RHSA-2013:0897: mesa security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130897 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0897, CVE-2013-1872, CVE-2013-1993 |
| Description | Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. An out-of-bounds access flaw was found in Mesa. If an application using Mesa exposed the Mesa API to untrusted inputs (Mozilla Firefox does this), an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1872) It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. |
RHSA-2013:0898: mesa security update (Moderate)oval-com.redhat.rhsa-def-20130898 mediumRHSA-2013:0898 CVE-2013-1993
RHSA-2013:0898: mesa security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130898 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0898, CVE-2013-1993 |
| Description | Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. It was found that Mesa did not correctly validate messages from the X server. A malicious X server could cause an application using Mesa to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1993) All users of Mesa are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Mesa must be restarted for this update to take effect. |
RHSA-2013:0911: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20130911 highRHSA-2013:0911 CVE-2013-1935 CVE-2013-1943 CVE-2013-2017 CVE-2013-2188
RHSA-2013:0911: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130911 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0911, CVE-2013-1935, CVE-2013-1943, CVE-2013-2017, CVE-2013-2188 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way KVM (Kernel-based Virtual Machine) initialized a guest's registered pv_eoi (paravirtualized end-of-interrupt) indication flag when entering the guest. An unprivileged guest user could potentially use this flaw to crash the host. (CVE-2013-1935, Important) * A missing sanity check was found in the kvm_set_memory_region() function in KVM, allowing a user-space process to register memory regions pointing to the kernel address space. A local, unprivileged user could use this flaw to escalate their privileges. (CVE-2013-1943, Important) * A double free flaw was found in the Linux kernel's Virtual Ethernet Tunnel driver (veth). A remote attacker could possibly use this flaw to crash a target system. (CVE-2013-2017, Moderate) Red Hat would like to thank IBM for reporting the CVE-2013-1935 issue and Atzm WATANABE of Stratosphere Inc. for reporting the CVE-2013-2017 issue. The CVE-2013-1943 issue was discovered by Michael S. Tsirkin of Red Hat. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. |
RHSA-2013:0942: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20130942 mediumRHSA-2013:0942 CVE-2002-2443
RHSA-2013:0942: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130942 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0942, CVE-2002-2443 |
| Description | Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third-party, the Key Distribution Center (KDC). It was found that kadmind's kpasswd service did not perform any validation on incoming network packets, causing it to reply to all requests. A remote attacker could use this flaw to send spoofed packets to a kpasswd service that appear to come from kadmind on a different server, causing the services to keep replying packets to each other, consuming network bandwidth and CPU. (CVE-2002-2443) All krb5 users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. |
RHSA-2013:0957: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20130957 highRHSA-2013:0957 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473
RHSA-2013:0957: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130957 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0957, CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469) Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459) Multiple improper permission check issues were discovered in the Sound, JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458, CVE-2013-2457, CVE-2013-2453, CVE-2013-2460) Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446) It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. (CVE-2013-2445) It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450) It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461) It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. (CVE-2013-2412) It was discovered that GnomeFileTypeDetector did not check for read permissions when accessing files. An untrusted Java application or applet could possibly use this flaw to disclose potentially sensitive information. (CVE-2013-2449) It was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571) It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. After installing this update, users of icedtea-web must install RHBA-2013:0959 for icedtea-web to continue functioning. This erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to the NEWS file, linked to in the References, for further information. |
RHSA-2013:0958: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20130958 highRHSA-2013:0958 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2449 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2458 CVE-2013-2459 CVE-2013-2460 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473
RHSA-2013:0958: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130958 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0958, CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2449, CVE-2013-2450, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2458, CVE-2013-2459, CVE-2013-2460, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469) Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459) Multiple improper permission check issues were discovered in the Sound, JDBC, Libraries, JMX, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448, CVE-2013-2454, CVE-2013-2458, CVE-2013-2457, CVE-2013-2453, CVE-2013-2460) Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446) It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. (CVE-2013-2445) It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450) It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461) It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. (CVE-2013-2412) It was discovered that GnomeFileTypeDetector did not check for read permissions when accessing files. An untrusted Java application or applet could possibly use this flaw to disclose potentially sensitive information. (CVE-2013-2449) It was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571) It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500) Red Hat would like to thank Tim Brown for reporting CVE-2013-1500, and US-CERT for reporting CVE-2013-1571. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. This erratum also upgrades the OpenJDK package to IcedTea7 2.3.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:0964: tomcat6 security update (Moderate)oval-com.redhat.rhsa-def-20130964 mediumRHSA-2013:0964 CVE-2013-2067
RHSA-2013:0964: tomcat6 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130964 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0964, CVE-2013-2067 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. A session fixation flaw was found in the Tomcat FormAuthenticator module. During a narrow window of time, if a remote attacker sent requests while a user was logging in, it could possibly result in the attacker's requests being processed as if they were sent by the user. (CVE-2013-2067) Users of Tomcat are advised to upgrade to these updated packages, which correct this issue. Tomcat must be restarted for this update to take effect. |
RHSA-2013:0981: firefox security update (Critical)oval-com.redhat.rhsa-def-20130981 highRHSA-2013:0981 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697
RHSA-2013:0981: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20130981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0981, CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690) It was found that Firefox allowed data to be sent in the body of XMLHttpRequest (XHR) HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery (CSRF) attacks. (CVE-2013-1692) Timing differences in the way Firefox processed SVG image files could allow an attacker to read data across domains, potentially leading to information disclosure. (CVE-2013-1693) Two flaws were found in the way Firefox implemented some of its internal structures (called wrappers). An attacker could use these flaws to bypass some restrictions placed on them. This could lead to unexpected behavior or a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.7 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.7 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2013:0982: thunderbird security update (Important)oval-com.redhat.rhsa-def-20130982 highRHSA-2013:0982 CVE-2013-1682 CVE-2013-1684 CVE-2013-1685 CVE-2013-1686 CVE-2013-1687 CVE-2013-1690 CVE-2013-1692 CVE-2013-1693 CVE-2013-1694 CVE-2013-1697
RHSA-2013:0982: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20130982 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:0982, CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690, CVE-2013-1692, CVE-2013-1693, CVE-2013-1694, CVE-2013-1697 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1682, CVE-2013-1684, CVE-2013-1685, CVE-2013-1686, CVE-2013-1687, CVE-2013-1690) It was found that Thunderbird allowed data to be sent in the body of XMLHttpRequest (XHR) HEAD requests. In some cases this could allow attackers to conduct Cross-Site Request Forgery (CSRF) attacks. (CVE-2013-1692) Timing differences in the way Thunderbird processed SVG image files could allow an attacker to read data across domains, potentially leading to information disclosure. (CVE-2013-1693) Two flaws were found in the way Thunderbird implemented some of its internal structures (called wrappers). An attacker could use these flaws to bypass some restrictions placed on them. This could lead to unexpected behavior or a potentially exploitable crash. (CVE-2013-1694, CVE-2013-1697) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Jesse Ruderman, Andrew McCreight, Abhishek Arya, Mariusz Mlynski, Nils, Johnathan Kuskos, Paul Stone, Boris Zbarsky, and moz_bug_r_a4 as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.7 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:0983: curl security update (Moderate)oval-com.redhat.rhsa-def-20130983 mediumRHSA-2013:0983 CVE-2013-2174
RHSA-2013:0983: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20130983 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:0983, CVE-2013-2174 |
| Description | cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code. (CVE-2013-2174) Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Timo Sirainen as the original reporter. Users of curl should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using libcurl must be restarted for the update to take effect. |
RHSA-2013:1014: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20131014 highRHSA-2013:1014 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2452 CVE-2013-2453 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2465 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473
RHSA-2013:1014: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131014 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1014, CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2452, CVE-2013-2453, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption. (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE-2013-2469) Integer overflow flaws were found in the way AWT processed certain input. An attacker could use these flaws to execute arbitrary code with the privileges of the user running an untrusted Java applet or application. (CVE-2013-2459) Multiple improper permission check issues were discovered in the Sound and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-2448, CVE-2013-2457, CVE-2013-2453) Multiple flaws in the Serialization, Networking, Libraries and CORBA components can be exploited by an untrusted Java application or applet to gain access to potentially sensitive information. (CVE-2013-2456, CVE-2013-2447, CVE-2013-2455, CVE-2013-2452, CVE-2013-2443, CVE-2013-2446) It was discovered that the Hotspot component did not properly handle out-of-memory errors. An untrusted Java application or applet could possibly use these flaws to terminate the Java Virtual Machine. (CVE-2013-2445) It was discovered that the AWT component did not properly manage certain resources and that the ObjectStreamClass of the Serialization component did not properly handle circular references. An untrusted Java application or applet could possibly use these flaws to cause a denial of service. (CVE-2013-2444, CVE-2013-2450) It was discovered that the Libraries component contained certain errors related to XML security and the class loader. A remote attacker could possibly exploit these flaws to bypass intended security mechanisms or disclose potentially sensitive information and cause a denial of service. (CVE-2013-2407, CVE-2013-2461) It was discovered that JConsole did not properly inform the user when establishing an SSL connection failed. An attacker could exploit this flaw to gain access to potentially sensitive information. (CVE-2013-2412) It was found that documentation generated by Javadoc was vulnerable to a frame injection attack. If such documentation was accessible over a network, and a remote attacker could trick a user into visiting a specially-crafted URL, it would lead to arbitrary web content being displayed next to the documentation. This could be used to perform a phishing attack by providing frame content that spoofed a login form on the site hosting the vulnerable documentation. (CVE-2013-1571) It was discovered that the 2D component created shared memory segments with insecure permissions. A local attacker could use this flaw to read or write to the shared memory segment. (CVE-2013-1500) Red Hat would like to thank US-CERT for reporting CVE-2013-1571, and Tim Brown for reporting CVE-2013-1500. US-CERT acknowledges Oracle as the original reporter of CVE-2013-1571. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:1034: kernel security and bug fix update (Low)oval-com.redhat.rhsa-def-20131034 lowRHSA-2013:1034 CVE-2012-6544 CVE-2012-6545 CVE-2013-0914 CVE-2013-1929 CVE-2013-3222 CVE-2013-3224 CVE-2013-3231 CVE-2013-3235
RHSA-2013:1034: kernel security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131034 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1034, CVE-2012-6544, CVE-2012-6545, CVE-2013-0914, CVE-2013-1929, CVE-2013-3222, CVE-2013-3224, CVE-2013-3231, CVE-2013-3235 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * Information leaks in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6544, CVE-2012-6545, CVE-2013-3222, CVE-2013-3224, CVE-2013-3231, CVE-2013-3235, Low) * An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2013-0914, Low) * A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low) This update also fixes the following bugs: * Previously on system boot, devices with associated Reserved Memory Region Reporting (RMRR) information had lost their RMRR information after they were removed from the static identity (SI) domain. Consequently, a system unexpectedly terminated in an endless loop due to unexpected NMIs triggered by DMA errors. This problem was observed on HP ProLiant Generation 7 (G7) and 8 (Gen8) systems. This update prevents non-USB devices that have RMRR information associated with them from being placed into the SI domain during system boot. HP ProLiant G7 and Gen8 systems that contain devices with the RMRR information now boot as expected. (BZ#957606) * Previously, the kernel's futex wait code used timeouts that had granularity in milliseconds. Also, when passing these timeouts to system calls, the kernel converted the timeouts to "jiffies". Consequently, programs could time out inaccurately which could lead to significant latency problems in certain environments. This update modifies the futex wait code to use a high-resolution timer (hrtimer) so the timeout granularity is now in microseconds. Timeouts are no longer converted to "jiffies" when passed to system calls. Timeouts passed to programs are now accurate and the programs time out as expected. (BZ#958021) * A recent change modified the size of the task_struct structure in the floating point unit (fpu) counter. However, on Intel Itanium systems, this change caused the kernel Application Binary Interface (kABI) to stop working properly when a previously compiled module was loaded, resulting in a kernel panic. With this update the change causing this bug has been reverted so the bug can no longer occur. (BZ#966878) * The cxgb4 driver previously did not clear data structures used for firmware requests. Consequently, when initializing some Chelsio's Terminator 4 (T4) adapters, a probe request could fail because the request was incompatible with the adapter's firmware. This update modifies the cxgb4 driver to properly initialize firmware request structures before sending a request to the firmware and the problem no longer occurs. (BZ#971872) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:1049: php security update (Critical)oval-com.redhat.rhsa-def-20131049 highRHSA-2013:1049 CVE-2013-4113
RHSA-2013:1049: php security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131049 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1049, CVE-2013-4113 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2013:1050: php53 security update (Critical)oval-com.redhat.rhsa-def-20131050 highRHSA-2013:1050 CVE-2013-4113
RHSA-2013:1050: php53 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131050 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1050, CVE-2013-4113 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed deeply nested XML documents. If a PHP application used the xml_parse_into_struct() function to parse untrusted XML content, an attacker able to supply specially-crafted XML could use this flaw to crash the application or, possibly, execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-4113) All php53 users should upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2013:1051: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131051 mediumRHSA-2013:1051 CVE-2012-6548 CVE-2013-0914 CVE-2013-1848 CVE-2013-2128 CVE-2013-2634 CVE-2013-2635 CVE-2013-2852 CVE-2013-3222 CVE-2013-3224 CVE-2013-3225 CVE-2013-3301
RHSA-2013:1051: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131051 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1051, CVE-2012-6548, CVE-2013-0914, CVE-2013-1848, CVE-2013-2128, CVE-2013-2634, CVE-2013-2635, CVE-2013-2852, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, CVE-2013-3301 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the tcp_read_sock() function in the Linux kernel's IPv4 TCP/IP protocol suite implementation in the way socket buffers (skb) were handled. A local, unprivileged user could trigger this issue via a call to splice(), leading to a denial of service. (CVE-2013-2128, Moderate) * Information leak flaws in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6548, CVE-2013-2634, CVE-2013-2635, CVE-2013-3222, CVE-2013-3224, CVE-2013-3225, Low) * An information leak was found in the Linux kernel's POSIX signals implementation. A local, unprivileged user could use this flaw to bypass the Address Space Layout Randomization (ASLR) security feature. (CVE-2013-0914, Low) * A format string flaw was found in the ext3_msg() function in the Linux kernel's ext3 file system implementation. A local user who is able to mount an ext3 file system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1848, Low) * A format string flaw was found in the b43_do_request_fw() function in the Linux kernel's b43 driver implementation. A local user who is able to specify the "fwpostfix" b43 module parameter could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-2852, Low) * A NULL pointer dereference flaw was found in the Linux kernel's ftrace and function tracer implementations. A local user who has the CAP_SYS_ADMIN capability could use this flaw to cause a denial of service. (CVE-2013-3301, Low) Red Hat would like to thank Kees Cook for reporting CVE-2013-2852. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:1090: ruby security update (Moderate)oval-com.redhat.rhsa-def-20131090 mediumRHSA-2013:1090 CVE-2013-4073
RHSA-2013:1090: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131090 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1090, CVE-2013-4073 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully-crafted certificate signed by an authority that the client trusts. (CVE-2013-4073) All users of Ruby are advised to upgrade to these updated packages, which contain backported patches to resolve this issue. |
RHSA-2013:1100: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20131100 highRHSA-2013:1100 CVE-2013-2231
RHSA-2013:1100: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131100 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1100, CVE-2013-2231 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM. An unquoted search path flaw was found in the way the QEMU Guest Agent service installation was performed on Windows. Depending on the permissions of the directories in the unquoted search path, a local, unprivileged user could use this flaw to have a binary of their choosing executed with SYSTEM privileges. (CVE-2013-2231) This issue was discovered by Lev Veyde of Red Hat. All users of qemu-kvm should upgrade to these updated packages, which contain backported patches to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2013:1114: bind security update (Important)oval-com.redhat.rhsa-def-20131114 highRHSA-2013:1114 CVE-2013-4854
RHSA-2013:1114: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131114 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1114, CVE-2013-4854 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2013:1115: bind97 security update (Important)oval-com.redhat.rhsa-def-20131115 highRHSA-2013:1115 CVE-2013-4854
RHSA-2013:1115: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131115 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1115, CVE-2013-4854 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in BIND. A remote attacker could use this flaw to send a specially-crafted DNS query to named that, when processed, would cause named to crash when rejecting the malformed query. (CVE-2013-4854) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2013:1119: 389-ds-base security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131119 mediumRHSA-2013:1119 CVE-2013-2219
RHSA-2013:1119: 389-ds-base security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131119 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1119, CVE-2013-2219 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not honor defined attribute access controls when evaluating search filter expressions. A remote attacker (with permission to query the Directory Server) could use this flaw to determine the values of restricted attributes via a series of search queries with filter conditions that used restricted attributes. (CVE-2013-2219) This issue was discovered by Ludwig Krispenz of Red Hat. This update also fixes the following bugs: * Previously, the disk monitoring feature did not function properly. If logging functionality was set to critical and logging was disabled, rotated logs would be deleted. If the attribute "nsslapd-errorlog-level" was explicitly set to any value, even zero, the disk monitoring feature would not stop the Directory Server when it was supposed to. This update corrects the disk monitoring feature settings, and it no longer malfunctions in the described scenarios. (BZ#972930) * Previously, setting the "nsslapd-disk-monitoring-threshold" attribute via ldapmodify to a large value worked as expected; however, a bug in ldapsearch caused such values for the option to be displayed as negative values. This update corrects the bug in ldapsearch and correct values are now displayed. (BZ#984970) * If logging functionality was not set to critical, then the mount point for the logs directory was incorrectly skipped during the disk space check. (BZ#987850) All 389-ds-base users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2013:1120: haproxy security update (Moderate)oval-com.redhat.rhsa-def-20131120 mediumRHSA-2013:1120 CVE-2013-2175
RHSA-2013:1120: haproxy security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131120 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1120, CVE-2013-2175 |
| Description | HAProxy provides high availability, load balancing, and proxying for TCP
and HTTP-based applications.
A flaw was found in the way HAProxy handled requests when the proxy's
configuration ("/etc/haproxy/haproxy.cfg") had certain rules that use the
hdr_ip criterion. A remote attacker could use this flaw to crash HAProxy
instances that use the affected configuration. (CVE-2013-2175)
Red Hat would like to thank HAProxy upstream for reporting this issue.
Upstream acknowledges David Torgerson as the original reporter.
HAProxy is released as a Technology Preview in Red Hat Enterprise Linux 6.
More information about Red Hat Technology Previews is available at
https://access.redhat.com/support/offerings/techpreview/
All users of haproxy are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
|
RHSA-2013:1121: sos security update (Low)oval-com.redhat.rhsa-def-20131121 lowRHSA-2013:1121 CVE-2012-2664
RHSA-2013:1121: sos security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131121 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1121, CVE-2012-2664 |
| Description | The sos package contains a set of tools that gather information from system
hardware, logs and configuration files. The information can then be used
for diagnostic purposes and debugging.
The sosreport utility collected the Kickstart configuration file
("/root/anaconda-ks.cfg"), but did not remove the root user's password from
it before adding the file to the resulting archive of debugging
information. An attacker able to access the archive could possibly use this
flaw to obtain the root user's password. "/root/anaconda-ks.cfg" usually
only contains a hash of the password, not the plain text password.
(CVE-2012-2664)
Note: This issue affected all installations, not only systems installed via
Kickstart. A "/root/anaconda-ks.cfg" file is created by all installation
types.
The utility also collects yum repository information from
"/etc/yum.repos.d" which in uncommon configurations may contain passwords.
Any http_proxy password specified in these files will now be automatically
removed. Passwords embedded within URLs in these files should be manually
removed or the files excluded from the archive.
All users of sos are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
|
RHSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131135 mediumRHSA-2013:1135 CVE-2013-0791 CVE-2013-1620
RHSA-2013:1135: nss and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1135, CVE-2013-0791, CVE-2013-1620 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-1620) An out-of-bounds memory read flaw was found in the way NSS decoded certain certificates. If an application using NSS decoded a malformed certificate, it could cause the application to crash. (CVE-2013-0791) Red Hat would like to thank the Mozilla project for reporting CVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original reporter of CVE-2013-0791. This update also fixes the following bugs: * A defect in the FreeBL library implementation of the Diffie-Hellman (DH) protocol previously caused Openswan to drop connections. (BZ#958023) * A memory leak in the nssutil_ReadSecmodDB() function has been fixed. (BZ#986969) In addition, the nss package has been upgraded to upstream version 3.14.3, and the nspr package has been upgraded to upstream version 4.9.5. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#949845, BZ#924741) Note that while upstream NSS version 3.14 prevents the use of certificates that have an MD5 signature, this erratum includes a patch that allows such certificates by default. To prevent the use of certificates that have an MD5 signature, set the "NSS_HASH_ALG_SUPPORT" environment variable to "-MD5". Users of NSS and NSPR are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. |
RHSA-2013:1140: firefox security update (Critical)oval-com.redhat.rhsa-def-20131140 highRHSA-2013:1140 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717
RHSA-2013:1140: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131140 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1140, CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-1701) A flaw was found in the way Firefox generated Certificate Request Message Format (CRMF) requests. An attacker could use this flaw to perform cross-site scripting (XSS) attacks or execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-1710) A flaw was found in the way Firefox handled the interaction between frames and browser history. An attacker could use this flaw to trick Firefox into treating malicious content as if it came from the browser history, allowing for XSS attacks. (CVE-2013-1709) It was found that the same-origin policy could be bypassed due to the way Uniform Resource Identifiers (URI) were checked in JavaScript. An attacker could use this flaw to perform XSS attacks, or install malicious add-ons from third-party pages. (CVE-2013-1713) It was found that web workers could bypass the same-origin policy. An attacker could use this flaw to perform XSS attacks. (CVE-2013-1714) It was found that, in certain circumstances, Firefox incorrectly handled Java applets. If a user launched an untrusted Java applet via Firefox, the applet could use this flaw to obtain read-only access to files on the user's local system. (CVE-2013-1717) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jeff Gilbert, Henrik Skupin, moz_bug_r_a4, Cody Crews, Federico Lanusse, and Georgi Guninski as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.8 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.8 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2013:1142: thunderbird security update (Important)oval-com.redhat.rhsa-def-20131142 highRHSA-2013:1142 CVE-2013-1701 CVE-2013-1709 CVE-2013-1710 CVE-2013-1713 CVE-2013-1714 CVE-2013-1717
RHSA-2013:1142: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131142 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1142, CVE-2013-1701, CVE-2013-1709, CVE-2013-1710, CVE-2013-1713, CVE-2013-1714, CVE-2013-1717 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1701) A flaw was found in the way Thunderbird generated Certificate Request Message Format (CRMF) requests. An attacker could use this flaw to perform cross-site scripting (XSS) attacks or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1710) A flaw was found in the way Thunderbird handled the interaction between frames and browser history. An attacker could use this flaw to trick Thunderbird into treating malicious content as if it came from the browser history, allowing for XSS attacks. (CVE-2013-1709) It was found that the same-origin policy could be bypassed due to the way Uniform Resource Identifiers (URI) were checked in JavaScript. An attacker could use this flaw to perform XSS attacks, or install malicious add-ons from third-party pages. (CVE-2013-1713) It was found that web workers could bypass the same-origin policy. An attacker could use this flaw to perform XSS attacks. (CVE-2013-1714) It was found that, in certain circumstances, Thunderbird incorrectly handled Java applets. If a user launched an untrusted Java applet via Thunderbird, the applet could use this flaw to obtain read-only access to files on the user's local system. (CVE-2013-1717) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jeff Gilbert, Henrik Skupin, moz_bug_r_a4, Cody Crews, Federico Lanusse, and Georgi Guninski as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.8 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate)oval-com.redhat.rhsa-def-20131144 mediumRHSA-2013:1144 CVE-2013-0791 CVE-2013-1620
RHSA-2013:1144: nss, nss-util, nss-softokn, and nspr security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131144 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1144, CVE-2013-0791, CVE-2013-1620 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographic module. It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2013-1620) An out-of-bounds memory read flaw was found in the way NSS decoded certain certificates. If an application using NSS decoded a malformed certificate, it could cause the application to crash. (CVE-2013-0791) Red Hat would like to thank the Mozilla project for reporting CVE-2013-0791. Upstream acknowledges Ambroz Bizjak as the original reporter of CVE-2013-0791. This update also fixes the following bugs: * The RHBA-2013:0445 update (which upgraded NSS to version 3.14) prevented the use of certificates that have an MD5 signature. This caused problems in certain environments. With this update, certificates that have an MD5 signature are once again allowed. To prevent the use of certificates that have an MD5 signature, set the "NSS_HASH_ALG_SUPPORT" environment variable to "-MD5". (BZ#957603) * Previously, the sechash.h header file was missing, preventing certain source RPMs (such as firefox and xulrunner) from building. (BZ#948715) * A memory leak in the nssutil_ReadSecmodDB() function has been fixed. (BZ#984967) In addition, the nss package has been upgraded to upstream version 3.14.3, the nss-util package has been upgraded to upstream version 3.14.3, the nss-softokn package has been upgraded to upstream version 3.14.3, and the nspr package has been upgraded to upstream version 4.9.5. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#927157, BZ#927171, BZ#927158, BZ#927186) Users of NSS, NSPR, nss-util, and nss-softokn are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS, NSPR, nss-util, or nss-softokn must be restarted for this update to take effect. |
RHSA-2013:1156: httpd security update (Moderate)oval-com.redhat.rhsa-def-20131156 mediumRHSA-2013:1156 CVE-2013-1896
RHSA-2013:1156: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131156 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1156, CVE-2013-1896 |
| Description | The Apache HTTP Server is a popular web server. A flaw was found in the way the mod_dav module of the Apache HTTP Server handled merge requests. An attacker could use this flaw to send a crafted merge request that contains URIs that are not configured for DAV, causing the httpd child process to crash. (CVE-2013-1896) All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2013:1166: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20131166 highRHSA-2013:1166 CVE-2013-2147 CVE-2013-2164 CVE-2013-2206 CVE-2013-2224 CVE-2013-2232 CVE-2013-2234 CVE-2013-2237
RHSA-2013:1166: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131166 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1166, CVE-2013-2147, CVE-2013-2164, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232, CVE-2013-2234, CVE-2013-2237 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate cookies. If a local user queried SCTP connection information at the same time a remote attacker has initialized a crafted SCTP connection to the system, it could trigger a NULL pointer dereference, causing the system to crash. (CVE-2013-2206, Important) * It was found that the fix for CVE-2012-3552 released via RHSA-2012:1540 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. (CVE-2013-2224, Important) * An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system by using sendmsg() with an IPv6 socket connected to an IPv4 destination. (CVE-2013-2232, Moderate) * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user-space. (CVE-2013-2164, CVE-2013-2147, CVE-2013-2234, CVE-2013-2237, Low) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:1173: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20131173 highRHSA-2013:1173 CVE-2012-6544 CVE-2013-2146 CVE-2013-2206 CVE-2013-2224 CVE-2013-2232 CVE-2013-2237
RHSA-2013:1173: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131173 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1173, CVE-2012-6544, CVE-2013-2146, CVE-2013-2206, CVE-2013-2224, CVE-2013-2232, CVE-2013-2237 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled duplicate cookies. If a local user queried SCTP connection information at the same time a remote attacker has initialized a crafted SCTP connection to the system, it could trigger a NULL pointer dereference, causing the system to crash. (CVE-2013-2206, Important) * It was found that the fix for CVE-2012-3552 released via RHSA-2012:1304 introduced an invalid free flaw in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to corrupt kernel memory via crafted sendmsg() calls, allowing them to cause a denial of service or, potentially, escalate their privileges on the system. (CVE-2013-2224, Important) * A flaw was found in the Linux kernel's Performance Events implementation. On systems with certain Intel processors, a local, unprivileged user could use this flaw to cause a denial of service by leveraging the perf subsystem to write into the reserved bits of the OFFCORE_RSP_0 and OFFCORE_RSP_1 model-specific registers. (CVE-2013-2146, Moderate) * An invalid pointer dereference flaw was found in the Linux kernel's TCP/IP protocol suite implementation. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system by using sendmsg() with an IPv6 socket connected to an IPv4 destination. (CVE-2013-2232, Moderate) * Information leak flaws in the Linux kernel's Bluetooth implementation could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2012-6544, Low) * An information leak flaw in the Linux kernel could allow a privileged, local user to leak kernel memory to user-space. (CVE-2013-2237, Low) This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:1182: 389-ds-base security update (Important)oval-com.redhat.rhsa-def-20131182 highRHSA-2013:1182 CVE-2013-4283
RHSA-2013:1182: 389-ds-base security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131182 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1182, CVE-2013-4283 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle the receipt of certain MOD operations with a bogus Distinguished Name (DN). A remote, unauthenticated attacker could use this flaw to cause the 389 Directory Server to crash. (CVE-2013-4283) All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2013:1192: spice-server security update (Moderate)oval-com.redhat.rhsa-def-20131192 mediumRHSA-2013:1192 CVE-2013-4130
RHSA-2013:1192: spice-server security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131192 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1192, CVE-2013-4130 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A flaw was found in the way concurrent access to the clients ring buffer was performed in the spice-server library. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4130) This issue was discovered by David Gibson of Red Hat. Users of spice-server are advised to upgrade to this updated package, which contains a backported patch to correct this issue. Applications acting as a SPICE server must be restarted for this update to take effect. Note that QEMU-KVM guests providing SPICE console access must be restarted for this update to take effect. |
RHSA-2013:1213: gdm security update (Important)oval-com.redhat.rhsa-def-20131213 highRHSA-2013:1213 CVE-2013-4169
RHSA-2013:1213: gdm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131213 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1213, CVE-2013-4169 |
| Description | The GNOME Display Manager (GDM) provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perform a symbolic link attack, giving them write access to any file, allowing them to escalate their privileges to root. (CVE-2013-4169) Note that this erratum includes an updated initscripts package. To fix CVE-2013-4169, the vulnerable code was removed from GDM and the initscripts package was modified to create the affected directory safely during the system boot process. Therefore, this update will appear on all systems, however systems without GDM installed are not affected by this flaw. Red Hat would like to thank the researcher with the nickname vladz for reporting this issue. All users should upgrade to these updated packages, which correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2013:1268: firefox security update (Critical)oval-com.redhat.rhsa-def-20131268 highRHSA-2013:1268 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737
RHSA-2013:1268: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131268 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1268, CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736) A flaw was found in the way Firefox handled certain DOM JavaScript objects. An attacker could use this flaw to make JavaScript client or add-on code make incorrect, security sensitive decisions. (CVE-2013-1737) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges André Bargull, Scoobidiver, Bobby Holley, Reuben Morais, Abhishek Arya, Ms2ger, Sachin Shinde, Aki Helin, Nils, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.9 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.9 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2013:1269: thunderbird security update (Important)oval-com.redhat.rhsa-def-20131269 highRHSA-2013:1269 CVE-2013-1718 CVE-2013-1722 CVE-2013-1725 CVE-2013-1730 CVE-2013-1732 CVE-2013-1735 CVE-2013-1736 CVE-2013-1737
RHSA-2013:1269: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131269 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1269, CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736, CVE-2013-1737 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735, CVE-2013-1736) A flaw was found in the way Thunderbird handled certain DOM JavaScript objects. An attacker could use this flaw to make JavaScript client or add-on code make incorrect, security sensitive decisions. (CVE-2013-1737) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges André Bargull, Scoobidiver, Bobby Holley, Reuben Morais, Abhishek Arya, Ms2ger, Sachin Shinde, Aki Helin, Nils, and Boris Zbarsky as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.9 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:1270: polkit security update (Important)oval-com.redhat.rhsa-def-20131270 highRHSA-2013:1270 CVE-2013-4288
RHSA-2013:1270: polkit security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1270, CVE-2013-4288 |
| Description | PolicyKit is a toolkit for defining and handling authorizations. A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges. (CVE-2013-4288) Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly. Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. All polkit users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2013:1272: libvirt security and bug fix update (Important)oval-com.redhat.rhsa-def-20131272 highRHSA-2013:1272 CVE-2013-4296 CVE-2013-4311
RHSA-2013:1272: libvirt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131272 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1272, CVE-2013-4296, CVE-2013-4311 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. libvirt invokes the PolicyKit pkcheck utility to handle authorization. A race condition was found in the way libvirt used this utility, allowing a local user to bypass intended PolicyKit authorizations or execute arbitrary commands with root privileges. (CVE-2013-4311) Note: With this update, libvirt has been rebuilt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. The polkit RHSA-2013:1270 advisory must also be installed to fix the CVE-2013-4311 issue. An invalid free flaw was found in libvirtd's remoteDispatchDomainMemoryStats function. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd. (CVE-2013-4296) The CVE-2013-4296 issue was discovered by Daniel P. Berrange of Red Hat. This update also fixes the following bugs: * Prior to this update, the libvirtd daemon leaked memory in the virCgroupMoveTask() function. A fix has been provided which prevents libvirtd from incorrect management of memory allocations. (BZ#984556) * Previously, the libvirtd daemon was accessing one byte before the array in the virCgroupGetValueStr() function. This bug has been fixed and libvirtd now stays within the array bounds. (BZ#984561) * When migrating, libvirtd leaked the migration URI (Uniform Resource Identifier) on destination. A patch has been provided to fix this bug and the migration URI is now freed correctly. (BZ#984578) * Updating a network interface using virDomainUpdateDeviceFlags API failed when a boot order was set for that interface. The update failed even if the boot order was set in the provided device XML. The virDomainUpdateDeviceFlags API has been fixed to correctly parse the boot order specification from the provided device XML and updating network interfaces with boot orders now works as expected. (BZ#1003934) Users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2013:1273: spice-gtk security update (Important)oval-com.redhat.rhsa-def-20131273 highRHSA-2013:1273 CVE-2013-4324
RHSA-2013:1273: spice-gtk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131273 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1273, CVE-2013-4324 |
| Description | The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for SPICE (Simple Protocol for Independent Computing Environments) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. spice-gtk communicated with PolicyKit for authorization via an API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies spice-gtk to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4324) All users of spice-gtk are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2013:1274: hplip security update (Important)oval-com.redhat.rhsa-def-20131274 highRHSA-2013:1274 CVE-2013-4325
RHSA-2013:1274: hplip security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131274 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1274, CVE-2013-4325 |
| Description | The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals. HPLIP communicated with PolicyKit for authorization via a D-Bus API that is vulnerable to a race condition. This could lead to intended PolicyKit authorizations being bypassed. This update modifies HPLIP to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4325) All users of hplip are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2013:1282: rtkit security update (Important)oval-com.redhat.rhsa-def-20131282 highRHSA-2013:1282 CVE-2013-4326
RHSA-2013:1282: rtkit security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131282 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1282, CVE-2013-4326 |
| Description | RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR (that is, realtime scheduling mode) on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2013-4326) All rtkit users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2013:1292: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131292 mediumRHSA-2013:1292 CVE-2012-3511 CVE-2013-2141 CVE-2013-4162
RHSA-2013:1292: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131292 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1292, CVE-2012-3511, CVE-2013-2141, CVE-2013-4162 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A use-after-free flaw was found in the madvise() system call implementation in the Linux kernel. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2012-3511, Moderate) * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user-space. (CVE-2013-2141, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162. This update also fixes the following bugs: * A bug in the be2net driver prevented communication between NICs using be2net. This update applies a patch addressing this problem along with several other upstream patches that fix various other problems. Traffic between NICs using the be2net driver now proceeds as expected. (BZ#983864) * A recent patch fixing a problem that prevented communication between NICs using the be2net driver caused the firmware of NICs to become unresponsive, and thus triggered a kernel panic. The problem was caused by unnecessary usage of a hardware workaround that allows skipping VLAN tag insertion. A patch has been applied and the workaround is now used only when the multi-channel configuration is enabled on the NIC. Note that the bug only affected the NICs with firmware version 4.2.xxxx. (BZ#999819) * A bug in the autofs4 mount expiration code could cause the autofs4 module to falsely report a busy tree of NFS mounts as "not in use". Consequently, automount attempted to unmount the tree and failed with a "failed to umount offset" error, leaving the mount tree to appear as empty directories. A patch has been applied to remove an incorrectly used autofs dentry mount check and the aforementioned problem no longer occurs. (BZ#1001488) * A race condition in the be_open function in the be2net driver could trigger the BUG_ON() macro, which resulted in a kernel panic. A patch addressing this problem has been applied and the race condition is now avoided by enabling polling before enabling interrupts globally. The kernel no longer panics in this situation. (BZ#1005239) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:1302: xinetd security and bug fix update (Low)oval-com.redhat.rhsa-def-20131302 lowRHSA-2013:1302 CVE-2012-0862
RHSA-2013:1302: xinetd security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131302 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1302, CVE-2012-0862 |
| Description | The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. When xinetd services are configured with the "TCPMUX" or "TCPMUXPLUS" type, and the tcpmux-server service is enabled, those services are accessible via port 1. It was found that enabling the tcpmux-server service (it is disabled by default) allowed every xinetd service, including those that are not configured with the "TCPMUX" or "TCPMUXPLUS" type, to be accessible via port 1. This could allow a remote attacker to bypass intended firewall restrictions. (CVE-2012-0862) Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. This update also fixes the following bugs: * Prior to this update, a file descriptor array in the service.c source file was not handled as expected. As a consequence, some of the descriptors remained open when xinetd was under heavy load. Additionally, the system log was filled with a large number of messages that took up a lot of disk space over time. This update modifies the xinetd code to handle the file descriptors correctly and messages no longer fill the system log. (BZ#852274) * Prior to this update, services were disabled permanently when their CPS limit was reached. As a consequence, a failed bind operation could occur when xinetd attempted to restart the service. This update adds additional logic that attempts to restart the service. Now, the service is only disabled if xinetd cannot restart the service after 30 attempts. (BZ#811000) All users of xinetd are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131307 mediumRHSA-2013:1307 CVE-2006-7243 CVE-2011-1398 CVE-2012-0831 CVE-2012-2688 CVE-2013-1643 CVE-2013-4248
RHSA-2013:1307: php53 security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131307 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1307, CVE-2006-7243, CVE-2011-1398, CVE-2012-0831, CVE-2012-2688, CVE-2013-1643, CVE-2013-4248 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that PHP did not correctly handle the magic_quotes_gpc configuration directive. This could result in magic_quotes_gpc input escaping not being applied in all cases, possibly making it easier for a remote attacker to perform SQL injection attacks. (CVE-2012-0831) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) These updated php53 packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All PHP users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2013:1310: samba3x security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131310 mediumRHSA-2013:1310 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124
RHSA-2013:1310: samba3x security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131310 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1310, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba3x packages also include numerous bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.10 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba3x users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2013:1319: sssd security and bug fix update (Low)oval-com.redhat.rhsa-def-20131319 lowRHSA-2013:1319 CVE-2013-0219
RHSA-2013:1319: sssd security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131319 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1319, CVE-2013-0219 |
| Description | SSSD (System Security Services Daemon) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS (Name Service Switch) and PAM (Pluggable Authentication Modules) interfaces toward the system and a pluggable back end system to connect to multiple different account sources. A race condition was found in the way SSSD copied and removed user home directories. A local attacker who is able to write into the home directory of a different user who is being removed could use this flaw to perform symbolic link attacks, possibly allowing them to modify and delete arbitrary files with the privileges of the root user. (CVE-2013-0219) The CVE-2013-0219 issue war discovered by Florian Weimer of the Red Hat Product Security Team. This update also fixes the following bugs: * After a paging control was used, memory in the sssd_be process was never freed which led to the growth of the sssd_be process memory usage over time. To fix this bug, the paging control was deallocated after use, and thus the memory usage of the sssd_be process no longer grows. (BZ#820908) * If the sssd_be process was terminated and recreated while there were authentication requests pending, the sssd_pam process did not recover correctly and did not reconnect to the new sssd_be process. Consequently, the sssd_pam process was seemingly blocked and did not accept any new authentication requests. The sssd_pam process has been fixes so that it reconnects to the new instance of the sssd_be process after the original one terminated unexpectedly. Even after a crash and reconnect, the sssd_pam process now accepts new authentication requests. (BZ#882414) * When the sssd_be process hung for a while, it was terminated and a new instance was created. If the old instance did not respond to the TERM signal and continued running, SSSD terminated unexpectedly. As a consequence, the user could not log in. SSSD now keeps track of sssd_be subprocesses more effectively, making the restarts of sssd_be more reliable in such scenarios. Users can now log in whenever the sssd_be is restarted and becomes unresponsive. (BZ#886165) * In case the processing of an LDAP request took longer than the client timeout upon completing the request (60 seconds by default), the PAM client could have accessed memory that was previously freed due to the client timeout being reached. As a result, the sssd_pam process terminated unexpectedly with a segmentation fault. SSSD now ignores an LDAP request result when it detects that the set timeout of this request has been reached. The sssd_pam process no longer crashes in the aforementioned scenario. (BZ#923813) * When there was a heavy load of users and groups to be saved in cache, SSSD experienced a timeout. Consequently, NSS did not start the backup process properly and it was impossible to log in. A patch has been provided to fix this bug. The SSSD daemon now remains responsive and the login continues as expected. (BZ#805729) * SSSD kept the file descriptors to the log files open. Consequently, on occasions like moving the actual log file and restarting the back end, SSSD still kept the file descriptors open. SSSD now closes the file descriptor after the child process execution; after a successful back end start, the file descriptor to log files is closed. (BZ#961680) * While performing access control in the Identity Management back end, SSSD erroneously downloaded the "member" attribute from the server and then attempted to use it in the cache verbatim. Consequently, the cache attempted to use the "member" attribute values as if they were pointing to the local cache which was CPU intensive. The member attribute when processing host groups is no longer downloaded and processed. Moreover, the login process is reasonably fast even with large host groups. (BZ#979047) All sssd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:1323: ccid security and bug fix update (Low)oval-com.redhat.rhsa-def-20131323 lowRHSA-2013:1323 CVE-2010-4530
RHSA-2013:1323: ccid security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131323 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1323, CVE-2010-4530 |
| Description | Chip/Smart Card Interface Devices (CCID) is a USB smart card reader standard followed by most modern smart card readers. The ccid package provides a Generic, USB-based CCID driver for readers, which follow this standard. An integer overflow, leading to an array index error, was found in the way the CCID driver processed a smart card's serial number. A local attacker could use this flaw to execute arbitrary code with the privileges of the user running the PC/SC Lite pcscd daemon (root, by default), by inserting a specially-crafted smart card. (CVE-2010-4530) This update also fixes the following bug: * The pcscd service failed to read from the SafeNet Smart Card 650 v1 when it was inserted into a smart card reader. The operation failed with a "IFDHPowerICC() PowerUp failed" error message. This was due to the card taking a long time to respond with a full Answer To Reset (ATR) request, which lead to a timeout, causing the card to fail to power up. This update increases the timeout value so that the aforementioned request is processed properly, and the card is powered on as expected. (BZ#907821) All ccid users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2013:1348: Red Hat Enterprise Linux 5 kernel update (Moderate)oval-com.redhat.rhsa-def-20131348 mediumRHSA-2013:1348 CVE-2012-4398
RHSA-2013:1348: Red Hat Enterprise Linux 5 kernel update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131348 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1348, CVE-2012-4398 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * It was found that a deadlock could occur in the Out of Memory (OOM) killer. A process could trigger this deadlock by consuming a large amount of memory, and then causing request_module() to be called. A local, unprivileged user could use this flaw to cause a denial of service (excessive memory consumption). (CVE-2012-4398, Moderate) Red Hat would like to thank Tetsuo Handa for reporting this issue. This update also fixes numerous bugs and adds various enhancements. Refer to the Red Hat Enterprise Linux 5.10 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 5 users are advised to install these updated packages, which correct this issue, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 5.10 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2013:1353: sudo security and bug fix update (Low)oval-com.redhat.rhsa-def-20131353 lowRHSA-2013:1353 CVE-2013-1775 CVE-2013-1776 CVE-2013-2776
RHSA-2013:1353: sudo security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131353 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1353, CVE-2013-1775, CVE-2013-1776, CVE-2013-2776 |
| Description | The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.
A flaw was found in the way sudo handled time stamp files. An attacker able
to run code as a local user and with the ability to control the system
clock could possibly gain additional privileges by running commands that
the victim user was allowed to run via sudo, without knowing the victim's
password. (CVE-2013-1775)
It was found that sudo did not properly validate the controlling terminal
device when the tty_tickets option was enabled in the /etc/sudoers file. An
attacker able to run code as a local user could possibly gain additional
privileges by running commands that the victim user was allowed to run via
sudo, without knowing the victim's password. (CVE-2013-1776, CVE-2013-2776)
This update also fixes the following bugs:
* Due to a bug in the cycle detection algorithm of the visudo utility,
visudo incorrectly evaluated certain alias definitions in the /etc/sudoers
file as cycles. Consequently, a warning message about undefined aliases
appeared. This bug has been fixed, /etc/sudoers is now parsed correctly by
visudo and the warning message no longer appears. (BZ#849679)
* Previously, the 'sudo -l' command did not parse the /etc/sudoers file
correctly if it contained an Active Directory (AD) group. The file was
parsed only up to the first AD group information and then the parsing
failed with the following message:
sudo: unable to cache group ADDOM\admingroup, already exists
With this update, the underlying code has been modified and 'sudo -l' now
parses /etc/sudoers containing AD groups correctly. (BZ#855836)
* Previously, the sudo utility did not escape the backslash characters
contained in user names properly. Consequently, if a system used sudo
integrated with LDAP or Active Directory (AD) as the primary authentication
mechanism, users were not able to authenticate on that system. With this
update, sudo has been modified to process LDAP and AD names correctly and
the authentication process now works as expected. (BZ#869287)
* Prior to this update, the 'visudo -s (strict)' command incorrectly parsed
certain alias definitions. Consequently, an error message was issued. The
bug has been fixed, and parsing errors no longer occur when using 'visudo
-s'. (BZ#905624)
All sudo users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.
|
RHSA-2013:1409: xinetd security update (Moderate)oval-com.redhat.rhsa-def-20131409 mediumRHSA-2013:1409 CVE-2013-4342
RHSA-2013:1409: xinetd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131409 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1409, CVE-2013-4342 |
| Description | The xinetd package provides a secure replacement for inetd, the Internet services daemon. xinetd provides access control for all services based on the address of the remote host and/or on time of access, and can prevent denial-of-access attacks. It was found that xinetd ignored the user and group configuration directives for services running under the tcpmux-server service. This flaw could cause the associated services to run as root. If there was a flaw in such a service, a remote attacker could use it to execute arbitrary code with the privileges of the root user. (CVE-2013-4342) Red Hat would like to thank Thomas Swan of FedEx for reporting this issue. All xinetd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2013:1411: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131411 mediumRHSA-2013:1411 CVE-2013-4332
RHSA-2013:1411: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131411 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1411, CVE-2013-4332 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) This update also fixes the following bug: * Prior to this update, the size of the L3 cache in certain CPUs for SMP (Symmetric Multiprocessing) servers was not correctly detected. The incorrect cache size detection resulted in less than optimal performance for routines that used this information, including the memset() function. To fix this bug, the cache size detection has been corrected and core routines including memset() have their performance restored to expected levels. (BZ#1011424) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:1418: libtar security update (Moderate)oval-com.redhat.rhsa-def-20131418 mediumRHSA-2013:1418 CVE-2013-4397
RHSA-2013:1418: libtar security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131418 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1418, CVE-2013-4397 |
| Description | The libtar package contains a C library for manipulating tar archives. The library supports both the strict POSIX tar format and many of the commonly used GNU extensions. Two heap-based buffer overflow flaws were found in the way libtar handled certain archives. If a user were tricked into expanding a specially-crafted archive, it could cause the libtar executable or an application using libtar to crash or, potentially, execute arbitrary code. (CVE-2013-4397) Note: This issue only affected 32-bit builds of libtar. Red Hat would like to thank Timo Warns for reporting this issue. All libtar users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2013:1426: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20131426 highRHSA-2013:1426 CVE-2013-4396
RHSA-2013:1426: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131426 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1426, CVE-2013-4396 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A use-after-free flaw was found in the way the X.Org server handled ImageText requests. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-4396) Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Pedro Ribeiro as the original reporter. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2013:1436: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131436 mediumRHSA-2013:1436 CVE-2013-4162 CVE-2013-4299
RHSA-2013:1436: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131436 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1436, CVE-2013-4162, CVE-2013-4299 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled IPv6 sockets that used the UDP_CORK option. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2013-4162, Moderate) * An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4162; and Fujitsu for reporting CVE-2013-4299. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:1441: rubygems security update (Moderate)oval-com.redhat.rhsa-def-20131441 mediumRHSA-2013:1441 CVE-2012-2125 CVE-2012-2126 CVE-2013-4287
RHSA-2013:1441: rubygems security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131441 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1441, CVE-2012-2125, CVE-2012-2126, CVE-2013-4287 |
| Description | RubyGems is the Ruby standard for publishing and managing third-party libraries. It was found that RubyGems did not verify SSL connections. This could lead to man-in-the-middle attacks. (CVE-2012-2126) It was found that, when using RubyGems, the connection could be redirected from HTTPS to HTTP. This could lead to a user believing they are installing a gem via HTTPS, when the connection may have been silently downgraded to HTTP. (CVE-2012-2125) It was discovered that the rubygems API validated version strings using an unsafe regular expression. An application making use of this API to process a version string from an untrusted source could be vulnerable to a denial of service attack through CPU exhaustion. (CVE-2013-4287) Red Hat would like to thank Rubygems upstream for reporting CVE-2013-4287. Upstream acknowledges Damir Sharipov as the original reporter. All rubygems users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2013:1447: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20131447 highRHSA-2013:1447 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851
RHSA-2013:1447: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131447 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1447, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782) The class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830) Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838) Multiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. (CVE-2013-5809) The FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802) Multiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823) Multiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784) It was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778) Multiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. (CVE-2013-5804, CVE-2013-5797) Various OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780) The Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772) The Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:1449: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131449 mediumRHSA-2013:1449 CVE-2013-0343 CVE-2013-4299 CVE-2013-4345 CVE-2013-4368
RHSA-2013:1449: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131449 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1449, CVE-2013-0343, CVE-2013-4299, CVE-2013-4345, CVE-2013-4368 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr is set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate) * An information leak flaw was found in the way Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) * An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate) * An information leak flaw was found in the way Xen hypervisor emulated the OUTS instruction for 64-bit paravirtualized guests. A privileged guest user could use this flaw to leak hypervisor stack memory to the guest. (CVE-2013-4368, Moderate) Red Hat would like to thank Fujitsu for reporting CVE-2013-4299, Stephan Mueller for reporting CVE-2013-4345, and the Xen project for reporting CVE-2013-4368. This update also fixes the following bug: * A bug in the GFS2 code prevented glock work queues from freeing glock-related memory while the glock memory shrinker repeatedly queued a large number of demote requests, for example when performing a simultaneous backup of several live GFS2 volumes with a large file count. As a consequence, the glock work queues became overloaded which resulted in a high CPU usage and the GFS2 file systems being unresponsive for a significant amount of time. A patch has been applied to alleviate this problem by calling the yield() function after scheduling a certain amount of tasks on the glock work queues. The problem can now occur only with extremely high work loads. (BZ#1014714) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:1451: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20131451 highRHSA-2013:1451 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5800 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5838 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850 CVE-2013-5851
RHSA-2013:1451: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131451 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1451, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5800, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5838, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849, CVE-2013-5850, CVE-2013-5851 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782) The class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830) Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850, CVE-2013-5838) Multiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. (CVE-2013-5809) The FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802) Multiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823) Multiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JAXP, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5851, CVE-2013-5800, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784) It was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778) Multiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. (CVE-2013-5804, CVE-2013-5797) Various OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780) The Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772) The Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:1452: vino security update (Moderate)oval-com.redhat.rhsa-def-20131452 mediumRHSA-2013:1452 CVE-2013-5745
RHSA-2013:1452: vino security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131452 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1452, CVE-2013-5745 |
| Description | Vino is a Virtual Network Computing (VNC) server for GNOME. It allows remote users to connect to a running GNOME session using VNC. A denial of service flaw was found in the way Vino handled certain authenticated requests from clients that were in the deferred state. A remote attacker could use this flaw to make the vino-server process enter an infinite loop when processing those incoming requests. (CVE-2013-5745) All vino users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The GNOME session must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2013:1457: libgcrypt security update (Moderate)oval-com.redhat.rhsa-def-20131457 mediumRHSA-2013:1457 CVE-2013-4242
RHSA-2013:1457: libgcrypt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131457 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1457, CVE-2013-4242 |
| Description | The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process (such as a different local user or a user of a KVM guest running on the same host with the kernel same-page merging functionality enabled) could possibly use this flaw to obtain portions of the RSA secret key. (CVE-2013-4242) All libgcrypt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2013:1458: gnupg security update (Moderate)oval-com.redhat.rhsa-def-20131458 mediumRHSA-2013:1458 CVE-2012-6085 CVE-2013-4242 CVE-2013-4351 CVE-2013-4402
RHSA-2013:1458: gnupg security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131458 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1458, CVE-2012-6085, CVE-2013-4242, CVE-2013-4351, CVE-2013-4402 |
| Description | The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process (such as a different local user or a user of a KVM guest running on the same host with the kernel same-page merging functionality enabled) could possibly use this flaw to obtain portions of the RSA secret key. (CVE-2013-4242) A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. (CVE-2013-4402) It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use. (CVE-2012-6085) It was found that GnuPG did not properly interpret the key flags in a PGP key packet. GPG could accept a key for uses not indicated by its holder. (CVE-2013-4351) Red Hat would like to thank Werner Koch for reporting the CVE-2013-4402 issue. Upstream acknowledges Taylor R Campbell as the original reporter. All gnupg users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2013:1459: gnupg2 security update (Moderate)oval-com.redhat.rhsa-def-20131459 mediumRHSA-2013:1459 CVE-2012-6085 CVE-2013-4351 CVE-2013-4402
RHSA-2013:1459: gnupg2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1459, CVE-2012-6085, CVE-2013-4351, CVE-2013-4402 |
| Description | The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. (CVE-2013-4402) It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use. (CVE-2012-6085) It was found that GnuPG did not properly interpret the key flags in a PGP key packet. GPG could accept a key for uses not indicated by its holder. (CVE-2013-4351) Red Hat would like to thank Werner Koch for reporting the CVE-2013-4402 issue. Upstream acknowledges Taylor R Campbell as the original reporter. All gnupg2 users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2013:1473: spice-server security update (Important)oval-com.redhat.rhsa-def-20131473 highRHSA-2013:1473 CVE-2013-4282
RHSA-2013:1473: spice-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131473 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1473, CVE-2013-4282 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282) This issue was discovered by Tomas Jamrisko of Red Hat. All spice-server users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2013:1474: qspice security update (Important)oval-com.redhat.rhsa-def-20131474 highRHSA-2013:1474 CVE-2013-4282
RHSA-2013:1474: qspice security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131474 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1474, CVE-2013-4282 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A stack-based buffer overflow flaw was found in the way the reds_handle_ticket() function in the spice-server library handled decryption of ticket data provided by the client. A remote user able to initiate a SPICE connection to an application acting as a SPICE server could use this flaw to crash the application. (CVE-2013-4282) This issue was discovered by Tomas Jamrisko of Red Hat. All qspice users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2013:1475: postgresql and postgresql84 security update (Moderate)oval-com.redhat.rhsa-def-20131475 mediumRHSA-2013:1475 CVE-2013-0255 CVE-2013-1900
RHSA-2013:1475: postgresql and postgresql84 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131475 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1475, CVE-2013-0255, CVE-2013-1900 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). An array index error, leading to a heap-based out-of-bounds buffer read flaw, was found in the way PostgreSQL performed certain error processing using enumeration types. An unprivileged database user could issue a specially crafted SQL query that, when processed by the server component of the PostgreSQL service, would lead to a denial of service (daemon crash) or disclosure of certain portions of server memory. (CVE-2013-0255) A flaw was found in the way the pgcrypto contrib module of PostgreSQL (re)initialized its internal random number generator. This could lead to random numbers with less bits of entropy being used by certain pgcrypto functions, possibly allowing an attacker to conduct other attacks. (CVE-2013-1900) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Sumit Soni via Secunia SVCRP as the original reporter of CVE-2013-0255, and Marko Kreen as the original reporter of CVE-2013-1900. These updated packages upgrade PostgreSQL to version 8.4.18, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release-8-4-18.html After installing this update, it is advisable to rebuild, using the REINDEX command, Generalized Search Tree (GiST) indexes that meet one or more of the following conditions: - GiST indexes on box, polygon, circle, or point columns - GiST indexes for variable-width data types, that is text, bytea, bit, and numeric - GiST multi-column indexes All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2013:1476: firefox security update (Critical)oval-com.redhat.rhsa-def-20131476 highRHSA-2013:1476 CVE-2013-5590 CVE-2013-5595 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5604
RHSA-2013:1476: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131476 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1476, CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5590, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602) It was found that the Firefox JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5595) A flaw was found in the way Firefox handled certain Extensible Stylesheet Language Transformations (XSLT) files. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5604) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Christoph Diehl, Dan Gohman, Byoungyoung Lee, Nils, and Abhishek Arya as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 17.0.10 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 17.0.10 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2013:1480: thunderbird security update (Important)oval-com.redhat.rhsa-def-20131480 highRHSA-2013:1480 CVE-2013-5590 CVE-2013-5595 CVE-2013-5597 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5604
RHSA-2013:1480: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131480 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1480, CVE-2013-5590, CVE-2013-5595, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602, CVE-2013-5604 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5590, CVE-2013-5597, CVE-2013-5599, CVE-2013-5600, CVE-2013-5601, CVE-2013-5602) It was found that the Thunderbird JavaScript engine incorrectly allocated memory for certain functions. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5595) A flaw was found in the way Thunderbird handled certain Extensible Stylesheet Language Transformations (XSLT) files. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5604) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Christoph Diehl, Dan Gohman, Byoungyoung Lee, Nils, and Abhishek Arya as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 17.0.10 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 17.0.10 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:1500: gc security update (Moderate)oval-com.redhat.rhsa-def-20131500 mediumRHSA-2013:1500 CVE-2012-2673
RHSA-2013:1500: gc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131500 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1500, CVE-2012-2673 |
| Description | gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application. (CVE-2012-2673) Users of gc are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Applications using gc must be restarted for the update to take effect. |
RHSA-2013:1505: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20131505 highRHSA-2013:1505 CVE-2013-3829 CVE-2013-4002 CVE-2013-5772 CVE-2013-5774 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5790 CVE-2013-5797 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5814 CVE-2013-5817 CVE-2013-5820 CVE-2013-5823 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5840 CVE-2013-5842 CVE-2013-5849 CVE-2013-5850
RHSA-2013:1505: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131505 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1505, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5790, CVE-2013-5797, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5814, CVE-2013-5817, CVE-2013-5820, CVE-2013-5823, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5840, CVE-2013-5842, CVE-2013-5849, CVE-2013-5850 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine. (CVE-2013-5782) The class loader did not properly check the package access for non-public proxy classes. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2013-5830) Multiple improper permission check issues were discovered in the 2D, CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2013-5829, CVE-2013-5814, CVE-2013-5817, CVE-2013-5842, CVE-2013-5850) Multiple input checking flaws were discovered in the JPEG image reading and writing code in the 2D component. An untrusted Java application or applet could use these flaws to corrupt the Java Virtual Machine memory and bypass Java sandbox restrictions. (CVE-2013-5809) The FEATURE_SECURE_PROCESSING setting was not properly honored by the javax.xml.transform package transformers. A remote attacker could use this flaw to supply a crafted XML that would be processed without the intended security restrictions. (CVE-2013-5802) Multiple errors were discovered in the way the JAXP and Security components processes XML inputs. A remote attacker could create a crafted XML that would cause a Java application to use an excessive amount of CPU and memory when processed. (CVE-2013-5825, CVE-2013-4002, CVE-2013-5823) Multiple improper permission check issues were discovered in the Libraries, Swing, JAX-WS, JGSS, AWT, Beans, and Scripting components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2013-3829, CVE-2013-5840, CVE-2013-5774, CVE-2013-5783, CVE-2013-5820, CVE-2013-5849, CVE-2013-5790, CVE-2013-5784) It was discovered that the 2D component image library did not properly check bounds when performing image conversions. An untrusted Java application or applet could use this flaw to disclose portions of the Java Virtual Machine memory. (CVE-2013-5778) Multiple input sanitization flaws were discovered in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting attacks. (CVE-2013-5804, CVE-2013-5797) Various OpenJDK classes that represent cryptographic keys could leak private key information by including sensitive data in strings returned by toString() methods. These flaws could possibly lead to an unexpected exposure of sensitive key data. (CVE-2013-5780) The Java Heap Analysis Tool (jhat) failed to properly escape all data added into the HTML pages it generated. Crafted content in the memory of a Java program analyzed using jhat could possibly be used to conduct cross-site scripting attacks. (CVE-2013-5772) The Kerberos implementation in OpenJDK did not properly parse KDC responses. A malformed packet could cause a Java application using JGSS to exit. (CVE-2013-5803) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2013:1536: libguestfs security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131536 mediumRHSA-2013:1536 CVE-2013-4419
RHSA-2013:1536: libguestfs security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131536 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1536, CVE-2013-4419 |
| Description | Libguestfs is a library and set of tools for accessing and modifying guest disk images. It was found that guestfish, which enables shell scripting and command line access to libguestfs, insecurely created the temporary directory used to store the network socket when started in server mode. A local attacker could use this flaw to intercept and modify other user's guestfish command, allowing them to perform arbitrary guestfish actions with the privileges of a different user, or use this flaw to obtain authentication credentials. (CVE-2013-4419) This issue was discovered by Michael Scherer of the Red Hat Regional IT team. These updated libguestfs packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All libguestfs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:1537: augeas security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20131537 lowRHSA-2013:1537 CVE-2012-0786 CVE-2012-0787
RHSA-2013:1537: augeas security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131537 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1537, CVE-2012-0786, CVE-2012-0787 |
| Description | Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building blocks for establishing the mapping from files into the Augeas tree and back. Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787) The augeas package has been upgraded to upstream version 1.0.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#817753) This update also fixes the following bugs: * Previously, when single quotes were used in an XML attribute, Augeas was unable to parse the file with the XML lens. An upstream patch has been provided ensuring that single quotes are handled as valid characters and parsing no longer fails. (BZ#799885) * Prior to this update, Augeas was unable to set up the "require_ssl_reuse" option in the vsftpd.conf file. The updated patch fixes the vsftpd lens to properly recognize this option, thus fixing this bug. (BZ#855022) * Previously, the XML lens did not support non-Unix line endings. Consequently, Augeas was unable to load any files containing such line endings. The XML lens has been fixed to handle files with CRLF line endings, thus fixing this bug. (BZ#799879) * Previously, Augeas was unable to parse modprobe.conf files with spaces around "=" characters in option directives. The modprobe lens has been updated and parsing no longer fails. (BZ#826752) All Augeas users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:1540: evolution security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20131540 lowRHSA-2013:1540 CVE-2013-4166
RHSA-2013:1540: evolution security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131540 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1540, CVE-2013-4166 |
| Description | Evolution is the integrated collection of email, calendaring, contact management, communications, and personal information management (PIM) tools for the GNOME desktop environment. A flaw was found in the way Evolution selected GnuPG public keys when encrypting emails. This could result in emails being encrypted with public keys other than the one belonging to the intended recipient. (CVE-2013-4166) The Evolution packages have been upgraded to upstream version 2.32.3, which provides a number of bug fixes and enhancements over the previous version. These changes include implementation of Gnome XDG Config Folders, and support for Exchange Web Services (EWS) protocol to connect to Microsoft Exchange servers. EWS support has been added as a part of the evolution-exchange packages. (BZ#883010, BZ#883014, BZ#883015, BZ#883017, BZ#524917, BZ#524921, BZ#883044) The gtkhtml3 packages have been upgraded to upstream version 2.32.2, which provides a number of bug fixes and enhancements over the previous version. (BZ#883019) The libgdata packages have been upgraded to upstream version 0.6.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#883032) This update also fixes the following bug: * The Exchange Calendar could not fetch the "Free" and "Busy" information for meeting attendees when using Microsoft Exchange 2010 servers, and this information thus could not be displayed. This happened because Microsoft Exchange 2010 servers use more strict rules for "Free" and "Busy" information fetching. With this update, the respective code in the openchange packages has been modified so the "Free" and "Busy" information fetching now complies with the fetching rules on Microsoft Exchange 2010 servers. The "Free" and "Busy" information can now be displayed as expected in the Exchange Calendar. (BZ#665967) All Evolution users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Evolution must be restarted for this update to take effect. |
RHSA-2013:1542: samba security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131542 mediumRHSA-2013:1542 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124
RHSA-2013:1542: samba security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131542 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1542, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. These updated samba packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing this update, the smb service will be restarted automatically. |
RHSA-2013:1543: samba4 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131543 mediumRHSA-2013:1543 CVE-2013-4124
RHSA-2013:1543: samba4 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131543 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1543, CVE-2013-4124 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. This update fixes the following bugs: * When Samba was installed in the build root directory, the RPM target might not have existed. Consequently, the find-debuginfo.sh script did not create symbolic links for the libwbclient.so.debug module associated with the target. With this update, the paths to the symbolic links are relative so that the symbolic links are now created correctly. (BZ#882338) * Previously, the samba4 packages were missing a dependency for the libreplace.so module which could lead to installation failures. With this update, the missing dependency has been added to the dependency list of the samba4 packages and installation now proceeds as expected. (BZ#911264) All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. |
RHSA-2013:1553: qemu-kvm security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20131553 highRHSA-2013:1553 CVE-2013-4344
RHSA-2013:1553: qemu-kvm security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131553 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1553, CVE-2013-4344 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM. A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4344) This issue was discovered by Asias He of Red Hat. These updated qemu-kvm packages include numerous bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2013:1569: wireshark security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131569 mediumRHSA-2013:1569 CVE-2012-2392 CVE-2012-3825 CVE-2012-4285 CVE-2012-4288 CVE-2012-4289 CVE-2012-4290 CVE-2012-4291 CVE-2012-4292 CVE-2012-5595 CVE-2012-5597 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-6056 CVE-2012-6059 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-3557 CVE-2013-3559 CVE-2013-3561 CVE-2013-4081 CVE-2013-4083 CVE-2013-4927 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-4936 CVE-2013-5721
RHSA-2013:1569: wireshark security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131569 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1569, CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3559, CVE-2013-3561, CVE-2013-4081, CVE-2013-4083, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721 |
| Description | Wireshark, previously known as Ethereal, is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-2392, CVE-2012-3825, CVE-2012-4285, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-5595, CVE-2012-5597, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6059, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3561, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-4936, CVE-2013-5721) The wireshark packages have been upgraded to upstream version 1.8.10, which provides a number of bug fixes and enhancements over the previous versions. For more information on the bugs fixed, enhancements included, and supported protocols introduced, refer to the Wireshark Release Notes, linked to in the References. (BZ#711024) This update also fixes the following bugs: * Previously, Wireshark did not parse the RECLAIM-COMPLETE opcode when inspecting traffic generated by NFSv4.1. A patch has been provided to enable the parsing of the RECLAIM_COMPLETE opcode, and Wireshark is now able to properly dissect and handle NFSv4.1 traffic. (BZ#750712) * Prior to this update, frame arrival times in a text file were reported one hour ahead from the timestamps in the packet capture file. This resulted in various failures being reported by the dfilter-test.py test suite. To fix this bug, frame arrival timestamps have been shifted by one hour, thus fixing this bug. (BZ#832021) * The "tshark -D" command returned output to STDERR instead of STDOUT, which could break scripts that are parsing the "tshark -D" output. This bug has been fixed, and the "tshark -D" command now writes output data to a correct standard stream. (BZ#1004636) * Due to an array overrun, Wireshark could experience undefined program behavior or could unexpectedly terminate. With this update, proper array handling ensures Wireshark no longer crashes in the described scenario. (BZ#715560) * Previously, the dftest and randpkt command line utilities lacked manual pages. This update adds proper manual pages for both utilities. (BZ#659661) In addition, this update adds the following enhancements: * With this update, Wireshark is able to properly dissect and handle InfiniBand and GlusterFS traffic. (BZ#699636, BZ#858976) All Wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2013:1582: python security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131582 mediumRHSA-2013:1582 CVE-2013-4238
RHSA-2013:1582: python security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131582 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1582, CVE-2013-4238 |
| Description | Python is an interpreted, interactive, object-oriented programming language. A flaw was found in the way the Python SSL module handled X.509 certificate fields that contain a NULL byte. An attacker could potentially exploit this flaw to conduct man-in-the-middle attacks to spoof SSL servers. Note that to exploit this issue, an attacker would need to obtain a carefully crafted certificate signed by an authority that the client trusts. (CVE-2013-4238) These updated python packages include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All users of python are advised to upgrade to these updated packages, which fix these issues and add this enhancement. |
RHSA-2013:1591: openssh security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20131591 lowRHSA-2013:1591 CVE-2010-5107
RHSA-2013:1591: openssh security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131591 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1591, CVE-2010-5107 |
| Description | OpenSSH is OpenBSD's Secure Shell (SSH) protocol implementation. These packages include the core files necessary for the OpenSSH client and server. The default OpenSSH configuration made it easy for remote attackers to exhaust unauthorized connection slots and prevent other users from being able to log in to a system. This flaw has been addressed by enabling random early connection drops by setting MaxStartups to 10:30:100 by default. For more information, refer to the sshd_config(5) man page. (CVE-2010-5107) These updated openssh packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:1603: luci security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131603 mediumRHSA-2013:1603 CVE-2013-4481 CVE-2013-4482
RHSA-2013:1603: luci security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131603 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1603, CVE-2013-4481, CVE-2013-4482 |
| Description | Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. (CVE-2013-4482) A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file. (CVE-2013-4481) These issues were discovered by Jan Pokorný of Red Hat. These updated luci packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, the luci service will be restarted automatically. |
RHSA-2013:1605: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131605 mediumRHSA-2013:1605 CVE-2013-0242 CVE-2013-1914 CVE-2013-4332
RHSA-2013:1605: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131605 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1605, CVE-2013-0242, CVE-2013-1914, CVE-2013-4332 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in glibc's memory allocator functions (pvalloc, valloc, and memalign). If an application used such a function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2013-4332) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) Among other changes, this update includes an important fix for the following bug: * Due to a defect in the initial release of the getaddrinfo() system call in Red Hat enterprise Linux 6.0, AF_INET and AF_INET6 queries resolved from the /etc/hosts file returned queried names as canonical names. This incorrect behavior is, however, still considered to be the expected behavior. As a result of a recent change in getaddrinfo(), AF_INET6 queries started resolving the canonical names correctly. However, this behavior was unexpected by applications that relied on queries resolved from the /etc/hosts file, and these applications could thus fail to operate properly. This update applies a fix ensuring that AF_INET6 queries resolved from /etc/hosts always return the queried name as canonical. Note that DNS lookups are resolved properly and always return the correct canonical names. A proper fix to AF_INET6 queries resolution from /etc/hosts may be applied in future releases; for now, due to a lack of standard, Red Hat suggests the first entry in the /etc/hosts file, that applies for the IP address being resolved, to be considered the canonical entry. (BZ#1022022) These updated glibc packages also include additional bug fixes and various enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:1615: php security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131615 mediumRHSA-2013:1615 CVE-2006-7243 CVE-2013-1643 CVE-2013-4248
RHSA-2013:1615: php security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131615 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1615, CVE-2006-7243, CVE-2013-1643, CVE-2013-4248 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) A flaw was found in PHP's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. If an attacker was able to get a carefully crafted certificate signed by a trusted Certificate Authority, the attacker could use the certificate to conduct man-in-the-middle attacks to spoof SSL servers. (CVE-2013-4248) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) This update fixes the following bugs: * Previously, when the allow_call_time_pass_reference setting was disabled, a virtual host on the Apache server could terminate with a segmentation fault when attempting to process certain PHP content. This bug has been fixed and virtual hosts no longer crash when allow_call_time_pass_reference is off. (BZ#892158, BZ#910466) * Prior to this update, if an error occurred during the operation of the fclose(), file_put_contents(), or copy() function, the function did not report it. This could have led to data loss. With this update, the aforementioned functions have been modified to properly report any errors. (BZ#947429) * The internal buffer for the SQLSTATE error code can store maximum of 5 characters. Previously, when certain calls exceeded this limit, a buffer overflow occurred. With this update, messages longer than 5 characters are automatically replaced with the default "HY000" string, thus preventing the overflow. (BZ#969110) In addition, this update adds the following enhancement: * This update adds the following rpm macros to the php package: %__php, %php_inidir, %php_incldir. (BZ#953814) Users of php are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2013:1620: xorg-x11-server security and bug fix update (Low)oval-com.redhat.rhsa-def-20131620 lowRHSA-2013:1620 CVE-2013-1940
RHSA-2013:1620: xorg-x11-server security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131620 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1620, CVE-2013-1940 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A flaw was found in the way the X.org X11 server registered new hot plugged devices. If a local user switched to a different session and plugged in a new device, input from that device could become available in the previous session, possibly leading to information disclosure. (CVE-2013-1940) This issue was found by David Airlie and Peter Hutterer of Red Hat. This update also fixes the following bugs: * A previous upstream patch modified the Xephyr X server to be resizeable, however, it did not enable the resize functionality by default. As a consequence, X sandboxes were not resizeable on Red Hat Enterprise Linux 6.4 and later. This update enables the resize functionality by default so that X sandboxes can now be resized as expected. (BZ#915202) * In Red Hat Enterprise Linux 6, the X Security extension (XC-SECURITY) has been disabled and replaced by X Access Control Extension (XACE). However, XACE does not yet include functionality that was previously available in XC-SECURITY. With this update, XC-SECURITY is enabled in the xorg-x11-server spec file on Red Hat Enterprise Linux 6. (BZ#957298) * Upstream code changes to extension initialization accidentally disabled the GLX extension in Xvfb (the X virtual frame buffer), rendering headless 3D applications not functional. An upstream patch to this problem has been backported so the GLX extension is enabled again, and applications relying on this extension work as expected. (BZ#969538) All xorg-x11-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:1635: pacemaker security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20131635 lowRHSA-2013:1635 CVE-2013-0281
RHSA-2013:1635: pacemaker security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131635 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1635, CVE-2013-0281 |
| Description | Pacemaker is a high-availability cluster resource manager with a powerful policy engine. A denial of service flaw was found in the way Pacemaker performed authentication and processing of remote connections in certain circumstances. When Pacemaker was configured to allow remote Cluster Information Base (CIB) configuration or resource management, a remote attacker could use this flaw to cause Pacemaker to block indefinitely (preventing it from serving other requests). (CVE-2013-0281) Note: The default Pacemaker configuration in Red Hat Enterprise Linux 6 has the remote CIB management functionality disabled. The pacemaker package has been upgraded to upstream version 1.1.10, which provides a number of bug fixes and enhancements over the previous version: * Pacemaker no longer assumes unknown cman nodes are safely stopped. * The core dump file now converts all exit codes into positive 'errno' values. * Pacemaker ensures a return to a stable state after too many fencing failures, and initiates a shutdown if a node claimed to be fenced is still active. * The crm_error tool adds the ability to list and print error symbols. * The crm_resource command allows individual resources to be reprobed, and implements the "--ban" option for moving resources away from nodes. The "--clear" option has replaced the "--unmove" option. Also, crm_resource now supports OCF tracing when using the "--force" option. * The IPC mechanism restores the ability for members of the haclient group to connect to the cluster. * The Policy Engine daemon allows active nodes in the current membership to be fenced without quorum. * Policy Engine now suppresses meaningless IDs when displaying anonymous clone status, supports maintenance mode for a single node, and correctly handles the recovered resources before they are operated on. * XML configuration files are now checked for non-printing characters and replaced with their octal equivalent when exporting XML text. Also, a more reliable buffer allocation strategy has been implemented to prevent lockups. (BZ#987355) Additional bug fixes: * The "crm_resource --move" command was designed for atomic resources and could not handle resources on clones, masters, or slaves present on multiple nodes. Consequently, crm_resource could not obtain enough information to move a resource and did not perform any action. The "--ban" and "--clear" options have been added to allow the administrator to instruct the cluster unambiguously. Clone, master, and slave resources can now be navigated within the cluster as expected. (BZ#902407) * The hacluster user account did not have a user identification (UID) or group identification (GID) number reserved on the system. Thus, UID and GID values were picked randomly during the installation process. The UID and GID number 189 was reserved for hacluster and is now used consistently for all installations. (BZ#908450) * Certain clusters used node host names that did not match the output of the "uname -n" command. Thus, the default node name used by the crm_standby and crm_failcount commands was incorrect and caused the cluster to ignore the update by the administrator. The crm_node command is now used instead of the uname utility in helper scripts. As a result, the cluster behaves as expected. (BZ#913093) * Due to incorrect return code handling, internal recovery logic of the crm_mon utility was not executed when a configuration updated failed to apply, leading to an assertion failure. Return codes are now checked correctly, and the recovery of an expected error state is now handled transparently. (BZ#951371) * cman's automatic unfencing feature failed when combined with Pacemaker. Support for automated unfencing in Pacemaker has been added, and the unwanted behavior no longer occurs. (BZ#996850) All pacemaker users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:1645: Red Hat Enterprise Linux 6 kernel update (Important)oval-com.redhat.rhsa-def-20131645 highRHSA-2013:1645 CVE-2012-6542 CVE-2012-6545 CVE-2013-0343 CVE-2013-1928 CVE-2013-1929 CVE-2013-2164 CVE-2013-2234 CVE-2013-2851 CVE-2013-2888 CVE-2013-2889 CVE-2013-2892 CVE-2013-3231 CVE-2013-4345 CVE-2013-4387 CVE-2013-4591 CVE-2013-4592
RHSA-2013:1645: Red Hat Enterprise Linux 6 kernel update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131645 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1645, CVE-2012-6542, CVE-2012-6545, CVE-2013-0343, CVE-2013-1928, CVE-2013-1929, CVE-2013-2164, CVE-2013-2234, CVE-2013-2851, CVE-2013-2888, CVE-2013-2889, CVE-2013-2892, CVE-2013-3231, CVE-2013-4345, CVE-2013-4387, CVE-2013-4591, CVE-2013-4592 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues: * A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important) * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate) * A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, Moderate) * An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate) * It was found that the fix for CVE-2012-2375 released via RHSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system . (CVE-2013-4591, Moderate) * A flaw was found in the way IOMMU memory mappings were handled when moving memory slots. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2013-4592, Moderate) * Heap-based buffer overflow flaws were found in the way the Zeroplus and Pantherlord/GreenAsia game controllers handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2889, CVE-2013-2892, Moderate) * Two information leak flaws were found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use these flaws to leak kernel stack memory to user space. (CVE-2012-6542, CVE-2013-3231, Low) * A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low) * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user space. (CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, Low) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) Red Hat would like to thank Stephan Mueller for reporting CVE-2013-4345, and Kees Cook for reporting CVE-2013-2851. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.5 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2013:1652: coreutils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20131652 lowRHSA-2013:1652 CVE-2013-0221 CVE-2013-0222 CVE-2013-0223
RHSA-2013:1652: coreutils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131652 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1652, CVE-2013-0221, CVE-2013-0222, CVE-2013-0223 |
| Description | The coreutils package contains the core GNU utilities. It is a combination of the old GNU fileutils, sh-utils, and textutils packages. It was discovered that the sort, uniq, and join utilities did not properly restrict the use of the alloca() function. An attacker could use this flaw to crash those utilities by providing long input strings. (CVE-2013-0221, CVE-2013-0222, CVE-2013-0223) These updated coreutils packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All coreutils users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:1661: RDMA stack security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131661 mediumRHSA-2013:1661 CVE-2012-4516 CVE-2013-2561
RHSA-2013:1661: RDMA stack security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131661 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1661, CVE-2012-4516, CVE-2013-2561 |
| Description | Red Hat Enterprise Linux includes a collection of Infiniband and iWARP utilities, libraries and development packages for writing applications that use Remote Direct Memory Access (RDMA) technology. A flaw was found in the way ibutils handled temporary files. A local attacker could use this flaw to cause arbitrary files to be overwritten as the root user via a symbolic link attack. (CVE-2013-2561) It was discovered that librdmacm used a static port to connect to the ib_acm service. A local attacker able to run a specially crafted ib_acm service on that port could use this flaw to provide incorrect address resolution information to librmdacm applications. (CVE-2012-4516) The CVE-2012-4516 issue was discovered by Florian Weimer of the Red Hat Product Security Team. This advisory updates the following packages to the latest upstream releases, providing a number of bug fixes and enhancements over the previous versions: * libibverbs-1.1.7 * libmlx4-1.0.5 * librdmacm-1.0.17 * mstflint-3.0 * perftest-2.0 * qperf-0.4.9 * rdma-3.10 Several bugs have been fixed in the openmpi, mpitests, ibutils, and infinipath-psm packages. The most notable changes in these updated packages from the RDMA stack are the following: * Multiple bugs in the Message Passing Interface (MPI) test packages were resolved, allowing more of the mpitest applications to pass on the underlying MPI implementations. * The libmlx4 package now includes dracut module files to ensure that any necessary custom configuration of mlx4 port types is included in the initramfs dracut builds. * Multiple test programs in the perftest and qperf packages now work properly over RoCE interfaces, or when specifying the use of rdmacm queue pairs. * The mstflint package has been updated to the latest upstream version, which is now capable of burning firmware on newly released Mellanox Connect-IB hardware. * A compatibility problem between the openmpi and infinipath-psm packages has been resolved with new builds of these packages. All RDMA users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:1674: dracut security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20131674 mediumRHSA-2013:1674 CVE-2012-4453
RHSA-2013:1674: dracut security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131674 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1674, CVE-2012-4453 |
| Description | The dracut packages include an event-driven initramfs generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition. It was discovered that dracut created initramfs images as world readable. A local user could possibly use this flaw to obtain sensitive information from these files, such as iSCSI authentication passwords, encrypted root file system crypttab passwords, or other information. (CVE-2012-4453) This issue was discovered by Peter Jones of the Red Hat Installer Team. These updated dracut packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All dracut users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2013:1701: sudo security, bug fix and enhancement update (Low)oval-com.redhat.rhsa-def-20131701 lowRHSA-2013:1701 CVE-2013-1775 CVE-2013-2776 CVE-2013-2777
RHSA-2013:1701: sudo security, bug fix and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131701 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1701, CVE-2013-1775, CVE-2013-2776, CVE-2013-2777 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-1775) It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-2776, CVE-2013-2777) This update also fixes the following bugs: * Previously, sudo did not support netgroup filtering for sources from the System Security Services Daemon (SSSD). Consequently, SSSD rules were applied to all users even when they did not belong to the specified netgroup. With this update, netgroup filtering for SSSD sources has been implemented. As a result, rules with a netgroup specification are applied only to users that are part of the netgroup. (BZ#880150) * When the sudo utility set up the environment in which it ran a command, it reset the value of the RLIMIT_NPROC resource limit to the parent's value of this limit if both the soft (current) and hard (maximum) values of RLIMIT_NPROC were not limited. An upstream patch has been provided to address this bug and RLIMIT_NPROC can now be set to "unlimited". (BZ#947276) * Due to the refactoring of the sudo code by upstream, the SUDO_USER variable that stores the name of the user running the sudo command was not logged to the /var/log/secure file as before. Consequently, user name "root" was always recorded instead of the real user name. With this update, the previous behavior of sudo has been restored. As a result, the expected user name is now written to /var/log/secure. (BZ#973228) * Due to an error in a loop condition in sudo's rule listing code, a buffer overflow could have occurred in certain cases. This condition has been fixed and the buffer overflow no longer occurs. (BZ#994626) In addition, this update adds the following enhancements: * With this update, sudo has been modified to send debug messages about netgroup matching to the debug log. These messages should provide better understanding of how sudo matches netgroup database records with values from the running system and what the values are exactly. (BZ#848111) * With this update, sudo has been modified to accept the ipa_hostname value from the /etc/sssd/sssd.conf configuration file when matching netgroups. (BZ#853542) All sudo users are advised to upgrade to this updated package, which contains backported patches to correct these issues and add these enhancements. |
RHSA-2013:1732: busybox security and bug fix update (Low)oval-com.redhat.rhsa-def-20131732 lowRHSA-2013:1732 CVE-2013-1813
RHSA-2013:1732: busybox security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20131732 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2013:1732, CVE-2013-1813 |
| Description | BusyBox provides a single binary that includes versions of a large number
of system commands, including a shell. This can be very useful for
recovering from certain types of system failures, particularly those
involving broken shared libraries.
It was found that the mdev BusyBox utility could create certain directories
within /dev with world-writable permissions. A local unprivileged user
could use this flaw to manipulate portions of the /dev directory tree.
(CVE-2013-1813)
This update also fixes the following bugs:
* Previously, due to a too eager string size optimization on the IBM System
z architecture, the "wc" BusyBox command failed after processing standard
input with the following error:
wc: : No such file or directory
This bug was fixed by disabling the string size optimization and the "wc"
command works properly on IBM System z architectures. (BZ#820097)
* Prior to this update, the "mknod" command was unable to create device
nodes with a major or minor number larger than 255. Consequently, the kdump
utility failed to handle such a device. The underlying source code has been
modified, and it is now possible to use the "mknod" command to create
device nodes with a major or minor number larger than 255. (BZ#859817)
* If a network installation from an NFS server was selected, the "mount"
command used the UDP protocol by default. If only TCP mounts were supported
by the server, this led to a failure of the mount command. As a result,
Anaconda could not continue with the installation. This bug is now fixed
and NFS mount operations default to the TCP protocol. (BZ#855832)
All busybox users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
|
RHSA-2013:1752: 389-ds-base security update (Important)oval-com.redhat.rhsa-def-20131752 highRHSA-2013:1752 CVE-2013-4485
RHSA-2013:1752: 389-ds-base security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131752 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1752, CVE-2013-4485 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain Get Effective Rights (GER) search queries when the attribute list, which is a part of the query, included several names using the '@' character. An attacker able to submit search queries to the 389 Directory Server could cause it to crash. (CVE-2013-4485) All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2013:1764: ruby security update (Critical)oval-com.redhat.rhsa-def-20131764 highRHSA-2013:1764 CVE-2013-4164
RHSA-2013:1764: ruby security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131764 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1764, CVE-2013-4164 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A buffer overflow flaw was found in the way Ruby parsed floating point numbers from their text representation. If an application using Ruby accepted untrusted input strings and converted them to floating point numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2013-4164) All ruby users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2013:1778: gimp security update (Moderate)oval-com.redhat.rhsa-def-20131778 mediumRHSA-2013:1778 CVE-2012-5576 CVE-2013-1913 CVE-2013-1978
RHSA-2013:1778: gimp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131778 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1778, CVE-2012-5576, CVE-2013-1913, CVE-2013-1978 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. A stack-based buffer overflow flaw, a heap-based buffer overflow, and an integer overflow flaw were found in the way GIMP loaded certain X Window System (XWD) image dump files. A remote attacker could provide a specially crafted XWD image file that, when processed, would cause the XWD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. (CVE-2012-5576, CVE-2013-1913, CVE-2013-1978) The CVE-2013-1913 and CVE-2013-1978 issues were discovered by Murray McAllister of the Red Hat Security Response Team. Users of the GIMP are advised to upgrade to these updated packages, which correct these issues. The GIMP must be restarted for the update to take effect. |
RHSA-2013:1779: mod_nss security update (Moderate)oval-com.redhat.rhsa-def-20131779 mediumRHSA-2013:1779 CVE-2013-4566
RHSA-2013:1779: mod_nss security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131779 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1779, CVE-2013-4566 |
| Description | The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. A flaw was found in the way mod_nss handled the NSSVerifyClient setting for the per-directory context. When configured to not require a client certificate for the initial connection and only require it for a specific directory, mod_nss failed to enforce this requirement and allowed a client to access the directory when no valid client certificate was provided. (CVE-2013-4566) Red Hat would like to thank Albert Smith of OUSD(AT&L) for reporting this issue. All mod_nss users should upgrade to this updated package, which contains a backported patch to correct this issue. The httpd service must be restarted for this update to take effect. |
RHSA-2013:1790: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131790 mediumRHSA-2013:1790 CVE-2013-4355
RHSA-2013:1790: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131790 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1790, CVE-2013-4355 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * An information leak flaw was found in the way the Xen hypervisor handled error conditions when reading guest memory during certain guest-originated operations, such as port or memory mapped I/O writes. A privileged user in a fully-virtualized guest could use this flaw to leak hypervisor stack memory to a guest. (CVE-2013-4355, Moderate) Red Hat would like to thank the Xen project for reporting this issue. This update also fixes the following bugs: * A previous fix to the kernel did not contain a memory barrier in the percpu_up_write() function. Consequently, under certain circumstances, a race condition could occur leading to memory corruption and a subsequent kernel panic. This update introduces a new memory barrier pair, light_mb() and heavy_mb(), for per-CPU basis read and write semaphores (percpu-rw-semaphores) ensuring that the race condition can no longer occur. In addition, the read path performance of "percpu-rw-semaphores" has been improved. (BZ#1014715) * Due to a bug in the tg3 driver, systems that had the Wake-on-LAN (WOL) feature enabled on their NICs could not have been woken up from suspension or hibernation using WOL. A missing pci_wake_from_d3() function call has been added to the tg3 driver, which ensures that WOL functions properly by setting the PME_ENABLE bit. (BZ#1014973) * Due to an incorrect test condition in the mpt2sas driver, the driver was unable to catch failures to map a SCSI scatter-gather list. The test condition has been corrected so that the mpt2sas driver now handles SCSI scatter-gather mapping failures as expected. (BZ#1018458) * A previous patch to the kernel introduced the "VLAN tag re-insertion" workaround to resolve a problem with incorrectly handled VLAN-tagged packets with no assigned VLAN group while the be2net driver was in promiscuous mode. However, this solution led to packet corruption and a subsequent kernel oops if such a processed packed was a GRO packet. Therefore, a patch has been applied to restrict VLAN tag re-insertion only to non-GRO packets. The be2net driver now processes VLAN-tagged packets with no assigned VLAN group correctly in this situation. (BZ#1023348) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:1791: nss and nspr security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20131791 highRHSA-2013:1791 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607
RHSA-2013:1791: nss and nspr security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131791 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1791, CVE-2013-1739, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. In addition, the nss package has been upgraded to upstream version 3.15.3, and the nspr package has been upgraded to upstream version 4.10.2. These updates provide a number of bug fixes and enhancements over the previous versions. (BZ#1033478, BZ#1020520) This update also fixes the following bug: * The RHBA-2013:1318 update introduced a regression that prevented the use of certificates that have an MD5 signature. This update fixes this regression and certificates that have an MD5 signature are once again supported. To prevent the use of certificates that have an MD5 signature, set the "NSS_HASH_ALG_SUPPORT" environment variable to "-MD5". (BZ#1033499) Users of NSS and NSPR are advised to upgrade to these updated packages, which fix these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. |
RHSA-2013:1801: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20131801 highRHSA-2013:1801 CVE-2013-2141 CVE-2013-4470 CVE-2013-6367 CVE-2013-6368
RHSA-2013:1801: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131801 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1801, CVE-2013-2141, CVE-2013-4470, CVE-2013-6367, CVE-2013-6368 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. (CVE-2013-4470, Important) * A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller (LAPIC) implementation. A privileged guest user could use this flaw to crash the host. (CVE-2013-6367, Important) * A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6368, Important) * An information leak flaw in the Linux kernel could allow a local, unprivileged user to leak kernel memory to user space. (CVE-2013-2141, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4470, and Andrew Honig of Google for reporting CVE-2013-6367 and CVE-2013-6368. This update also fixes several bugs and adds two enhancements. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2013:1803: libjpeg-turbo security update (Moderate)oval-com.redhat.rhsa-def-20131803 mediumRHSA-2013:1803 CVE-2013-6629 CVE-2013-6630
RHSA-2013:1803: libjpeg-turbo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131803 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1803, CVE-2013-6629, CVE-2013-6630 |
| Description | The libjpeg-turbo package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg-turbo decoded images with missing Start Of Scan (SOS) JPEG markers or Define Huffman Table (DHT) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629, CVE-2013-6630) All libjpeg-turbo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2013:1804: libjpeg security update (Moderate)oval-com.redhat.rhsa-def-20131804 mediumRHSA-2013:1804 CVE-2013-6629
RHSA-2013:1804: libjpeg security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131804 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1804, CVE-2013-6629 |
| Description | The libjpeg package contains a library of functions for manipulating JPEG images. It also contains simple client programs for accessing the libjpeg functions. An uninitialized memory read issue was found in the way libjpeg decoded images with missing Start Of Scan (SOS) JPEG markers. A remote attacker could create a specially crafted JPEG image that, when decoded, could possibly lead to a disclosure of potentially sensitive information. (CVE-2013-6629) All libjpeg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2013:1805: samba4 security update (Important)oval-com.redhat.rhsa-def-20131805 highRHSA-2013:1805 CVE-2013-4408
RHSA-2013:1805: samba4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131805 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1805, CVE-2013-4408 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2013:1806: samba and samba3x security update (Important)oval-com.redhat.rhsa-def-20131806 highRHSA-2013:1806 CVE-2013-4408 CVE-2013-4475
RHSA-2013:1806: samba and samba3x security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131806 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1806, CVE-2013-4408, CVE-2013-4475 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in the DCE-RPC client code in Samba. A specially crafted DCE-RPC packet could cause various Samba programs to crash or, possibly, execute arbitrary code when parsed. A malicious or compromised Active Directory Domain Controller could use this flaw to compromise the winbindd daemon running with root privileges. (CVE-2013-4408) A flaw was found in the way Samba performed ACL checks on alternate file and directory data streams. An attacker able to access a CIFS share with alternate stream support enabled could access alternate data streams regardless of the underlying file or directory ACL permissions. (CVE-2013-4475) Red Hat would like to thank the Samba project for reporting CVE-2013-4408. Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the original reporters of this issue. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2013:1812: firefox security update (Critical)oval-com.redhat.rhsa-def-20131812 highRHSA-2013:1812 CVE-2013-0772 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671
RHSA-2013:1812: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131812 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1812, CVE-2013-0772, CVE-2013-5609, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to terminate unexpectedly or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Firefox rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross-site scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Firefox. (CVE-2013-5614) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.2.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2013:1813: php53 and php security update (Critical)oval-com.redhat.rhsa-def-20131813 highRHSA-2013:1813 CVE-2013-6420
RHSA-2013:1813: php53 and php security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131813 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1813, CVE-2013-6420 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue. All php53 and php users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2013:1814: php security update (Critical)oval-com.redhat.rhsa-def-20131814 highRHSA-2013:1814 CVE-2011-1398 CVE-2012-2688 CVE-2013-1643 CVE-2013-6420
RHSA-2013:1814: php security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20131814 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1814, CVE-2011-1398, CVE-2012-2688, CVE-2013-1643, CVE-2013-6420 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A memory corruption flaw was found in the way the openssl_x509_parse() function of the PHP openssl extension parsed X.509 certificates. A remote attacker could use this flaw to provide a malicious self-signed certificate or a certificate signed by a trusted authority to a PHP application using the aforementioned function, causing the application to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the user running the PHP interpreter. (CVE-2013-6420) It was found that PHP did not check for carriage returns in HTTP headers, allowing intended HTTP response splitting protections to be bypassed. Depending on the web browser the victim is using, a remote attacker could use this flaw to perform HTTP response splitting attacks. (CVE-2011-1398) An integer signedness issue, leading to a heap-based buffer underflow, was found in the PHP scandir() function. If a remote attacker could upload an excessively large number of files to a directory the scandir() function runs on, it could cause the PHP interpreter to crash or, possibly, execute arbitrary code. (CVE-2012-2688) It was found that the PHP SOAP parser allowed the expansion of external XML entities during SOAP message parsing. A remote attacker could possibly use this flaw to read arbitrary files that are accessible to a PHP application using a SOAP extension. (CVE-2013-1643) Red Hat would like to thank the PHP project for reporting CVE-2013-6420. Upstream acknowledges Stefan Esser as the original reporter. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2013:1823: thunderbird security update (Important)oval-com.redhat.rhsa-def-20131823 highRHSA-2013:1823 CVE-2013-0772 CVE-2013-5609 CVE-2013-5612 CVE-2013-5613 CVE-2013-5614 CVE-2013-5616 CVE-2013-5618 CVE-2013-6671 CVE-2013-6674
RHSA-2013:1823: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131823 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1823, CVE-2013-0772, CVE-2013-5609, CVE-2013-5612, CVE-2013-5613, CVE-2013-5614, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-6674 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5609, CVE-2013-5616, CVE-2013-5618, CVE-2013-6671, CVE-2013-5613) A flaw was found in the way Thunderbird rendered web content with missing character encoding information. An attacker could use this flaw to possibly bypass same-origin inheritance and perform cross site-scripting (XSS) attacks. (CVE-2013-5612) It was found that certain malicious web content could bypass restrictions applied by sandboxed iframes. An attacker could combine this flaw with other vulnerabilities to execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2013-5614) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler, Masato Kinugawa, Daniel Veditz, Jesse Schwartzentruber, Nils, Tyson Smith, and Atte Kettunen as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.2.0 ESR, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2013:1829: nss, nspr, and nss-util security update (Important)oval-com.redhat.rhsa-def-20131829 highRHSA-2013:1829 CVE-2013-1739 CVE-2013-1741 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607
RHSA-2013:1829: nss, nspr, and nss-util security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131829 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1829, CVE-2013-1739, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2013-5607 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-5605) It was found that the fix for CVE-2013-1620 released via RHSA-2013:1135 introduced a regression causing NSS to read uninitialized data when a decryption failure occurred. A remote attacker could use this flaw to cause a TLS/SSL server using NSS to crash. (CVE-2013-1739) An integer overflow flaw was discovered in both NSS and NSPR's implementation of certification parsing on 64-bit systems. A remote attacker could use these flaws to cause an application using NSS or NSPR to crash. (CVE-2013-1741, CVE-2013-5607) It was discovered that NSS did not reject certificates with incompatible key usage constraints when validating them while the verifyLog feature was enabled. An application using the NSS certificate validation API could accept an invalid certificate. (CVE-2013-5606) Red Hat would like to thank the Mozilla project for reporting CVE-2013-1741, CVE-2013-5606, and CVE-2013-5607. Upstream acknowledges Tavis Ormandy as the original reporter of CVE-2013-1741, Camilo Viecco as the original reporter of CVE-2013-5606, and Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of CVE-2013-5607. All NSS, NSPR, and nss-util users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, applications using NSS, NSPR, or nss-util must be restarted for this update to take effect. |
RHSA-2013:1850: openjpeg security update (Important)oval-com.redhat.rhsa-def-20131850 highRHSA-2013:1850 CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6054
RHSA-2013:1850: openjpeg security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131850 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1850, CVE-2013-1447, CVE-2013-6045, CVE-2013-6052, CVE-2013-6054 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG 2000 format. Multiple heap-based buffer overflow flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6045, CVE-2013-6054) Multiple denial of service flaws were found in OpenJPEG. An attacker could create a specially crafted OpenJPEG image that, when opened, could cause an application using openjpeg to crash (CVE-2013-1447, CVE-2013-6052) Red Hat would like to thank Raphael Geissert for reporting these issues. Users of OpenJPEG are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using OpenJPEG must be restarted for the update to take effect. |
RHSA-2013:1860: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20131860 mediumRHSA-2013:1860 CVE-2013-4299
RHSA-2013:1860: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131860 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1860, CVE-2013-4299 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * An information leak flaw was found in the way the Linux kernel's device mapper subsystem, under certain conditions, interpreted data written to snapshot block devices. An attacker could use this flaw to read data from disk blocks in free space, which are normally inaccessible. (CVE-2013-4299, Moderate) Red Hat would like to thank Fujitsu for reporting this issue. This update also fixes the following bugs: * A previous fix to the kernel did not contain a memory barrier in the percpu_up_write() function. Consequently, under certain circumstances, a race condition could occur, leading to memory corruption and a subsequent kernel panic. This update introduces a new memory barrier pair, light_mb() and heavy_mb(), for per-CPU basis read and write semaphores (percpu-rw-semaphores) ensuring that the race condition can no longer occur. In addition, the read path performance of "percpu-rw-semaphores" has been improved. (BZ#884735) * Due to several related bugs in the be2net driver, the driver did not handle firmware manipulation of the network cards using the Emulex XE201 I/O controller properly. As a consequence, these NICs could not recover from an error successfully. A series of patches has been applied that fix the initialization sequence, and firmware download and activation for the XE201 controller. Error recovery now works as expected for the be2net NICs using the Emulex XE201 I/O controller. (BZ#1019892) * A bug in the be2net driver could cause packet corruption when handling VLAN-tagged packets with no assigned VLAN group. This happened because the be2net driver called a function responsible for VLAN tag reinsertion in a wrong order in the code. The code has been restructured and the be2net driver now calls the __vlan_put_tag() function correctly, thus avoiding the packet corruption. (BZ#1019893) * A previous patch to the kernel introduced the "VLAN tag re-insertion" workaround to resolve a problem with incorrectly handled VLAN-tagged packets with no assigned VLAN group while the be2net driver was in promiscuous mode. However, this solution led to packet corruption and a subsequent kernel oops if such a processed packet was a GRO packet. Therefore, a patch has been applied to restrict VLAN tag re-insertion only to non-GRO packets. The be2net driver now processes VLAN-tagged packets with no assigned VLAN group correctly in this situation. (BZ#1023347) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2013:1866: ca-certificates security update (Moderate)oval-com.redhat.rhsa-def-20131866 mediumRHSA-2013:1866
RHSA-2013:1866: ca-certificates security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20131866 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2013:1866 |
| Description | This package contains the set of CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure (PKI). It was found that a subordinate Certificate Authority (CA) mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. (BZ#1038894) All users should upgrade to this updated package. After installing the update, all applications using the ca-certificates package must be restarted for the changes to take effect. |
RHSA-2013:1868: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20131868 highRHSA-2013:1868 CVE-2013-6424
RHSA-2013:1868: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131868 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1868, CVE-2013-6424 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. An integer overflow, which led to a heap-based buffer overflow, was found in the way X.Org server handled trapezoids. A malicious, authorized client could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2013-6424) All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2013:1869: pixman security update (Important)oval-com.redhat.rhsa-def-20131869 highRHSA-2013:1869 CVE-2013-6425
RHSA-2013:1869: pixman security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20131869 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2013:1869, CVE-2013-6425 |
| Description | Pixman is a pixel manipulation library for the X Window System and Cairo. An integer overflow, which led to a heap-based buffer overflow, was found in the way pixman handled trapezoids. If a remote attacker could trick an application using pixman into rendering a trapezoid shape with specially crafted coordinates, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-6425) Users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All applications using pixman must be restarted for this update to take effect. |
RHSA-2014:0015: openssl security update (Important)oval-com.redhat.rhsa-def-20140015 highRHSA-2014:0015 CVE-2013-4353 CVE-2013-6449 CVE-2013-6450
RHSA-2014:0015: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140015 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0015, CVE-2013-4353, CVE-2013-6449, CVE-2013-6450 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way OpenSSL determined which hashing algorithm to use when TLS protocol version 1.2 was enabled. This could possibly cause OpenSSL to use an incorrect hashing algorithm, leading to a crash of an application using the library. (CVE-2013-6449) It was discovered that the Datagram Transport Layer Security (DTLS) protocol implementation in OpenSSL did not properly maintain encryption and digest contexts during renegotiation. A lost or discarded renegotiation handshake packet could cause a DTLS client or server using OpenSSL to crash. (CVE-2013-6450) A NULL pointer dereference flaw was found in the way OpenSSL handled TLS/SSL protocol handshake packets. A specially crafted handshake packet could cause a TLS/SSL client using OpenSSL to crash. (CVE-2013-4353) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2014:0016: gnupg security update (Moderate)oval-com.redhat.rhsa-def-20140016 mediumRHSA-2014:0016 CVE-2013-4576
RHSA-2014:0016: gnupg security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0016, CVE-2013-4576 |
| Description | The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to side-channel attacks via acoustic cryptanalysis. An attacker in close range to a target system that is decrypting ciphertexts could possibly use this flaw to recover the RSA secret key from that system. (CVE-2013-4576) Red Hat would like to thank Werner Koch of GnuPG upstream for reporting this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the original reporters. All gnupg users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2014:0018: libXfont security update (Important)oval-com.redhat.rhsa-def-20140018 highRHSA-2014:0018 CVE-2013-6462
RHSA-2014:0018: libXfont security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140018 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0018, CVE-2013-6462 |
| Description | The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A stack-based buffer overflow flaw was found in the way the libXfont library parsed Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2013-6462) Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. |
RHSA-2014:0026: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20140026 highRHSA-2014:0026 CVE-2013-4578 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428
RHSA-2014:0026: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140026 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0026, CVE-2013-4578, CVE-2013-5878, CVE-2013-5884, CVE-2013-5893, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0411, CVE-2014-0416, CVE-2014-0422, CVE-2014-0423, CVE-2014-0428 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2013-5907) Multiple improper permission check issues were discovered in the CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0428, CVE-2014-0422, CVE-2013-5893) Multiple improper permission check issues were discovered in the Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878, CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376, CVE-2014-0368) It was discovered that the Beans component did not restrict processing of XML external entities. This flaw could cause a Java application using Beans to leak sensitive information, or affect application availability. (CVE-2014-0423) It was discovered that the JSSE component could leak timing information during the TLS/SSL handshake. This could possibly lead to disclosure of information about the used encryption keys. (CVE-2014-0411) Note: The java-1.7.0-openjdk package shipped with Red Hat Enterprise Linux 6.5 via RHBA-2013:1611 replaced "java7" with "java" in the provides list. This update re-adds "java7" to the provides list to maintain backwards compatibility with releases prior to Red Hat Enterprise Linux 6.5. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0027: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20140027 highRHSA-2014:0027 CVE-2013-4578 CVE-2013-5878 CVE-2013-5884 CVE-2013-5893 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428
RHSA-2014:0027: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140027 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0027, CVE-2013-4578, CVE-2013-5878, CVE-2013-5884, CVE-2013-5893, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0411, CVE-2014-0416, CVE-2014-0422, CVE-2014-0423, CVE-2014-0428 |
| Description | These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2013-5907) Multiple improper permission check issues were discovered in the CORBA, JNDI, and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0428, CVE-2014-0422, CVE-2013-5893) Multiple improper permission check issues were discovered in the Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878, CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376, CVE-2014-0368) It was discovered that the Beans component did not restrict processing of XML external entities. This flaw could cause a Java application using Beans to leak sensitive information, or affect application availability. (CVE-2014-0423) It was discovered that the JSSE component could leak timing information during the TLS/SSL handshake. This could possibly lead to disclosure of information about the used encryption keys. (CVE-2014-0411) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0043: bind security update (Moderate)oval-com.redhat.rhsa-def-20140043 mediumRHSA-2014:0043 CVE-2014-0591
RHSA-2014:0043: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140043 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0043, CVE-2014-0591 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2014:0044: augeas security update (Moderate)oval-com.redhat.rhsa-def-20140044 mediumRHSA-2014:0044 CVE-2013-6412
RHSA-2014:0044: augeas security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140044 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0044, CVE-2013-6412 |
| Description | Augeas is a utility for editing configuration. Augeas parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native configuration files. Augeas also uses "lenses" as basic building blocks for establishing the mapping from files into the Augeas tree and back. A flaw was found in the way Augeas handled certain umask settings when creating new configuration files. This flaw could result in configuration files being created as world writable, allowing unprivileged local users to modify their content. (CVE-2013-6412) This issue was discovered by the Red Hat Security Response Team. All augeas users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using augeas must be restarted for the update to take effect. |
RHSA-2014:0097: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20140097 highRHSA-2014:0097 CVE-2013-4578 CVE-2013-5878 CVE-2013-5884 CVE-2013-5896 CVE-2013-5907 CVE-2013-5910 CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428
RHSA-2014:0097: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140097 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0097, CVE-2013-4578, CVE-2013-5878, CVE-2013-5884, CVE-2013-5896, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0376, CVE-2014-0411, CVE-2014-0416, CVE-2014-0422, CVE-2014-0423, CVE-2014-0428 |
| Description | These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the font layout engine in the 2D component. A specially crafted font file could trigger a Java Virtual Machine memory corruption when processed. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2013-5907) Multiple improper permission check issues were discovered in the CORBA and JNDI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0428, CVE-2014-0422) Multiple improper permission check issues were discovered in the Serviceability, Security, CORBA, JAAS, JAXP, and Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-0373, CVE-2013-5878, CVE-2013-5910, CVE-2013-5896, CVE-2013-5884, CVE-2014-0416, CVE-2014-0376, CVE-2014-0368) It was discovered that the Beans component did not restrict processing of XML external entities. This flaw could cause a Java application using Beans to leak sensitive information, or affect application availability. (CVE-2014-0423) It was discovered that the JSSE component could leak timing information during the TLS/SSL handshake. This could possibly lead to a disclosure of information about the used encryption keys. (CVE-2014-0411) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0103: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140103 mediumRHSA-2014:0103 CVE-2013-6458 CVE-2014-1447
RHSA-2014:0103: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140103 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0103, CVE-2013-6458, CVE-2014-1447 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A use-after-free flaw was found in the way several libvirt block APIs handled domain jobs. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, execute arbitrary code with the privileges of the libvirtd process (usually root). (CVE-2013-6458) A race condition was found in the way libvirtd handled keepalive initialization requests when the connection was closed prior to establishing connection credentials. An attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd, resulting in a denial of service. (CVE-2014-1447) This update also fixes the following bug: * A race condition was possible between a thread starting a virtual machine with a guest agent configured (regular start-up or while migrating) and a thread that was killing the VM process (or the process crashing). The race could cause the monitor object to be freed by the thread that killed the VM process, which was later accessed by the thread that was attempting to start the VM, resulting in a crash. This issue was fixed by checking the state of the VM after the attempted connection to the guest agent; if the VM in the meantime exited, no other operations are attempted. (BZ#1055578) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2014:0108: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140108 mediumRHSA-2014:0108 CVE-2013-4494
RHSA-2014:0108: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140108 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0108, CVE-2013-4494 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Xen hypervisor did not always lock 'page_alloc_lock' and 'grant_table.lock' in the same order. This could potentially lead to a deadlock. A malicious guest administrator could use this flaw to cause a denial of service on the host. (CVE-2013-4494, Moderate) Red Hat would like to thank the Xen project for reporting this issue. This update also fixes the following bugs: * A recent patch to the CIFS code that introduced the NTLMSSP (NT LAN Manager Security Support Provider) authentication mechanism caused a regression in CIFS behavior. As a result of the regression, an encryption key that is returned during the SMB negotiation protocol response was only used for the first session that was created on the SMB client. Any subsequent mounts to the same server did not use the encryption key returned by the initial negotiation with the server. As a consequence, it was impossible to mount multiple SMB shares with different credentials to the same server. A patch has been applied to correct this problem so that an encryption key or a server challenge is now provided for every SMB session during the SMB negotiation protocol response. (BZ#1029865) * The igb driver previously used a 16-bit mask when writing values of the flow control high-water mark to hardware registers on a network device. Consequently, the values were truncated on some network devices, disrupting the flow control. A patch has been applied to the igb driver so that it now uses a 32-bit mask as expected. (BZ#1041694) * The IPMI driver did not properly handle kernel panic messages. Consequently, when a kernel panic occurred on a system that was utilizing IPMI without Kdump being set up, a second kernel panic could be triggered. A patch has been applied to the IPMI driver to fix this problem, and a message handler now properly waits for a response to panic event messages. (BZ#1049731) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:0126: openldap security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140126 mediumRHSA-2014:0126 CVE-2013-4449
RHSA-2014:0126: openldap security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140126 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0126, CVE-2013-4449 |
| Description | OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue. This update also fixes the following bug: * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. (BZ#1056124) All openldap users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:0127: librsvg2 security update (Moderate)oval-com.redhat.rhsa-def-20140127 mediumRHSA-2014:0127 CVE-2013-1881
RHSA-2014:0127: librsvg2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140127 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0127, CVE-2013-1881 |
| Description | The librsvg2 packages provide an SVG (Scalable Vector Graphics) library based on libart. An XML External Entity expansion flaw was found in the way librsvg2 processed SVG files. If a user were to open a malicious SVG file, a remote attacker could possibly obtain a copy of the local resources that the user had access to. (CVE-2013-1881) All librsvg2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that use librsvg2 must be restarted for this update to take effect. |
RHSA-2014:0132: firefox security update (Critical)oval-com.redhat.rhsa-def-20140132 highRHSA-2014:0132 CVE-2014-1477 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487
RHSA-2014:0132: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140132 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0132, CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Firefox handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Firefox. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Firefox JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik "Flonka" Lönnqvist, Arthur Gerkis, Masato Kinugawa, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.3.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2014:0133: thunderbird security update (Important)oval-com.redhat.rhsa-def-20140133 highRHSA-2014:0133 CVE-2014-1477 CVE-2014-1479 CVE-2014-1481 CVE-2014-1482 CVE-2014-1486 CVE-2014-1487
RHSA-2014:0133: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140133 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0133, CVE-2014-1477, CVE-2014-1479, CVE-2014-1481, CVE-2014-1482, CVE-2014-1486, CVE-2014-1487 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486) A flaw was found in the way Thunderbird handled error messages related to web workers. An attacker could use this flaw to bypass the same-origin policy, which could lead to cross-site scripting (XSS) attacks, or could potentially be used to gather authentication tokens and other data from third-party websites. (CVE-2014-1487) A flaw was found in the implementation of System Only Wrappers (SOW). An attacker could use this flaw to crash Thunderbird. When combined with other vulnerabilities, this flaw could have additional security implications. (CVE-2014-1479) It was found that the Thunderbird JavaScript engine incorrectly handled window objects. A remote attacker could use this flaw to bypass certain security checks and possibly execute arbitrary code. (CVE-2014-1481) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro Ikeda, Cody Crews, Fredrik "Flonka" Lönnqvist, Arthur Gerkis, Masato Kinugawa, and Boris Zbarsky as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.3.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.3.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2014:0139: pidgin security update (Moderate)oval-com.redhat.rhsa-def-20140139 mediumRHSA-2014:0139 CVE-2012-6152 CVE-2013-6477 CVE-2013-6478 CVE-2013-6479 CVE-2013-6481 CVE-2013-6482 CVE-2013-6483 CVE-2013-6484 CVE-2013-6485 CVE-2013-6487 CVE-2013-6489 CVE-2013-6490 CVE-2014-0020
RHSA-2014:0139: pidgin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140139 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0139, CVE-2012-6152, CVE-2013-6477, CVE-2013-6478, CVE-2013-6479, CVE-2013-6481, CVE-2013-6482, CVE-2013-6483, CVE-2013-6484, CVE-2013-6485, CVE-2013-6487, CVE-2013-6489, CVE-2013-6490, CVE-2014-0020 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. A heap-based buffer overflow flaw was found in the way Pidgin processed certain HTTP responses. A malicious server could send a specially crafted HTTP response, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6485) Multiple heap-based buffer overflow flaws were found in several protocol plug-ins in Pidgin (Gadu-Gadu, MXit, SIMPLE). A malicious server could send a specially crafted message, causing Pidgin to crash or potentially execute arbitrary code with the permissions of the user running Pidgin. (CVE-2013-6487, CVE-2013-6489, CVE-2013-6490) Multiple denial of service flaws were found in several protocol plug-ins in Pidgin (Yahoo!, XMPP, MSN, stun, IRC). A remote attacker could use these flaws to crash Pidgin by sending a specially crafted message. (CVE-2012-6152, CVE-2013-6477, CVE-2013-6481, CVE-2013-6482, CVE-2013-6484, CVE-2014-0020) It was found that the Pidgin XMPP protocol plug-in did not verify the origin of "iq" replies. A remote attacker could use this flaw to spoof an "iq" reply, which could lead to injection of fake data or cause Pidgin to crash via a NULL pointer dereference. (CVE-2013-6483) A flaw was found in the way Pidgin parsed certain HTTP response headers. A remote attacker could use this flaw to crash Pidgin via a specially crafted HTTP response header. (CVE-2013-6479) It was found that Pidgin crashed when a mouse pointer was hovered over a long URL. A remote attacker could use this flaw to crash Pidgin by sending a message containing a long URL string. (CVE-2013-6478) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Thijs Alkemade, Robert Vehse, Jaime Breva Ribes, Jacob Appelbaum of the Tor Project, Daniel Atallah, Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen, Matt Jones of Volvent, and Yves Younan, Ryan Pentney, and Pawel Janic of Sourcefire VRT as the original reporters of these issues. All pidgin users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Pidgin must be restarted for this update to take effect. |
RHSA-2014:0151: wget security and bug fix update (Low)oval-com.redhat.rhsa-def-20140151 lowRHSA-2014:0151 CVE-2010-2252
RHSA-2014:0151: wget security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20140151 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2014:0151, CVE-2010-2252 |
| Description | The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the ability to work in the background while the user is logged out, recursive retrieval of directories, file name wildcard matching or updating files in dependency on file timestamp comparison. It was discovered that wget used a file name provided by the server when saving a downloaded file. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2010-2252) Note: With this update, wget always uses the last component of the original URL as the name for the downloaded file. Previous behavior of using the server provided name or the last component of the redirected URL when creating files can be re-enabled by using the '--trust-server-names' command line option, or by setting 'trust_server_names=on' in the wget start-up file. This update also fixes the following bugs: * Prior to this update, the wget package did not recognize HTTPS SSL certificates with alternative names (subjectAltName) specified in the certificate as valid. As a consequence, running the wget command failed with a certificate error. This update fixes wget to recognize such certificates as valid. (BZ#1060113) All users of wget are advised to upgrade to this updated package, which contain backported patches to correct these issues. |
RHSA-2014:0159: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20140159 highRHSA-2014:0159 CVE-2013-2929 CVE-2013-6381 CVE-2013-7263 CVE-2013-7265
RHSA-2014:0159: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140159 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0159, CVE-2013-2929, CVE-2013-6381, CVE-2013-7263, CVE-2013-7265 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6381, Important) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) * It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls (CVE-2013-7263, CVE-2013-7265, Low). This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:0163: kvm security update (Important)oval-com.redhat.rhsa-def-20140163 highRHSA-2014:0163 CVE-2013-6367 CVE-2013-6368
RHSA-2014:0163: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0163, CVE-2013-6367, CVE-2013-6368 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A divide-by-zero flaw was found in the apic_get_tmcct() function in KVM's Local Advanced Programmable Interrupt Controller (LAPIC) implementation. A privileged guest user could use this flaw to crash the host. (CVE-2013-6367) A memory corruption flaw was discovered in the way KVM handled virtual APIC accesses that crossed a page boundary. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6368) Red Hat would like to thank Andrew Honig of Google for reporting these issues. All kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: the procedure in the Solution section must be performed before this update will take effect. |
RHSA-2014:0164: mysql security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140164 mediumRHSA-2014:0164 CVE-2013-5908 CVE-2014-0001 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0437
RHSA-2014:0164: mysql security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0164, CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat Security Response Team. This update also fixes the following bug: * Prior to this update, MySQL did not check whether a MySQL socket was actually being used by any process before starting the mysqld service. If a particular mysqld service did not exit cleanly while a socket was being used by a process, this socket was considered to be still in use during the next start-up of this service, which resulted in a failure to start the service up. With this update, if a socket exists but is not used by any process, it is ignored during the mysqld service start-up. (BZ#1058719) These updated packages upgrade MySQL to version 5.1.73. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2014:0174: piranha security update (Important)oval-com.redhat.rhsa-def-20140174 highRHSA-2014:0174 CVE-2013-6492
RHSA-2014:0174: piranha security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140174 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0174, CVE-2013-6492 |
| Description | Piranha provides high-availability and load-balancing services for Red Hat Enterprise Linux. The piranha packages contain various tools to administer and configure the Linux Virtual Server (LVS), as well as the heartbeat and failover components. LVS is a dynamically-adjusted kernel routing mechanism that provides load balancing, primarily for Web and FTP servers. It was discovered that the Piranha Configuration Tool did not properly restrict access to its web pages. A remote attacker able to connect to the Piranha Configuration Tool web server port could use this flaw to read or modify the LVS configuration without providing valid administrative credentials. (CVE-2013-6492) All piranha users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2014:0175: piranha security and bug fix update (Important)oval-com.redhat.rhsa-def-20140175 highRHSA-2014:0175 CVE-2013-6492
RHSA-2014:0175: piranha security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140175 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0175, CVE-2013-6492 |
| Description | Piranha provides high-availability and load-balancing services for Red Hat Enterprise Linux. The piranha packages contain various tools to administer and configure the Linux Virtual Server (LVS), as well as the heartbeat and failover components. LVS is a dynamically-adjusted kernel routing mechanism that provides load balancing, primarily for Web and FTP servers. It was discovered that the Piranha Configuration Tool did not properly restrict access to its web pages. A remote attacker able to connect to the Piranha Configuration Tool web server port could use this flaw to read or modify the LVS configuration without providing valid administrative credentials. (CVE-2013-6492) This update also fixes the following bug: * When the lvsd service attempted to start, the sem_timedwait() function received the interrupted function call (EINTR) error and exited, causing the lvsd service to fail to start. With this update, EINTR errors are correctly ignored during the start-up of the lvsd service. (BZ#1055709) All piranha users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2014:0185: openswan security update (Moderate)oval-com.redhat.rhsa-def-20140185 mediumRHSA-2014:0185 CVE-2013-6466
RHSA-2014:0185: openswan security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140185 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0185, CVE-2013-6466 |
| Description | Openswan is a free implementation of Internet Protocol Security (IPsec) and Internet Key Exchange (IKE). IPsec uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks. A NULL pointer dereference flaw was discovered in the way Openswan's IKE daemon processed IKEv2 payloads. A remote attacker could send specially crafted IKEv2 payloads that, when processed, would lead to a denial of service (daemon crash), possibly causing existing VPN connections to be dropped. (CVE-2013-6466) All openswan users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:0186: mysql55-mysql security update (Moderate)oval-com.redhat.rhsa-def-20140186 mediumRHSA-2014:0186 CVE-2013-3839 CVE-2013-5807 CVE-2013-5891 CVE-2013-5908 CVE-2014-0001 CVE-2014-0386 CVE-2014-0393 CVE-2014-0401 CVE-2014-0402 CVE-2014-0412 CVE-2014-0420 CVE-2014-0437
RHSA-2014:0186: mysql55-mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140186 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0186, CVE-2013-3839, CVE-2013-5807, CVE-2013-5891, CVE-2013-5908, CVE-2014-0001, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2013-5807, CVE-2013-5891, CVE-2014-0386, CVE-2014-0393, CVE-2014-0401, CVE-2014-0402, CVE-2014-0412, CVE-2014-0420, CVE-2014-0437, CVE-2013-3839, CVE-2013-5908) A buffer overflow flaw was found in the way the MySQL command line client tool (mysql) processed excessively long version strings. If a user connected to a malicious MySQL server via the mysql client, the server could use this flaw to crash the mysql client or, potentially, execute arbitrary code as the user running the mysql client. (CVE-2014-0001) The CVE-2014-0001 issue was discovered by Garth Mollett of the Red Hat Security Response Team. These updated packages upgrade MySQL to version 5.5.36. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2014:0206: openldap security update (Moderate)oval-com.redhat.rhsa-def-20140206 mediumRHSA-2014:0206 CVE-2013-4449
RHSA-2014:0206: openldap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0206, CVE-2013-4449 |
| Description | OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A denial of service flaw was found in the way the OpenLDAP server daemon (slapd) performed reference counting when using the rwm (rewrite/remap) overlay. A remote attacker able to query the OpenLDAP server could use this flaw to crash the server by immediately unbinding from the server after sending a search request. (CVE-2013-4449) Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue. All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:0211: postgresql84 and postgresql security update (Important)oval-com.redhat.rhsa-def-20140211 highRHSA-2014:0211 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066
RHSA-2014:0211: postgresql84 and postgresql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140211 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0211, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting an SQL role to a database user in a PostgreSQL database without specifying the "ADMIN" option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from an SQL role which they were granted access to. (CVE-2014-0060) A flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061) A race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062) It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a null pointer dereference. (CVE-2014-0066) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Noah Misch as the original reporter of CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as the original reporters of CVE-2014-0065, Andres Freund as the original reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the original reporters of CVE-2014-0066. These updated packages upgrade PostgreSQL to version 8.4.20, which fixes these issues as well as several non-security issues. Refer to the PostgreSQL Release Notes for a full list of changes: http://www.postgresql.org/docs/8.4/static/release-8-4-19.html http://www.postgresql.org/docs/8.4/static/release-8-4-20.html All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2014:0222: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20140222 mediumRHSA-2014:0222 CVE-2010-2596 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244
RHSA-2014:0222: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140222 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0222, CVE-2010-2596, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244) A flaw was found in the way libtiff handled OJPEG-encoded TIFF images. An attacker could use this flaw to create a specially crafted TIFF file that would cause an application using libtiff to crash. (CVE-2010-2596) Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961) Red Hat would like to thank Emmanuel Bouillon of NCI Agency for reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was discovered by Murray McAllister of the Red Hat Security Response Team, and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libtiff must be restarted for this update to take effect. |
RHSA-2014:0223: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20140223 mediumRHSA-2014:0223 CVE-2013-1960 CVE-2013-1961 CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244
RHSA-2014:0223: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140223 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0223, CVE-2013-1960, CVE-2013-1961, CVE-2013-4231, CVE-2013-4232, CVE-2013-4243, CVE-2013-4244 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code. (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool. An attacker could use these flaws to create a specially crafted GIF file that could cause gif2tiff to crash or, possibly, execute arbitrary code. (CVE-2013-4231, CVE-2013-4243, CVE-2013-4244) Multiple buffer overflow flaws were found in the tiff2pdf tool. An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash. (CVE-2013-1961) Red Hat would like to thank Emmanuel Bouillon of NCI Agency for reporting CVE-2013-1960 and CVE-2013-1961. The CVE-2013-4243 issue was discovered by Murray McAllister of the Red Hat Security Response Team, and the CVE-2013-4244 issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team. All libtiff users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libtiff must be restarted for this update to take effect. |
RHSA-2014:0246: gnutls security update (Important)oval-com.redhat.rhsa-def-20140246 highRHSA-2014:0246 CVE-2014-0092
RHSA-2014:0246: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140246 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0246, CVE-2014-0092 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092) The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted. |
RHSA-2014:0247: gnutls security update (Important)oval-com.redhat.rhsa-def-20140247 highRHSA-2014:0247 CVE-2009-5138 CVE-2014-0092
RHSA-2014:0247: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140247 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0247, CVE-2009-5138, CVE-2014-0092 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. (CVE-2014-0092) A flaw was found in the way GnuTLS handled version 1 X.509 certificates. An attacker able to obtain a version 1 certificate from a trusted certificate authority could use this flaw to issue certificates for other sites that would be accepted by GnuTLS as valid. (CVE-2009-5138) The CVE-2014-0092 issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team. Users of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted. |
RHSA-2014:0249: postgresql security update (Important)oval-com.redhat.rhsa-def-20140249 highRHSA-2014:0249 CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066
RHSA-2014:0249: postgresql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140249 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0249, CVE-2014-0060, CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, CVE-2014-0066 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). Multiple stack-based buffer overflow flaws were found in the date/time implementation of PostgreSQL. An authenticated database user could provide a specially crafted date/time value that, when processed, could cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0063) Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in various type input functions in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0064) Multiple potential buffer overflow flaws were found in PostgreSQL. An authenticated database user could possibly use these flaws to crash PostgreSQL or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2014-0065) It was found that granting an SQL role to a database user in a PostgreSQL database without specifying the "ADMIN" option allowed the grantee to remove other users from their granted role. An authenticated database user could use this flaw to remove a user from an SQL role which they were granted access to. (CVE-2014-0060) A flaw was found in the validator functions provided by PostgreSQL's procedural languages (PLs). An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0061) A race condition was found in the way the CREATE INDEX command performed multiple independent lookups of a table that had to be indexed. An authenticated database user could possibly use this flaw to escalate their privileges. (CVE-2014-0062) It was found that the chkpass extension of PostgreSQL did not check the return value of the crypt() function. An authenticated database user could possibly use this flaw to crash PostgreSQL via a null pointer dereference. (CVE-2014-0066) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Noah Misch as the original reporter of CVE-2014-0060 and CVE-2014-0063, Heikki Linnakangas and Noah Misch as the original reporters of CVE-2014-0064, Peter Eisentraut and Jozef Mlich as the original reporters of CVE-2014-0065, Andres Freund as the original reporter of CVE-2014-0061, Robert Haas and Andres Freund as the original reporters of CVE-2014-0062, and Honza Horak and Bruce Momjian as the original reporters of CVE-2014-0066. All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2014:0255: subversion security update (Moderate)oval-com.redhat.rhsa-def-20140255 mediumRHSA-2014:0255 CVE-2013-1968 CVE-2013-2112 CVE-2014-0032
RHSA-2014:0255: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140255 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0255, CVE-2013-1968, CVE-2013-2112, CVE-2014-0032 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A flaw was found in the way the mod_dav_svn module handled OPTIONS requests. A remote attacker with read access to an SVN repository served via HTTP could use this flaw to cause the httpd process that handled such a request to crash. (CVE-2014-0032) A flaw was found in the way Subversion handled file names with newline characters when the FSFS repository format was used. An attacker with commit access to an SVN repository could corrupt a revision by committing a specially crafted file. (CVE-2013-1968) A flaw was found in the way the svnserve tool of Subversion handled remote client network connections. An attacker with read access to an SVN repository served via svnserve could use this flaw to cause the svnserve daemon to exit, leading to a denial of service. (CVE-2013-2112) All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. |
RHSA-2014:0266: sudo security update (Moderate)oval-com.redhat.rhsa-def-20140266 mediumRHSA-2014:0266 CVE-2014-0106
RHSA-2014:0266: sudo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140266 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0266, CVE-2014-0106 |
| Description | The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an arbitrary command with the target user's privileges. (CVE-2014-0106) Note: This issue does not affect the default configuration of the sudo package as shipped with Red Hat Enterprise Linux 5. Red Hat would like to thank Todd C. Miller for reporting this issue. Upstream acknowledges Sebastien Macke as the original reporter. All sudo users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2014:0285: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20140285 highRHSA-2014:0285 CVE-2013-2929 CVE-2013-4483 CVE-2013-4554 CVE-2013-6381 CVE-2013-6383 CVE-2013-6885 CVE-2013-7263
RHSA-2014:0285: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140285 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0285, CVE-2013-2929, CVE-2013-4483, CVE-2013-4554, CVE-2013-6381, CVE-2013-6383, CVE-2013-6885, CVE-2013-7263 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6381, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the Xen hypervisor implementation did not correctly check privileges of hypercall attempts made by HVM guests, allowing hypercalls to be invoked from protection rings 1 and 2 in addition to ring 0. A local attacker in an HVM guest able to execute code on privilege levels 1 and 2 could potentially use this flaw to further escalate their privileges in that guest. Note: Xen HVM guests running unmodified versions of Red Hat Enterprise Linux and Microsoft Windows are not affected by this issue because they are known to only use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554, Moderate) * A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions. (CVE-2013-6383, Moderate) * It was found that, under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on certain AMD CPUs (for more information, refer to AMD CPU erratum 793 linked in the References section). A privileged user in a guest running under the Xen hypervisor could use this flaw to cause a denial of service on the host system. This update adds a workaround to the Xen hypervisor implementation, which mitigates the AMD CPU issue. Note: this issue only affects AMD Family 16h Models 00h-0Fh Processors. Non-AMD CPUs are not vulnerable. (CVE-2013-6885, Moderate) * It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483 and the Xen project for reporting CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as the original reporter of CVE-2013-4554 and CVE-2013-6885. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. |
RHSA-2014:0292: 389-ds-base security update (Important)oval-com.redhat.rhsa-def-20140292 highRHSA-2014:0292 CVE-2014-0132
RHSA-2014:0292: 389-ds-base security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140292 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0292, CVE-2014-0132 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was discovered that the 389 Directory Server did not properly handle certain SASL-based authentication mechanisms. A user able to authenticate to the directory using these SASL mechanisms could connect as any other directory user, including the administrative Directory Manager account. This could allow them to modify configuration values, as well as read and write any data the directory holds. (CVE-2014-0132) All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2014:0293: udisks security update (Important)oval-com.redhat.rhsa-def-20140293 highRHSA-2014:0293 CVE-2014-0004
RHSA-2014:0293: udisks security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140293 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0293, CVE-2014-0004 |
| Description | The udisks package provides a daemon, a D-Bus API, and command line utilities for managing disks and storage devices. A stack-based buffer overflow flaw was found in the way udisks handled files with long path names. A malicious, local user could use this flaw to create a specially crafted directory structure that, when processed by the udisks daemon, could lead to arbitrary code execution with the privileges of the udisks daemon (root). (CVE-2014-0004) This issue was discovered by Florian Weimer of the Red Hat Product Security Team. All udisks users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:0304: mutt security update (Important)oval-com.redhat.rhsa-def-20140304 highRHSA-2014:0304 CVE-2014-0467
RHSA-2014:0304: mutt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140304 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0304, CVE-2014-0467 |
| Description | Mutt is a text-mode mail user agent. A heap-based buffer overflow flaw was found in the way mutt processed certain email headers. A remote attacker could use this flaw to send an email with specially crafted headers that, when processed, could cause mutt to crash or, potentially, execute arbitrary code with the permissions of the user running mutt. (CVE-2014-0467) All mutt users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running instances of mutt must be restarted for this update to take effect. |
RHSA-2014:0305: samba security update (Moderate)oval-com.redhat.rhsa-def-20140305 mediumRHSA-2014:0305 CVE-2013-0213 CVE-2013-0214 CVE-2013-4124
RHSA-2014:0305: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140305 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0305, CVE-2013-0213, CVE-2013-0214, CVE-2013-4124 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was discovered that the Samba Web Administration Tool (SWAT) did not protect against being opened in a web page frame. A remote attacker could possibly use this flaw to conduct a clickjacking attack against SWAT users or users with an active SWAT session. (CVE-2013-0213) A flaw was found in the Cross-Site Request Forgery (CSRF) protection mechanism implemented in SWAT. An attacker with the knowledge of a victim's password could use this flaw to bypass CSRF protections and conduct a CSRF attack against the victim SWAT user. (CVE-2013-0214) An integer overflow flaw was found in the way Samba handled an Extended Attribute (EA) list provided by a client. A malicious client could send a specially crafted EA list that triggered an overflow, causing the server to loop and reprocess the list using an excessive amount of memory. (CVE-2013-4124) Note: This issue did not affect the default configuration of the Samba server. Red Hat would like to thank the Samba project for reporting CVE-2013-0213 and CVE-2013-0214. Upstream acknowledges Jann Horn as the original reporter of CVE-2013-0213 and CVE-2013-0214. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2014:0310: firefox security update (Critical)oval-com.redhat.rhsa-def-20140310 highRHSA-2014:0310 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514
RHSA-2014:0310: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140310 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0310, CVE-2014-1493, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514) Several information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505) A memory corruption flaw was found in the way Firefox rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1509) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Jüri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.4.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.4.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2014:0311: php security update (Critical)oval-com.redhat.rhsa-def-20140311 highRHSA-2014:0311 CVE-2006-7243 CVE-2009-0689
RHSA-2014:0311: php security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140311 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0311, CVE-2006-7243, CVE-2009-0689 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the way PHP parsed floating point numbers from their text representation. If a PHP application converted untrusted input strings to numbers, an attacker able to provide such input could cause the application to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2009-0689) It was found that PHP did not properly handle file names with a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2006-7243) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2014:0316: thunderbird security update (Important)oval-com.redhat.rhsa-def-20140316 highRHSA-2014:0316 CVE-2014-1493 CVE-2014-1497 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514
RHSA-2014:0316: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140316 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0316, CVE-2014-1493, CVE-2014-1497, CVE-2014-1505, CVE-2014-1508, CVE-2014-1509, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514) Several information disclosure flaws were found in the way Thunderbird processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Thunderbird to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505) A memory corruption flaw was found in the way Thunderbird rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1509) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, Christoph Diehl, Atte Kettunen, Tyson Smith, Jesse Schwartzentruber, John Thomson, Robert O'Callahan, Mariusz Mlynski, Jüri Aedla, George Hotz, and the security research firm VUPEN as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.4.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.4.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2014:0321: net-snmp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140321 mediumRHSA-2014:0321 CVE-2014-2284
RHSA-2014:0321: net-snmp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140321 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0321, CVE-2014-2284 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. A buffer overflow flaw was found in the way the decode_icmp_msg() function in the ICMP-MIB implementation processed Internet Control Message Protocol (ICMP) message statistics reported in the /proc/net/snmp file. A remote attacker could send a message for each ICMP message type, which could potentially cause the snmpd service to crash when processing the /proc/net/snmp file. (CVE-2014-2284) This update also fixes the following bug: * The snmpd service parses the /proc/diskstats file to track disk usage statistics for UCD-DISKIO-MIB::diskIOTable. On systems with a large number of block devices, /proc/diskstats may be large in size and parsing it can take a non-trivial amount of CPU time. With this update, Net-SNMP introduces a new option, 'diskio', in the /etc/snmp/snmpd.conf file, which can be used to explicitly specify devices that should be monitored. Only these whitelisted devices are then reported in UCD-DISKIO-MIB::diskIOTable, thus speeding up snmpd on systems with numerous block devices. (BZ#990674) All net-snmp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the snmpd service will be restarted automatically. |
RHSA-2014:0322: net-snmp security update (Moderate)oval-com.redhat.rhsa-def-20140322 mediumRHSA-2014:0322 CVE-2012-6151 CVE-2014-2285
RHSA-2014:0322: net-snmp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140322 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0322, CVE-2012-6151, CVE-2014-2285 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. A denial of service flaw was found in the way snmpd, the Net-SNMP daemon, handled subagent timeouts. A remote attacker able to trigger a subagent timeout could use this flaw to cause snmpd to loop infinitely or crash. (CVE-2012-6151) A denial of service flaw was found in the way the snmptrapd service, which receives and logs SNMP trap messages, handled SNMP trap requests with an empty community string when the Perl handler (provided by the net-snmp-perl package) was enabled. A remote attacker could use this flaw to crash snmptrapd by sending a trap request with an empty community string. (CVE-2014-2285) All net-snmp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the snmpd and snmptrapd services will be restarted automatically. |
RHSA-2014:0328: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20140328 highRHSA-2014:0328 CVE-2013-1860 CVE-2013-7266 CVE-2013-7270 CVE-2014-0055 CVE-2014-0069 CVE-2014-0101 CVE-2014-2038
RHSA-2014:0328: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140328 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0328, CVE-2013-1860, CVE-2013-7266, CVE-2013-7270, CVE-2014-0055, CVE-2014-0069, CVE-2014-0101, CVE-2014-2038 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the get_rx_bufs() function in the vhost_net implementation in the Linux kernel handled error conditions reported by the vhost_get_vq_desc() function. A privileged guest user could use this flaw to crash the host. (CVE-2014-0055, Important) * A flaw was found in the way the Linux kernel processed an authenticated COOKIE_ECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on the system. (CVE-2014-0101, Important) * A flaw was found in the way the Linux kernel's CIFS implementation handled uncached write operations with specially crafted iovec structures. An unprivileged local user with access to a CIFS share could use this flaw to crash the system, leak kernel memory, or, potentially, escalate their privileges on the system. Note: the default cache settings for CIFS mounts on Red Hat Enterprise Linux 6 prohibit a successful exploitation of this issue. (CVE-2014-0069, Moderate) * A heap-based buffer overflow flaw was found in the Linux kernel's cdc-wdm driver, used for USB CDC WCM device management. An attacker with physical access to a system could use this flaw to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1860, Low) Red Hat would like to thank Nokia Siemens Networks for reporting CVE-2014-0101, and Al Viro for reporting CVE-2014-0069. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:0330: samba and samba3x security update (Moderate)oval-com.redhat.rhsa-def-20140330 mediumRHSA-2014:0330 CVE-2012-6150 CVE-2013-4496
RHSA-2014:0330: samba and samba3x security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140330 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0330, CVE-2012-6150, CVE-2013-4496 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2014:0341: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20140341 mediumRHSA-2014:0341 CVE-2012-5595 CVE-2012-5598 CVE-2012-5599 CVE-2012-5600 CVE-2012-6056 CVE-2012-6060 CVE-2012-6061 CVE-2012-6062 CVE-2013-3557 CVE-2013-3559 CVE-2013-4081 CVE-2013-4083 CVE-2013-4927 CVE-2013-4931 CVE-2013-4932 CVE-2013-4933 CVE-2013-4934 CVE-2013-4935 CVE-2013-5721 CVE-2013-7112 CVE-2014-2281 CVE-2014-2299
RHSA-2014:0341: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140341 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0341, CVE-2012-5595, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-3559, CVE-2013-4081, CVE-2013-4083, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-5721, CVE-2013-7112, CVE-2014-2281, CVE-2014-2299 |
| Description | Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2013-3559, CVE-2013-4083, CVE-2014-2281, CVE-2014-2299) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2012-5595, CVE-2012-5598, CVE-2012-5599, CVE-2012-5600, CVE-2012-6056, CVE-2012-6060, CVE-2012-6061, CVE-2012-6062, CVE-2013-3557, CVE-2013-4081, CVE-2013-4927, CVE-2013-4931, CVE-2013-4932, CVE-2013-4933, CVE-2013-4934, CVE-2013-4935, CVE-2013-5721, CVE-2013-7112) All Wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2014:0342: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20140342 mediumRHSA-2014:0342 CVE-2013-6336 CVE-2013-6337 CVE-2013-6338 CVE-2013-6339 CVE-2013-6340 CVE-2013-7112 CVE-2013-7114 CVE-2014-2281 CVE-2014-2283 CVE-2014-2299
RHSA-2014:0342: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140342 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0342, CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340, CVE-2013-7112, CVE-2013-7114, CVE-2014-2281, CVE-2014-2283, CVE-2014-2299 |
| Description | Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Two flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2014-2281, CVE-2014-2299) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2013-6336, CVE-2013-6337, CVE-2013-6338, CVE-2013-6339, CVE-2013-6340, CVE-2014-2283, CVE-2013-7112, CVE-2013-7114) All Wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2014:0348: xalan-j2 security update (Important)oval-com.redhat.rhsa-def-20140348 highRHSA-2014:0348 CVE-2014-0107
RHSA-2014:0348: xalan-j2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140348 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0348, CVE-2014-0107 |
| Description | Xalan-Java is an XSLT processor for transforming XML documents into HTML, text, or other XML document types. It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations (XSLT) content to be processed by an application using Xalan-Java could use this flaw to bypass the intended constraints of the secure processing feature. Depending on the components available in the classpath, this could lead to arbitrary remote code execution in the context of the application server running the application that uses Xalan-Java. (CVE-2014-0107) All xalan-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:0369: httpd security update (Moderate)oval-com.redhat.rhsa-def-20140369 mediumRHSA-2014:0369 CVE-2013-6438 CVE-2014-0098
RHSA-2014:0369: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140369 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0369, CVE-2013-6438, CVE-2014-0098 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2014:0370: httpd security update (Moderate)oval-com.redhat.rhsa-def-20140370 mediumRHSA-2014:0370 CVE-2013-6438 CVE-2014-0098
RHSA-2014:0370: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140370 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0370, CVE-2013-6438, CVE-2014-0098 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. It was found that the mod_dav module did not correctly strip leading white space from certain elements in a parsed XML. In certain httpd configurations that use the mod_dav module (for example when using the mod_dav_svn module), a remote attacker could send a specially crafted DAV request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2013-6438) A buffer over-read flaw was found in the httpd mod_log_config module. In configurations where cookie logging is enabled (on Red Hat Enterprise Linux it is disabled by default), a remote attacker could use this flaw to crash the httpd child process via an HTTP request with a malformed cookie header. (CVE-2014-0098) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2014:0376: openssl security update (Important)oval-com.redhat.rhsa-def-20140376 highRHSA-2014:0376 CVE-2014-0160
RHSA-2014:0376: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140376 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0376, CVE-2014-0160 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An information disclosure flaw was found in the way OpenSSL handled TLS and DTLS Heartbeat Extension packets. A malicious TLS or DTLS client or server could send a specially crafted TLS or DTLS Heartbeat packet to disclose a limited portion of memory per request from a connected client or server. Note that the disclosed portions of memory could potentially include sensitive information such as private keys. (CVE-2014-0160) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2014:0383: samba4 security update (Moderate)oval-com.redhat.rhsa-def-20140383 mediumRHSA-2014:0383 CVE-2012-6150 CVE-2013-4496 CVE-2013-6442
RHSA-2014:0383: samba4 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140383 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0383, CVE-2012-6150, CVE-2013-4496, CVE-2013-6442 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. It was found that certain Samba configurations did not enforce the password lockout mechanism. A remote attacker could use this flaw to perform password guessing attacks on Samba user accounts. Note: this flaw only affected Samba when deployed as a Primary Domain Controller. (CVE-2013-4496) A flaw was found in Samba's "smbcacls" command, which is used to set or get ACLs on SMB file shares. Certain command line options of this command would incorrectly remove an ACL previously applied on a file or a directory, leaving the file or directory without the intended ACL. (CVE-2013-6442) A flaw was found in the way the pam_winbind module handled configurations that specified a non-existent group as required. An authenticated user could possibly use this flaw to gain access to a service using pam_winbind in its PAM configuration when group restriction was intended for access to the service. (CVE-2012-6150) Red Hat would like to thank the Samba project for reporting CVE-2013-4496 and CVE-2013-6442, and Sam Richardson for reporting CVE-2012-6150. Upstream acknowledges Andrew Bartlett as the original reporter of CVE-2013-4496, and Noel Power as the original reporter of CVE-2013-6442. All users of Samba are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2014:0406: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20140406 highRHSA-2014:0406 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427
RHSA-2014:0406: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140406 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0406, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2402, CVE-2014-2403, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0407: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20140407 highRHSA-2014:0407 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427
RHSA-2014:0407: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140407 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0407, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2402, CVE-2014-2403, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20140408 highRHSA-2014:0408 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427
RHSA-2014:0408: java-1.6.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140408 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0408, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2403, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) This update also fixes the following bug: * The OpenJDK update to IcedTea version 1.13 introduced a regression related to the handling of the jdk_version_info variable. This variable was not properly zeroed out before being passed to the Java Virtual Machine, resulting in a memory leak in the java.lang.ref.Finalizer class. This update fixes this issue, and memory leaks no longer occur. (BZ#1085373) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0413: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20140413 highRHSA-2014:0413 CVE-2013-6629 CVE-2013-6954 CVE-2014-0429 CVE-2014-0432 CVE-2014-0446 CVE-2014-0448 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2401 CVE-2014-2402 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2422 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428
RHSA-2014:0413: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140413 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0413, CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 55 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2014:0414: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20140414 highRHSA-2014:0414 CVE-2013-1500 CVE-2013-1571 CVE-2013-2407 CVE-2013-2412 CVE-2013-2437 CVE-2013-2442 CVE-2013-2443 CVE-2013-2444 CVE-2013-2445 CVE-2013-2446 CVE-2013-2447 CVE-2013-2448 CVE-2013-2450 CVE-2013-2451 CVE-2013-2452 CVE-2013-2453 CVE-2013-2454 CVE-2013-2455 CVE-2013-2456 CVE-2013-2457 CVE-2013-2459 CVE-2013-2461 CVE-2013-2463 CVE-2013-2464 CVE-2013-2465 CVE-2013-2466 CVE-2013-2468 CVE-2013-2469 CVE-2013-2470 CVE-2013-2471 CVE-2013-2472 CVE-2013-2473 CVE-2013-3743 CVE-2013-3829 CVE-2013-4002 CVE-2013-4578 CVE-2013-5772 CVE-2013-5774 CVE-2013-5776 CVE-2013-5778 CVE-2013-5780 CVE-2013-5782 CVE-2013-5783 CVE-2013-5784 CVE-2013-5787 CVE-2013-5789 CVE-2013-5790 CVE-2013-5797 CVE-2013-5801 CVE-2013-5802 CVE-2013-5803 CVE-2013-5804 CVE-2013-5809 CVE-2013-5812 CVE-2013-5814 CVE-2013-5817 CVE-2013-5818 CVE-2013-5819 CVE-2013-5820 CVE-2013-5823 CVE-2013-5824 CVE-2013-5825 CVE-2013-5829 CVE-2013-5830 CVE-2013-5831 CVE-2013-5832 CVE-2013-5840 CVE-2013-5842 CVE-2013-5843 CVE-2013-5848 CVE-2013-5849 CVE-2013-5850 CVE-2013-5852 CVE-2013-5878 CVE-2013-5884 CVE-2013-5887 CVE-2013-5888 CVE-2013-5889 CVE-2013-5896 CVE-2013-5898 CVE-2013-5899 CVE-2013-5902 CVE-2013-5905 CVE-2013-5906 CVE-2013-5907 CVE-2013-5910 CVE-2013-6629 CVE-2013-6954 CVE-2014-0368 CVE-2014-0373 CVE-2014-0375 CVE-2014-0376 CVE-2014-0387 CVE-2014-0403 CVE-2014-0410 CVE-2014-0411 CVE-2014-0415 CVE-2014-0416 CVE-2014-0417 CVE-2014-0418 CVE-2014-0422 CVE-2014-0423 CVE-2014-0424 CVE-2014-0428 CVE-2014-0429 CVE-2014-0446 CVE-2014-0449 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2398 CVE-2014-2401 CVE-2014-2403 CVE-2014-2409 CVE-2014-2412 CVE-2014-2414 CVE-2014-2420 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427 CVE-2014-2428
RHSA-2014:0414: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140414 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0414, CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-4578, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory pages, listed in the References section. (CVE-2013-1500, CVE-2013-1571, CVE-2013-2407, CVE-2013-2412, CVE-2013-2437, CVE-2013-2442, CVE-2013-2443, CVE-2013-2444, CVE-2013-2445, CVE-2013-2446, CVE-2013-2447, CVE-2013-2448, CVE-2013-2450, CVE-2013-2451, CVE-2013-2452, CVE-2013-2453, CVE-2013-2454, CVE-2013-2455, CVE-2013-2456, CVE-2013-2457, CVE-2013-2459, CVE-2013-2461, CVE-2013-2463, CVE-2013-2464, CVE-2013-2465, CVE-2013-2466, CVE-2013-2468, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-3743, CVE-2013-3829, CVE-2013-4002, CVE-2013-5772, CVE-2013-5774, CVE-2013-5776, CVE-2013-5778, CVE-2013-5780, CVE-2013-5782, CVE-2013-5783, CVE-2013-5784, CVE-2013-5787, CVE-2013-5789, CVE-2013-5790, CVE-2013-5797, CVE-2013-5801, CVE-2013-5802, CVE-2013-5803, CVE-2013-5804, CVE-2013-5809, CVE-2013-5812, CVE-2013-5814, CVE-2013-5817, CVE-2013-5818, CVE-2013-5819, CVE-2013-5820, CVE-2013-5823, CVE-2013-5824, CVE-2013-5825, CVE-2013-5829, CVE-2013-5830, CVE-2013-5831, CVE-2013-5832, CVE-2013-5840, CVE-2013-5842, CVE-2013-5843, CVE-2013-5848, CVE-2013-5849, CVE-2013-5850, CVE-2013-5852, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2013-6629, CVE-2013-6954, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0387, CVE-2014-0403, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, CVE-2014-0429, CVE-2014-0446, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2398, CVE-2014-2401, CVE-2014-2403, CVE-2014-2409, CVE-2014-2412, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428) All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2014:0420: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20140420 mediumRHSA-2014:0420 CVE-2014-0142 CVE-2014-0143 CVE-2014-0144 CVE-2014-0145 CVE-2014-0146 CVE-2014-0147 CVE-2014-0148 CVE-2014-0150
RHSA-2014:0420: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140420 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0420, CVE-2014-0142, CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0146, CVE-2014-0147, CVE-2014-0148, CVE-2014-0150 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0143, CVE-2014-0144, CVE-2014-0145, CVE-2014-0147) A buffer overflow flaw was found in the way the virtio_net_handle_mac() function of QEMU processed guest requests to update the table of MAC addresses. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0150) A divide-by-zero flaw was found in the seek_to_sector() function of the parallels block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0142) A NULL pointer dereference flaw was found in the QCOW2 block driver in QEMU. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0146) It was found that the block driver for Hyper-V VHDX images did not correctly calculate BAT (Block Allocation Table) entries due to a missing bounds check. An attacker able to modify a disk image file loaded by a guest could use this flaw to crash the guest. (CVE-2014-0148) The CVE-2014-0143 issues were discovered by Kevin Wolf and Stefan Hajnoczi of Red Hat, the CVE-2014-0144 issues were discovered by Fam Zheng, Jeff Cody, Kevin Wolf, and Stefan Hajnoczi of Red Hat, the CVE-2014-0145 issues were discovered by Stefan Hajnoczi of Red Hat, the CVE-2014-0150 issue was discovered by Michael S. Tsirkin of Red Hat, the CVE-2014-0142, CVE-2014-0146, and CVE-2014-0147 issues were discovered by Kevin Wolf of Red Hat, and the CVE-2014-0148 issue was discovered by Jeff Cody of Red Hat. All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2014:0429: tomcat6 security update (Moderate)oval-com.redhat.rhsa-def-20140429 mediumRHSA-2014:0429 CVE-2013-4286 CVE-2013-4322 CVE-2014-0050
RHSA-2014:0429: tomcat6 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140429 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0429, CVE-2013-4286, CVE-2013-4322, CVE-2014-0050 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. A remote attacker could use this flaw to create a malformed Content-Type header for a multipart request, causing JBoss Web to enter an infinite loop when processing such an incoming request. (CVE-2014-0050) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2014:0433: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20140433 mediumRHSA-2014:0433 CVE-2012-6638 CVE-2013-2888
RHSA-2014:0433: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140433 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0433, CVE-2012-6638, CVE-2013-2888 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled TCP packets with both the SYN and FIN flags set. A remote attacker could use this flaw to consume an excessive amount of resources on the target system, potentially resulting in a denial of service. (CVE-2012-6638, Moderate) * A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, Moderate) This update also fixes the following bugs: * A previous change to the sunrpc code introduced a race condition between the rpc_wake_up_task() and rpc_wake_up_status() functions. A race between threads operating on these functions could result in a deadlock situation, subsequently triggering a "soft lockup" event and rendering the system unresponsive. This problem has been fixed by re-ordering tasks in the RPC wait queue. (BZ#1073731) * Running a process in the background on a GFS2 file system could sometimes trigger a glock recursion error that resulted in a kernel panic. This happened when a readpage operation attempted to take a glock that had already been held by another function. To prevent this error, GFS2 now verifies whether the glock is already held when performing the readpage operation. (BZ#1073953) * A previous patch backport to the IUCV (Inter User Communication Vehicle) code was incomplete. Consequently, when establishing an IUCV connection, the kernel could, under certain circumstances, dereference a NULL pointer, resulting in a kernel panic. A patch has been applied to correct this problem by calling the proper function when removing IUCV paths. (BZ#1077045) In addition, this update adds the following enhancement: * The lpfc driver had a fixed timeout of 60 seconds for SCSI task management commands. With this update, the lpfc driver enables the user to set this timeout within the range from 5 to 180 seconds. The timeout can be changed by modifying the "lpfc_task_mgmt_tmo" parameter for the lpfc driver. (BZ#1073123) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. |
RHSA-2014:0448: firefox security update (Critical)oval-com.redhat.rhsa-def-20140448 highRHSA-2014:0448 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532
RHSA-2014:0448: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140448 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0448, CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532 |
| Description | Mozilla Firefox is an open source web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531) A use-after-free flaw was found in the way Firefox resolved hosts in certain circumstances. An attacker could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1532) An out-of-bounds read flaw was found in the way Firefox decoded JPEG images. Loading a web page containing a specially crafted JPEG image could cause Firefox to crash. (CVE-2014-1523) A flaw was found in the way Firefox handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse Schwartzentrube as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to this updated package, which contains Firefox version 24.5.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2014:0449: thunderbird security update (Important)oval-com.redhat.rhsa-def-20140449 highRHSA-2014:0449 CVE-2014-1518 CVE-2014-1523 CVE-2014-1524 CVE-2014-1529 CVE-2014-1530 CVE-2014-1531 CVE-2014-1532
RHSA-2014:0449: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140449 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0449, CVE-2014-1518, CVE-2014-1523, CVE-2014-1524, CVE-2014-1529, CVE-2014-1530, CVE-2014-1531, CVE-2014-1532 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531) A use-after-free flaw was found in the way Thunderbird resolved hosts in certain circumstances. An attacker could use this flaw to crash Thunderbird or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1532) An out-of-bounds read flaw was found in the way Thunderbird decoded JPEG images. Loading an email or a web page containing a specially crafted JPEG image could cause Thunderbird to crash. (CVE-2014-1523) A flaw was found in the way Thunderbird handled browser navigations through history. An attacker could possibly use this flaw to cause the address bar of the browser to display a web page name while loading content from an entirely different web page, which could allow for cross-site scripting (XSS) attacks. (CVE-2014-1530) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler, Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith and Jesse Schwartzentrube as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.5.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.5.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2014:0474: struts security update (Important)oval-com.redhat.rhsa-def-20140474 highRHSA-2014:0474 CVE-2014-0114
RHSA-2014:0474: struts security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140474 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0474, CVE-2014-0114 |
| Description | Apache Struts is a framework for building web applications with Java. It was found that the Struts 1 ActionForm object allowed access to the 'class' parameter, which is directly mapped to the getClass() method. A remote attacker could use this flaw to manipulate the ClassLoader used by an application server running Struts 1. This could lead to remote code execution under certain conditions. (CVE-2014-0114) All struts users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using struts must be restarted for this update to take effect. |
RHSA-2014:0475: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20140475 highRHSA-2014:0475 CVE-2013-6383 CVE-2014-0077 CVE-2014-2523
RHSA-2014:0475: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140475 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0475, CVE-2013-6383, CVE-2014-0077, CVE-2014-2523 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's netfilter connection tracking implementation for Datagram Congestion Control Protocol (DCCP) packets used the skb_header_pointer() function. A remote attacker could use this flaw to send a specially crafted DCCP packet to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2523, Important) * A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions. (CVE-2013-6383, Moderate) * A flaw was found in the way the handle_rx() function handled large network packets when mergeable buffers were disabled. A privileged guest user could use this flaw to crash the host or corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0077, Moderate) The CVE-2014-0077 issue was discovered by Michael S. Tsirkin of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:0513: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20140513 mediumRHSA-2014:0513 CVE-2013-2877 CVE-2014-0191
RHSA-2014:0513: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140513 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0513, CVE-2013-2877, CVE-2014-0191 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) An out-of-bounds read flaw was found in the way libxml2 detected the end of an XML file. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to crash. (CVE-2013-2877) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2014:0536: mysql55-mysql security update (Moderate)oval-com.redhat.rhsa-def-20140536 mediumRHSA-2014:0536 CVE-2014-0384 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2436 CVE-2014-2438
RHSA-2014:0536: mysql55-mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140536 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0536, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MySQL to version 5.5.37. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2014:0560: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140560 mediumRHSA-2014:0560 CVE-2014-0179
RHSA-2014:0560: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140560 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0560, CVE-2014-0179 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a special file that blocks on read access could use this flaw to cause libvirtd to hang indefinitely, resulting in a denial of service on the system. (CVE-2014-0179) Red Hat would like to thank the upstream Libvirt project for reporting this issue. Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters. This update also fixes the following bugs: * When hot unplugging a virtual CPU (vCPU), libvirt kept a pointer to already freed memory if the vCPU was pinned to a host CPU. Consequently, when reading the CPU pinning information, libvirt terminated unexpectedly due to an attempt to access this memory. This update ensures that libvirt releases the pointer to the previously allocated memory when a vCPU is being hot unplugged, and it no longer crashes in this situation. (BZ#1091206) * Previously, libvirt passed an incorrect argument to the "tc" command when setting quality of service (QoS) on a network interface controller (NIC). As a consequence, QoS was applied only to IP traffic. With this update, libvirt constructs the "tc" command correctly so that QoS is applied to all traffic as expected. (BZ#1096806) * When using the sanlock daemon for managing access to shared storage, libvirt expected all QEMU domains to be registered with sanlock. However, if a QEMU domain was started prior to enabling sanlock, the domain was not registered with sanlock. Consequently, migration of a virtual machine (VM) from such a QEMU domain failed with a libvirt error. With this update, libvirt verifies whether a QEMU domain process is registered with sanlock before it starts working with the domain, ensuring that migration of virtual machines works as expected. (BZ#1097227) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2014:0561: curl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140561 mediumRHSA-2014:0561 CVE-2014-0015 CVE-2014-0138
RHSA-2014:0561: curl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140561 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0561, CVE-2014-0015, CVE-2014-0138 |
| Description | cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that libcurl could incorrectly reuse existing connections for requests that should have used different or no authentication credentials, when using one of the following protocols: HTTP(S) with NTLM authentication, LDAP(S), SCP, or SFTP. If an application using the libcurl library connected to a remote server with certain authentication credentials, this flaw could cause other requests to use those same credentials. (CVE-2014-0015, CVE-2014-0138) Red Hat would like to thank the cURL project for reporting these issues. Upstream acknowledges Paras Sethia as the original reporter of CVE-2014-0015 and Yehezkel Horowitz for discovering the security impact of this issue, and Steve Holme as the original reporter of CVE-2014-0138. This update also fixes the following bugs: * Previously, the libcurl library was closing a network socket without first terminating the SSL connection using the socket. This resulted in a write after close and consequent leakage of memory dynamically allocated by the SSL library. An upstream patch has been applied on libcurl to fix this bug. As a result, the write after close no longer happens, and the SSL library no longer leaks memory. (BZ#1092479) * Previously, the libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on libcurl's multi API. To fix this bug, the non-blocking SSL handshake has been implemented by libcurl. With this update, libcurl's multi API immediately returns the control back to the application whenever it cannot read/write data from/to the underlying network socket. (BZ#1092480) * Previously, the curl package could not be rebuilt from sources due to an expired cookie in the upstream test-suite, which runs during the build. An upstream patch has been applied to postpone the expiration date of the cookie, which makes it possible to rebuild the package from sources again. (BZ#1092486) * Previously, the libcurl library attempted to authenticate using Kerberos whenever such an authentication method was offered by the server. This caused problems when the server offered multiple authentication methods and Kerberos was not the selected one. An upstream patch has been applied on libcurl to fix this bug. Now libcurl no longer uses Kerberos authentication if another authentication method is selected. (BZ#1096797) All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications that use libcurl have to be restarted for this update to take effect. |
RHSA-2014:0594: gnutls security update (Important)oval-com.redhat.rhsa-def-20140594 highRHSA-2014:0594 CVE-2014-3466 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469
RHSA-2014:0594: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140594 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0594, CVE-2014-3466, CVE-2014-3467, CVE-2014-3468, CVE-2014-3469 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. (CVE-2014-3468) Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467) Multiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469) Red Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466. Users of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted. |
RHSA-2014:0595: gnutls security update (Important)oval-com.redhat.rhsa-def-20140595 highRHSA-2014:0595 CVE-2014-3466
RHSA-2014:0595: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140595 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0595, CVE-2014-3466 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted. |
RHSA-2014:0596: libtasn1 security update (Moderate)oval-com.redhat.rhsa-def-20140596 mediumRHSA-2014:0596 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469
RHSA-2014:0596: libtasn1 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140596 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0596, CVE-2014-3467, CVE-2014-3468, CVE-2014-3469 |
| Description | The libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. (CVE-2014-3468) Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467) Multiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469) Red Hat would like to thank GnuTLS upstream for reporting these issues. All libtasn1 users are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the libtasn1 library must be restarted. |
RHSA-2014:0597: squid security update (Moderate)oval-com.redhat.rhsa-def-20140597 mediumRHSA-2014:0597 CVE-2014-0128
RHSA-2014:0597: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140597 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0597, CVE-2014-0128 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A denial of service flaw was found in the way Squid processed certain HTTPS requests when the SSL Bump feature was enabled. A remote attacker could send specially crafted requests that could cause Squid to crash. (CVE-2014-0128) Red Hat would like to thank the Squid project for reporting this issue. Upstream acknowledges Mathias Fischer and Fabian Hugelshofer from Open Systems AG as the original reporters. All squid users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. |
RHSA-2014:0624: openssl security update (Important)oval-com.redhat.rhsa-def-20140624 highRHSA-2014:0624 CVE-2014-0224
RHSA-2014:0624: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140624 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0624, CVE-2014-0224 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2014:0625: openssl security update (Important)oval-com.redhat.rhsa-def-20140625 highRHSA-2014:0625 CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
RHSA-2014:0625: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140625 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0625, CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2014:0626: openssl097a and openssl098e security update (Important)oval-com.redhat.rhsa-def-20140626 highRHSA-2014:0626 CVE-2014-0224
RHSA-2014:0626: openssl097a and openssl098e security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140626 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0626, CVE-2014-0224 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2014:0675: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20140675 highRHSA-2014:0675 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0454 CVE-2014-0455 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0459 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2402 CVE-2014-2403 CVE-2014-2412 CVE-2014-2413 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427
RHSA-2014:0675: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140675 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0675, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2402, CVE-2014-2403, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0455, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, Security, Sound, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-2402, CVE-2014-0446, CVE-2014-2413, CVE-2014-0454, CVE-2014-2427, CVE-2014-0459) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0678: kernel security update (Important)oval-com.redhat.rhsa-def-20140678 highRHSA-2014:0678 CVE-2014-0196
RHSA-2014:0678: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140678 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0678, CVE-2014-0196 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw, leading to heap-based buffer overflows, was found in the way the Linux kernel's N_TTY line discipline (LDISC) implementation handled concurrent processing of echo output and TTY write operations originating from user space when the underlying TTY driver was PTY. An unprivileged, local user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-0196, Important) All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2014:0679: openssl security update (Important)oval-com.redhat.rhsa-def-20140679 highRHSA-2014:0679 CVE-2010-5298 CVE-2014-0195 CVE-2014-0198 CVE-2014-0221 CVE-2014-0224 CVE-2014-3470
RHSA-2014:0679: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140679 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0679, CVE-2010-5298, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 A buffer overflow flaw was found in the way OpenSSL handled invalid DTLS packet fragments. A remote attacker could possibly use this flaw to execute arbitrary code on a DTLS client or server. (CVE-2014-0195) Multiple flaws were found in the way OpenSSL handled read and write buffers when the SSL_MODE_RELEASE_BUFFERS mode was enabled. A TLS/SSL client or server using OpenSSL could crash or unexpectedly drop connections when processing certain SSL traffic. (CVE-2010-5298, CVE-2014-0198) A denial of service flaw was found in the way OpenSSL handled certain DTLS ServerHello requests. A specially crafted DTLS handshake packet could cause a DTLS client using OpenSSL to crash. (CVE-2014-0221) A NULL pointer dereference flaw was found in the way OpenSSL performed anonymous Elliptic Curve Diffie Hellman (ECDH) key exchange. A specially crafted handshake packet could cause a TLS/SSL client that has the anonymous ECDH cipher suite enabled to crash. (CVE-2014-3470) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of CVE-2014-0224, Jüri Aedla as the original reporter of CVE-2014-0195, Imre Rad of Search-Lab as the original reporter of CVE-2014-0221, and Felix Gröbert and Ivan Fratrić of Google as the original reporters of CVE-2014-3470. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2014:0680: openssl098e security update (Important)oval-com.redhat.rhsa-def-20140680 highRHSA-2014:0680 CVE-2014-0224
RHSA-2014:0680: openssl098e security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140680 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0680, CVE-2014-0224 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was found that OpenSSL clients and servers could be forced, via a specially crafted handshake packet, to use weak keying material for communication. A man-in-the-middle attacker could use this flaw to decrypt and modify traffic between a client and a server. (CVE-2014-0224) Note: In order to exploit this flaw, both the server and the client must be using a vulnerable version of OpenSSL; the server must be using OpenSSL version 1.0.1 and above, and the client must be using any version of OpenSSL. For more information about this flaw, refer to: https://access.redhat.com/site/articles/904433 Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2014:0684: gnutls security update (Important)oval-com.redhat.rhsa-def-20140684 highRHSA-2014:0684 CVE-2014-3465 CVE-2014-3466
RHSA-2014:0684: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140684 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0684, CVE-2014-3465, CVE-2014-3466 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or, possibly, execute arbitrary code. (CVE-2014-3466) A NULL pointer dereference flaw was found in the way GnuTLS parsed X.509 certificates. A specially crafted certificate could cause a server or client application using GnuTLS to crash. (CVE-2014-3465) Red Hat would like to thank GnuTLS upstream for reporting these issues. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter of CVE-2014-3466. Users of GnuTLS are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the GnuTLS library must be restarted. |
RHSA-2014:0685: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20140685 highRHSA-2014:0685 CVE-2014-0429 CVE-2014-0446 CVE-2014-0451 CVE-2014-0452 CVE-2014-0453 CVE-2014-0456 CVE-2014-0457 CVE-2014-0458 CVE-2014-0460 CVE-2014-0461 CVE-2014-1876 CVE-2014-2397 CVE-2014-2398 CVE-2014-2403 CVE-2014-2412 CVE-2014-2414 CVE-2014-2421 CVE-2014-2423 CVE-2014-2427
RHSA-2014:0685: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140685 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0685, CVE-2014-0429, CVE-2014-0446, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0460, CVE-2014-0461, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2403, CVE-2014-2412, CVE-2014-2414, CVE-2014-2421, CVE-2014-2423, CVE-2014-2427 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An input validation flaw was discovered in the medialib library in the 2D component. A specially crafted image could trigger Java Virtual Machine memory corruption when processed. A remote attacker, or an untrusted Java application or applet, could possibly use this flaw to execute arbitrary code with the privileges of the user running the Java Virtual Machine. (CVE-2014-0429) Multiple flaws were discovered in the Hotspot and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to trigger Java Virtual Machine memory corruption and possibly bypass Java sandbox restrictions. (CVE-2014-0456, CVE-2014-2397, CVE-2014-2421) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-0457, CVE-2014-0461) Multiple improper permission check issues were discovered in the AWT, JAX-WS, JAXB, Libraries, and Sound components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-2412, CVE-2014-0451, CVE-2014-0458, CVE-2014-2423, CVE-2014-0452, CVE-2014-2414, CVE-2014-0446, CVE-2014-2427) Multiple flaws were identified in the Java Naming and Directory Interface (JNDI) DNS client. These flaws could make it easier for a remote attacker to perform DNS spoofing attacks. (CVE-2014-0460) It was discovered that the JAXP component did not properly prevent access to arbitrary files when a SecurityManager was present. This flaw could cause a Java application using JAXP to leak sensitive information, or affect application availability. (CVE-2014-2403) It was discovered that the Security component in OpenJDK could leak some timing information when performing PKCS#1 unpadding. This could possibly lead to the disclosure of some information that was meant to be protected by encryption. (CVE-2014-0453) It was discovered that the fix for CVE-2013-5797 did not properly resolve input sanitization flaws in javadoc. When javadoc documentation was generated from an untrusted Java source code and hosted on a domain not controlled by the code author, these issues could make it easier to perform cross-site scripting (XSS) attacks. (CVE-2014-2398) An insecure temporary file use flaw was found in the way the unpack200 utility created log files. A local attacker could possibly use this flaw to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running unpack200. (CVE-2014-1876) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0686: tomcat security update (Important)oval-com.redhat.rhsa-def-20140686 highRHSA-2014:0686 CVE-2013-4286 CVE-2013-4322 CVE-2014-0186
RHSA-2014:0686: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140686 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0686, CVE-2013-4286, CVE-2013-4322, CVE-2014-0186 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on the Tomcat server by sending a specially crafted request to that server. (CVE-2014-0186) It was found that when Tomcat 7 processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests. (CVE-2013-4286) It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat 7 processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. (CVE-2013-4322) All Tomcat 7 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2014:0687: libtasn1 security update (Moderate)oval-com.redhat.rhsa-def-20140687 mediumRHSA-2014:0687 CVE-2014-3467 CVE-2014-3468 CVE-2014-3469
RHSA-2014:0687: libtasn1 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140687 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0687, CVE-2014-3467, CVE-2014-3468, CVE-2014-3469 |
| Description | The libtasn1 library provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. It was discovered that the asn1_get_bit_der() function of the libtasn1 library incorrectly reported the length of ASN.1-encoded data. Specially crafted ASN.1 input could cause an application using libtasn1 to perform an out-of-bounds access operation, causing the application to crash or, possibly, execute arbitrary code. (CVE-2014-3468) Multiple incorrect buffer boundary check issues were discovered in libtasn1. Specially crafted ASN.1 input could cause an application using libtasn1 to crash. (CVE-2014-3467) Multiple NULL pointer dereference flaws were found in libtasn1's asn1_read_value() function. Specially crafted ASN.1 input could cause an application using libtasn1 to crash, if the application used the aforementioned function in a certain way. (CVE-2014-3469) Red Hat would like to thank GnuTLS upstream for reporting these issues. All libtasn1 users are advised to upgrade to these updated packages, which correct these issues. For the update to take effect, all applications linked to the libtasn1 library must be restarted. |
RHSA-2014:0702: mariadb security update (Moderate)oval-com.redhat.rhsa-def-20140702 mediumRHSA-2014:0702 CVE-2014-0384 CVE-2014-2419 CVE-2014-2430 CVE-2014-2431 CVE-2014-2432 CVE-2014-2436 CVE-2014-2438 CVE-2019-2481
RHSA-2014:0702: mariadb security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140702 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0702, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2436, CVE-2014-2438, CVE-2019-2481 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2436, CVE-2014-2440, CVE-2014-0384, CVE-2014-2419, CVE-2014-2430, CVE-2014-2431, CVE-2014-2432, CVE-2014-2438) These updated packages upgrade MariaDB to version 5.5.37. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. |
RHSA-2014:0703: json-c security update (Moderate)oval-com.redhat.rhsa-def-20140703 mediumRHSA-2014:0703 CVE-2013-6370 CVE-2013-6371
RHSA-2014:0703: json-c security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140703 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0703, CVE-2013-6370, CVE-2013-6371 |
| Description | JSON-C implements a reference counting object model that allows you to easily construct JSON objects in C, output them as JSON-formatted strings, and parse JSON-formatted strings back into the C representation of JSON objects. Multiple buffer overflow flaws were found in the way the json-c library handled long strings in JSON documents. An attacker able to make an application using json-c parse excessively large JSON input could cause the application to crash. (CVE-2013-6370) A denial of service flaw was found in the implementation of hash arrays in json-c. An attacker could use this flaw to make an application using json-c consume an excessive amount of CPU time by providing a specially crafted JSON document that triggers multiple hash function collisions. To mitigate this issue, json-c now uses a different hash function and randomization to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2013-6371) These issues were discovered by Florian Weimer of the Red Hat Product Security Team. All json-c users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:0704: qemu-kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140704 mediumRHSA-2014:0704 CVE-2014-2894
RHSA-2014:0704: qemu-kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140704 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0704, CVE-2014-2894 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide a user-space component to run virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-2894) This update also fixes the following bugs: * Prior to this update, a bug in the migration code caused the following error on specific machine types: after a Red Hat Enterprise Linux 6.5 guest was migrated from a Red Hat Enterprise Linux 6.5 host to a Red Hat Enterprise Linux 7.0 host and then restarted, the boot failed and the guest automatically restarted. Thus, the guest entered an endless loop. With this update, the migration code has been fixed and the Red Hat Enterprise Linux 6.5 guests migrated in the aforementioned scenario now boot properly. (BZ#1091322) * Due to a regression bug in the iSCSI driver, the qemu-kvm process terminated unexpectedly with a segmentation fault when the "write same" command was executed in guest mode under the iSCSI protocol. This update fixes the regression and the "write same" command now functions in guest mode under iSCSI as intended. (BZ#1090978) * Due to a mismatch in interrupt request (IRQ) routing, migration of a Red Hat Enterprise Linux 6.5 guest from a Red Hat Enterprise Linux 6.5 host to a Red Hat Enterprise Linux 7.0 host could produce a call trace. This happened if memory ballooning and a Universal Host Control Interface (UHCI) device were used at the same time on certain machine types. With this patch, the IRQ routing mismatch has been amended and the described migration now proceeds as expected. (BZ#1090981) * Previously, an internal error prevented KVM from executing a CPU hot plug on a Red Hat Enterprise Linux 7 guest running on a Red Hat Enterprise Linux 7 host. This update addresses the internal error and CPU hot plugging in the described scenario now functions correctly. (BZ#1094820) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2014:0740: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20140740 highRHSA-2014:0740 CVE-2013-7339 CVE-2014-1737 CVE-2014-1738
RHSA-2014:0740: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140740 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0740, CVE-2013-7339, CVE-2014-1737, CVE-2014-1738 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate) Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. This update also fixes the following bugs: * A bug in the futex system call could result in an overflow when passing a very large positive timeout. As a consequence, the FUTEX_WAIT operation did not work as intended and the system call was timing out immediately. A backported patch fixes this bug by limiting very large positive timeouts to the maximal supported value. (BZ#1091832) * A new Linux Security Module (LSM) functionality related to the setrlimit hooks should produce a warning message when used by a third party module that could not cope with it. However, due to a programming error, the kernel could print this warning message when a process was setting rlimits for a different process, or if rlimits were modified by another than the main thread even though there was no incompatible third party module. This update fixes the relevant code and ensures that the kernel handles this warning message correctly. (BZ#1092869) * Previously, the kernel was unable to detect KVM on system boot if the Hyper-V emulation was enabled. A patch has been applied to ensure that both KVM and Hyper-V hypervisors are now correctly detected during system boot. (BZ#1094152) * A function in the RPC code responsible for verifying whether cached credentials match the current process did not perform the check correctly. The code checked only whether the groups in the current process credentials appear in the same order as in the cached credentials but did not ensure that no other groups are present in the cached credentials. As a consequence, when accessing files in NFS mounts, a process with the same UID and GID as the original process but with a non-matching group list could have been granted an unauthorized access to a file, or under certain circumstances, the process could have been wrongly prevented from accessing the file. The incorrect test condition has been fixed and the problem can no longer occur. (BZ#1095062) * When being under heavy load, some Fibre Channel storage devices, such as Hitachi and HP Open-V series, can send a logout (LOGO) message to the host system. However, due to a bug in the lpfc driver, this could result in a loss of active paths to the storage and the paths could not be recovered without manual intervention. This update corrects the lpfc driver to ensure automatic recovery of the lost paths to the storage in this scenario. (BZ#1096061) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:0741: firefox security update (Critical)oval-com.redhat.rhsa-def-20140741 highRHSA-2014:0741 CVE-2014-1533 CVE-2014-1538 CVE-2014-1541
RHSA-2014:0741: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140741 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0741, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Abhishek Arya, and Nils as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.6.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.6.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2014:0742: thunderbird security update (Important)oval-com.redhat.rhsa-def-20140742 highRHSA-2014:0742 CVE-2014-1533 CVE-2014-1538 CVE-2014-1541
RHSA-2014:0742: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140742 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0742, CVE-2014-1533, CVE-2014-1538, CVE-2014-1541 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, Kyle Huey, Abhishek Arya, and Nils as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2014:0743: qemu-kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140743 mediumRHSA-2014:0743 CVE-2013-4148 CVE-2013-4151 CVE-2013-4535 CVE-2013-4536 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-2894 CVE-2014-3461
RHSA-2014:0743: qemu-kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140743 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0743, CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-2894, CVE-2014-3461 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way the virtio, virtio-net, virtio-scsi, and usb drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) An out-of-bounds memory access flaw was found in the way QEMU's IDE device driver handled the execution of SMART EXECUTE OFFLINE commands. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-2894) The CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461 issues were discovered by Michael S. Tsirkin of Red Hat, Anthony Liguori, and Michael Roth. This update also fixes the following bugs: * Previously, under certain circumstances, libvirt failed to start guests which used a non-zero PCI domain and SR-IOV Virtual Functions (VFs), and returned the following error message: Can't assign device inside non-zero PCI segment as this KVM module doesn't support it. This update fixes this issue and guests using the aforementioned configuration no longer fail to start. (BZ#1099941) * Due to an incorrect initialization of the cpus_sts bitmap, which holds the enablement status of a vCPU, libvirt could fail to start a guest with an unusual vCPU topology (for example, a guest with three cores and two sockets). With this update, the initialization of cpus_sts has been corrected, and libvirt no longer fails to start the aforementioned guests. (BZ#1100575) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2014:0747: python-jinja2 security update (Moderate)oval-com.redhat.rhsa-def-20140747 mediumRHSA-2014:0747 CVE-2014-1402
RHSA-2014:0747: python-jinja2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140747 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0747, CVE-2014-1402 |
| Description | Jinja2 is a template engine written in pure Python. It provides a Django-inspired, non-XML syntax but supports inline expressions and an optional sandboxed environment. It was discovered that Jinja2 did not properly handle bytecode cache files stored in the system's temporary directory. A local attacker could use this flaw to alter the output of an application using Jinja2 and FileSystemBytecodeCache, and potentially execute arbitrary code with the privileges of that application. (CVE-2014-1402) All python-jinja2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications using python-jinja2 must be restarted. |
RHSA-2014:0771: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20140771 highRHSA-2014:0771 CVE-2013-6378 CVE-2014-0203 CVE-2014-1737 CVE-2014-1738 CVE-2014-1874 CVE-2014-2039 CVE-2014-3153
RHSA-2014:0771: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140771 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0771, CVE-2013-6378, CVE-2014-0203, CVE-2014-1737, CVE-2014-1738, CVE-2014-1874, CVE-2014-2039, CVE-2014-3153 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-0203, Moderate) * A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate) * An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low) * A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low) Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:0786: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20140786 highRHSA-2014:0786 CVE-2014-0206 CVE-2014-1737 CVE-2014-1738 CVE-2014-2568 CVE-2014-2851 CVE-2014-3144 CVE-2014-3145 CVE-2014-3153
RHSA-2014:0786: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140786 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0786, CVE-2014-0206, CVE-2014-1737, CVE-2014-1738, CVE-2014-2568, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145, CVE-2014-3153 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * Use-after-free and information leak flaws were found in the way the Linux kernel's floppy driver processed the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use these flaws to escalate their privileges on the system. (CVE-2014-1737, CVE-2014-1738, Important) * It was found that the aio_read_events_ring() function of the Linux kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize the AIO ring head received from user space. A local, unprivileged user could use this flaw to disclose random parts of the (physical) memory belonging to the kernel and/or other processes. (CVE-2014-0206, Moderate) * An out-of-bounds memory access flaw was found in the Netlink Attribute extension of the Berkeley Packet Filter (BPF) interpreter functionality in the Linux kernel's networking implementation. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145, Moderate) * An information leak flaw was found in the way the skb_zerocopy() function copied socket buffers (skb) that are backed by user-space buffers (for example vhost-net and Xen netback), potentially allowing an attacker to read data from those buffers. (CVE-2014-2568, Low) Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153 and Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153. The CVE-2014-0206 issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bugs: * Due to incorrect calculation of Tx statistics in the qlcninc driver, running the "ethtool -S ethX" command could trigger memory corruption. As a consequence, running the sosreport tool, that uses this command, resulted in a kernel panic. The problem has been fixed by correcting the said statistics calculation. (BZ#1104972) * When an attempt to create a file on the GFS2 file system failed due to a file system quota violation, the relevant VFS inode was not completely uninitialized. This could result in a list corruption error. This update resolves this problem by correctly uninitializing the VFS inode in this situation. (BZ#1097407) * Due to a race condition in the kernel, the getcwd() system call could return "/" instead of the correct full path name when querying a path name of a file or directory. Paths returned in the "/proc" file system could also be incorrect. This problem was causing instability of various applications. The aforementioned race condition has been fixed and getcwd() now always returns the correct paths. (BZ#1099048) In addition, this update adds the following enhancements: * The kernel mutex code has been improved. The changes include improved queuing of the MCS spin locks, the MCS code optimization, introduction of the cancellable MCS spin locks, and improved handling of mutexes without wait locks. (BZ#1103631, BZ#1103629) * The handling of the Virtual Memory Area (VMA) cache and huge page faults has been improved. (BZ#1103630) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2014:0788: mod_wsgi security update (Important)oval-com.redhat.rhsa-def-20140788 highRHSA-2014:0788 CVE-2014-0240 CVE-2014-0242
RHSA-2014:0788: mod_wsgi security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140788 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0788, CVE-2014-0240, CVE-2014-0242 |
| Description | The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. (CVE-2014-0240) Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation. It was discovered that mod_wsgi could leak memory of a hosted web application via the "Content-Type" header. A remote attacker could possibly use this flaw to disclose limited portions of the web application's memory. (CVE-2014-0242) Red Hat would like to thank Graham Dumpleton for reporting these issues. Upstream acknowledges Róbert Kisteleki as the original reporter of CVE-2014-0240, and Buck Golemon as the original reporter of CVE-2014-0242. All mod_wsgi users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2014:0790: dovecot security update (Moderate)oval-com.redhat.rhsa-def-20140790 mediumRHSA-2014:0790 CVE-2014-3430
RHSA-2014:0790: dovecot security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140790 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0790, CVE-2014-3430 |
| Description | Dovecot is an IMAP server, written with security primarily in mind, for Linux and other UNIX-like systems. It also contains a small POP3 server. It supports mail in both the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. It was discovered that Dovecot did not properly discard connections trapped in the SSL/TLS handshake phase. A remote attacker could use this flaw to cause a denial of service on an IMAP/POP3 server by exhausting the pool of available connections and preventing further, legitimate connections to the IMAP/POP3 server to be made. (CVE-2014-3430) All dovecot users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the dovecot service will be restarted automatically. |
RHSA-2014:0827: tomcat security update (Moderate)oval-com.redhat.rhsa-def-20140827 mediumRHSA-2014:0827 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099
RHSA-2014:0827: tomcat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140827 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0827, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. All Tomcat 7 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2014:0861: lzo security update (Moderate)oval-com.redhat.rhsa-def-20140861 mediumRHSA-2014:0861 CVE-2014-4607
RHSA-2014:0861: lzo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140861 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0861, CVE-2014-4607 |
| Description | LZO is a portable lossless data compression library written in ANSI C. An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code. (CVE-2014-4607) Red Hat would like to thank Don A. Bailey from Lab Mouse Security for reporting this issue. All lzo users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the lzo library must be restarted or the system rebooted. |
RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140865 mediumRHSA-2014:0865 CVE-2014-0075 CVE-2014-0096 CVE-2014-0099
RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140865 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0865, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2014:0866: samba and samba3x security update (Moderate)oval-com.redhat.rhsa-def-20140866 mediumRHSA-2014:0866 CVE-2014-0244 CVE-2014-3493
RHSA-2014:0866: samba and samba3x security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140866 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0866, CVE-2014-0244, CVE-2014-3493 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2014-0244) It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. (CVE-2014-3493) Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-3493. The Samba project acknowledges Simon Arlott as the original reporter of CVE-2014-3493. All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2014:0867: samba security update (Moderate)oval-com.redhat.rhsa-def-20140867 mediumRHSA-2014:0867 CVE-2014-0178 CVE-2014-0244 CVE-2014-3493
RHSA-2014:0867: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140867 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0867, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the way the sys_recvfile() function of nmbd, the NetBIOS message block daemon, processed non-blocking sockets. An attacker could send a specially crafted packet that, when processed, would cause nmbd to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2014-0244) A flaw was found in the way Samba created responses for certain authenticated client requests when a shadow-copy VFS module was enabled. An attacker able to send an authenticated request could use this flaw to disclose limited portions of memory per each request. (CVE-2014-0178) It was discovered that smbd, the Samba file server daemon, did not properly handle certain files that were stored on the disk and used a valid Unicode character in the file name. An attacker able to send an authenticated non-Unicode request that attempted to read such a file could cause smbd to crash. (CVE-2014-3493) Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for reporting CVE-2014-0244, and the Samba project for reporting CVE-2014-0178 and CVE-2014-3493. The Samba project acknowledges Christof Schmitt as the original reporter of CVE-2014-0178, and Simon Arlott as the original reporter of CVE-2014-3493. All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20140889 highRHSA-2014:0889 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266
RHSA-2014:0889: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140889 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0889, CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0890: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20140890 highRHSA-2014:0890 CVE-2014-2483 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4221 CVE-2014-4223 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266
RHSA-2014:0890: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140890 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0890, CVE-2014-2483, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4221, CVE-2014-4223, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) Multiple improper permission check issues were discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2014-4223, CVE-2014-4262, CVE-2014-2483) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4221, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0902: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20140902 highRHSA-2014:0902 CVE-2014-2483 CVE-2014-2490 CVE-2014-4208 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4220 CVE-2014-4221 CVE-2014-4223 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4264 CVE-2014-4265 CVE-2014-4266
RHSA-2014:0902: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140902 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0902, CVE-2014-2483, CVE-2014-2490, CVE-2014-4208, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4220, CVE-2014-4221, CVE-2014-4223, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4264, CVE-2014-4265, CVE-2014-4266 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4219, CVE-2014-2490, CVE-2014-4216, CVE-2014-4223, CVE-2014-4262, CVE-2014-2483, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266, CVE-2014-4221, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265, CVE-2014-4220, CVE-2014-4208, CVE-2014-4264) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20140907 highRHSA-2014:0907 CVE-2014-2490 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4266
RHSA-2014:0907: java-1.6.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140907 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0907, CVE-2014-2490, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4266 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-4216, CVE-2014-4219) A format string flaw was discovered in the Hotspot component event logger in OpenJDK. An untrusted Java application or applet could use this flaw to crash the Java Virtual Machine or, potentially, execute arbitrary code with the privileges of the Java Virtual Machine. (CVE-2014-2490) An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-4262) Multiple flaws were discovered in the JMX, Libraries, Security, and Serviceability components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4266) It was discovered that the RSA algorithm in the Security component in OpenJDK did not sufficiently perform blinding while performing operations that were using private keys. An attacker able to measure timing differences of those operations could possibly leak information about the used keys. (CVE-2014-4244) The Diffie-Hellman (DH) key exchange algorithm implementation in the Security component in OpenJDK failed to validate public DH parameters properly. This could cause OpenJDK to accept and use weak parameters, allowing an attacker to recover the negotiated key. (CVE-2014-4263) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * Prior to this update, an application accessing an unsynchronized HashMap could potentially enter an infinite loop and consume an excessive amount of CPU resources. This update resolves this issue. (BZ#1115580) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:0908: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20140908 highRHSA-2014:0908 CVE-2014-4209 CVE-2014-4216 CVE-2014-4218 CVE-2014-4219 CVE-2014-4227 CVE-2014-4244 CVE-2014-4252 CVE-2014-4262 CVE-2014-4263 CVE-2014-4265
RHSA-2014:0908: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140908 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0908, CVE-2014-4209, CVE-2014-4216, CVE-2014-4218, CVE-2014-4219, CVE-2014-4227, CVE-2014-4244, CVE-2014-4252, CVE-2014-4262, CVE-2014-4263, CVE-2014-4265 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch page, listed in the References section. (CVE-2014-4219, CVE-2014-4216, CVE-2014-4262, CVE-2014-4209, CVE-2014-4218, CVE-2014-4252, CVE-2014-4244, CVE-2014-4263, CVE-2014-4227, CVE-2014-4265) The CVE-2014-4262 issue was discovered by Florian Weimer of Red Hat Product Security. Note: The way in which the Oracle Java SE packages are delivered has changed. They now reside in a separate channel/repository that requires action from the user to perform prior to getting updated packages. For information on subscribing to the new channel/repository please refer to: https://access.redhat.com/solutions/732883 All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 81 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2014:0914: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140914 mediumRHSA-2014:0914 CVE-2014-0179 CVE-2014-5177
RHSA-2014:0914: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140914 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0914, CVE-2014-0179, CVE-2014-5177 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that libvirt passes the XML_PARSE_NOENT flag when parsing XML documents using the libxml2 library, in which case all XML entities in the parsed documents are expanded. A user able to force libvirtd to parse an XML document with an entity pointing to a file could use this flaw to read the contents of that file; parsing an XML document with an entity pointing to a special file that blocks on read access could cause libvirtd to hang indefinitely, resulting in a denial of service on the system. (CVE-2014-0179) Red Hat would like to thank the upstream Libvirt project for reporting this issue. Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters. This update also fixes the following bugs: * A previous update of the libvirt package introduced an error; a SIG_SETMASK argument was incorrectly replaced by a SIG_BLOCK argument after the poll() system call. Consequently, the SIGCHLD signal could be permanently blocked, which caused signal masks to not return to their original values and defunct processes to be generated. With this update, the original signal masks are restored and defunct processes are no longer generated. (BZ#1112689) * An attempt to start a domain that did not exist caused network filters to be locked for read-only access. As a consequence, when trying to gain read-write access, a deadlock occurred. This update applies a patch to fix this bug and an attempt to start a non-existent domain no longer causes a deadlock in the described scenario. (BZ#1112690) * Previously, the libvirtd daemon was binding only to addresses that were configured on certain network interfaces. When libvirtd started before the IPv4 addresses had been configured, libvirtd listened only on the IPv6 addresses. The daemon has been modified to not require an address to be configured when binding to a wildcard address, such as "0.0.0.0" or "::". As a result, libvirtd binds to both IPv4 and IPv6 addresses as expected. (BZ#1112692) Users of libvirt are advised to upgrade to these updated packages, which fix these bugs. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2014:0916: nss and nspr security update (Critical)oval-com.redhat.rhsa-def-20140916 highRHSA-2014:0916 CVE-2014-1544
RHSA-2014:0916: nss and nspr security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140916 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0916, CVE-2014-1544 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) Red Hat would like to thank the Mozilla project for reporting CVE-2014-1544. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters. Users of NSS and NSPR are advised to upgrade to these updated packages, which correct this issue. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. |
RHSA-2014:0917: nss and nspr security, bug fix, and enhancement update (Critical)oval-com.redhat.rhsa-def-20140917 highRHSA-2014:0917 CVE-2013-1740 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1544 CVE-2014-1545
RHSA-2014:0917: nss and nspr security, bug fix, and enhancement update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140917 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0917, CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1544) A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1544, CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters of CVE-2014-1544, Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. In addition, the nss package has been upgraded to upstream version 3.16.1, and the nspr package has been upgraded to upstream version 4.10.6. These updated packages provide a number of bug fixes and enhancements over the previous versions. (BZ#1112136, BZ#1112135) Users of NSS and NSPR are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS or NSPR must be restarted for this update to take effect. |
RHSA-2014:0918: thunderbird security update (Important)oval-com.redhat.rhsa-def-20140918 highRHSA-2014:0918 CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557
RHSA-2014:0918: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140918 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0918, CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro Beekman, Patrick Cozzi, and Mozilla community member John as the original reporters of these issues. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.7.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.7.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2014:0919: firefox security update (Critical)oval-com.redhat.rhsa-def-20140919 highRHSA-2014:0919 CVE-2014-1547 CVE-2014-1555 CVE-2014-1556 CVE-2014-1557
RHSA-2014:0919: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20140919 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0919, CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, David Keeler, Byron Campen, Jethro Beekman, Patrick Cozzi, and Mozilla community member John as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.7.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.7.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2014:0920: httpd security update (Important)oval-com.redhat.rhsa-def-20140920 highRHSA-2014:0920 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231
RHSA-2014:0920: httpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140920 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0920, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2014-0226) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the "DEFLATE" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2014:0921: httpd security update (Important)oval-com.redhat.rhsa-def-20140921 highRHSA-2014:0921 CVE-2013-4352 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231
RHSA-2014:0921: httpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140921 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0921, CVE-2013-4352, CVE-2014-0117, CVE-2014-0118, CVE-2014-0226, CVE-2014-0231 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. (CVE-2014-0226) A NULL pointer dereference flaw was found in the mod_cache httpd module. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP Server was used as a forward proxy with caching. (CVE-2013-4352) A denial of service flaw was found in the mod_proxy httpd module. A remote attacker could send a specially crafted request to a server configured as a reverse proxy using a threaded Multi-Processing Modules (MPM) that would cause the httpd child process to crash. (CVE-2014-0117) A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the "DEFLATE" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. (CVE-2014-0118) A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input. A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely. (CVE-2014-0231) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2014:0923: kernel security update (Important)oval-com.redhat.rhsa-def-20140923 highRHSA-2014:0923 CVE-2014-4699 CVE-2014-4943
RHSA-2014:0923: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140923 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0923, CVE-2014-4699, CVE-2014-4943 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4699, Important) Note: The CVE-2014-4699 issue only affected systems using an Intel CPU. * A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:0924: kernel security update (Important)oval-com.redhat.rhsa-def-20140924 highRHSA-2014:0924 CVE-2014-4699 CVE-2014-4943
RHSA-2014:0924: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140924 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0924, CVE-2014-4699, CVE-2014-4943 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4699, Important) Note: The CVE-2014-4699 issue only affected systems using an Intel CPU. * A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:0926: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140926 mediumRHSA-2014:0926 CVE-2014-2678 CVE-2014-4021
RHSA-2014:0926: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140926 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0926, CVE-2014-2678, CVE-2014-4021 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2014-2678, Moderate) * It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself. (CVE-2014-4021, Moderate) Red Hat would like to thank the Xen project for reporting CVE-2014-4021. Upstream acknowledges Jan Beulich as the original reporter. This update also fixes the following bugs: * A bug in the journaling block device (jbd and jbd2) code could, under certain circumstances, trigger a BUG_ON() assertion and result in a kernel oops. This happened when an application performed an extensive number of commits to the journal of the ext3 file system and there was no currently active transaction while synchronizing the file's in-core state. This problem has been resolved by correcting respective test conditions in the jbd and jbd2 code. (BZ#1097528) * After a statically defined gateway became unreachable and its corresponding neighbor entry entered a FAILED state, the gateway stayed in the FAILED state even after it became reachable again. As a consequence, traffic was not routed through that gateway. This update allows probing such a gateway automatically so that the traffic can be routed through this gateway again once it becomes reachable. (BZ#1106354) * Due to an incorrect condition check in the IPv6 code, the ipv6 driver was unable to correctly assemble incoming packet fragments, which resulted in a high IPv6 packet loss rate. This update fixes the said check for a fragment overlap and ensures that incoming IPv6 packet fragments are now processed as expected. (BZ#1107932) * Recent changes in the d_splice_alias() function introduced a bug that allowed d_splice_alias() to return a dentry from a different directory than the directory being looked up. As a consequence in cluster environment, a kernel panic could be triggered when a directory was being removed while a concurrent cross-directory operation was performed on this directory on another cluster node. This update avoids the kernel panic in this situation by correcting the search logic in the d_splice_alias() function so that the function can no longer return a dentry from an incorrect directory. (BZ#1109720) * The NFSv4 server did not handle multiple OPEN operations to the same file separately, which could cause the NFSv4 client to repeatedly send CLOSE requests with the same state ID, even though the NFS server rejected the request with an NFS4ERR_OLD_STATEID (10024) error code. This update ensures that the NFSv4 client no longer re-sends the same CLOSE request after receiving NFS4ERR_OLD_STATEID. (BZ#1113468) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:0927: qemu-kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20140927 mediumRHSA-2014:0927 CVE-2013-4148 CVE-2013-4149 CVE-2013-4150 CVE-2013-4151 CVE-2013-4527 CVE-2013-4529 CVE-2013-4535 CVE-2013-4536 CVE-2013-4541 CVE-2013-4542 CVE-2013-6399 CVE-2014-0182 CVE-2014-0222 CVE-2014-0223 CVE-2014-3461
RHSA-2014:0927: qemu-kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20140927 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:0927, CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-0222, CVE-2014-0223, CVE-2014-3461 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0222, CVE-2014-0223) Multiple buffer overflow, input validation, and out-of-bounds write flaws were found in the way virtio, virtio-net, virtio-scsi, usb, and hpet drivers of QEMU handled state loading after migration. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461) These issues were discovered by Michael S. Tsirkin, Anthony Liguori and Michael Roth of Red Hat: CVE-2013-4148, CVE-2013-4149, CVE-2013-4150, CVE-2013-4151, CVE-2013-4527, CVE-2013-4529, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, and CVE-2014-3461. This update also fixes the following bugs: * Previously, QEMU did not free pre-allocated zero clusters correctly and the clusters under some circumstances leaked. With this update, pre-allocated zero clusters are freed appropriately and the cluster leaks no longer occur. (BZ#1110188) * Prior to this update, the QEMU command interface did not properly handle resizing of cache memory during guest migration, causing QEMU to terminate unexpectedly with a segmentation fault and QEMU to fail. This update fixes the related code and QEMU no longer crashes in the described situation. (BZ#1110191) * Previously, when a guest device was hot unplugged, QEMU correctly removed the corresponding file descriptor watch but did not re-create it after the device was re-connected. As a consequence, the guest became unable to receive any data from the host over this device. With this update, the file descriptor's watch is re-created and the guest in the above scenario can communicate with the host as expected. (BZ#1110219) * Previously, the QEMU migration code did not account for the gaps caused by hot unplugged devices and thus expected more memory to be transferred during migrations. As a consequence, guest migration failed to complete after multiple devices were hot unplugged. In addition, the migration info text displayed erroneous values for the "remaining ram" item. With this update, QEMU calculates memory after a device has been unplugged correctly, and any subsequent guest migrations proceed as expected. (BZ#1110189) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2014:0981: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20140981 highRHSA-2014:0981 CVE-2012-6647 CVE-2013-7339 CVE-2014-2672 CVE-2014-2678 CVE-2014-2706 CVE-2014-2851 CVE-2014-3144 CVE-2014-3145
RHSA-2014:0981: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20140981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:0981, CVE-2012-6647, CVE-2013-7339, CVE-2014-2672, CVE-2014-2678, CVE-2014-2706, CVE-2014-2851, CVE-2014-3144, CVE-2014-3145 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * A NULL pointer dereference flaw was found in the way the futex_wait_requeue_pi() function of the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-6647, Moderate) * A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate) * It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter. (CVE-2014-2672, Moderate) * A NULL pointer dereference flaw was found in the rds_iw_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2014-2678, Moderate) * A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. (CVE-2014-2706, Moderate) * An out-of-bounds memory access flaw was found in the Netlink Attribute extension of the Berkeley Packet Filter (BPF) interpreter functionality in the Linux kernel's networking implementation. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145, Moderate) This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. |
RHSA-2014:1004: yum-updatesd security update (Important)oval-com.redhat.rhsa-def-20141004 highRHSA-2014:1004 CVE-2014-0022
RHSA-2014:1004: yum-updatesd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141004 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1004, CVE-2014-0022 |
| Description | The yum-updatesd package provides a daemon which checks for available updates and can notify you when they are available via email, syslog, or dbus. It was discovered that yum-updatesd did not properly perform RPM package signature checks. When yum-updatesd was configured to automatically install updates, a remote attacker could use this flaw to install a malicious update on the target system using an unsigned RPM or an RPM signed with an untrusted key. (CVE-2014-0022) All yum-updatesd users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. After installing this update, the yum-updatesd service will be restarted automatically. |
RHSA-2014:1008: samba security and bug fix update (Important)oval-com.redhat.rhsa-def-20141008 highRHSA-2014:1008 CVE-2014-3560
RHSA-2014:1008: samba security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141008 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1008, CVE-2014-3560 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. (CVE-2014-3560) This update also fixes the following bug: * Prior to this update, Samba incorrectly used the O_TRUNC flag when using the open(2) system call to access the contents of a file that was already opened by a different process, causing the file's previous contents to be removed. With this update, the O_TRUNC flag is no longer used in the above scenario, and file corruption no longer occurs. (BZ#1115490) All Samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2014:1009: samba4 security update (Important)oval-com.redhat.rhsa-def-20141009 highRHSA-2014:1009 CVE-2014-0178 CVE-2014-0244 CVE-2014-3493 CVE-2014-3560
RHSA-2014:1009: samba4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141009 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1009, CVE-2014-0178, CVE-2014-0244, CVE-2014-3493, CVE-2014-3560 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A heap-based buffer overflow flaw was found in Samba's NetBIOS message block daemon (nmbd). An attacker on the local network could use this flaw to send specially crafted packets that, when processed by nmbd, could possibly lead to arbitrary code execution with root privileges. (CVE-2014-3560) All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2014:1011: resteasy-base security update (Moderate)oval-com.redhat.rhsa-def-20141011 mediumRHSA-2014:1011 CVE-2014-3490
RHSA-2014:1011: resteasy-base security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141011 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1011, CVE-2014-3490 |
| Description | RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. It was found that the fix for CVE-2012-0818 was incomplete: external parameter entities were not disabled when the resteasy.document.expand.entity.references parameter was set to false. A remote attacker able to send XML requests to a RESTEasy endpoint could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. (CVE-2014-3490) This issue was discovered by David Jorm of Red Hat Product Security. All resteasy-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:1012: php53 and php security update (Moderate)oval-com.redhat.rhsa-def-20141012 mediumRHSA-2014:1012 CVE-2012-1571 CVE-2013-6712 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3479 CVE-2014-3480 CVE-2014-3515 CVE-2014-4049 CVE-2014-4721
RHSA-2014:1012: php53 and php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141012 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1012, CVE-2012-1571, CVE-2013-6712, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3479, CVE-2014-3480, CVE-2014-3515, CVE-2014-4049, CVE-2014-4721 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way the File Information (fileinfo) extension handled indirect and search rules. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, and CVE-2014-3480 issues were discovered by Francisco Alonso of Red Hat Product Security. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:1013: php security update (Moderate)oval-com.redhat.rhsa-def-20141013 mediumRHSA-2014:1013 CVE-2013-7345 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-4049 CVE-2014-4721
RHSA-2014:1013: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141013 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1013, CVE-2013-7345, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4049, CVE-2014-4721 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A denial of service flaw was found in the File Information (fileinfo) extension rules for detecting AWK files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2013-7345) Multiple denial of service flaws were found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487) A heap-based buffer overflow flaw was found in the way PHP parsed DNS TXT records. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-4049) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, and CVE-2014-3487 issues were discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2014:1023: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20141023 highRHSA-2014:1023 CVE-2014-0181 CVE-2014-2672 CVE-2014-2673 CVE-2014-2706 CVE-2014-3534 CVE-2014-4667
RHSA-2014:1023: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141023 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1023, CVE-2014-0181, CVE-2014-2672, CVE-2014-2673, CVE-2014-2706, CVE-2014-3534, CVE-2014-4667 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that Linux kernel's ptrace subsystem did not properly sanitize the address-space-control bits when the program-status word (PSW) was being set. On IBM S/390 systems, a local, unprivileged user could use this flaw to set address-space-control bits to the kernel space, and thus gain read and write access to kernel memory. (CVE-2014-3534, Important) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that a remote attacker could use a race condition flaw in the ath_tx_aggr_sleep() function to crash the system by creating large network traffic on the system's Atheros 9k wireless network adapter. (CVE-2014-2672, Moderate) * A flaw was found in the way the Linux kernel performed forking inside of a transaction. A local, unprivileged user on a PowerPC system that supports transactional memory could use this flaw to crash the system. (CVE-2014-2673, Moderate) * A race condition flaw was found in the way the Linux kernel's mac80211 subsystem implementation handled synchronization between TX and STA wake-up code paths. A remote attacker could use this flaw to crash the system. (CVE-2014-2706, Moderate) * An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made. (CVE-2014-4667, Moderate) Red Hat would like to thank Martin Schwidefsky of IBM for reporting CVE-2014-3534, Andy Lutomirski for reporting CVE-2014-0181, and Gopal Reddy Kodudula of Nokia Siemens Networks for reporting CVE-2014-4667. This update also fixes the following bugs: * Due to a NULL pointer dereference bug in the IPIP and SIT tunneling code, a kernel panic could be triggered when using IPIP or SIT tunnels with IPsec. This update restructures the related code to avoid a NULL pointer dereference and the kernel no longer panics when using IPIP or SIT tunnels with IPsec. (BZ#1114957) * Previously, an IBM POWER8 system could terminate unexpectedly when the kernel received an IRQ while handling a transactional memory re-checkpoint critical section. This update ensures that IRQs are disabled in this situation and the problem no longer occurs. (BZ#1113150) * A missing read memory barrier, rmb(), in the bnx2x driver caused the kernel to crash under various circumstances. This problem has been fixed by adding an rmb() call to the relevant place in the bnx2x code. (BZ#1107721) * The hpwdt driver previously emitted a panic message that was misleading on certain HP systems. This update ensures that upon a kernel panic, hpwdt displays information valid on all HP systems. (BZ#1096961) * The qla2xxx driver has been upgraded to version 8.06.00.08.07.0-k3, which provides a number of bug fixes over the previous version in order to correct various timeout problems with the mailbox commands. (BZ#1112389) * The SCSI mid-layer could retry an I/O operation indefinitely if a storage array repeatedly returned a CHECK CONDITION status to that I/O operation but the sense data was invalid. This update fixes the problem by limiting a time for which is such an I/O operation retried. (BZ#1114468) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:1031: 389-ds-base security update (Important)oval-com.redhat.rhsa-def-20141031 highRHSA-2014:1031 CVE-2014-3562
RHSA-2014:1031: 389-ds-base security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141031 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1031, CVE-2014-3562 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. It was found that when replication was enabled for each attribute in 389 Directory Server, which is the default configuration, the server returned replicated metadata when the directory was searched while debugging was enabled. A remote attacker could use this flaw to disclose potentially sensitive information. (CVE-2014-3562) This issue was discovered by Ludwig Krispenz of Red Hat. All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2014:1034: tomcat security update (Low)oval-com.redhat.rhsa-def-20141034 lowRHSA-2014:1034 CVE-2014-0119
RHSA-2014:1034: tomcat security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20141034 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2014:1034, CVE-2014-0119 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) All Tomcat users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Tomcat must be restarted for this update to take effect. |
RHSA-2014:1038: tomcat6 security update (Low)oval-com.redhat.rhsa-def-20141038 lowRHSA-2014:1038 CVE-2013-4590 CVE-2014-0119
RHSA-2014:1038: tomcat6 security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20141038 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2014:1038, CVE-2013-4590, CVE-2014-0119 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that several application-provided XML files, such as web.xml, content.xml, *.tld, *.tagx, and *.jspx, resolved external entities, permitting XML External Entity (XXE) attacks. An attacker able to deploy malicious applications to Tomcat could use this flaw to circumvent security restrictions set by the JSM, and gain access to sensitive information on the system. Note that this flaw only affected deployments in which Tomcat is running applications from untrusted sources, such as in a shared hosting environment. (CVE-2013-4590) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same Apache Tomcat instance. (CVE-2014-0119) All Tomcat users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2014:1052: openssl security update (Moderate)oval-com.redhat.rhsa-def-20141052 mediumRHSA-2014:1052 CVE-2014-3505 CVE-2014-3506 CVE-2014-3507 CVE-2014-3508 CVE-2014-3509 CVE-2014-3510 CVE-2014-3511
RHSA-2014:1052: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141052 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1052, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3509, CVE-2014-3510, CVE-2014-3511 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execute arbitrary code. (CVE-2014-3509) It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508) A flaw was found in the way OpenSSL handled fragmented handshake packets. A man-in-the-middle attacker could use this flaw to force a TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client and the server supported newer protocol versions. (CVE-2014-3511) Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-3505, CVE-2014-3506, CVE-2014-3507) A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2014:1053: openssl security update (Moderate)oval-com.redhat.rhsa-def-20141053 mediumRHSA-2014:1053 CVE-2014-0221 CVE-2014-3505 CVE-2014-3506 CVE-2014-3508 CVE-2014-3510
RHSA-2014:1053: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141053 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1053, CVE-2014-0221, CVE-2014-3505, CVE-2014-3506, CVE-2014-3508, CVE-2014-3510 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the OBJ_obj2txt() function could fail to properly NUL-terminate its output. This could possibly cause an application using OpenSSL functions to format fields of X.509 certificates to disclose portions of its memory. (CVE-2014-3508) Multiple flaws were discovered in the way OpenSSL handled DTLS packets. A remote attacker could use these flaws to cause a DTLS server or client using OpenSSL to crash or use excessive amounts of memory. (CVE-2014-0221, CVE-2014-3505, CVE-2014-3506) A NULL pointer dereference flaw was found in the way OpenSSL performed a handshake when using the anonymous Diffie-Hellman (DH) key exchange. A malicious server could cause a DTLS client using OpenSSL to crash if that client had anonymous DH cipher suites enabled. (CVE-2014-3510) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-0221. Upstream acknowledges Imre Rad of Search-Lab as the original reporter of this issue. All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2014:1073: nss, nss-util, nss-softokn security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20141073 lowRHSA-2014:1073 CVE-2014-1492
RHSA-2014:1073: nss, nss-util, nss-softokn security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20141073 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2014:1073, CVE-2014-1492 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) In addition, the nss, nss-util, and nss-softokn packages have been upgraded to upstream version 3.16.2, which provides a number of bug fixes and enhancements over the previous versions. (BZ#1124659) Users of NSS are advised to upgrade to these updated packages, which correct these issues and add these enhancements. After installing this update, applications using NSS must be restarted for this update to take effect. |
RHSA-2014:1075: qemu-kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141075 mediumRHSA-2014:1075 CVE-2014-0222 CVE-2014-0223
RHSA-2014:1075: qemu-kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141075 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1075, CVE-2014-0222, CVE-2014-0223 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. Two integer overflow flaws were found in the QEMU block driver for QCOW version 1 disk images. A user able to alter the QEMU disk image files loaded by a guest could use either of these flaws to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-0222, CVE-2014-0223) Red Hat would like to thank NSA for reporting these issues. This update also fixes the following bugs: * In certain scenarios, when performing live incremental migration, the disk size could be expanded considerably due to the transfer of unallocated sectors past the end of the base image. With this update, the bdrv_is_allocated() function has been fixed to no longer return "True" for unallocated sectors, and the disk size no longer changes after performing live incremental migration. (BZ#1109715) * This update enables ioeventfd in virtio-scsi-pci. This allows QEMU to process I/O requests outside of the vCPU thread, reducing the latency of submitting requests and improving single task throughput. (BZ#1123271) * Prior to this update, vendor-specific SCSI commands issued from a KVM guest did not reach the target device due to QEMU considering such commands as invalid. This update fixes this bug by properly propagating vendor-specific SCSI commands to the target device. (BZ#1125131) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2014:1091: mod_wsgi security update (Important)oval-com.redhat.rhsa-def-20141091 highRHSA-2014:1091 CVE-2014-0240
RHSA-2014:1091: mod_wsgi security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141091 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1091, CVE-2014-0240 |
| Description | The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. (CVE-2014-0240) Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation. Red Hat would like to thank Graham Dumpleton for reporting this issue. Upstream acknowledges Róbert Kisteleki as the original reporter. All mod_wsgi users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2014:1110: glibc security update (Important)oval-com.redhat.rhsa-def-20141110 highRHSA-2014:1110 CVE-2014-0475 CVE-2014-5119
RHSA-2014:1110: glibc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141110 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1110, CVE-2014-0475, CVE-2014-5119 |
| Description | The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An off-by-one heap-based buffer overflow flaw was found in glibc's internal __gconv_translit_find() function. An attacker able to make an application call the iconv_open() function with a specially crafted argument could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-5119) A directory traveral flaw was found in the way glibc loaded locale files. An attacker able to make an application use a specially crafted locale name value (for example, specified in an LC_* environment variable) could possibly use this flaw to execute arbitrary code with the privileges of that application. (CVE-2014-0475) Red Hat would like to thank Stephane Chazelas for reporting CVE-2014-0475. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:1143: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141143 mediumRHSA-2014:1143 CVE-2014-3917
RHSA-2014:1143: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141143 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1143, CVE-2014-3917 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system. (CVE-2014-3917, Moderate) This update also fixes the following bugs: * A bug in the journaling code (jbd and jbd2) could, under very heavy workload of fsync() operations, trigger a BUG_ON and result in a kernel oops. Also, fdatasync() could fail to immediately write out changes in the file size only. These problems have been resolved by backporting a series of patches that fixed these problems in the respective code on Red Hat Enterprise Linux 6. This update also improves performance of ext3 and ext4 file systems. (BZ#1116027) * Due to a bug in the ext4 code, the fdatasync() system call did not force the inode size change to be written to the disk if it was the only metadata change in the file. This could result in the wrong inode size and possible data loss if the system terminated unexpectedly. The code handling inode updates has been fixed and fdatasync() now writes data to the disk as expected in this situation. (BZ#1117665) * A workaround to a DMA read problem in the tg3 driver was incorrectly applied to the whole Broadcom 5719 and 5720 chipset family. This workaround is valid only to the A0 revision of the 5719 chips and for other revisions and chips causes occasional Tx timeouts. This update correctly applies the aforementioned workaround only to the A0 revision of the 5719 chips. (BZ#1121017) * Due to a bug in the page writeback code, the system could become unresponsive when being under memory pressure and heavy NFS load. This update fixes the code responsible for handling of dirty pages, and dirty page write outs no longer flood the work queue. (BZ#1125246) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:1144: firefox security update (Critical)oval-com.redhat.rhsa-def-20141144 highRHSA-2014:1144 CVE-2014-1562 CVE-2014-1567
RHSA-2014:1144: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20141144 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1144, CVE-2014-1562, CVE-2014-1567 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 24.8.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 24.8.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2014:1145: thunderbird security update (Important)oval-com.redhat.rhsa-def-20141145 highRHSA-2014:1145 CVE-2014-1562 CVE-2014-1567
RHSA-2014:1145: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141145 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1145, CVE-2014-1562, CVE-2014-1567 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1562, CVE-2014-1567) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jan de Mooij as the original reporter of CVE-2014-1562, and regenrecht as the original reporter of CVE-2014-1567. Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 24.8.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 24.8.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2014:1146: httpcomponents-client security update (Important)oval-com.redhat.rhsa-def-20141146 highRHSA-2014:1146 CVE-2014-3577
RHSA-2014:1146: httpcomponents-client security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141146 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1146, CVE-2014-3577 |
| Description | HttpClient is an HTTP/1.1 compliant HTTP agent implementation based on httpcomponents HttpCore. It was discovered that the HttpClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All httpcomponents-client users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:1147: squid security update (Important)oval-com.redhat.rhsa-def-20141147 highRHSA-2014:1147 CVE-2014-3609
RHSA-2014:1147: squid security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141147 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1147, CVE-2014-3609 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. (CVE-2014-3609) Red Hat would like to thank the Squid project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter. All Squid users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the squid service will be restarted automatically. |
RHSA-2014:1148: squid security update (Important)oval-com.redhat.rhsa-def-20141148 highRHSA-2014:1148 CVE-2013-4115 CVE-2014-3609
RHSA-2014:1148: squid security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141148 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1148, CVE-2013-4115, CVE-2014-3609 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. A flaw was found in the way Squid handled malformed HTTP Range headers. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. (CVE-2014-3609) A buffer overflow flaw was found in Squid's DNS lookup module. A remote attacker able to send HTTP requests to the Squid proxy could use this flaw to crash Squid. (CVE-2013-4115) Red Hat would like to thank the Squid project for reporting the CVE-2014-3609 issue. Upstream acknowledges Matthew Daley as the original reporter. All Squid users are advised to upgrade to this updated package, which contains backported patches to correct these issues. After installing this update, the squid service will be restarted automatically. |
RHSA-2014:1166: jakarta-commons-httpclient security update (Important)oval-com.redhat.rhsa-def-20141166 highRHSA-2014:1166 CVE-2014-3577
RHSA-2014:1166: jakarta-commons-httpclient security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141166 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1166, CVE-2014-3577 |
| Description | Jakarta Commons HTTPClient implements the client side of HTTP standards. It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577) For additional information on this flaw, refer to the Knowledgebase article in the References section. All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:1167: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20141167 highRHSA-2014:1167 CVE-2014-0205 CVE-2014-3535 CVE-2014-3917 CVE-2014-4667
RHSA-2014:1167: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141167 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1167, CVE-2014-0205, CVE-2014-3535, CVE-2014-3917, CVE-2014-4667 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled reference counting when requeuing futexes during futex_wait(). A local, unprivileged user could use this flaw to zero out the reference counter of an inode or an mm struct that backs up the memory area of the futex, which could lead to a use-after-free flaw, resulting in a system crash or, potentially, privilege escalation. (CVE-2014-0205, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel's networking implementation handled logging while processing certain invalid packets coming in via a VxLAN interface. A remote attacker could use this flaw to crash the system by sending a specially crafted packet to such an interface. (CVE-2014-3535, Important) * An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system. (CVE-2014-3917, Moderate) * An integer underflow flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation processed certain COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote attacker could use this flaw to prevent legitimate connections to a particular SCTP server socket to be made. (CVE-2014-4667, Moderate) Red Hat would like to thank Gopal Reddy Kodudula of Nokia Siemens Networks for reporting CVE-2014-4667. The security impact of the CVE-2014-0205 issue was discovered by Mateusz Guzik of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:1172: procmail security update (Important)oval-com.redhat.rhsa-def-20141172 highRHSA-2014:1172 CVE-2014-3618
RHSA-2014:1172: procmail security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141172 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1172, CVE-2014-3618 |
| Description | The procmail program is used for local mail delivery. In addition to just delivering mail, procmail can be used for automatic filtering, presorting, and other mail handling jobs. A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send an email with specially crafted headers that, when processed by formail, could cause procmail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2014-3618) All procmail users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:1193: axis security update (Important)oval-com.redhat.rhsa-def-20141193 highRHSA-2014:1193 CVE-2014-3596
RHSA-2014:1193: axis security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141193 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1193, CVE-2014-3596 |
| Description | Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. It was discovered that Axis incorrectly extracted the host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3596) For additional information on this flaw, refer to the Knowledgebase article in the References section. This issue was discovered by David Jorm and Arun Neelicattu of Red Hat Product Security. All axis users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using Apache Axis must be restarted for this update to take effect. |
RHSA-2014:1194: conga security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141194 mediumRHSA-2014:1194 CVE-2012-5485 CVE-2012-5486 CVE-2012-5488 CVE-2012-5497 CVE-2012-5498 CVE-2012-5499 CVE-2012-5500 CVE-2013-6496 CVE-2014-3521
RHSA-2014:1194: conga security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141194 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1194, CVE-2012-5485, CVE-2012-5486, CVE-2012-5488, CVE-2012-5497, CVE-2012-5498, CVE-2012-5499, CVE-2012-5500, CVE-2013-6496, CVE-2014-3521 |
| Description | The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that Plone, included as a part of luci, did not properly protect the administrator interface (control panel). A remote attacker could use this flaw to inject a specially crafted Python statement or script into Plone's restricted Python sandbox that, when the administrator interface was accessed, would be executed with the privileges of that administrator user. (CVE-2012-5485) It was discovered that Plone, included as a part of luci, did not properly sanitize HTTP headers provided within certain URL requests. A remote attacker could use a specially crafted URL that, when processed, would cause the injected HTTP headers to be returned as a part of the Plone HTTP response, potentially allowing the attacker to perform other more advanced attacks. (CVE-2012-5486) Multiple information leak flaws were found in the way conga processed luci site extension-related URL requests. A remote, unauthenticated attacker could issue a specially crafted HTTP request that, when processed, would result in unauthorized information disclosure. (CVE-2013-6496) It was discovered that various components in the luci site extension-related URLs were not properly restricted to administrative users. A remote, authenticated attacker could escalate their privileges to perform certain actions that should be restricted to administrative users, such as adding users and systems, and viewing log data. (CVE-2014-3521) It was discovered that Plone, included as a part of luci, did not properly protect the privilege of running RestrictedPython scripts. A remote attacker could use a specially crafted URL that, when processed, would allow the attacker to submit and perform expensive computations or, in conjunction with other attacks, be able to access or alter privileged information. (CVE-2012-5488) It was discovered that Plone, included as a part of luci, did not properly enforce permissions checks on the membership database. A remote attacker could use a specially crafted URL that, when processed, could allow the attacker to enumerate user account names. (CVE-2012-5497) It was discovered that Plone, included as a part of luci, did not properly handle the processing of requests for certain collections. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive I/O and/or cache resource consumption. (CVE-2012-5498) It was discovered that Plone, included as a part of luci, did not properly handle the processing of very large values passed to an internal utility function. A remote attacker could use a specially crafted URL that, when processed, would lead to excessive memory consumption. (CVE-2012-5499) It was discovered that Plone, included as a part of luci, allowed a remote anonymous user to change titles of content items due to improper permissions checks. (CVE-2012-5500) The CVE-2014-3521 issue was discovered by Radek Steiger of Red Hat, and the CVE-2013-6496 issue was discovered by Jan Pokorny of Red Hat. In addition, these updated conga packages include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.11 Technical Notes, linked to in the References section, for information on the most significant of these changes All conga users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the luci and ricci services will be restarted automatically. |
RHSA-2014:1243: automake security update (Low)oval-com.redhat.rhsa-def-20141243 lowRHSA-2014:1243 CVE-2012-3386
RHSA-2014:1243: automake security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20141243 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2014:1243, CVE-2012-3386 |
| Description | Automake is a tool for automatically generating Makefile.in files compliant with the GNU Coding Standards. It was found that the distcheck rule in Automake-generated Makefiles made a directory world-writable when preparing source archives. If a malicious, local user could access this directory, they could execute arbitrary code with the privileges of the user running "make distcheck". (CVE-2012-3386) Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter. All automake users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2014:1244: bind97 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141244 mediumRHSA-2014:1244 CVE-2014-0591
RHSA-2014:1244: bind97 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141244 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1244, CVE-2014-0591 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. It contains a DNS server (named), a resolver library with routines for applications to use when interfacing with DNS, and tools for verifying that the DNS server is operating correctly. These packages contain version 9.7 of the BIND suite. A denial of service flaw was found in the way BIND handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash. (CVE-2014-0591) Note: The CVE-2014-0591 issue does not directly affect the version of bind97 shipped in Red Hat Enterprise Linux 5. This issue is being addressed however to assure it is not introduced in future builds of bind97 (possibly built with a different compiler or C library optimization). This update also fixes the following bug: * Previously, the bind97 initscript did not check for the existence of the ROOTDIR variable when shutting down the named daemon. As a consequence, some parts of the file system that are mounted when using bind97 in a chroot environment were unmounted on daemon shut down, even if bind97 was not running in a chroot environment. With this update, the initscript has been fixed to check for the existence of the ROOTDIR variable when unmounting some parts of the file system on named daemon shut down. Now, when shutting down bind97 that is not running in a chroot environment, no parts of the file system are unmounted. (BZ#1059118) All bind97 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2014:1245: krb5 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141245 mediumRHSA-2014:1245 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4344
RHSA-2014:1245: krb5 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141245 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1245, CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4344 |
| Description | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer over-read flaw was found in the way MIT Kerberos handled certain requests. A man-in-the-middle attacker with a valid Kerberos ticket who is able to inject packets into a client or server application's GSSAPI session could use this flaw to crash the application. (CVE-2014-4341) This update also fixes the following bugs: * Prior to this update, the libkrb5 library occasionally attempted to free already freed memory when encrypting credentials. As a consequence, the calling process terminated unexpectedly with a segmentation fault. With this update, libkrb5 frees memory correctly, which allows the credentials to be encrypted appropriately and thus prevents the mentioned crash. (BZ#1004632) * Previously, when the krb5 client library was waiting for a response from a server, the timeout variable in certain cases became a negative number. Consequently, the client could enter a loop while checking for responses. With this update, the client logic has been modified and the described error no longer occurs. (BZ#1089732) All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. |
RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20141246 mediumRHSA-2014:1246 CVE-2013-1740 CVE-2014-1490 CVE-2014-1491 CVE-2014-1492 CVE-2014-1545
RHSA-2014:1246: nss and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141246 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1246, CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1545 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server. (CVE-2013-1740) A race condition was found in the way NSS implemented session ticket handling as specified by RFC 5077. An attacker could use this flaw to crash an application using NSS or, in rare cases, execute arbitrary code with the privileges of the user running that application. (CVE-2014-1490) It was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE) parameters. This could possibly lead to weak encryption being used in communication between the client and the server. (CVE-2014-1491) An out-of-bounds write flaw was found in NSPR. A remote attacker could potentially use this flaw to crash an application using NSPR or, possibly, execute arbitrary code with the privileges of the user running that application. This NSPR flaw was not exposed to web content in any shipped version of Firefox. (CVE-2014-1545) It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. (CVE-2014-1492) Red Hat would like to thank the Mozilla project for reporting the CVE-2014-1490, CVE-2014-1491, and CVE-2014-1545 issues. Upstream acknowledges Brian Smith as the original reporter of CVE-2014-1490, Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters of CVE-2014-1491, and Abhishek Arya as the original reporter of CVE-2014-1545. The nss and nspr packages have been upgraded to upstream version 3.16.1 and 4.10.6 respectively, which provide a number of bug fixes and enhancements over the previous versions. (BZ#1110857, BZ#1110860) This update also fixes the following bugs: * Previously, when the output.log file was not present on the system, the shell in the Network Security Services (NSS) specification handled test failures incorrectly as false positive test results. Consequently, certain utilities, such as "grep", could not handle failures properly. This update improves error detection in the specification file, and "grep" and other utilities now handle missing files or crashes as intended. (BZ#1035281) * Prior to this update, a subordinate Certificate Authority (CA) of the ANSSI agency incorrectly issued an intermediate certificate installed on a network monitoring device. As a consequence, the monitoring device was enabled to act as an MITM (Man in the Middle) proxy performing traffic management of domain names or IP addresses that the certificate holder did not own or control. The trust in the intermediate certificate to issue the certificate for an MITM device has been revoked, and such a device can no longer be used for MITM attacks. (BZ#1042684) * Due to a regression, MD5 certificates were rejected by default because Network Security Services (NSS) did not trust MD5 certificates. With this update, MD5 certificates are supported in Red Hat Enterprise Linux 5. (BZ#11015864) Users of nss and nspr are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2014:1255: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20141255 mediumRHSA-2014:1255 CVE-2014-4345
RHSA-2014:1255: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141255 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1255, CVE-2014-4345 |
| Description | Kerberos is an authentication system which allows clients and services to authenticate to each other with the help of a trusted third party, a Kerberos Key Distribution Center (KDC). A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) All krb5 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. |
RHSA-2014:1281: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141281 mediumRHSA-2014:1281 CVE-2014-3917
RHSA-2014:1281: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141281 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1281, CVE-2014-3917 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * An out-of-bounds memory access flaw was found in the Linux kernel's system call auditing implementation. On a system with existing audit rules defined, a local, unprivileged user could use this flaw to leak kernel memory to user space or, potentially, crash the system. (CVE-2014-3917, Moderate) This update also fixes the following bugs: * A bug in the mtip32xx driver could prevent the Micron P420m PCIe SSD devices with unaligned I/O access from completing the submitted I/O requests. This resulted in a livelock situation and rendered the Micron P420m PCIe SSD devices unusable. To fix this problem, mtip32xx now checks whether an I/O access is unaligned and if so, it uses the correct semaphore. (BZ#1125776) * A series of patches has been backported to improve the functionality of a touch pad on the latest Lenovo laptops in Red Hat Enterprise Linux 7. (BZ#1122559) * Due to a bug in the bnx2x driver, a network adapter could be unable to recover from EEH error injection. The network adapter had to be taken offline and rebooted in order to function properly again. With this update, the bnx2x driver has been corrected and network adapters now recover from EEH errors as expected. (BZ#1107722) * Previously, if an hrtimer interrupt was delayed, all future pending hrtimer events that were queued on the same processor were also delayed until the initial hrtimer event was handled. This could cause all hrtimer processing to stop for a significant period of time. To prevent this problem, the kernel has been modified to handle all expired hrtimer events when handling the initially delayed hrtimer event. (BZ#1113175) * A previous change to the nouveau driver introduced a bit shift error, which resulted in a wrong display resolution being set with some models of NVIDIA controllers. With this update, the erroneous code has been corrected, and the affected NVIDIA controllers can now set the correct display resolution. (BZ#1114869) * Due to a NULL pointer dereference bug in the be2net driver, the system could experience a kernel oops and reboot when disabling a network adapter after a permanent failure. This problem has been fixed by introducing a flag to keep track of the setup state. The failing adapter can now be disabled successfully without a kernel crash. (BZ#1122558) * Previously, the Huge Translation Lookaside Buffer (HugeTLB) allowed access to huge pages access by default. However, huge pages may be unsupported in some environments, such as a KVM guest on a PowerPC architecture, and an attempt to access a huge page in memory would result in a kernel oops. This update ensures that HugeTLB denies access to huge pages if the huge pages are not supported on the system. (BZ#1122115) * If an NVMe device becomes ready but fails to create I/O queues, the nvme driver creates a character device handle to manage such a device. Previously, a character device could be created before a device reference counter was initialized, which resulted in a kernel oops. This problem has been fixed by calling the relevant initialization function earlier in the code. (BZ#1119720) * On some firmware versions of the BladeEngine 3 (BE3) controller, interrupts remain disabled after a hardware reset. This was a problem for all Emulex-based network adapters using such a BE3 controller because these adapters would fail to recover from an EEH error if it occurred. To resolve this problem, the be2net driver has been modified to enable the interrupts in the eeh_resume handler explicitly. (BZ#1121712) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:1292: haproxy security update (Moderate)oval-com.redhat.rhsa-def-20141292 mediumRHSA-2014:1292 CVE-2014-6269
RHSA-2014:1292: haproxy security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141292 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1292, CVE-2014-6269 |
| Description | HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. A buffer overflow flaw was discovered in the way HAProxy handled, under very specific conditions, data uploaded from a client. A remote attacker could possibly use this flaw to crash HAProxy. (CVE-2014-6269) All haproxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2014:1293: bash security update (Critical)oval-com.redhat.rhsa-def-20141293 highRHSA-2014:1293 CVE-2014-6271
RHSA-2014:1293: bash security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20141293 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1293, CVE-2014-6271 |
| Description | The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-6271) For additional information on the CVE-2014-6271 flaw, refer to the Knowledgebase article at https://access.redhat.com/articles/1200223 Red Hat would like to thank Stephane Chazelas for reporting this issue. All bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:1306: bash security update (Important)oval-com.redhat.rhsa-def-20141306 highRHSA-2014:1306 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187
RHSA-2014:1306: bash security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141306 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1306, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187 |
| Description | The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. (CVE-2014-7169) Applications which directly create bash functions as environment variables need to be made aware of changes to the way names are handled by this update. Note that certain services, screen sessions, and tmux sessions may need to be restarted, and affected interactive users may need to re-login. Installing these updated packages without restarting services will address the vulnerability, but functionality may be impacted until affected services are restarted. For more information see the Knowledgebase article at https://access.redhat.com/articles/1200223 Note: Docker users are advised to use "yum update" within their containers, and to commit the resulting changes. For additional information on CVE-2014-6271 and CVE-2014-7169, refer to the aforementioned Knowledgebase article. All bash users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:1307: nss security update (Important)oval-com.redhat.rhsa-def-20141307 highRHSA-2014:1307 CVE-2014-1568
RHSA-2014:1307: nss security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141307 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1307, CVE-2014-1568 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 (Abstract Syntax Notation One) input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. (CVE-2014-1568) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters. All NSS users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, applications using NSS must be restarted for this update to take effect. |
RHSA-2014:1319: xerces-j2 security update (Moderate)oval-com.redhat.rhsa-def-20141319 mediumRHSA-2014:1319 CVE-2013-4002
RHSA-2014:1319: xerces-j2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141319 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1319, CVE-2013-4002 |
| Description | Apache Xerces for Java (Xerces-J) is a high performance, standards compliant, validating XML parser written in Java. The xerces-j2 packages provide Xerces-J version 2. A resource consumption issue was found in the way Xerces-J handled XML declarations. A remote attacker could use an XML document with a specially crafted declaration using a long pseudo-attribute name that, when parsed by an application using Xerces-J, would cause that application to use an excessive amount of CPU. (CVE-2013-4002) All xerces-j2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Applications using the Xerces-J must be restarted for this update to take effect. |
RHSA-2014:1326: php53 and php security update (Moderate)oval-com.redhat.rhsa-def-20141326 mediumRHSA-2014:1326 CVE-2014-2497 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 CVE-2014-4698
RHSA-2014:1326: php53 and php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141326 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1326, CVE-2014-2497, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3597 issue was discovered by David Kutálek of the Red Hat BaseOS QE. All php53 and php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2014:1327: php security update (Moderate)oval-com.redhat.rhsa-def-20141327 mediumRHSA-2014:1327 CVE-2014-2497 CVE-2014-3478 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120
RHSA-2014:1327: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141327 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1327, CVE-2014-2497, CVE-2014-3478, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. (CVE-2014-3478) Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2014-3538) It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat Product Security, the CVE-2014-3538 issue was discovered by Jan Kaluža of the Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by David Kutálek of the Red Hat BaseOS QE. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2014:1352: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141352 mediumRHSA-2014:1352 CVE-2014-3633 CVE-2014-3657
RHSA-2014:1352: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141352 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1352, CVE-2014-3633, CVE-2014-3657 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug: * Prior to this update, libvirt was setting the cpuset.mems parameter for domains with numatune/memory[nodeset] prior to starting them. As a consequence, domains with such a nodeset, which excluded the NUMA node with DMA and DMA32 zones (found in /proc/zoneinfo), could not be started due to failed KVM initialization. With this update, libvirt sets the cpuset.mems parameter after the initialization, and domains with any nodeset (in /numatune/memory) can be started without an error. (BZ#1135871) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2014:1359: polkit-qt security update (Important)oval-com.redhat.rhsa-def-20141359 highRHSA-2014:1359 CVE-2014-5033
RHSA-2014:1359: polkit-qt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141359 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1359, CVE-2014-5033 |
| Description | Polkit-qt is a library that lets developers use the PolicyKit API through a Qt-styled API. The polkit-qt library is used by the KDE Authentication Agent (KAuth), which is a part of kdelibs. It was found that polkit-qt handled authorization requests with PolicyKit via a D-Bus API that is vulnerable to a race condition. A local user could use this flaw to bypass intended PolicyKit authorizations. This update modifies polkit-qt to communicate with PolicyKit via a different API that is not vulnerable to the race condition. (CVE-2014-5033) All polkit-qt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2014:1388: cups security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141388 mediumRHSA-2014:1388 CVE-2014-2856 CVE-2014-3537 CVE-2014-5029 CVE-2014-5030 CVE-2014-5031
RHSA-2014:1388: cups security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141388 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1388, CVE-2014-2856, CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031 |
| Description | CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A cross-site scripting (XSS) flaw was found in the CUPS web interface. An attacker could use this flaw to perform a cross-site scripting attack against users of the CUPS web interface. (CVE-2014-2856) It was discovered that CUPS allowed certain users to create symbolic links in certain directories under /var/cache/cups/. A local user with the 'lp' group privileges could use this flaw to read the contents of arbitrary files on the system or, potentially, escalate their privileges on the system. (CVE-2014-3537, CVE-2014-5029, CVE-2014-5030, CVE-2014-5031) The CVE-2014-3537 issue was discovered by Francisco Alonso of Red Hat Product Security. These updated cups packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2014:1389: krb5 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141389 mediumRHSA-2014:1389 CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345
RHSA-2014:1389: krb5 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141389 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1389, CVE-2013-1418, CVE-2013-6800, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345 |
| Description | Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:1390: luci security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20141390 mediumRHSA-2014:1390 CVE-2014-3593
RHSA-2014:1390: luci security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141390 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1390, CVE-2014-3593 |
| Description | Luci is a web-based high availability administration application. It was discovered that luci used eval() on inputs containing strings from the cluster configuration file when generating its web pages. An attacker with privileges to create or edit the cluster configuration could use this flaw to execute arbitrary code as the luci user on a host running luci. (CVE-2014-3593) This issue was discovered by Jan Pokorný of Red Hat. These updated luci packages also include several bug fixes and multiple enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2014:1391: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20141391 mediumRHSA-2014:1391 CVE-2013-4237 CVE-2013-4458 CVE-2013-7424
RHSA-2014:1391: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141391 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1391, CVE-2013-4237, CVE-2013-4458, CVE-2013-7424 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds write flaw was found in the way the glibc's readdir_r() function handled file system entries longer than the NAME_MAX character constant. A remote attacker could provide a specially crafted NTFS or CIFS file system that, when processed by an application using readdir_r(), would cause that application to crash or, potentially, allow the attacker to execute arbitrary code with the privileges of the user running the application. (CVE-2013-4237) It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-4458) These updated glibc packages also include several bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2014:1392: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20141392 highRHSA-2014:1392 CVE-2012-6689 CVE-2013-2596 CVE-2013-4483 CVE-2014-0181 CVE-2014-3122 CVE-2014-3601 CVE-2014-4608 CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 CVE-2014-5045 CVE-2014-5077
RHSA-2014:1392: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141392 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1392, CVE-2012-6689, CVE-2013-2596, CVE-2013-4483, CVE-2014-0181, CVE-2014-3122, CVE-2014-3601, CVE-2014-4608, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-5045, CVE-2014-5077 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) * It was found that the try_to_unmap_cluster() function in the Linux kernel's Memory Managment subsystem did not properly handle page locking in certain cases, which could potentially trigger the BUG_ON() macro in the mlock_vma_page() function. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3122, Moderate) * A flaw was found in the way the Linux kernel's kvm_iommu_map_pages() function handled IOMMU mapping failures. A privileged user in a guest with an assigned host device could use this flaw to crash the host. (CVE-2014-3601, Moderate) * Multiple use-after-free flaws were found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * An integer overflow flaw was found in the way the lzo1x_decompress_safe() function of the Linux kernel's LZO implementation processed Literal Runs. A local attacker could, in extremely rare cases, use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-4608, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483, Jack Morgenstein of Mellanox for reporting CVE-2014-3601, Vasily Averin of Parallels for reporting CVE-2014-5045, and Don A. Bailey from Lab Mouse Security for reporting CVE-2014-4608. The security impact of the CVE-2014-3601 issue was discovered by Michael Tsirkin of Red Hat. This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.6 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.6 Release Notes and Technical Notes. The system must be rebooted for this update to take effect. |
RHSA-2014:1397: rsyslog security update (Important)oval-com.redhat.rhsa-def-20141397 highRHSA-2014:1397 CVE-2014-3634
RHSA-2014:1397: rsyslog security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141397 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1397, CVE-2014-3634 |
| Description | The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. |
RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20141436 mediumRHSA-2014:1436 CVE-2013-1981 CVE-2013-1982 CVE-2013-1983 CVE-2013-1984 CVE-2013-1985 CVE-2013-1986 CVE-2013-1987 CVE-2013-1988 CVE-2013-1989 CVE-2013-1990 CVE-2013-1991 CVE-2013-1992 CVE-2013-1995 CVE-2013-1997 CVE-2013-1998 CVE-2013-1999 CVE-2013-2000 CVE-2013-2001 CVE-2013-2002 CVE-2013-2003 CVE-2013-2004 CVE-2013-2005 CVE-2013-2062 CVE-2013-2063 CVE-2013-2064 CVE-2013-2066 CVE-2013-7439
RHSA-2014:1436: X11 client libraries security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141436 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1436, CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-1992, CVE-2013-1995, CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2003, CVE-2013-2004, CVE-2013-2005, CVE-2013-2062, CVE-2013-2063, CVE-2013-2064, CVE-2013-2066, CVE-2013-7439 |
| Description | The X11 (Xorg) libraries provide library routines that are used within all X Window applications. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way various X11 client libraries handled certain protocol data. An attacker able to submit invalid protocol data to an X11 server via a malicious X11 client could use either of these flaws to potentially escalate their privileges on the system. (CVE-2013-1981, CVE-2013-1982, CVE-2013-1983, CVE-2013-1984, CVE-2013-1985, CVE-2013-1986, CVE-2013-1987, CVE-2013-1988, CVE-2013-1989, CVE-2013-1990, CVE-2013-1991, CVE-2013-2003, CVE-2013-2062, CVE-2013-2064) Multiple array index errors, leading to heap-based buffer out-of-bounds write flaws, were found in the way various X11 client libraries handled data returned from an X11 server. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1997, CVE-2013-1998, CVE-2013-1999, CVE-2013-2000, CVE-2013-2001, CVE-2013-2002, CVE-2013-2066) A buffer overflow flaw was found in the way the XListInputDevices() function of X.Org X11's libXi runtime library handled signed numbers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-1995) A flaw was found in the way the X.Org X11 libXt runtime library used uninitialized pointers. A malicious X11 server could possibly use this flaw to execute arbitrary code with the privileges of the user running an X11 client. (CVE-2013-2005) Two stack-based buffer overflow flaws were found in the way libX11, the Core X11 protocol client library, processed certain user-specified files. A malicious X11 server could possibly use this flaw to crash an X11 client via a specially crafted file. (CVE-2013-2004) The xkeyboard-config package has been upgraded to upstream version 2.11, which provides a number of bug fixes and enhancements over the previous version. (BZ#1077471) This update also fixes the following bugs: * Previously, updating the mesa-libGL package did not update the libX11 package, although it was listed as a dependency of mesa-libGL. This bug has been fixed and updating mesa-libGL now updates all dependent packages as expected. (BZ#1054614) * Previously, closing a customer application could occasionally cause the X Server to terminate unexpectedly. After this update, the X Server no longer hangs when a user closes a customer application. (BZ#971626) All X11 client libraries users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2014:1507: trousers security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20141507 lowRHSA-2014:1507 CVE-2012-0698
RHSA-2014:1507: trousers security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20141507 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2014:1507, CVE-2012-0698 |
| Description | TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. You can use TrouSerS to write applications that make use of your TPM hardware. TPM hardware can create, store and use RSA keys securely (without ever being exposed in memory), verify a platform's software state using cryptographic hashes and more. A flaw was found in the way tcsd, the daemon that manages Trusted Computing resources, processed incoming TCP packets. A remote attacker could send a specially crafted TCP packet that, when processed by tcsd, could cause the daemon to crash. Note that by default tcsd accepts requests on localhost only. (CVE-2012-0698) Red Hat would like to thank Andrew Lutomirski for reporting this issue. The trousers package has been upgraded to upstream version 0.3.13, which provides a number of bug fixes and enhancements over the previous version, including corrected internal symbol names to avoid collisions with other applications, fixed memory leaks, added IPv6 support, fixed buffer handling in tcsd, as well as changed the license to BSD. (BZ#633584, BZ#1074634) All trousers users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2014:1552: openssh security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20141552 mediumRHSA-2014:1552 CVE-2014-2532 CVE-2014-2653
RHSA-2014:1552: openssh security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141552 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1552, CVE-2014-2532, CVE-2014-2653 |
| Description | OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. (CVE-2014-2653) It was found that OpenSSH did not properly handle certain AcceptEnv parameter values with wildcard characters. A remote attacker could use this flaw to bypass intended environment variable restrictions. (CVE-2014-2532) This update also fixes the following bugs: * Based on the SP800-131A information security standard, the generation of a digital signature using the Digital Signature Algorithm (DSA) with the key size of 1024 bits and RSA with the key size of less than 2048 bits is disallowed after the year 2013. After this update, ssh-keygen no longer generates keys with less than 2048 bits in FIPS mode. However, the sshd service accepts keys of size 1024 bits as well as larger keys for compatibility reasons. (BZ#993580) * Previously, the openssh utility incorrectly set the oom_adj value to -17 for all of its children processes. This behavior was incorrect because the children processes were supposed to have this value set to 0. This update applies a patch to fix this bug and oom_adj is now properly set to 0 for all children processes as expected. (BZ#1010429) * Previously, if the sshd service failed to verify the checksum of an installed FIPS module using the fipscheck library, the information about this failure was only provided at the standard error output of sshd. As a consequence, the user could not notice this message and be uninformed when a system had not been properly configured for FIPS mode. To fix this bug, this behavior has been changed and sshd now sends such messages via the syslog service. (BZ#1020803) * When keys provided by the pkcs11 library were removed from the ssh agent using the "ssh-add -e" command, the user was prompted to enter a PIN. With this update, a patch has been applied to allow the user to remove the keys provided by pkcs11 without the PIN. (BZ#1042519) In addition, this update adds the following enhancements: * With this update, ControlPersist has been added to OpenSSH. The option in conjunction with the ControlMaster configuration directive specifies that the master connection remains open in the background after the initial client connection has been closed. (BZ#953088) * When the sshd daemon is configured to force the internal SFTP session, and the user attempts to use a connection other than SFTP, the appropriate message is logged to the /var/log/secure file. (BZ#997377) * Support for Elliptic Curve Cryptography modes for key exchange (ECDH) and host user keys (ECDSA) as specified by RFC5656 has been added to the openssh packages. However, they are not enabled by default and the user has to enable them manually. For more information on how to configure ECDSA and ECDH with OpenSSH, see: https://access.redhat.com/solutions/711953 (BZ#1028335) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2014:1606: file security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141606 mediumRHSA-2014:1606 CVE-2012-1571 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-3479 CVE-2014-3480
RHSA-2014:1606: file security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141606 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1606, CVE-2012-1571, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-2270, CVE-2014-3479, CVE-2014-3480 |
| Description | The "file" command is used to identify a particular file according to the type of data contained in the file. The command can identify various file types, including ELF binaries, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2012-1571) Two denial of service flaws were found in the way file handled indirect and search rules. A remote attacker could use either of these flaws to cause file, or an application using file, to crash or consume an excessive amount of CPU. (CVE-2014-1943, CVE-2014-2270) This update also fixes the following bugs: * Previously, the output of the "file" command contained redundant white spaces. With this update, the new STRING_TRIM flag has been introduced to remove the unnecessary white spaces. (BZ#664513) * Due to a bug, the "file" command could incorrectly identify an XML document as a LaTex document. The underlying source code has been modified to fix this bug and the command now works as expected. (BZ#849621) * Previously, the "file" command could not recognize .JPG files and incorrectly labeled them as "Minix filesystem". This bug has been fixed and the command now properly detects .JPG files. (BZ#873997) * Under certain circumstances, the "file" command incorrectly detected NETpbm files as "x86 boot sector". This update applies a patch to fix this bug and the command now detects NETpbm files as expected. (BZ#884396) * Previously, the "file" command incorrectly identified ASCII text files as a .PIC image file. With this update, a patch has been provided to address this bug and the command now correctly recognizes ASCII text files. (BZ#980941) * On 32-bit PowerPC systems, the "from" field was missing from the output of the "file" command. The underlying source code has been modified to fix this bug and "file" output now contains the "from" field as expected. (BZ#1037279) * The "file" command incorrectly detected text files as "RRDTool DB version ool - Round Robin Database Tool". This update applies a patch to fix this bug and the command now correctly detects text files. (BZ#1064463) * Previously, the "file" command supported only version 1 and 2 of the QCOW format. As a consequence, file was unable to detect a "qcow2 compat=1.1" file created on Red Hat Enterprise Linux 7. With this update, support for QCOW version 3 has been added so that the command now detects such files as expected. (BZ#1067771) All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:1620: java-1.7.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20141620 highRHSA-2014:1620 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558
RHSA-2014:1620: java-1.7.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141620 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1620, CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:1633: java-1.7.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20141633 highRHSA-2014:1633 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558
RHSA-2014:1633: java-1.7.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141633 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1633, CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20141634 highRHSA-2014:1634 CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558
RHSA-2014:1634: java-1.6.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141634 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1634, CVE-2014-6457, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: * The TLS/SSL implementation in OpenJDK previously failed to handle Diffie-Hellman (DH) keys with more than 1024 bits. This caused client applications using JSSE to fail to establish TLS/SSL connections to servers using larger DH keys during the connection handshake. This update adds support for DH keys with size up to 2048 bits. (BZ#1148309) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:1635: firefox security update (Critical)oval-com.redhat.rhsa-def-20141635 highRHSA-2014:1635 CVE-2014-1574 CVE-2014-1576 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581 CVE-2014-1583
RHSA-2014:1635: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20141635 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1635, CVE-2014-1574, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581, CVE-2014-1583 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1576, CVE-2014-1577) A flaw was found in the Alarm API, which allows applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass cross-origin restrictions. (CVE-2014-1583) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron Campen Jon Coppeard, Atte Kettunen, Holger Fuhrmannek, Abhishek Arya, regenrecht, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.2.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.2.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2014:1636: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20141636 highRHSA-2014:1636 CVE-2014-6457 CVE-2014-6468 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519 CVE-2014-6531 CVE-2014-6558 CVE-2014-6562
RHSA-2014:1636: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141636 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1636, CVE-2014-6457, CVE-2014-6468, CVE-2014-6502, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6517, CVE-2014-6519, CVE-2014-6531, CVE-2014-6558, CVE-2014-6562 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. It was discovered that the Libraries component in OpenJDK failed to properly handle ZIP archives that contain entries with a NUL byte used in the file names. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2014-6562) Multiple flaws were discovered in the Libraries, 2D, and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2014-6506, CVE-2014-6531, CVE-2014-6502, CVE-2014-6511, CVE-2014-6504, CVE-2014-6519) It was discovered that the StAX XML parser in the JAXP component in OpenJDK performed expansion of external parameter entities even when external entity substitution was disabled. A remote attacker could use this flaw to perform XML eXternal Entity (XXE) attack against applications using the StAX parser to parse untrusted XML documents. (CVE-2014-6517) It was discovered that the Hotspot component in OpenJDK failed to properly handle malformed Shared Archive files. A local attacker able to modify a Shared Archive file used by a virtual machine of a different user could possibly use this flaw to escalate their privileges. (CVE-2014-6468) It was discovered that the DatagramSocket implementation in OpenJDK failed to perform source address checks for packets received on a connected socket. A remote attacker could use this flaw to have their packets processed as if they were received from the expected source. (CVE-2014-6512) It was discovered that the TLS/SSL implementation in the JSSE component in OpenJDK failed to properly verify the server identity during the renegotiation following session resumption, making it possible for malicious TLS/SSL servers to perform a Triple Handshake attack against clients using JSSE and client certificate authentication. (CVE-2014-6457) It was discovered that the CipherInputStream class implementation in OpenJDK did not properly handle certain exceptions. This could possibly allow an attacker to affect the integrity of an encrypted stream handled by this class. (CVE-2014-6558) The CVE-2014-6512 was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2014:1647: thunderbird security update (Important)oval-com.redhat.rhsa-def-20141647 highRHSA-2014:1647 CVE-2014-1574 CVE-2014-1577 CVE-2014-1578 CVE-2014-1581
RHSA-2014:1647: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141647 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1647, CVE-2014-1574, CVE-2014-1577, CVE-2014-1578, CVE-2014-1581 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1574, CVE-2014-1578, CVE-2014-1581, CVE-2014-1577) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron Campen Jon Coppeard, Holger Fuhrmannek, Abhishek Arya, and regenrecht as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.2.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.2.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2014:1652: openssl security update (Important)oval-com.redhat.rhsa-def-20141652 highRHSA-2014:1652 CVE-2014-3513 CVE-2014-3567
RHSA-2014:1652: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141652 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1652, CVE-2014-3513, CVE-2014-3567 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails. This can prevent a forceful downgrade of the communication to SSL 3.0. The SSL 3.0 protocol was found to be vulnerable to the padding oracle attack when using block cipher suites in cipher block chaining (CBC) mode. This issue is identified as CVE-2014-3566, and also known under the alias POODLE. This SSL 3.0 protocol flaw will not be addressed in a future update; it is recommended that users configure their applications to require at least TLS protocol version 1.0 for secure communication. For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1232123 A memory leak flaw was found in the way OpenSSL parsed the DTLS Secure Real-time Transport Protocol (SRTP) extension data. A remote attacker could send multiple specially crafted handshake messages to exhaust all available memory of an SSL/TLS or DTLS server. (CVE-2014-3513) A memory leak flaw was found in the way an OpenSSL handled failed session ticket integrity checks. A remote attacker could exhaust all available memory of an SSL/TLS or DTLS server by sending a large number of invalid session tickets to that server. (CVE-2014-3567) All OpenSSL users are advised to upgrade to these updated packages, which contain backported patches to mitigate the CVE-2014-3566 issue and correct the CVE-2014-3513 and CVE-2014-3567 issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2014:1654: rsyslog7 security update (Important)oval-com.redhat.rhsa-def-20141654 highRHSA-2014:1654 CVE-2014-3634
RHSA-2014:1654: rsyslog7 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141654 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1654, CVE-2014-3634 |
| Description | The rsyslog7 packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon or, potentially, execute arbitrary code as the user running the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. |
RHSA-2014:1655: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20141655 mediumRHSA-2014:1655 CVE-2014-3660
RHSA-2014:1655: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141655 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1655, CVE-2014-3660 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2014:1657: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20141657 highRHSA-2014:1657 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6517 CVE-2014-6519 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558
RHSA-2014:1657: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20141657 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1657, CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6456, CVE-2014-6457, CVE-2014-6458, CVE-2014-6476, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6519, CVE-2014-6527, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 72 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2014:1658: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20141658 highRHSA-2014:1658 CVE-2014-4288 CVE-2014-6457 CVE-2014-6458 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6504 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6515 CVE-2014-6517 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558
RHSA-2014:1658: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141658 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1658, CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-4288, CVE-2014-6457, CVE-2014-6458, CVE-2014-6492, CVE-2014-6493, CVE-2014-6502, CVE-2014-6503, CVE-2014-6504, CVE-2014-6506, CVE-2014-6511, CVE-2014-6512, CVE-2014-6515, CVE-2014-6517, CVE-2014-6531, CVE-2014-6532, CVE-2014-6558) The CVE-2014-6512 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 85 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2014:1669: qemu-kvm security and bug fix update (Low)oval-com.redhat.rhsa-def-20141669 lowRHSA-2014:1669 CVE-2014-3615
RHSA-2014:1669: qemu-kvm security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20141669 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2014:1669, CVE-2014-3615 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. (CVE-2014-3615) This issue was discovered by Laszlo Ersek of Red Hat. This update also fixes the following bug: * This update fixes a regression in the scsi_block_new_request() function, which caused all read requests to through SG_IO if the host cache was not used. (BZ#1141189) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2014:1671: rsyslog5 and rsyslog security update (Moderate)oval-com.redhat.rhsa-def-20141671 mediumRHSA-2014:1671 CVE-2014-3634
RHSA-2014:1671: rsyslog5 and rsyslog security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141671 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1671, CVE-2014-3634 |
| Description | The rsyslog packages provide an enhanced, multi-threaded syslog daemon that supports writing to relational databases, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grained output format control. A flaw was found in the way rsyslog handled invalid log message priority values. In certain configurations, a local attacker, or a remote attacker able to connect to the rsyslog port, could use this flaw to crash the rsyslog daemon. (CVE-2014-3634) Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue. All rsyslog5 and rsyslog users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the rsyslog service will be restarted automatically. |
RHSA-2014:1676: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20141676 mediumRHSA-2014:1676 CVE-2014-6421 CVE-2014-6422 CVE-2014-6423 CVE-2014-6424 CVE-2014-6425 CVE-2014-6426 CVE-2014-6427 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432
RHSA-2014:1676: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141676 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1676, CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432 |
| Description | Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6424, CVE-2014-6425, CVE-2014-6426, CVE-2014-6427, CVE-2014-6428) All wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2014:1677: wireshark security update (Moderate)oval-com.redhat.rhsa-def-20141677 mediumRHSA-2014:1677 CVE-2014-6421 CVE-2014-6422 CVE-2014-6423 CVE-2014-6425 CVE-2014-6428 CVE-2014-6429 CVE-2014-6430 CVE-2014-6431 CVE-2014-6432
RHSA-2014:1677: wireshark security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141677 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1677, CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428, CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432 |
| Description | Wireshark is a network protocol analyzer. It is used to capture and browse the traffic running on a computer network. Multiple flaws were found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2014-6429, CVE-2014-6430, CVE-2014-6431, CVE-2014-6432) Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-6421, CVE-2014-6422, CVE-2014-6423, CVE-2014-6425, CVE-2014-6428) All wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2014:1724: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20141724 highRHSA-2014:1724 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646 CVE-2014-4653 CVE-2014-5077
RHSA-2014:1724: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141724 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1724, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-4653, CVE-2014-5077 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes: * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A NULL pointer dereference flaw was found in the way the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation handled simultaneous connections between the same hosts. A remote attacker could use this flaw to crash the system. (CVE-2014-5077, Important) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) * A use-after-free flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4653, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. Bug fixes: * A known issue that could prevent Chelsio adapters using the cxgb4 driver from being initialized on IBM POWER8 systems has been fixed. These adapters can now be used on IBM POWER8 systems as expected. (BZ#1130548) * When bringing a hot-added CPU online, the kernel did not initialize a CPU mask properly, which could result in a kernel panic. This update corrects the bug by ensuring that the CPU mask is properly initialized and the correct NUMA node selected. (BZ#1134715) * The kernel could fail to bring a CPU online if the hardware supported both, the acpi-cpufreq and intel_pstate modules. This update ensures that the acpi-cpufreq module is not loaded in the intel_pstate module is loaded. (BZ#1134716) * Due to a bug in the time accounting of the kernel scheduler, a divide error could occur when hot adding a CPU. To fix this problem, the kernel scheduler time accounting has been reworked. (BZ#1134717) * The kernel did not handle exceptions caused by an invalid floating point control (FPC) register, resulting in a kernel oops. This problem has been fixed by placing the label to handle these exceptions to the correct place in the code. (BZ#1138733) * A previous change to the kernel for the PowerPC architecture changed implementation of the compat_sys_sendfile() function. Consequently, the 64-bit sendfile() system call stopped working for files larger than 2 GB on PowerPC. This update restores previous behavior of sendfile() on PowerPC, and it again process files bigger than 2 GB as expected. (BZ#1139126) * Previously, the kernel scheduler could schedule a CPU topology update even though the topology did not change. This could negatively affect the CPU load balancing, cause degradation of the system performance, and eventually result in a kernel oops. This problem has been fixed by skipping the CPU topology update if the topology has not actually changed. (BZ#1140300) * Previously, recovery of a double-degraded RAID6 array could, under certain circumstances, result in data corruption. This could happen because the md driver was using an optimization that is safe to use only for single-degraded arrays. This update ensures that this optimization is skipped during the recovery of double-degraded RAID6 arrays. (BZ#1143850) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:1764: wget security update (Moderate)oval-com.redhat.rhsa-def-20141764 mediumRHSA-2014:1764 CVE-2014-4877
RHSA-2014:1764: wget security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141764 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1764, CVE-2014-4877 |
| Description | The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. A flaw was found in the way Wget handled symbolic links. A malicious FTP server could allow Wget running in the mirror mode (using the '-m' command line option) to write an arbitrary file to a location writable to by the user running Wget, possibly leading to code execution. (CVE-2014-4877) Note: This update changes the default value of the --retr-symlinks option. The file symbolic links are now traversed by default and pointed-to files are retrieved rather than creating a symbolic link locally. Red Hat would like to thank the GNU Wget project for reporting this issue. Upstream acknowledges HD Moore of Rapid7, Inc as the original reporter. All users of wget are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2014:1767: php security update (Important)oval-com.redhat.rhsa-def-20141767 highRHSA-2014:1767 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710
RHSA-2014:1767: php security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141767 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1767, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2014:1768: php53 security update (Important)oval-com.redhat.rhsa-def-20141768 highRHSA-2014:1768 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710
RHSA-2014:1768: php53 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141768 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1768, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) An out-of-bounds read flaw was found in the way the File Information (fileinfo) extension parsed Executable and Linkable Format (ELF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file. (CVE-2014-3710) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-3710 issue was discovered by Francisco Alonso of Red Hat Product Security. All php53 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2014:1795: cups-filters security update (Moderate)oval-com.redhat.rhsa-def-20141795 mediumRHSA-2014:1795 CVE-2014-4337 CVE-2014-4338
RHSA-2014:1795: cups-filters security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141795 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1795, CVE-2014-4337, CVE-2014-4338 |
| Description | The cups-filters package contains backends, filters, and other software that was once part of the core CUPS distribution but is now maintained independently. An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon. (CVE-2014-4337) A flaw was found in the way the cups-browsed daemon interpreted the "BrowseAllow" directive in the cups-browsed.conf file. An attacker able to add a malformed "BrowseAllow" directive to the cups-browsed.conf file could use this flaw to bypass intended access restrictions. (CVE-2014-4338) All cups-filters users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cups-browsed daemon will be restarted automatically. |
RHSA-2014:1801: shim security update (Moderate)oval-com.redhat.rhsa-def-20141801 mediumRHSA-2014:1801 CVE-2014-3675 CVE-2014-3676 CVE-2014-3677
RHSA-2014:1801: shim security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141801 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1801, CVE-2014-3675, CVE-2014-3676, CVE-2014-3677 |
| Description | Shim is the initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. A heap-based buffer overflow flaw was found the way shim parsed certain IPv6 addresses. If IPv6 network booting was enabled, a malicious server could supply a crafted IPv6 address that would cause shim to crash or, potentially, execute arbitrary code. (CVE-2014-3676) An out-of-bounds memory write flaw was found in the way shim processed certain Machine Owner Keys (MOKs). A local attacker could potentially use this flaw to execute arbitrary code on the system. (CVE-2014-3677) An out-of-bounds memory read flaw was found in the way shim parsed certain IPv6 packets. A specially crafted DHCPv6 packet could possibly cause shim to crash, preventing the system from booting if IPv6 booting was enabled. (CVE-2014-3675) Red Hat would like to thank the SUSE Security Team for reporting these issues. All shim users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:1803: mod_auth_mellon security update (Important)oval-com.redhat.rhsa-def-20141803 highRHSA-2014:1803 CVE-2014-8566 CVE-2014-8567
RHSA-2014:1803: mod_auth_mellon security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141803 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1803, CVE-2014-8566, CVE-2014-8567 |
| Description | mod_auth_mellon provides a SAML 2.0 authentication module for the Apache HTTP Server. An information disclosure flaw was found in mod_auth_mellon's session handling that could lead to sessions overlapping in memory. A remote attacker could potentially use this flaw to obtain data from another user's session. (CVE-2014-8566) It was found that uninitialized data could be read when processing a user's logout request. By attempting to log out, a user could possibly cause the Apache HTTP Server to crash. (CVE-2014-8567) Red Hat would like to thank the mod_auth_mellon team for reporting these issues. Upstream acknowledges Matthew Slowe as the original reporter of CVE-2014-8566. All users of mod_auth_mellon are advised to upgrade to this updated package, which contains a backported patch to correct these issues. |
RHSA-2014:1824: php security update (Important)oval-com.redhat.rhsa-def-20141824 highRHSA-2014:1824 CVE-2014-3669 CVE-2014-3670 CVE-2014-8626
RHSA-2014:1824: php security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141824 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1824, CVE-2014-3669, CVE-2014-3670, CVE-2014-8626 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3670) A stack-based buffer overflow flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-8626) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2014:1826: libvncserver security update (Moderate)oval-com.redhat.rhsa-def-20141826 mediumRHSA-2014:1826 CVE-2014-6051 CVE-2014-6052 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055
RHSA-2014:1826: libvncserver security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141826 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1826, CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055 |
| Description | LibVNCServer is a library that allows for easy creation of VNC server or client functionality. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way screen sizes were handled by LibVNCServer. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code in the client. (CVE-2014-6051) A NULL pointer dereference flaw was found in LibVNCServer's framebuffer setup. A malicious VNC server could use this flaw to cause a VNC client to crash. (CVE-2014-6052) A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. (CVE-2014-6053) A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6054) Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6055) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas Ruff as the original reporter. All libvncserver users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against libvncserver must be restarted for this update to take effect. |
RHSA-2014:1827: kdenetwork security update (Moderate)oval-com.redhat.rhsa-def-20141827 mediumRHSA-2014:1827 CVE-2014-6053 CVE-2014-6054 CVE-2014-6055
RHSA-2014:1827: kdenetwork security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141827 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1827, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055 |
| Description | The kdenetwork packages contain networking applications for the K Desktop Environment (KDE). Krfb Desktop Sharing, which is a part of the kdenetwork package, is a server application that allows session sharing between users. Krfb uses the LibVNCServer library. A NULL pointer dereference flaw was found in the way LibVNCServer handled certain ClientCutText message. A remote attacker could use this flaw to crash the VNC server by sending a specially crafted ClientCutText message from a VNC client. (CVE-2014-6053) A divide-by-zero flaw was found in the way LibVNCServer handled the scaling factor when it was set to "0". A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6054) Two stack-based buffer overflow flaws were found in the way LibVNCServer handled file transfers. A remote attacker could use this flaw to crash the VNC server using a malicious VNC client. (CVE-2014-6055) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas Ruff as the original reporter. Note: Prior to this update, the kdenetwork packages used an embedded copy of the LibVNCServer library. With this update, the kdenetwork packages have been modified to use the system LibVNCServer packages. Therefore, the update provided by RHSA-2014:1826 must be installed to fully address the issues in krfb described above. All kdenetwork users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of the krfb server must be restarted for this update to take effect. |
RHSA-2014:1843: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20141843 highRHSA-2014:1843 CVE-2014-3185 CVE-2014-3611 CVE-2014-3645 CVE-2014-3646
RHSA-2014:1843: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141843 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1843, CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611, Important) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * It was found that the Linux kernel's KVM subsystem did not handle the VM exits gracefully for the invept (Invalidate Translations Derived from EPT) and invvpid (Invalidate Translations Based on VPID) instructions. On hosts with an Intel processor and invept/invppid VM exit support, an unprivileged guest user could use these instructions to crash the guest. (CVE-2014-3645, CVE-2014-3646, Moderate) Red Hat would like to thank Lars Bull of Google for reporting CVE-2014-3611, and the Advanced Threat Research team at Intel Security for reporting CVE-2014-3645 and CVE-2014-3646. This update also fixes the following bugs: * This update fixes several race conditions between PCI error recovery callbacks and potential calls of the ifup and ifdown commands in the tg3 driver. When triggered, these race conditions could cause a kernel crash. (BZ#1142570) * Previously, GFS2 failed to unmount a sub-mounted GFS2 file system if its parent was also a GFS2 file system. This problem has been fixed by adding the appropriate d_op->d_hash() routine call for the last component of the mount point path in the path name lookup mechanism code (namei). (BZ#1145193) * Due to previous changes in the virtio-net driver, a Red Hat Enterprise Linux 6.6 guest was unable to boot with the "mgr_rxbuf=off" option specified. This was caused by providing the page_to_skb() function with an incorrect packet length in the driver's Rx path. This problem has been fixed and the guest in the described scenario can now boot successfully. (BZ#1148693) * When using one of the newer IPSec Authentication Header (AH) algorithms with Openswan, a kernel panic could occur. This happened because the maximum truncated ICV length was too small. To fix this problem, the MAX_AH_AUTH_LEN parameter has been set to 64. (BZ#1149083) * A bug in the IPMI driver caused the kernel to panic when an IPMI interface was removed using the hotmod script. The IPMI driver has been fixed to properly clean the relevant data when removing an IPMI interface. (BZ#1149578) * Due to a bug in the IPMI driver, the kernel could panic when adding an IPMI interface that was previously removed using the hotmod script. This update fixes this bug by ensuring that the relevant shadow structure is initialized at the right time. (BZ#1149580) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:1846: gnutls security update (Moderate)oval-com.redhat.rhsa-def-20141846 mediumRHSA-2014:1846 CVE-2014-8564
RHSA-2014:1846: gnutls security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141846 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1846, CVE-2014-8564 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). The gnutls packages also include the libtasn1 library, which provides Abstract Syntax Notation One (ASN.1) parsing and structures management, and Distinguished Encoding Rules (DER) encoding and decoding functions. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2014-8564) Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Sean Burford as the original reporter. All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS or libtasn1 library must be restarted. |
RHSA-2014:1859: mysql55-mysql security update (Important)oval-com.redhat.rhsa-def-20141859 highRHSA-2014:1859 CVE-2012-5615 CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559
RHSA-2014:1859: mysql55-mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141859 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1859, CVE-2012-5615, CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2014:1861: mariadb security update (Important)oval-com.redhat.rhsa-def-20141861 highRHSA-2014:1861 CVE-2012-5615 CVE-2014-2494 CVE-2014-4207 CVE-2014-4243 CVE-2014-4258 CVE-2014-4260 CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464 CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520 CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559
RHSA-2014:1861: mariadb security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141861 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1861, CVE-2012-5615, CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4274, CVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559) These updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. |
RHSA-2014:1870: libXfont security update (Important)oval-com.redhat.rhsa-def-20141870 highRHSA-2014:1870 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211
RHSA-2014:1870: libXfont security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141870 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1870, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 |
| Description | The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. |
RHSA-2014:1873: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141873 mediumRHSA-2014:1873 CVE-2014-3633 CVE-2014-3657 CVE-2014-7823
RHSA-2014:1873: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141873 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1873, CVE-2014-3633, CVE-2014-3657, CVE-2014-7823 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. An out-of-bounds read flaw was found in the way libvirt's qemuDomainGetBlockIoTune() function looked up the disk index in a non-persistent (live) disk configuration while a persistent disk configuration was being indexed. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to crash libvirtd or, potentially, leak memory from the libvirtd process. (CVE-2014-3633) A denial of service flaw was found in the way libvirt's virConnectListAllDomains() function computed the number of used domains. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to make any domain operations within libvirt unresponsive. (CVE-2014-3657) It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) The CVE-2014-3633 issue was discovered by Luyao Huang of Red Hat. This update also fixes the following bug: When dumping migratable XML configuration of a domain, libvirt removes some automatically added devices for compatibility with older libvirt releases. If such XML is passed to libvirt as a domain XML that should be used during migration, libvirt checks this XML for compatibility with the internally stored configuration of the domain. However, prior to this update, these checks failed because of devices that were missing (the same devices libvirt removed). As a consequence, migration with user-supplied migratable XML failed. Since this feature is used by OpenStack, migrating QEMU/KVM domains with OpenStack always failed. With this update, before checking domain configurations for compatibility, libvirt transforms both user-supplied and internal configuration into a migratable form (automatically added devices are removed) and checks those instead. Thus, no matter whether the user-supplied configuration was generated as migratable or not, libvirt does not err about missing devices, and migration succeeds as expected. (BZ#1155564) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2014:1885: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20141885 mediumRHSA-2014:1885 CVE-2014-3660
RHSA-2014:1885: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141885 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1885, CVE-2014-3660 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. (CVE-2014-3660) All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2014:1893: libXfont security update (Important)oval-com.redhat.rhsa-def-20141893 highRHSA-2014:1893 CVE-2014-0209 CVE-2014-0210 CVE-2014-0211
RHSA-2014:1893: libXfont security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141893 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1893, CVE-2014-0209, CVE-2014-0210, CVE-2014-0211 |
| Description | The libXfont packages provide the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. A use-after-free flaw was found in the way libXfont processed certain font files when attempting to add a new directory to the font path. A malicious, local user could exploit this issue to potentially execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0209) Multiple out-of-bounds write flaws were found in the way libXfont parsed replies received from an X.org font server. A malicious X.org server could cause an X client to crash or, possibly, execute arbitrary code with the privileges of the X.Org server. (CVE-2014-0210, CVE-2014-0211) Red Hat would like to thank the X.org project for reporting these issues. Upstream acknowledges Ilja van Sprundel as the original reporter. Users of libXfont should upgrade to these updated packages, which contain a backported patch to resolve this issue. All running X.Org server instances must be restarted for the update to take effect. |
RHSA-2014:1911: ruby security update (Moderate)oval-com.redhat.rhsa-def-20141911 mediumRHSA-2014:1911 CVE-2014-8080 CVE-2014-8090
RHSA-2014:1911: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141911 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1911, CVE-2014-8080, CVE-2014-8090 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. |
RHSA-2014:1912: ruby security update (Moderate)oval-com.redhat.rhsa-def-20141912 mediumRHSA-2014:1912 CVE-2014-4975 CVE-2014-8080 CVE-2014-8090
RHSA-2014:1912: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141912 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1912, CVE-2014-4975, CVE-2014-8080, CVE-2014-8090 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Multiple denial of service flaws were found in the way the Ruby REXML XML parser performed expansion of parameter entities. A specially crafted XML document could cause REXML to use an excessive amount of CPU and memory. (CVE-2014-8080, CVE-2014-8090) A stack-based buffer overflow was found in the implementation of the Ruby Array pack() method. When performing base64 encoding, a single byte could be written past the end of the buffer, possibly causing Ruby to crash. (CVE-2014-4975) The CVE-2014-8090 issue was discovered by Red Hat Product Security. All ruby users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of Ruby need to be restarted for this update to take effect. |
RHSA-2014:1919: firefox security update (Critical)oval-com.redhat.rhsa-def-20141919 highRHSA-2014:1919 CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594
RHSA-2014:1919: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20141919 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1919, CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593) A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy. (CVE-2014-1594) This update disables SSL 3.0 support by default in Firefox. Details on how to re-enable SSL 3.0 support are available at: https://access.redhat.com/articles/1283153 Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.3.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2014:1924: thunderbird security update (Important)oval-com.redhat.rhsa-def-20141924 highRHSA-2014:1924 CVE-2014-1587 CVE-2014-1590 CVE-2014-1592 CVE-2014-1593 CVE-2014-1594
RHSA-2014:1924: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141924 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1924, CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593, CVE-2014-1594 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593) A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy. (CVE-2014-1594) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. This update disables SSL 3.0 support by default in Thunderbird. Details on how to re-enable SSL 3.0 support are available at: https://access.redhat.com/articles/1284233 Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, Max Jonas Werner, Joe Vennix, Berend-Jan Wever, Abhishek Arya, and Boris Zbarsky as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.3.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.3.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2014:1956: wpa_supplicant security update (Moderate)oval-com.redhat.rhsa-def-20141956 mediumRHSA-2014:1956 CVE-2014-3686
RHSA-2014:1956: wpa_supplicant security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141956 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1956, CVE-2014-3686 |
| Description | The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script (specified using the -a command line option), and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code. (CVE-2014-3686) Red Hat would like to thank Jouni Malinen for reporting this issue. All wpa_supplicant users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2014:1959: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20141959 mediumRHSA-2014:1959 CVE-2014-0181
RHSA-2014:1959: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141959 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1959, CVE-2014-0181 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. (CVE-2014-0181, Moderate) Red Hat would like to thank Andy Lutomirski for reporting this issue. This update also fixes the following bugs: * Previously, the kernel did not successfully deliver multicast packets when the multicast querier was disabled. Consequently, the corosync utility terminated unexpectedly and the affected storage node did not join its intended cluster. With this update, multicast packets are delivered properly when the multicast querier is disabled, and corosync handles the node as expected. (BZ#902454) * Previously, the kernel wrote the metadata contained in all system information blocks on a single page of the /proc/sysinfo file. However, when the machine configuration was very extensive and the data did not fit on a single page, the system overwrote random memory regions, which in turn caused data corruption when reading the /proc/sysconf file. With this update, /proc/sysinfo automatically allocates a larger buffer if the data output does not fit the current buffer, which prevents the data corruption. (BZ#1131283) * Prior to this update, the it_real_fn() function did not, in certain cases, successfully acquire the SIGLOCK signal when the do_setitimer() function used the ITIMER_REAL timer. As a consequence, the current process entered an endless loop and became unresponsive. This update fixes the bug and it_real_fn() no longer causes the kernel to become unresponsive. (BZ#1134654) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2014:1971: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20141971 highRHSA-2014:1971 CVE-2013-2929 CVE-2014-1739 CVE-2014-3181 CVE-2014-3182 CVE-2014-3184 CVE-2014-3185 CVE-2014-3186 CVE-2014-3631 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-4027 CVE-2014-4652 CVE-2014-4654 CVE-2014-4655 CVE-2014-4656 CVE-2014-5045 CVE-2014-6410
RHSA-2014:1971: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141971 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1971, CVE-2013-2929, CVE-2014-1739, CVE-2014-3181, CVE-2014-3182, CVE-2014-3184, CVE-2014-3185, CVE-2014-3186, CVE-2014-3631, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-4027, CVE-2014-4652, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-5045, CVE-2014-6410 |
| Description | * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * Two flaws were found in the way the Apple Magic Mouse/Trackpad multi-touch driver and the Minibox PicoLCD driver handled invalid HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, CVE-2014-3186, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * A flaw was found in the way the Linux kernel's keys subsystem handled the termination condition in the associative array garbage collection functionality. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-3631, Moderate) * Multiple flaws were found in the way the Linux kernel's ALSA implementation handled user controls. A local, privileged user could use either of these flaws to crash the system. (CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, Moderate) * A flaw was found in the way the Linux kernel's VFS subsystem handled reference counting when performing unmount operations on symbolic links. A local, unprivileged user could use this flaw to exhaust all available memory on the system or, potentially, trigger a use-after-free error, resulting in a system crash or privilege escalation. (CVE-2014-5045, Moderate) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * An information leak flaw in the way the Linux kernel handled media device enumerate entities IOCTL requests could allow a local user able to access the /dev/media0 device file to leak kernel memory bytes. (CVE-2014-1739, Low) * An out-of-bounds read flaw in the Logitech Unifying receiver driver could allow an attacker with physical access to the system to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled invalid HID reports. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * An information leak flaw was found in the RAM Disks Memory Copy (rd_mcp) back end driver of the iSCSI Target subsystem could allow a privileged user to leak the contents of kernel memory to an iSCSI initiator remote client. (CVE-2014-4027, Low) * An information leak flaw in the Linux kernel's ALSA implementation could allow a local, privileged user to leak kernel memory to user space. (CVE-2014-4652, Low) |
RHSA-2014:1974: rpm security update (Important)oval-com.redhat.rhsa-def-20141974 highRHSA-2014:1974 CVE-2013-6435
RHSA-2014:1974: rpm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141974 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1974, CVE-2013-6435 |
| Description | The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) This issue was discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the RPM library must be restarted for this update to take effect. |
RHSA-2014:1976: rpm security update (Important)oval-com.redhat.rhsa-def-20141976 highRHSA-2014:1976 CVE-2013-6435 CVE-2014-8118
RHSA-2014:1976: rpm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141976 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1976, CVE-2013-6435, CVE-2014-8118 |
| Description | The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package such as its version, description, and other information. It was found that RPM wrote file contents to the target installation directory under a temporary name, and verified its cryptographic signature only after the temporary file has been written completely. Under certain conditions, the system interprets the unverified temporary file contents and extracts commands from it. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2013-6435) It was found that RPM could encounter an integer overflow, leading to a stack-based buffer overflow, while parsing a crafted CPIO header in the payload section of an RPM file. This could allow an attacker to modify signed RPM files in such a way that they would execute code chosen by the attacker during package installation. (CVE-2014-8118) These issues were discovered by Florian Weimer of Red Hat Product Security. All rpm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against the RPM library must be restarted for this update to take effect. |
RHSA-2014:1982: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20141982 highRHSA-2014:1982 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102
RHSA-2014:1982: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141982 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1982, CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093, CVE-2014-8098) It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. (CVE-2014-8091) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client. (CVE-2014-8097) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102) All xorg-x11-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:1983: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20141983 highRHSA-2014:1983 CVE-2014-8091 CVE-2014-8092 CVE-2014-8093 CVE-2014-8094 CVE-2014-8095 CVE-2014-8096 CVE-2014-8097 CVE-2014-8098 CVE-2014-8099 CVE-2014-8100 CVE-2014-8101 CVE-2014-8102 CVE-2014-8103
RHSA-2014:1983: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141983 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1983, CVE-2014-8091, CVE-2014-8092, CVE-2014-8093, CVE-2014-8094, CVE-2014-8095, CVE-2014-8096, CVE-2014-8097, CVE-2014-8098, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Multiple integer overflow flaws and out-of-bounds write flaws were found in the way the X.Org server calculated memory requirements for certain X11 core protocol and GLX extension requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server or, potentially, execute arbitrary code with root privileges. (CVE-2014-8092, CVE-2014-8093, CVE-2014-8098) It was found that the X.Org server did not properly handle SUN-DES-1 (Secure RPC) authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request. (CVE-2014-8091) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server, or leak memory contents to the client. (CVE-2014-8097) An integer overflow flaw was found in the way the X.Org server calculated memory requirements for certain DRI2 extension requests. A malicious, authenticated client could use this flaw to crash the X.Org server. (CVE-2014-8094) Multiple out-of-bounds access flaws were found in the way the X.Org server calculated memory requirements for certain requests. A malicious, authenticated client could use either of these flaws to crash the X.Org server. (CVE-2014-8095, CVE-2014-8096, CVE-2014-8099, CVE-2014-8100, CVE-2014-8101, CVE-2014-8102, CVE-2014-8103) All xorg-x11-server users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:1984: bind security update (Important)oval-com.redhat.rhsa-def-20141984 highRHSA-2014:1984 CVE-2014-8500
RHSA-2014:1984: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141984 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1984, CVE-2014-8500 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2014:1985: bind97 security update (Important)oval-com.redhat.rhsa-def-20141985 highRHSA-2014:1985 CVE-2014-8500
RHSA-2014:1985: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141985 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1985, CVE-2014-8500 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash. (CVE-2014-8500) All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2014:1997: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20141997 highRHSA-2014:1997 CVE-2012-6657 CVE-2014-3673 CVE-2014-3687 CVE-2014-3688 CVE-2014-5471 CVE-2014-5472 CVE-2014-6410 CVE-2014-9322
RHSA-2014:1997: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20141997 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:1997, CVE-2012-6657, CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-5471, CVE-2014-5472, CVE-2014-6410, CVE-2014-9322 |
| Description | * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat. Bug fixes: * This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log. (BZ#1155427) * The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware. This update enables toleration mode for such devices so that the system can make use of newer crypto hardware. (BZ#1158311) * After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive. This was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug. (BZ#1158325) * When using the ixgbe adapter with disabled LRO and the tx-usec or rs-usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs. (BZ#1158326) * The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue. (BZ#1158328) * Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected. (BZ#1161418) * A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable. (BZ#1161420) * Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly. (BZ#1161421) |
RHSA-2014:1999: mailx security update (Moderate)oval-com.redhat.rhsa-def-20141999 mediumRHSA-2014:1999 CVE-2004-2771 CVE-2014-7844
RHSA-2014:1999: mailx security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20141999 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:1999, CVE-2004-2771, CVE-2014-7844 |
| Description | The mailx packages contain a mail user agent that is used to manage mail using scripts. A flaw was found in the way mailx handled the parsing of email addresses. A syntactically valid email address could allow a local attacker to cause mailx to execute arbitrary shell commands through shell meta-characters and the direct command execution functionality. (CVE-2004-2771, CVE-2014-7844) Note: Applications using mailx to send email to addresses obtained from untrusted sources will still remain vulnerable to other attacks if they accept email addresses which start with "-" (so that they can be confused with mailx options). To counteract this issue, this update also introduces the "--" option, which will treat the remaining command line arguments as email addresses. All mailx users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:2008: kernel security update (Important)oval-com.redhat.rhsa-def-20142008 highRHSA-2014:2008 CVE-2014-9322
RHSA-2014:2008: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20142008 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:2008, CVE-2014-9322 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2014:2010: kernel security update (Important)oval-com.redhat.rhsa-def-20142010 highRHSA-2014:2010 CVE-2014-9322
RHSA-2014:2010: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20142010 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:2010, CVE-2014-9322 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) Red Hat would like to thank Andy Lutomirski for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2014:2021: jasper security update (Important)oval-com.redhat.rhsa-def-20142021 highRHSA-2014:2021 CVE-2014-8137 CVE-2014-8138 CVE-2014-9029
RHSA-2014:2021: jasper security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20142021 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:2021, CVE-2014-8137, CVE-2014-8138, CVE-2014-9029 |
| Description | JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Multiple off-by-one flaws, leading to heap-based buffer overflows, were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-9029) A heap-based buffer overflow flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8138) A double free flaw was found in the way JasPer parsed ICC color profiles in JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8137) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect. |
RHSA-2014:2023: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20142023 mediumRHSA-2014:2023 CVE-2014-7817
RHSA-2014:2023: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20142023 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2014:2023, CVE-2014-7817 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817) This issue was discovered by Tim Waugh of the Red Hat Developer Experience Team. This update also fixes the following bug: * Prior to this update, if a file stream that was opened in append mode and its underlying file descriptor were used at the same time and the file was truncated using the ftruncate() function on the file descriptor, a subsequent ftell() call on the stream incorrectly modified the file offset by seeking to the new end of the file. This update ensures that ftell() modifies the state of the file stream only when it is in append mode and its buffer is not empty. As a result, the described incorrect changes to the file offset no longer occur. (BZ#1170187) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2014:2024: ntp security update (Important)oval-com.redhat.rhsa-def-20142024 highRHSA-2014:2024 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296
RHSA-2014:2024: ntp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20142024 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:2024, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) A missing return statement in the receive() function could potentially allow a remote attacker to bypass NTP's authentication mechanism. (CVE-2014-9296) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. |
RHSA-2014:2025: ntp security update (Important)oval-com.redhat.rhsa-def-20142025 highRHSA-2014:2025 CVE-2014-9293 CVE-2014-9294 CVE-2014-9295
RHSA-2014:2025: ntp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20142025 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2014:2025, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. Multiple buffer overflow flaws were discovered in ntpd's crypto_recv(), ctl_putdata(), and configure() functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user. Note: the crypto_recv() flaw requires non-default configurations to be active, while the ctl_putdata() flaw, by default, can only be exploited via local attackers, and the configure() flaw requires additional authentication to exploit. (CVE-2014-9295) It was found that ntpd automatically generated weak keys for its internal use if no ntpdc request authentication key was specified in the ntp.conf configuration file. A remote attacker able to match the configured IP restrictions could guess the generated key, and possibly use it to send ntpdc query or configuration requests. (CVE-2014-9293) It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keygen; the default installation does not contain such keys). (CVE-2014-9294) All ntp users are advised to upgrade to this updated package, which contains backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. |
RHSA-2015:0008: libvirt security and bug fix update (Low)oval-com.redhat.rhsa-def-20150008 lowRHSA-2015:0008 CVE-2014-7823
RHSA-2015:0008: libvirt security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20150008 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:0008, CVE-2014-7823 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. It was found that when the VIR_DOMAIN_XML_MIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc() function could bypass the restrictions of the VIR_DOMAIN_XML_SECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak certain limited information from the domain XML data. (CVE-2014-7823) This issue was discovered by Eric Blake of Red Hat. This update also fixes the following bugs: * In Red Hat Enterprise Linux 6, libvirt relies on the QEMU emulator to supply the error message when an active commit is attempted. However, with Red Hat Enterprise Linux 7, QEMU added support for an active commit, but an additional interaction from libvirt to fully enable active commits is still missing. As a consequence, attempts to perform an active commit caused libvirt to become unresponsive. With this update, libvirt has been fixed to detect an active commit by itself, and now properly declares the feature as unsupported. As a result, libvirt no longer hangs when an active commit is attempted and instead produces an error message. Note that the missing libvirt interaction will be added in Red Hat Enterprise Linux 7.1, adding full support for active commits. (BZ#1150379) * Prior to this update, the libvirt API did not properly check whether a Discretionary Access Control (DAC) security label is non-NULL before trying to parse user/group ownership from it. In addition, the DAC security label of a transient domain that had just finished migrating to another host is in some cases NULL. As a consequence, when the virDomainGetBlockInfo API was called on such a domain, the libvirtd daemon sometimes terminated unexpectedly. With this update, libvirt properly checks DAC labels before trying to parse them, and libvirtd thus no longer crashes in the described scenario. (BZ#1171124) * If a block copy operation was attempted while another block copy was already in progress to an explicit raw destination, libvirt previously stopped regarding the destination as raw. As a consequence, if the qemu.conf file was edited to allow file format probing, triggering the bug could allow a malicious guest to bypass sVirt protection by making libvirt regard the file as non-raw. With this update, libvirt has been fixed to consistently remember when a block copy destination is raw, and guests can no longer circumvent sVirt protection when the host is configured to allow format probing. (BZ#1149078) All libvirt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd will be restarted automatically. |
RHSA-2015:0016: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20150016 mediumRHSA-2015:0016 CVE-2014-6040 CVE-2014-7817
RHSA-2015:0016: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0016, CVE-2014-6040, CVE-2014-7817 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040) It was found that the wordexp() function would perform command substitution even when the WRDE_NOCMD flag was specified. An attacker able to provide specially crafted input to an application using the wordexp() function, and not sanitizing the input correctly, could potentially use this flaw to execute arbitrary commands with the credentials of the user running that application. (CVE-2014-7817) The CVE-2014-7817 issue was discovered by Tim Waugh of the Red Hat Developer Experience Team. This update also fixes the following bugs: * Previously, when an address lookup using the getaddrinfo() function for the AF_UNSPEC value was performed on a defective DNS server, the server in some cases responded with a valid response for the A record, but a referral response for the AAAA record, which resulted in a lookup failure. A prior update was implemented for getaddrinfo() to return the valid response, but it contained a typographical error, due to which the lookup could under some circumstances still fail. This error has been corrected and getaddrinfo() now returns a valid response in the described circumstances. (BZ#1172023) * An error in the dlopen() library function previously caused recursive calls to dlopen() to terminate unexpectedly or to abort with a library assertion. This error has been fixed and recursive calls to dlopen() no longer crash or abort. (BZ#1173469) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:0046: firefox security and bug fix update (Critical)oval-com.redhat.rhsa-def-20150046 highRHSA-2015:0046 CVE-2014-8634 CVE-2014-8638 CVE-2014-8639 CVE-2014-8641
RHSA-2015:0046: firefox security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150046 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0046, CVE-2014-8634, CVE-2014-8638, CVE-2014-8639, CVE-2014-8641 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-8634, CVE-2014-8639, CVE-2014-8641) It was found that the Beacon interface implementation in Firefox did not follow the Cross-Origin Resource Sharing (CORS) specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (XSRF) attack. (CVE-2014-8638) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Patrick McManus, Muneaki Nishimura, Xiaofeng Zheng, and Mitchell Harper as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.4.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. This update also fixes the following bug: * The default dictionary for Firefox's spell checker is now correctly set to the system's locale language. (BZ#643954, BZ#1150572) All Firefox users should upgrade to these updated packages, which contain Firefox version 31.4.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:0047: thunderbird security update (Important)oval-com.redhat.rhsa-def-20150047 highRHSA-2015:0047 CVE-2014-8634 CVE-2014-8638 CVE-2014-8639
RHSA-2015:0047: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150047 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0047, CVE-2014-8634, CVE-2014-8638, CVE-2014-8639 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-8634, CVE-2014-8639) It was found that the Beacon interface implementation in Thunderbird did not follow the Cross-Origin Resource Sharing (CORS) specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (XSRF) attack. (CVE-2014-8638) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Patrick McManus, Muneaki Nishimura, and Xiaofeng Zheng as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.4.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.4.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2015:0066: openssl security update (Moderate)oval-com.redhat.rhsa-def-20150066 mediumRHSA-2015:0066 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 CVE-2015-0205 CVE-2015-0206
RHSA-2015:0066: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150066 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0066, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-0204, CVE-2015-0205, CVE-2015-0206 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL), Transport Layer Security (TLS), and Datagram Transport Layer Security (DTLS) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the DTLS implementation of OpenSSL. A remote attacker could send a specially crafted DTLS message, which would cause an OpenSSL server to crash. (CVE-2014-3571) A memory leak flaw was found in the way the dtls1_buffer_record() function of OpenSSL parsed certain DTLS messages. A remote attacker could send multiple specially crafted DTLS messages to exhaust all available memory of a DTLS server. (CVE-2015-0206) It was found that OpenSSL's BigNumber Squaring implementation could produce incorrect results under certain special conditions. This flaw could possibly affect certain OpenSSL library functionality, such as RSA blinding. Note that this issue occurred rarely and with a low probability, and there is currently no known way of exploiting it. (CVE-2014-3570) It was discovered that OpenSSL would perform an ECDH key exchange with a non-ephemeral key even when the ephemeral ECDH cipher suite was selected. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method than the one requested by the user. (CVE-2014-3572) It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275) It was found that an OpenSSL server would, under certain conditions, accept Diffie-Hellman client certificates without the use of a private key. An attacker could use a user's client certificate to authenticate as that user, without needing the private key. (CVE-2015-0205) All OpenSSL users are advised to upgrade to these updated packages, which contain a backported patch to mitigate the above issues. For the update to take effect, all services linked to the OpenSSL library (such as httpd and other SSL-enabled services) must be restarted or the system rebooted. |
RHSA-2015:0067: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20150067 highRHSA-2015:0067 CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412
RHSA-2015:0067: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150067 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0067, CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:0068: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20150068 highRHSA-2015:0068 CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412
RHSA-2015:0068: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150068 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0068, CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:0069: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20150069 highRHSA-2015:0069 CVE-2014-3566 CVE-2014-6549 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0437
RHSA-2015:0069: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150069 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0069, CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0437 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were found in the way the Hotspot component in OpenJDK verified bytecode from the class files, and in the way this component generated code for bytecode. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions. (CVE-2014-6601, CVE-2015-0437) Multiple improper permission check issues were discovered in the JAX-WS, Libraries, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2014-6549, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:0074: jasper security update (Important)oval-com.redhat.rhsa-def-20150074 highRHSA-2015:0074 CVE-2014-8157 CVE-2014-8158
RHSA-2015:0074: jasper security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150074 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0074, CVE-2014-8157, CVE-2014-8158 |
| Description | JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. An off-by-one flaw, leading to a heap-based buffer overflow, was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8157) An unrestricted stack memory use flaw was found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2014-8158) Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges pyddeh as the original reporter. All JasPer users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All applications using the JasPer libraries must be restarted for the update to take effect. |
RHSA-2015:0079: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20150079 highRHSA-2015:0079 CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413
RHSA-2015:0079: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150079 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0079, CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 75 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:0080: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20150080 highRHSA-2015:0080 CVE-2014-3566 CVE-2014-6549 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412 CVE-2015-0413 CVE-2015-0421 CVE-2015-0437
RHSA-2015:0080: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150080 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0080, CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6549, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412, CVE-2015-0413, CVE-2015-0421, CVE-2015-0437) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 31 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:0085: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20150085 highRHSA-2015:0085 CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412
RHSA-2015:0085: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150085 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0085, CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. A flaw was found in the way the Hotspot component in OpenJDK verified bytecode from the class files. An untrusted Java application or applet could possibly use this flaw to bypass Java sandbox restrictions. (CVE-2014-6601) Multiple improper permission check issues were discovered in the JAX-WS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-0412, CVE-2015-0408) A flaw was found in the way the Hotspot garbage collector handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0395) A flaw was found in the way the DER (Distinguished Encoding Rules) decoder in the Security component in OpenJDK handled negative length values. A specially crafted, DER-encoded input could cause a Java application to enter an infinite loop when decoded. (CVE-2015-0410) A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption being enabled. (CVE-2014-6593) An information leak flaw was found in the Swing component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0407) A NULL pointer dereference flaw was found in the MulticastSocket implementation in the Libraries component of OpenJDK. An untrusted Java application or applet could possibly use this flaw to bypass certain Java sandbox restrictions. (CVE-2014-6587) Multiple boundary check flaws were found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could allow an untrusted Java application or applet to disclose portions of the Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. (CVE-2015-0383) The CVE-2015-0383 issue was discovered by Red Hat. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:0086: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20150086 highRHSA-2015:0086 CVE-2014-3566 CVE-2014-6585 CVE-2014-6587 CVE-2014-6591 CVE-2014-6593 CVE-2014-6601 CVE-2015-0383 CVE-2015-0395 CVE-2015-0403 CVE-2015-0406 CVE-2015-0407 CVE-2015-0408 CVE-2015-0410 CVE-2015-0412
RHSA-2015:0086: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150086 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0086, CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591, CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395, CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408, CVE-2015-0410, CVE-2015-0412) The CVE-2015-0383 issue was discovered by Red Hat. Note: With this update, the Oracle Java SE now disables the SSL 3.0 protocol to address the CVE-2014-3566 issue (also known as POODLE). Refer to the Red Hat Bugzilla bug linked to in the References section for instructions on how to re-enable SSL 3.0 support if needed. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 91 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:0087: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20150087 highRHSA-2015:0087 CVE-2014-4656 CVE-2014-7841
RHSA-2015:0087: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150087 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0087, CVE-2014-4656, CVE-2014-7841 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * An integer overflow flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled user controls. A local, privileged user could use this flaw to crash the system. (CVE-2014-4656, Moderate) The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:0090: glibc security update (Critical)oval-com.redhat.rhsa-def-20150090 highRHSA-2015:0090 CVE-2015-0235
RHSA-2015:0090: glibc security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150090 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0090, CVE-2015-0235 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:0092: glibc security update (Critical)oval-com.redhat.rhsa-def-20150092 highRHSA-2015:0092 CVE-2015-0235
RHSA-2015:0092: glibc security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150092 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0092, CVE-2015-0235 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:0100: libyaml security update (Moderate)oval-com.redhat.rhsa-def-20150100 mediumRHSA-2015:0100 CVE-2014-9130
RHSA-2015:0100: libyaml security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150100 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0100, CVE-2014-9130 |
| Description | YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. (CVE-2014-9130) All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect. |
RHSA-2015:0102: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20150102 highRHSA-2015:0102 CVE-2014-4171 CVE-2014-5471 CVE-2014-5472 CVE-2014-7145 CVE-2014-7822 CVE-2014-7841
RHSA-2015:0102: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150102 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0102, CVE-2014-4171, CVE-2014-5471, CVE-2014-5472, CVE-2014-7145, CVE-2014-7822, CVE-2014-7841 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server. (CVE-2014-7145, Moderate) * A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Akira Fujita of NEC for reporting the CVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes the following bugs: * Previously, a kernel panic could occur if a process reading from a locked NFS file was killed and the lock was not released properly before the read operations finished. Consequently, the system crashed. The code handling file locks has been fixed, and instead of halting, the system now emits a warning about the unreleased lock. (BZ#1172266) * A race condition in the command abort handling logic of the ipr device driver could cause the kernel to panic when the driver received a response to an abort command prior to receiving other responses to the aborted command due to the support for multiple interrupts. With this update, the abort handler waits for the aborted command's responses first before completing an abort operation. (BZ#1162734) * Previously, a race condition could occur when changing a Page Table Entry (PTE) or a Page Middle Directory (PMD) to "pte_numa" or "pmd_numa", respectively, causing the kernel to crash. This update removes the BUG_ON() macro from the __handle_mm_fault() function, preventing the kernel panic in the aforementioned scenario. (BZ#1170662) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:0118: mariadb security update (Moderate)oval-com.redhat.rhsa-def-20150118 mediumRHSA-2015:0118 CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432
RHSA-2015:0118: mariadb security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150118 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0118, CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2014-6568, CVE-2015-0374) These updated packages upgrade MariaDB to version 5.5.41. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. |
RHSA-2015:0164: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20150164 mediumRHSA-2015:0164 CVE-2014-7822
RHSA-2015:0164: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0164, CVE-2014-7822 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) Red Hat would like to thank Akira Fujita of NEC for reporting this issue. This update also fixes the following bugs: * Previously, hot-unplugging of a virtio-blk device could in some cases lead to a kernel panic, for example during in-flight I/O requests. This update fixes race condition in the hot-unplug code in the virtio_blk.ko module. As a result, hot unplugging of the virtio-blk device no longer causes the guest kernel oops when there are in-flight I/O requests. (BZ#1006536) * Before this update, due to a bug in the error-handling path, a corrupted metadata block could be used as a valid block. With this update, the error handling path has been fixed and more checks have been added to verify the metadata block. Now, when a corrupted metadata block is encountered, it is properly marked as corrupted and handled accordingly. (BZ#1034403) * Previously, an incorrectly initialized variable resulted in a random value being stored in the variable that holds the number of default ACLs, and is sent in the SET_PATH_INFO data structure. Consequently, the setfacl command could, under certain circumstances, fail with an "Invalid argument" error. With this update, the variable is correctly initialized to zero, thus fixing the bug. (BZ#1105625) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:0165: subversion security update (Moderate)oval-com.redhat.rhsa-def-20150165 mediumRHSA-2015:0165 CVE-2014-3528 CVE-2014-3580
RHSA-2015:0165: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150165 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0165, CVE-2014-3528, CVE-2014-3580 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. |
RHSA-2015:0166: subversion security update (Moderate)oval-com.redhat.rhsa-def-20150166 mediumRHSA-2015:0166 CVE-2014-3528 CVE-2014-3580 CVE-2014-8108
RHSA-2015:0166: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150166 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0166, CVE-2014-3528, CVE-2014-3580, CVE-2014-8108 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled REPORT requests. A remote, unauthenticated attacker could use a specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580) A NULL pointer dereference flaw was found in the way the mod_dav_svn module handled certain requests for URIs that trigger a lookup of a virtual transaction name. A remote, unauthenticated attacker could send a request for a virtual transaction name that does not exist, causing mod_dav_svn to crash. (CVE-2014-8108) It was discovered that Subversion clients retrieved cached authentication credentials using the MD5 hash of the server realm string without also checking the server's URL. A malicious server able to provide a realm that triggers an MD5 collision could possibly use this flaw to obtain the credentials for a different realm. (CVE-2014-3528) Red Hat would like to thank the Subversion project for reporting CVE-2014-3580 and CVE-2014-8108. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. |
RHSA-2015:0249: samba3x security update (Critical)oval-com.redhat.rhsa-def-20150249 highRHSA-2015:0249 CVE-2015-0240
RHSA-2015:0249: samba3x security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150249 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0249, CVE-2015-0240 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2015:0250: samba4 security update (Critical)oval-com.redhat.rhsa-def-20150250 highRHSA-2015:0250 CVE-2015-0240
RHSA-2015:0250: samba4 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150250 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0250, CVE-2015-0240 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2015:0251: samba security update (Critical)oval-com.redhat.rhsa-def-20150251 highRHSA-2015:0251 CVE-2015-0240
RHSA-2015:0251: samba security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150251 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0251, CVE-2015-0240 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2015:0252: samba security update (Important)oval-com.redhat.rhsa-def-20150252 highRHSA-2015:0252 CVE-2015-0240
RHSA-2015:0252: samba security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150252 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0252, CVE-2015-0240 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. An uninitialized pointer use flaw was found in the Samba daemon (smbd). A malicious Samba client could send specially crafted netlogon packets that, when processed by smbd, could potentially lead to arbitrary code execution with the privileges of the user running smbd (by default, the root user). (CVE-2015-0240) For additional information about this flaw, see the Knowledgebase article at https://access.redhat.com/articles/1346913 Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue. All Samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2015:0265: firefox security update (Critical)oval-com.redhat.rhsa-def-20150265 highRHSA-2015:0265 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836
RHSA-2015:0265: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150265 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0265, CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827) An information leak flaw was found in the way Firefox implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file. (CVE-2015-0822) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 31.5.0 ESR. You can find a link to the Mozilla advisories in the References section of this erratum. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:0266: thunderbird security update (Important)oval-com.redhat.rhsa-def-20150266 highRHSA-2015:0266 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836
RHSA-2015:0266: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150266 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0266, CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827) An information leak flaw was found in the way Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file. (CVE-2015-0822) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.5.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.5.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2015:0290: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20150290 highRHSA-2015:0290 CVE-2014-3690 CVE-2014-3940 CVE-2014-7825 CVE-2014-7826 CVE-2014-8086 CVE-2014-8160 CVE-2014-8172 CVE-2014-8173 CVE-2014-8709 CVE-2014-8884 CVE-2015-0274
RHSA-2015:0290: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150290 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0290, CVE-2014-3690, CVE-2014-3940, CVE-2014-7825, CVE-2014-7826, CVE-2014-8086, CVE-2014-8160, CVE-2014-8172, CVE-2014-8173, CVE-2014-8709, CVE-2014-8884, CVE-2015-0274 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important) * It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system. (CVE-2014-3690, Moderate) * A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate) * An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-7825, Moderate) * An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges. (CVE-2014-7826, Moderate) * A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate) * A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system. (CVE-2014-8160, Moderate) * It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate) * An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low) * A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system. (CVE-2014-8884, Low) Red Hat would like to thank Eric Windisch of the Docker project for reporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and Robert Święcki for reporting CVE-2014-7825 and CVE-2014-7826. This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 7.1 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information: https://access.redhat.com/articles/1352803 All Red Hat Enterprise Linux 7 users are advised to install these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2015:0301: hivex security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20150301 mediumRHSA-2015:0301 CVE-2014-9273
RHSA-2015:0301: hivex security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150301 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0301, CVE-2014-9273 |
| Description | Hive files are undocumented binary files that Windows uses to store the Windows Registry on disk. Hivex is a library that can read and write to these files. It was found that hivex attempted to read beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application. (CVE-2014-9273) Red Hat would like to thank Mahmoud Al-Qudsi of NeoSmart Technologies for reporting this issue. The hivex package has been upgraded to upstream version 1.3.10, which provides a number of bug fixes and enhancements over the previous version. (BZ#1023978) This update also fixes the following bugs: * Due to an error in the hivex_value_data_cell_offset() function, the hivex utility could, in some cases, print an "Argument list is too long" message and terminate unexpectedly when processing hive files from the Windows Registry. This update fixes the underlying code and hivex now processes hive files as expected. (BZ#1145056) * A typographical error in the Win::Hivex.3pm manual page has been corrected. (BZ#1099286) Users of hivex are advised to upgrade to these updated packages, which correct these issues and adds these enhancements. |
RHSA-2015:0323: libvirt security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20150323 lowRHSA-2015:0323 CVE-2014-8136 CVE-2015-0236
RHSA-2015:0323: libvirt security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20150323 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:0323, CVE-2014-8136, CVE-2015-0236 |
| Description | The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. It was found that QEMU's qemuDomainMigratePerform() and qemuDomainMigrateFinish2() functions did not correctly perform a domain unlock on a failed ACL check. A remote attacker able to establish a connection to libvirtd could use this flaw to lock a domain of a more privileged user, causing a denial of service. (CVE-2014-8136) It was discovered that the virDomainSnapshotGetXMLDesc() and virDomainSaveImageGetXMLDesc() functions did not sufficiently limit the usage of the VIR_DOMAIN_XML_SECURE flag when fine-grained ACLs were enabled. A remote attacker able to establish a connection to libvirtd could use this flaw to obtain certain sensitive information from the domain XML file. (CVE-2015-0236) The CVE-2015-0236 issue was found by Luyao Huang of Red Hat. Bug fixes: * The libvirtd daemon previously attempted to search for SELinux contexts even when SELinux was disabled on the host. Consequently, libvirtd logged "Unable to lookup SELinux process context" error messages every time a client connected to libvirtd and SELinux was disabled. libvirtd now verifies whether SELinux is enabled before searching for SELinux contexts, and no longer logs the error messages on a host with SELinux disabled. (BZ#1135155) * The libvirt utility passed incomplete PCI addresses to QEMU. Consequently, assigning a PCI device that had a PCI address with a non-zero domain to a guest failed. Now, libvirt properly passes PCI domain to QEMU when assigning PCI devices, which prevents the described problem. (BZ#1127080) * Because the virDomainSetMaxMemory API did not allow changing the current memory in the LXC driver, the "virsh setmaxmem" command failed when attempting to set the maximum memory to be lower than the current memory. Now, "virsh setmaxmem" sets the current memory to the intended value of the maximum memory, which avoids the mentioned problem. (BZ#1091132) * Attempting to start a non-existent domain caused network filters to stay locked for read-only access. Because of this, subsequent attempts to gain read-write access to network filters triggered a deadlock. Network filters are now properly unlocked in the described scenario, and the deadlock no longer occurs. (BZ#1088864) * If a guest configuration had an active nwfilter using the DHCP snooping feature and an attempt was made to terminate libvirtd before the associated nwfilter rule snooped the guest IP address from DHCP packets, libvirtd became unresponsive. This problem has been fixed by setting a longer wait time for snooping the guest IP address. (BZ#1075543) Enhancements: * A new "migrate_host" option is now available in /etc/libvirt/qemu.conf, which allows users to set a custom IP address to be used for incoming migrations. (BZ#1087671) * With this update, libvirt is able to create a compressed memory-only crash dump of a QEMU domain. This type of crash dump is directly readable by the GNU Debugger and requires significantly less hard disk space than the standard crash dump. (BZ#1035158) * Support for reporting the NUMA node distance of the host has been added to libvirt. This enhances the current libvirt capabilities for reporting NUMA topology of the host, and allows for easier optimization of new domains. (BZ#1086331) * The XML file of guest and host capabilities generated by the "virsh capabilities" command has been enhanced to list the following information, where relevant: the interface speed and link status of the host, the PCI Express (PCIe) details, the host's hardware support for I/O virtualization, and a report on the huge memory pages. (BZ#1076960, BZ#1076957, BZ#1076959, BZ#1076962) These packages also include a number of other bug fixes and enhancements. For additional details, see the "Bugs Fixed" section below. |
RHSA-2015:0325: httpd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20150325 lowRHSA-2015:0325 CVE-2013-5704 CVE-2014-3581
RHSA-2015:0325: httpd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20150325 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:0325, CVE-2013-5704, CVE-2014-3581 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers. (CVE-2013-5704) A NULL pointer dereference flaw was found in the way the mod_cache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server with caching enabled. (CVE-2014-3581) This update also fixes the following bugs: * Previously, the mod_proxy_fcgi Apache module always kept the back-end connections open even when they should have been closed. As a consequence, the number of open file descriptors was increasing over the time. With this update, mod_proxy_fcgi has been fixed to check the state of the back-end connections, and it closes the idle back-end connections as expected. (BZ#1168050) * An integer overflow occurred in the ab utility when a large request count was used. Consequently, ab terminated unexpectedly with a segmentation fault while printing statistics after the benchmark. This bug has been fixed, and ab no longer crashes in this scenario. (BZ#1092420) * Previously, when httpd was running in the foreground and the user pressed Ctrl+C to interrupt the httpd processes, a race condition in signal handling occurred. The SIGINT signal was sent to all children followed by SIGTERM from the main process, which interrupted the SIGINT handler. Consequently, the affected processes became unresponsive or terminated unexpectedly. With this update, the SIGINT signals in the child processes are ignored, and httpd no longer hangs or crashes in this scenario. (BZ#1131006) In addition, this update adds the following enhancements: * With this update, the mod_proxy module of the Apache HTTP Server supports the Unix Domain Sockets (UDS). This allows mod_proxy back ends to listen on UDS sockets instead of TCP sockets, and as a result, mod_proxy can be used to connect UDS back ends. (BZ#1168081) * This update adds support for using the SetHandler directive together with the mod_proxy module. As a result, it is possible to configure SetHandler to use proxy for incoming requests, for example, in the following format: SetHandler "proxy:fcgi://127.0.0.1:9000". (BZ#1136290) * The htaccess API changes introduced in httpd 2.4.7 have been backported to httpd shipped with Red Hat Enterprise Linux 7.1. These changes allow for the MPM-ITK module to be compiled as an httpd module. (BZ#1059143) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing the updated packages, the httpd daemon will be restarted automatically. |
RHSA-2015:0327: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20150327 mediumRHSA-2015:0327 CVE-2014-6040 CVE-2014-8121
RHSA-2015:0327: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150327 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0327, CVE-2014-6040, CVE-2014-8121 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An out-of-bounds read flaw was found in the way glibc's iconv() function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv() function with a specially crafted argument could use this flaw to crash that application. (CVE-2014-6040) It was found that the files back end of Name Service Switch (NSS) did not isolate iteration over an entire database from key-based look-up API calls. An application performing look-ups on a database while iterating over it could enter an infinite loop, leading to a denial of service. (CVE-2014-8121) This update also fixes the following bugs: * Due to problems with buffer extension and reallocation, the nscd daemon terminated unexpectedly with a segmentation fault when processing long netgroup entries. With this update, the handling of long netgroup entries has been corrected and nscd no longer crashes in the described scenario. (BZ#1138520) * If a file opened in append mode was truncated with the ftruncate() function, a subsequent ftell() call could incorrectly modify the file offset. This update ensures that ftell() modifies the stream state only when it is in append mode and the buffer for the stream is not empty. (BZ#1156331) * A defect in the C library headers caused builds with older compilers to generate incorrect code for the btowc() function in the older compatibility C++ standard library. Applications calling btowc() in the compatibility C++ standard library became unresponsive. With this update, the C library headers have been corrected, and the compatibility C++ standard library shipped with Red Hat Enterprise Linux has been rebuilt. Applications that rely on the compatibility C++ standard library no longer hang when calling btowc(). (BZ#1120490) * Previously, when using netgroups and the nscd daemon was set up to cache netgroup information, the sudo utility denied access to valid users. The bug in nscd has been fixed, and sudo now works in netgroups as expected. (BZ#1080766) Users of glibc are advised to upgrade to these updated packages, which fix these issues. |
RHSA-2015:0330: pcre security and enhancement update (Low)oval-com.redhat.rhsa-def-20150330 lowRHSA-2015:0330 CVE-2014-8964
RHSA-2015:0330: pcre security and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20150330 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:0330, CVE-2014-8964 |
| Description | PCRE is a Perl-compatible regular expression library. A flaw was found in the way PCRE handled certain malformed regular expressions. This issue could cause an application (for example, Konqueror) linked against PCRE to crash while parsing malicious regular expressions. (CVE-2014-8964) This update also adds the following enhancement: * Support for the little-endian variant of IBM Power Systems has been added to the pcre packages. (BZ#1123498, BZ#1125642) All pcre users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue and add this enhancement. |
RHSA-2015:0349: qemu-kvm security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20150349 highRHSA-2015:0349 CVE-2014-3640 CVE-2014-7815 CVE-2014-7840 CVE-2014-8106
RHSA-2015:0349: qemu-kvm security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150349 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0349, CVE-2014-3640, CVE-2014-7815, CVE-2014-7840, CVE-2014-8106 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM-allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. (CVE-2014-8106) An uninitialized data structure use flaw was found in the way the set_pixel_format() function sanitized the value of bits_per_pixel. An attacker able to access a guest's VNC console could use this flaw to crash the guest. (CVE-2014-7815) It was found that certain values that were read when loading RAM during migration were not validated. A user able to alter the savevm data (either on the disk or over the wire during migration) could use either of these flaws to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. (CVE-2014-7840) A NULL pointer dereference flaw was found in the way QEMU handled UDP packets with a source port and address of 0 when QEMU's user networking was in use. A local guest user could use this flaw to crash the guest. (CVE-2014-3640) Red Hat would like to thank James Spadaro of Cisco for reporting CVE-2014-7815, and Xavier Mehrenberger and Stephane Duverger of Airbus for reporting CVE-2014-3640. The CVE-2014-8106 issue was found by Paolo Bonzini of Red Hat, and the CVE-2014-7840 issue was discovered by Michael S. Tsirkin of Red Hat. Bug fixes: * The KVM utility executed demanding routing update system calls every time it performed an MSI vector mask/unmask operation. Consequently, guests running legacy systems such as Red Hat Enterprise Linux 5 could, under certain circumstances, experience significant slowdown. Now, the routing system calls during mask/unmask operations are skipped, and the performance of legacy guests is now more consistent. (BZ#1098976) * Due to a bug in the Internet Small Computer System Interface (iSCSI) driver, a qemu-kvm process terminated unexpectedly with a segmentation fault when the "write same" command was executed in guest mode under the iSCSI protocol. This update fixes the bug, and the "write same" command now functions in guest mode under iSCSI as intended. (BZ#1083413) * The QEMU command interface did not properly handle resizing of cache memory during guest migration, causing QEMU to terminate unexpectedly with a segmentation fault. This update fixes the related code, and QEMU no longer crashes in the described situation. (BZ#1066338) Enhancements: * The maximum number of supported virtual CPUs (vCPUs) in a KVM guest has been increased to 240. This increases the number of virtual processing units that the user can assign to the guest, and therefore improves its performance potential. (BZ#1134408) * Support for the 5th Generation Intel Core processors has been added to the QEMU hypervisor, the KVM kernel code, and the libvirt API. This allows KVM guests to use the following instructions and features: ADCX, ADOX, RDSFEED, PREFETCHW, and supervisor mode access prevention (SMAP). (BZ#1116117) * The "dump-guest-memory" command now supports crash dump compression. This makes it possible for users who cannot use the "virsh dump" command to require less hard disk space for guest crash dumps. In addition, saving a compressed guest crash dump frequently takes less time than saving a non-compressed one. (BZ#1157798) * This update introduces support for flight recorder tracing, which uses SystemTap to automatically capture qemu-kvm data while the guest machine is running. For detailed instructions on how to configure and use flight recorder tracing, see the Virtualization Deployment and Administration Guide, linked to in the References section below. (BZ#1088112) |
RHSA-2015:0377: libreoffice security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20150377 mediumRHSA-2015:0377 CVE-2014-0247 CVE-2014-3575 CVE-2014-3693
RHSA-2015:0377: libreoffice security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150377 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0377, CVE-2014-0247, CVE-2014-3575, CVE-2014-3693 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. (CVE-2014-0247) A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution. (CVE-2014-3575) A use-after-free flaw was found in the "Remote Control" capabilities of the LibreOffice Impress application. An attacker could use this flaw to remotely execute code with the permissions of the user running LibreOffice Impress. (CVE-2014-3693) The libreoffice packages have been upgraded to upstream version 4.2.6.3, which provides a number of bug fixes and enhancements over the previous version. Among others: * Improved OpenXML interoperability. * Additional statistic functions in Calc (for interoperability with Excel and Excel's Add-in "Analysis ToolPak"). * Various performance improvements in Calc. * Apple Keynote and Abiword import. * Improved MathML export. * New Start screen with thumbnails of recently opened documents. * Visual clue in Slide Sorter when a slide has a transition or an animation. * Improvements for trend lines in charts. * Support for BCP-47 language tags. (BZ#1119709) All libreoffice users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:0383: ppc64-diag security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20150383 mediumRHSA-2015:0383 CVE-2014-4038 CVE-2014-4039
RHSA-2015:0383: ppc64-diag security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150383 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0383, CVE-2014-4038, CVE-2014-4039 |
| Description | The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit PowerPC platforms. The platform diagnostics write events reported by the firmware to the service log, provide automated responses to urgent events, and notify system administrators or connected service frameworks about the reported events. Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or obtain sensitive information from the temporary files. (CVE-2014-4038, CVE-2014-4039) The ppc64-diag packages have been upgraded to upstream version 2.6.7, which provides a number of bug fixes and enhancements over the previous version including support for hot plugging of QEMU PCI devices. (BZ#1088493, BZ#1084062) This update also fixes the following bugs: * Prior to this update, the rtas_errd daemon was not started by default on system boot. With this update, rtas_errd has been modified to start automatically by default. (BZ#1170146) * Previously, the /var/log/dump file was not automatically created when installing the ppc64-diag package. This bug has been fixed, and /var/log/dump is now created at package install time as expected. (BZ#1175808) In addition, this update adds the following enhancement: * This update adds support for building the ppc64-diag packages on the little-endian variant of IBM Power Systems platform architecture. (BZ#1124007) Users of ppc64-diag are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:0384: powerpc-utils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20150384 lowRHSA-2015:0384 CVE-2014-4040
RHSA-2015:0384: powerpc-utils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20150384 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:0384, CVE-2014-4040 |
| Description | The powerpc-utils packages provide various utilities for the PowerPC platform. A flaw was found in the way the snap utility of powerpc-utils generated an archive containing a configuration snapshot of a service. A local attacker could obtain sensitive information from the generated archive such as plain text passwords. (CVE-2014-4040) The powerpc-utils packages have been upgraded to the upstream version 1.2.24, which provides a number of bug fixes and enhancements over the previous version. (BZ#1088539, BZ#1167865, BZ#1161552) This update also fixes the following bugs: * Previously, the lsdevinfo command did not correctly process the path to the device, which made the path unreadable in the console output of lsdevinfo. With this update, lsdevinfo has been updated and the path is now displayed correctly. (BZ#1079246) * Previously, after migrating several Linux partitions, Resource Monitoring and Control (RMC) was inactive and Machine Type, Model, and Serial number (MTMS) were set incorrectly, so the subsequent validation operation failed. This bug has been fixed, and validation is now successful after migration and suspend. (BZ#1083221) * Previously, when the drmgr tool attempted to remove the last CPU from the system, drmgr became unresponsive or terminated unexpectedly. This bug has been fixed, and drmgr no longer hangs or crashes in the described case. (BZ#1152313) * With this update, the drmgr utility has been fixed to correctly gather Logical Memory Block (LMB) information while performing Mem Dynamic Logical Partitioning (DLPAR) on little-endian varian of IBM Power Systems CPU architecture as expected (BZ#1170856). * Previously, the "ppc64_cpu --threads-per-core" command returned incorrect data with the --smt option enabled. This bug has been fixed and "ppc64_cpu --threads-per-core" now reports correctly with enabled --smt. (BZ#1179263) In addition, this update adds the following enhancements: * This update adds support for the Red Hat Enterprise Linux for POWER, little endian CPU architecture to the powerpc-utils package. (BZ#1124006) * This update adds support for hot plugging of the qemu virtio device with the drmgr command to the powerpc-utils package.(BZ#1083791) * The deprecated snap tool has been removed from the powerpc-utils packages. Its functionality has been integrated into the sosreport tool. (BZ#1172087) * With this update, a dependency on the perl-Data-Dumper package required by the rtas_dump utility has been added to powerpc-utils packages. (BZ#1175812) Users of powerpc-utils are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:0416: 389-ds-base security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20150416 highRHSA-2015:0416 CVE-2014-8105 CVE-2014-8112
RHSA-2015:0416: 389-ds-base security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150416 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0416, CVE-2014-8105, CVE-2014-8112 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords. (CVE-2014-8105) It was found that when the nsslapd-unhashed-pw-switch 389 Directory Server configuration option was set to "off", it did not prevent the writing of unhashed passwords into the Changelog. This could potentially allow an authenticated user able to access the Changelog to read sensitive information. (CVE-2014-8112) The CVE-2014-8105 issue was discovered by Petr Špaček of the Red Hat Identity Management Engineering Team, and the CVE-2014-8112 issue was discovered by Ludwig Krispenz of the Red Hat Identity Management Engineering Team. Enhancements: * Added new WinSync configuration parameters: winSyncSubtreePair for synchronizing multiple subtrees, as well as winSyncWindowsFilter and winSyncDirectoryFilter for synchronizing restricted sets by filters. (BZ#746646) * It is now possible to stop, start, or configure plug-ins without the need to restart the server for the change to take effect. (BZ#994690) * Access control related to the MODDN and MODRDN operations has been updated: the source and destination targets can be specified in the same access control instruction. (BZ#1118014) * The nsDS5ReplicaBindDNGroup attribute for using a group distinguished name in binding to replicas has been added. (BZ#1052754) * WinSync now supports range retrieval. If more than the MaxValRange number of attribute values exist per attribute, WinSync synchronizes all the attributes to the directory server using the range retrieval. (BZ#1044149) * Support for the RFC 4527 Read Entry Controls and RFC 4533 Content Synchronization Operation LDAP standards has been added. (BZ#1044139, BZ#1044159) * The Referential Integrity (referint) plug-in can now use an alternate configuration area. The PlugInArg plug-in configuration now uses unique configuration attributes. Configuration changes no longer require a server restart. (BZ#1044203) * The logconv.pl log analysis tool now supports gzip, bzip2, and xz compressed files and also TAR archives and compressed TAR archives of these files. (BZ#1044188) * Only the Directory Manager could add encoded passwords or force users to change their password after a reset. Users defined in the passwordAdminDN attribute can now also do this. (BZ#1118007) * The "nsslapd-memberofScope" configuration parameter has been added to the MemberOf plug-in. With MemberOf enabled and a scope defined, moving a group out of scope with a MODRDN operation failed. Moving a member entry out of scope now correctly removes the memberof value. (BZ#1044170) * The alwaysRecordLoginAttr attribute has been addded to the Account Policy plug-in configuration entry, which allows to distinguish between an attribute for checking the activity of an account and an attribute to be updated at successful login. (BZ#1060032) * A root DSE search, using the ldapsearch command with the '-s base -b ""' options, returns only the user attributes instead of the operational attributes. The "nsslapd-return-default" option has been added for backward compatibility. (BZ#1118021) * The configuration of the MemberOf plug-in can be stored in a suffix mapped to a back-end database, which allows MemberOf configuration to be replicated. (BZ#1044205) * Added support for the SSL versions from the range supported by the NSS library available on the system. Due to the POODLE vulnerability, SSLv3 is disabled by default even if NSS supports it. (BZ#1044191) |
RHSA-2015:0425: openssh security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20150425 mediumRHSA-2015:0425 CVE-2014-2653 CVE-2014-9278
RHSA-2015:0425: openssh security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150425 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0425, CVE-2014-2653, CVE-2014-9278 |
| Description | OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that OpenSSH clients did not correctly verify DNS SSHFP records. A malicious server could use this flaw to force a connecting client to skip the DNS SSHFP record check and require the user to perform manual host verification of the DNS SSHFP record. (CVE-2014-2653) It was found that when OpenSSH was used in a Kerberos environment, remote authenticated users were allowed to log in as a different user if they were listed in the ~/.k5users file of that user, potentially bypassing intended authentication restrictions. (CVE-2014-9278) The openssh packages have been upgraded to upstream version 6.6.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#1059667) Bug fixes: * An existing /dev/log socket is needed when logging using the syslog utility, which is not possible for all chroot environments based on the user's home directories. As a consequence, the sftp commands were not logged in the chroot setup without /dev/log in the internal sftp subsystem. With this update, openssh has been enhanced to detect whether /dev/log exists. If /dev/log does not exist, processes in the chroot environment use their master processes for logging. (BZ#1083482) * The buffer size for a host name was limited to 64 bytes. As a consequence, when a host name was 64 bytes long or longer, the ssh-keygen utility failed. The buffer size has been increased to fix this bug, and ssh-keygen no longer fails in the described situation. (BZ#1097665) * Non-ASCII characters have been replaced by their octal representations in banner messages in order to prevent terminal re-programming attacks. Consequently, banners containing UTF-8 strings were not correctly displayed in a client. With this update, banner messages are processed according to RFC 3454, control characters have been removed, and banners containing UTF-8 strings are now displayed correctly. (BZ#1104662) * Red Hat Enterprise Linux uses persistent Kerberos credential caches, which are shared between sessions. Previously, the GSSAPICleanupCredentials option was set to "yes" by default. Consequently, removing a Kerberos cache on logout could remove unrelated credentials of other sessions, which could make the system unusable. To fix this bug, GSSAPICleanupCredentials is set by default to "no". (BZ#1134447) * Access permissions for the /etc/ssh/moduli file were set to 0600, which was unnecessarily strict. With this update, the permissions for /etc/ssh/moduli have been changed to 0644 to make the access to the file easier. (BZ#1134448) * Due to the KRB5CCNAME variable being truncated, the Kerberos ticket cache was not found after login using a Kerberos-enabled SSH connection. The underlying source code has been modified to fix this bug, and Kerberos authentication works as expected in the described situation. (BZ#1161173) Enhancements: * When the sshd daemon is configured to force the internal SFTP session, a connection other then SFTP is used, the appropriate message is logged to the /var/log/secure file. (BZ#1130198) * The sshd-keygen service was run using the "ExecStartPre=-/usr/sbin/sshd-keygen" option in the sshd.service unit file. With this update, the separate sshd-keygen.service unit file has been added, and sshd.service has been adjusted to require sshd-keygen.service. (BZ#1134997) Users of openssh are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:0430: virt-who security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20150430 mediumRHSA-2015:0430 CVE-2014-0189
RHSA-2015:0430: virt-who security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150430 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0430, CVE-2014-0189 |
| Description | The virt-who package provides an agent that collects information about virtual guests present in the system and reports them to the subscription manager. It was discovered that the /etc/sysconfig/virt-who configuration file, which may contain hypervisor authentication credentials, was world-readable. A local user could use this flaw to obtain authentication credentials from this file. (CVE-2014-0189) Red Hat would like to thank Sal Castiglione for reporting this issue. The virt-who package has been upgraded to upstream version 0.11, which provides a number of bug fixes and enhancements over the previous version. The most notable bug fixes and enhancements include: * Support for remote libvirt. * A fix for using encrypted passwords. * Bug fixes and enhancements that increase the stability of virt-who. (BZ#1122489) This update also fixes the following bugs: * Prior to this update, the virt-who agent failed to read the list of virtual guests provided by the VDSM daemon. As a consequence, when in VDSM mode, the virt-who agent was not able to send updates about virtual guests to Subscription Asset Manager (SAM) and Red Hat Satellite. With this update, the agent reads the list of guests when in VDSM mode correctly and reports to SAM and Satellite as expected. (BZ#1153405) * Previously, virt-who used incorrect information when connecting to Red Hat Satellite 5. Consequently, virt-who could not connect to Red Hat Satellite 5 servers. The incorrect parameter has been corrected, and virt-who can now successfully connect to Red Hat Satellite 5. (BZ#1158859) * Prior to this update, virt-who did not decode the hexadecimal representation of a password before decrypting it. As a consequence, the decrypted password did not match the original password, and attempts to connect using the password failed. virt-who has been updated to decode the encrypted password and, as a result, virt-who now handles storing credentials using encrypted passwords as expected. (BZ#1161607) In addition, this update adds the following enhancement: * With this update, virt-who is able to read the list of guests from a remote libvirt hypervisor. (BZ#1127965) Users of virt-who are advised to upgrade to this updated package, which corrects these issues and adds these enhancements. |
RHSA-2015:0439: krb5 security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20150439 mediumRHSA-2015:0439 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 CVE-2014-5352 CVE-2014-5353 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423
RHSA-2015:0439: krb5 security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150439 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0439, CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344, CVE-2014-4345, CVE-2014-5352, CVE-2014-5353, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423 |
| Description | A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. A remote, authenticated attacker could potentially use this flaw to execute arbitrary code on the system running kadmind. (CVE-2014-4345) A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) call the gss_process_context_token() function could use this flaw to crash that application. (CVE-2014-5352) If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker with the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353) A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, using specially crafted XDR packets. (CVE-2014-9421) It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as "kad/x") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422) An information disclosure flaw was found in the way MIT Kerberos RPCSEC_GSS implementation (libgssrpc) handled certain requests. An attacker could send a specially crafted request to an application using libgssrpc to disclose a limited portion of uninitialized memory used by that application. (CVE-2014-9423) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. (CVE-2014-4341, CVE-2014-4342) A double-free flaw was found in the MIT Kerberos SPNEGO initiators. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) Red Hat would like to thank the MIT Kerberos project for reporting the CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, and CVE-2014-9423 issues. MIT Kerberos project acknowledges Nico Williams for helping with the analysis of CVE-2014-5352. The krb5 packages have been upgraded to upstream version 1.12, which provides a number of bug fixes and enhancements, including: * Added plug-in interfaces for principal-to-username mapping and verifying authorization to user accounts. * When communicating with a KDC over a connected TCP or HTTPS socket, the client gives the KDC more time to reply before it transmits the request to another server. (BZ#1049709, BZ#1127995) This update also fixes multiple bugs, for example: * The Kerberos client library did not recognize certain exit statuses that the resolver libraries could return when looking up the addresses of servers configured in the /etc/krb5.conf file or locating Kerberos servers using DNS service location. The library could treat non-fatal return codes as fatal errors. Now, the library interprets the specific return codes correctly. (BZ#1084068, BZ#1109102) In addition, this update adds various enhancements. Among others: * Added support for contacting KDCs and kpasswd servers through HTTPS proxies implementing the Kerberos KDC Proxy (KKDCP) protocol. (BZ#1109919) |
RHSA-2015:0442: ipa security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20150442 mediumRHSA-2015:0442 CVE-2010-5312 CVE-2012-6662
RHSA-2015:0442: ipa security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150442 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0442, CVE-2010-5312, CVE-2012-6662 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Two cross-site scripting (XSS) flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. (CVE-2010-5312, CVE-2012-6662) Note: The IdM version provided by this update no longer uses jQuery. This update adds several enhancements that are described in more detail in the Red Hat Enterprise Linux 7.1 Release Notes, linked to in the References section, including: * Added the "ipa-cacert-manage" command, which renews the Certification Authority (CA) file. (BZ#886645) * Added the ID Views feature. (BZ#891984) * IdM now supports using one-time password (OTP) authentication and allows gradual migration from proprietary OTP solutions to the IdM OTP solution. (BZ#919228) * Added the "ipa-backup" and "ipa-restore" commands to allow manual backups. (BZ#951581) * Added a solution for regulating access permissions to specific sections of the IdM server. (BZ#976382) This update also fixes several bugs, including: * Previously, when IdM servers were configured to require the Transport Layer Security protocol version 1.1 (TLSv1.1) or later in the httpd server, the "ipa" command-line utility failed. With this update, running "ipa" works as expected with TLSv1.1 or later. (BZ#1156466) In addition, this update adds multiple enhancements, including: * The "ipa-getkeytab" utility can now optionally fetch existing keytabs from the KDC. Previously, retrieving an existing keytab was not supported, as the only option was to generate a new key. (BZ#1007367) * You can now create and manage a "." root zone on IdM servers. DNS queries sent to the IdM DNS server use this configured zone instead of the public zone. (BZ#1056202) * The IdM server web UI has been updated and is now based on the Patternfly framework, offering better responsiveness. (BZ#1108212) * A new user attribute now enables provisioning systems to add custom tags for user objects. The tags can be used for automember rules or for additional local interpretation. (BZ#1108229) * This update adds a new DNS zone type to ensure that forward and master zones are better separated. As a result, the IdM DNS interface complies with the forward zone semantics in BIND. (BZ#1114013) * This update adds a set of Apache modules that external applications can use to achieve tighter interaction with IdM beyond simple authentication. (BZ#1107555) * IdM supports configuring automember rules for automated assignment of users or hosts in respective groups according to their characteristics, such as the "userClass" or "departmentNumber" attributes. Previously, the rules could be applied only to new entries. This update allows applying the rules also to existing users or hosts. (BZ#1108226) * The extdom plug-in translates Security Identifiers (SIDs) of Active Directory (AD) users and groups to names and POSIX IDs. With this update, extdom returns the full member list for groups and the full list of group memberships for a user, the GECOS field, the home directory, as well as the login shell of a user. Also, an optional list of key-value pairs contains the SID of the requested object if the SID is available. (BZ#1030699) All ipa users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2015:0535: GNOME Shell security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20150535 lowRHSA-2015:0535 CVE-2014-7300
RHSA-2015:0535: GNOME Shell security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20150535 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:0535, CVE-2014-7300 |
| Description | GNOME Shell and the packages it depends upon provide the core user interface of the Red Hat Enterprise Linux desktop, including functions such as navigating between windows and launching applications. It was found that the GNOME shell did not disable the Print Screen key when the screen was locked. This could allow an attacker with physical access to a system with a locked screen to crash the screen-locking application by creating a large amount of screenshots. (CVE-2014-7300) This update also fixes the following bugs: * The Timed Login feature, which automatically logs in a specified user after a specified period of time, stopped working after the first user of the GUI logged out. This has been fixed, and the specified user is always logged in if no one else logs in. (BZ#1043571) * If two monitors were arranged vertically with the secondary monitor above the primary monitor, it was impossible to move windows onto the secondary monitor. With this update, windows can be moved through the upper edge of the first monitor to the secondary monitor. (BZ#1075240) * If the Gnome Display Manager (GDM) user list was disabled and a user entered the user name, the password prompt did not appear. Instead, the user had to enter the user name one more time. The GDM code that contained this error has been fixed, and users can enter their user names and passwords as expected. (BZ#1109530) * Prior to this update, only a small area was available on the GDM login screen for a custom text banner. As a consequence, when a long banner was used, it did not fit into the area, and the person reading the banner had to use scrollbars to view the whole text. With this update, more space is used for the banner if necessary, which allows the user to read the message conveniently. (BZ#1110036) * When the Cancel button was pressed while an LDAP user name and password was being validated, the GDM code did not handle the situation correctly. As a consequence, GDM became unresponsive, and it was impossible to return to the login screen. The affected code has been fixed, and LDAP user validation can be canceled, allowing another user to log in instead. (BZ#1137041) * If the window focus mode in GNOME was set to "mouse" or "sloppy", navigating through areas of a pop-up menu displayed outside its parent window caused the window to lose its focus. Consequently, the menu was not usable. This has been fixed, and the window focus is kept in under this scenario. (BZ#1149585) * If user authentication is configured to require a smart card to log in, user names are obtained from the smart card. The authentication is then performed by entering the smart card PIN. Prior to this update, the login screen allowed a user name to be entered if no smart card was inserted, but due to a bug in the underlying code, the screen became unresponsive. If, on the other hand, a smart card was used for authentication, the user was logged in as soon as the authentication was complete. As a consequence, it was impossible to select a session other than GNOME Classic. Both of these problems have been fixed. Now, a smart card is required when this type of authentication is enabled, and any other installed session can be selected by the user. (BZ#1159385, BZ#1163474) In addition, this update adds the following enhancement: * Support for quad-buffer OpenGL stereo visuals has been added. As a result, OpenGL applications that use quad-buffer stereo can be run and properly displayed within the GNOME desktop when used with a video driver and hardware with the necessary capabilities. (BZ#861507, BZ#1108890, BZ#1108891, BZ#1108893) All GNOME Shell users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. |
RHSA-2015:0628: 389-ds-base security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20150628 highRHSA-2015:0628 CVE-2014-8105
RHSA-2015:0628: 389-ds-base security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150628 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0628, CVE-2014-8105 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. An information disclosure flaw was found in the way the 389 Directory Server stored information in the Changelog that is exposed via the 'cn=changelog' LDAP sub-tree. An unauthenticated user could in certain cases use this flaw to read data from the Changelog, which could include sensitive information such as plain-text passwords. (CVE-2014-8105) This issue was discovered by Petr Špaček of the Red Hat Identity Management Engineering Team. This update also fixes the following bugs: * In multi-master replication (MMR), deleting a single-valued attribute of a Directory Server (DS) entry was previously in some cases not correctly replicated. Consequently, the entry state in the replica systems did not reflect the intended changes. This bug has been fixed and the removal of a single-valued attribute is now properly replicated. (BZ#1179099) * Prior to this update, the Directory Server (DS) always checked the ACI syntax. As a consequence, removing an ACI failed with a syntax error. With this update, the ACI check is stopped when the ACI is going to be removed, and the removal thus works as expected. (BZ#1179100) In addition, this update adds the following enhancement: * The buffer size limit for the 389-ds-base application has been increased to 2MB in order to match the buffer size limit of Simple Authentication and Security Layer (SASL) and Basic Encoding Rules (BER). (BZ#1179595) All 389-ds-base users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2015:0642: thunderbird security update (Important)oval-com.redhat.rhsa-def-20150642 highRHSA-2015:0642 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0836
RHSA-2015:0642: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150642 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0642, CVE-2015-0822, CVE-2015-0827, CVE-2015-0831, CVE-2015-0836 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827) An information leak flaw was found in the way Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file. (CVE-2015-0822) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, Ryan VanderMeulen, Paul Bandha, Abhishek Arya, and Armin Razmdjou as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.5.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.5.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2015:0672: bind security update (Moderate)oval-com.redhat.rhsa-def-20150672 mediumRHSA-2015:0672 CVE-2015-1349
RHSA-2015:0672: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150672 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0672, CVE-2015-1349 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled trust anchor management. A remote attacker could use this flaw to cause the BIND daemon (named) to crash under certain conditions. (CVE-2015-1349) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:0674: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20150674 highRHSA-2015:0674 CVE-2014-7822 CVE-2014-8159 CVE-2014-8160 CVE-2014-8369
RHSA-2015:0674: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150674 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0674, CVE-2014-7822, CVE-2014-8159, CVE-2014-8160, CVE-2014-8369 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) * A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system. (CVE-2014-8160, Moderate) * It was found that the fix for CVE-2014-3601 was incomplete: the Linux kernel's kvm_iommu_map_pages() function still handled IOMMU mapping failures incorrectly. A privileged user in a guest with an assigned host device could use this flaw to crash the host. (CVE-2014-8369, Moderate) Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and Akira Fujita of NEC for reporting CVE-2014-7822. Bug fixes: * The maximum amount of entries in the IPv6 route table (net.ipv6.route.max_size) was 4096, and every route towards this maximum size limit was counted. Communication to more systems was impossible when the limit was exceeded. Now, only cached routes are counted, which guarantees that the kernel does not run out of memory, but the user can now install as many routes as the memory allows until the kernel indicates it can no longer handle the amount of memory and returns an error message. In addition, the default "net.ipv6.route.max_size" value has been increased to 16384 for performance improvement reasons. (BZ#1177581) * When the user attempted to scan for an FCOE-served Logical Unit Number (LUN), after an initial LUN scan, a kernel panic occurred in bnx2fc_init_task. System scanning for LUNs is now stable after LUNs have been added. (BZ#1179098) * Under certain conditions, such as when attempting to scan the network for LUNs, a race condition in the bnx2fc driver could trigger a kernel panic in bnx2fc_init_task. A patch fixing a locking issue that caused the race condition has been applied, and scanning the network for LUNs no longer leads to a kernel panic. (BZ#1179098) * Previously, it was not possible to boot the kernel on Xen hypervisor in PVHVM mode if more than 32 vCPUs were specified in the guest configuration. Support for more than 32 vCPUs has been added, and the kernel now boots successfully in the described situation. (BZ#1179343) * When the NVMe driver allocated a namespace queue, it indicated that it was a request-based driver when it was actually a block I/O-based driver. Consequently, when NVMe driver was loaded along with a request-based dm device, the system could terminate unexpectedly or become unresponsive when attempting to access data. The NVMe driver no longer sets the QUEUE_FLAG_STACKABLE bit when allocating a namespace queue and device-mapper no longer perceives NVMe driver as request-based; system hangs or crashes no longer occur. (BZ#1180555) * If a user attempted to apply an NVRAM firmware update when running the tg3 module provided with Red Hat Enterprise Linux 6.6 kernels, the update could fail. As a consequence, the Network Interface Card (NIC) could stay in an unusable state and this could prevent the entire system from booting. The tg3 module has been updated to correctly apply firmware updates. (BZ#1182903) * Support for key sizes of 256 and 192 bits has been added to AES-NI. (BZ#1184332) |
RHSA-2015:0696: freetype security update (Important)oval-com.redhat.rhsa-def-20150696 highRHSA-2015:0696 CVE-2014-9657 CVE-2014-9658 CVE-2014-9660 CVE-2014-9661 CVE-2014-9663 CVE-2014-9664 CVE-2014-9667 CVE-2014-9669 CVE-2014-9670 CVE-2014-9671 CVE-2014-9673 CVE-2014-9674 CVE-2014-9675
RHSA-2015:0696: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150696 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0696, CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. It also loads, hints, and renders individual glyphs efficiently. Multiple integer overflow flaws and an integer signedness flaw, leading to heap-based buffer overflows, were found in the way FreeType handled Mac fonts. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2014-9673, CVE-2014-9674) Multiple flaws were found in the way FreeType handled fonts in various formats. If a specially crafted font file was loaded by an application linked against FreeType, it could cause the application to crash or, possibly, disclose a portion of the application memory. (CVE-2014-9657, CVE-2014-9658, CVE-2014-9660, CVE-2014-9661, CVE-2014-9663, CVE-2014-9664, CVE-2014-9667, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9675) All freetype users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The X server must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2015:0700: unzip security update (Moderate)oval-com.redhat.rhsa-def-20150700 mediumRHSA-2015:0700 CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 CVE-2014-9636
RHSA-2015:0700: unzip security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150700 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0700, CVE-2014-8139, CVE-2014-8140, CVE-2014-8141, CVE-2014-9636 |
| Description | The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. (CVE-2014-9636) A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139) An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8140) A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. (CVE-2014-8141) Red Hat would like to thank oCERT for reporting the CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele Spagnuolo of the Google Security Team as the original reporter of these issues. All unzip users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:0715: openssl security update (Moderate)oval-com.redhat.rhsa-def-20150715 mediumRHSA-2015:0715 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 CVE-2016-0703 CVE-2016-0704
RHSA-2015:0715: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150715 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0715, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2016-0703, CVE-2016-0704 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. (CVE-2015-0286) An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292) A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209) An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287) A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289) Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL development team as the original reporter of CVE-2015-0286, Emilia Käsper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Käsper of the OpenSSL development team as the original reporters of CVE-2015-0293. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2015:0716: openssl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20150716 mediumRHSA-2015:0716 CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 CVE-2016-0703 CVE-2016-0704
RHSA-2015:0716: openssl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150716 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0716, CVE-2015-0209, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2016-0703, CVE-2016-0704 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid pointer use flaw was found in OpenSSL's ASN1_TYPE_cmp() function. A remote attacker could crash a TLS/SSL client or server using OpenSSL via a specially crafted X.509 certificate when the attacker-supplied certificate was verified by the application. (CVE-2015-0286) An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292) A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A use-after-free flaw was found in the way OpenSSL imported malformed Elliptic Curve private keys. A specially crafted key file could cause an application using OpenSSL to crash when imported. (CVE-2015-0209) An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287) A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289) Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Stephen Henson of the OpenSSL development team as the original reporter of CVE-2015-0286, Emilia Käsper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Käsper of the OpenSSL development team as the original reporters of CVE-2015-0293. This update also fixes the following bug: * When a wrapped Advanced Encryption Standard (AES) key did not require any padding, it was incorrectly padded with 8 bytes, which could lead to data corruption and interoperability problems. With this update, the rounding algorithm in the RFC 5649 key wrapping implementation has been fixed. As a result, the wrapped key conforms to the specification, which prevents the described problems. (BZ#1197667) All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2015:0718: firefox security update (Critical)oval-com.redhat.rhsa-def-20150718 highRHSA-2015:0718 CVE-2015-0817 CVE-2015-0818
RHSA-2015:0718: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150718 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0718, CVE-2015-0817, CVE-2015-0818 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0817, CVE-2015-0818) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges ilxu1a and Mariusz Mlynski as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.5.3 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:0726: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20150726 highRHSA-2015:0726 CVE-2014-8159 CVE-2015-1421
RHSA-2015:0726: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150726 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0726, CVE-2014-8159, CVE-2015-1421 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1421, Important) Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat. This update also fixes the following bugs: * In certain systems with multiple CPUs, when a crash was triggered on one CPU with an interrupt handler and this CPU sent Non-Maskable Interrupt (NMI) to another CPU, and, at the same time, ioapic_lock had already been acquired, a deadlock occurred in ioapic_lock. As a consequence, the kdump service could become unresponsive. This bug has been fixed and kdump now works as expected. (BZ#1197742) * On Lenovo X1 Carbon 3rd Gen, X250, and T550 laptops, the thinkpad_acpi module was not properly loaded, and thus the function keys and radio switches did not work. This update applies a new string pattern of BIOS version, which fixes this bug, and function keys and radio switches now work as intended. (BZ#1197743) * During a heavy file system load involving many worker threads, all worker threads in the pool became blocked on a resource, and no manager thread existed to create more workers. As a consequence, the running processes became unresponsive. With this update, the logic around manager creation has been changed to assure that the last worker thread becomes a manager thread and does not start executing work items. Now, a manager thread exists, spawns new workers as needed, and processes no longer hang. (BZ#1197744) * If a thin-pool's metadata enters read-only or fail mode, for example, due to thin-pool running out of metadata or data space, any attempt to make metadata changes such as creating a thin device or snapshot thin device should error out cleanly. However, previously, the kernel code returned verbose and alarming error messages to the user. With this update, due to early trapping of attempt to make metadata changes, informative errors are displayed, no longer unnecessarily alarming the user. (BZ#1197745) * When running Red Hat Enterprise Linux as a guest on Microsoft Hyper-V hypervisor, the storvsc module did not return the correct error code for the upper level Small Computer System Interface (SCSI) subsystem. As a consequence, a SCSI command failed and storvsc did not handle such a failure properly under some conditions, for example, when RAID devices were created on top of storvsc devices. An upstream patch has been applied to fix this bug, and storvsc now returns the correct error code in the described situation. (BZ#1197749) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:0727: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20150727 highRHSA-2015:0727 CVE-2014-8159 CVE-2015-1421
RHSA-2015:0727: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150727 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0727, CVE-2014-8159, CVE-2015-1421 |
| Description | The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1421, Important) Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat. The kernel-rt packages have been upgraded to version 3.10.0-229.1.2, which provides a number of bug fixes over the previous version, including: - The kdump service could become unresponsive due to a deadlock in the kernel call ioapic_lock. - Attempt to make metadata changes such as creating a thin device or snapshot thin device did not error out cleanly. (BZ#1203359) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:0728: ipa and slapi-nis security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20150728 mediumRHSA-2015:0728 CVE-2015-0283 CVE-2015-1827
RHSA-2015:0728: ipa and slapi-nis security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150728 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0728, CVE-2015-0283, CVE-2015-1827 |
| Description | Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. It integrates components of the Red Hat Directory Server, MIT Kerberos, Red Hat Certificate System, NTP, and DNS. It provides web browser and command-line interfaces. Its administration tools allow an administrator to quickly install, set up, and administer a group of domain controllers to meet the authentication and identity management requirements of large-scale Linux and UNIX deployments. The ipa component provides centrally managed Identity, Policy, and Audit. The slapi-nis component provides NIS Server and Schema Compatibility plug-ins for Directory Server. It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash. (CVE-2015-1827) It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2015-0283) These issues were discovered by Sumit Bose of Red Hat. This update fixes the following bugs: * Previously, users of IdM were not properly granted the default permission to read the "facsimiletelephonenumber" user attribute. This update adds "facsimiletelephonenumber" to the Access Control Instruction (ACI) for user data, which makes the attribute readable to authenticated users as expected. (BZ#1198430) * Prior to this update, when a DNS zone was saved in an LDAP database without a dot character (.) at the end, internal DNS commands and operations, such as dnsrecord-* or dnszone-*, failed. With this update, DNS commands always supply the DNS zone with a dot character at the end, which prevents the described problem. (BZ#1198431) * After a full-server IdM restore operation, the restored server in some cases contained invalid data. In addition, if the restored server was used to reinitialize a replica, the replica then contained invalid data as well. To fix this problem, the IdM API is now created correctly during the restore operation, and *.ldif files are not skipped during the removal of RUV data. As a result, the restored server and its replica no longer contain invalid data. (BZ#1199060) * Previously, a deadlock in some cases occurred during an IdM upgrade, which could cause the IdM server to become unresponsive. With this update, the Schema Compatibility plug-in has been adjusted not to parse the subtree that contains the configuration of the DNA plug-in, which prevents this deadlock from triggering. (BZ#1199128) * When using the extdom plug-in of IdM to handle large groups, user lookups and group lookups previously failed due to insufficient buffer size. With this update, the getgrgid_r() call gradually increases the buffer length if needed, and the described failure of extdom thus no longer occurs. (BZ#1203204) Users of ipa and slapi-nis are advised to upgrade to these updated packages, which correct these issues. |
RHSA-2015:0729: setroubleshoot security update (Important)oval-com.redhat.rhsa-def-20150729 highRHSA-2015:0729 CVE-2015-1815
RHSA-2015:0729: setroubleshoot security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150729 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0729, CVE-2015-1815 |
| Description | The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache (AVC) messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command. (CVE-2015-1815) Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue. All setroubleshoot users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:0749: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20150749 mediumRHSA-2015:0749 CVE-2014-0191
RHSA-2015:0749: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150749 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0749, CVE-2014-0191 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. (CVE-2014-0191) The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2015:0750: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20150750 mediumRHSA-2015:0750 CVE-2014-8161 CVE-2015-0241 CVE-2015-0243 CVE-2015-0244
RHSA-2015:0750: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150750 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0750, CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). An information leak flaw was found in the way the PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed. (CVE-2014-8161) A buffer overflow flaw was found in the way PostgreSQL handled certain numeric formatting. An authenticated database user could use a specially crafted timestamp formatting template to cause PostgreSQL to crash or, under certain conditions, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2015-0241) A stack-buffer overflow flaw was found in PostgreSQL's pgcrypto module. An authenticated database user could use this flaw to cause PostgreSQL to crash or, potentially, execute arbitrary code with the permissions of the user running PostgreSQL. (CVE-2015-0243) A flaw was found in the way PostgreSQL handled certain errors that were generated during protocol synchronization. An authenticated database user could use this flaw to inject queries into an existing connection. (CVE-2015-0244) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Stephen Frost as the original reporter of CVE-2014-8161; Andres Freund, Peter Geoghegan, Bernd Helmle, and Noah Misch as the original reporters of CVE-2015-0241; Marko Tiikkaja as the original reporter of CVE-2015-0243; and Emil Lenngren as the original reporter of CVE-2015-0244. All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2015:0766: firefox security update (Critical)oval-com.redhat.rhsa-def-20150766 highRHSA-2015:0766 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816
RHSA-2015:0766: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150766 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0766, CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs in, for example, Mozilla's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Firefox. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 31.6.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:0767: flac security update (Important)oval-com.redhat.rhsa-def-20150767 highRHSA-2015:0767 CVE-2014-8962 CVE-2014-9028
RHSA-2015:0767: flac security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150767 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0767, CVE-2014-8962, CVE-2014-9028 |
| Description | The flac packages contain a decoder and an encoder for the FLAC (Free Lossless Audio Codec) audio file format. A buffer overflow flaw was found in the way flac decoded FLAC audio files. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash or execute arbitrary code when the file was read. (CVE-2014-9028) A buffer over-read flaw was found in the way flac processed certain ID3v2 metadata. An attacker could create a specially crafted FLAC audio file that could cause an application using the flac library to crash when the file was read. (CVE-2014-8962) All flac users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications linked against the flac library must be restarted for this update to take effect. |
RHSA-2015:0771: thunderbird security update (Important)oval-com.redhat.rhsa-def-20150771 highRHSA-2015:0771 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816
RHSA-2015:0771: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150771 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0771, CVE-2015-0801, CVE-2015-0807, CVE-2015-0813, CVE-2015-0815, CVE-2015-0816 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0813, CVE-2015-0815, CVE-2015-0801) A flaw was found in the way documents were loaded via resource URLs. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-0816) A flaw was found in the Beacon interface implementation in Thunderbird. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack. (CVE-2015-0807) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Byron Campen, Steve Fink, Mariusz Mlynski, Christoph Kerschbaumer, Muneaki Nishimura, Olli Pettay, Boris Zbarsky, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2015:0783: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20150783 highRHSA-2015:0783 CVE-2014-8159 CVE-2014-8867
RHSA-2015:0783: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150783 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0783, CVE-2014-8159, CVE-2014-8867 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * An insufficient bound checking flaw was found in the Xen hypervisor's implementation of acceleration support for the "REP MOVS" instructions. A privileged HVM guest user could potentially use this flaw to crash the host. (CVE-2014-8867, Important) Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and the Xen project for reporting CVE-2014-8867. This update also fixes the following bugs: * Under memory pressure, cached data was previously flushed to the backing server using the PID of the thread responsible for flushing the data in the Server Message Block (SMB) headers instead of the PID of the thread which actually wrote the data. As a consequence, when a file was locked by the writing thread prior to writing, the server considered writes by the thread flushing the pagecache as being a separate process from writing to a locked file, and thus rejected the writes. In addition, the data to be written was discarded. This update ensures that the correct PID is sent to the server, and data corruption is avoided when data is being written from a client under memory pressure. (BZ#1169304) * This update adds support for new cryptographic hardware in toleration mode for IBM System z. (BZ#1182522) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:0794: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20150794 mediumRHSA-2015:0794 CVE-2014-5352 CVE-2014-5353 CVE-2014-5355 CVE-2014-9421 CVE-2014-9422
RHSA-2015:0794: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150794 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0794, CVE-2014-5352, CVE-2014-5353, CVE-2014-5355, CVE-2014-9421, CVE-2014-9422 |
| Description | Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. The following security issues are fixed with this release: A use-after-free flaw was found in the way the MIT Kerberos libgssapi_krb5 library processed valid context deletion tokens. An attacker able to make an application using the GSS-API library (libgssapi) could call the gss_process_context_token() function and use this flaw to crash that application. (CVE-2014-5352) If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal. (CVE-2014-5353) It was found that the krb5_read_message() function of MIT Kerberos did not correctly sanitize input, and could create invalid krb5_data objects. A remote, unauthenticated attacker could use this flaw to crash a Kerberos child process via a specially crafted request. (CVE-2014-5355) A double-free flaw was found in the way MIT Kerberos handled invalid External Data Representation (XDR) data. An authenticated user could use this flaw to crash the MIT Kerberos administration server (kadmind), or other applications using Kerberos libraries, via specially crafted XDR packets. (CVE-2014-9421) It was found that the MIT Kerberos administration server (kadmind) incorrectly accepted certain authentication requests for two-component server principal names. A remote attacker able to acquire a key with a particularly named principal (such as "kad/x") could use this flaw to impersonate any user to kadmind, and perform administrative actions as that user. (CVE-2014-9422) Red Hat would like to thank the MIT Kerberos project for reporting CVE-2014-5352, CVE-2014-9421, and CVE-2014-9422. The MIT Kerberos project acknowledges Nico Williams for assisting with the analysis of CVE-2014-5352. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:0797: xorg-x11-server security update (Moderate)oval-com.redhat.rhsa-def-20150797 mediumRHSA-2015:0797 CVE-2015-0255
RHSA-2015:0797: xorg-x11-server security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150797 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0797, CVE-2015-0255 |
| Description | X.Org is an open source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. A buffer over-read flaw was found in the way the X.Org server handled XkbGetGeometry requests. A malicious, authorized client could use this flaw to disclose portions of the X.Org server memory, or cause the X.Org server to crash using a specially crafted XkbGetGeometry request. (CVE-2015-0255) This issue was discovered by Olivier Fourdan of Red Hat. All xorg-x11-server users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:0800: openssl security update (Moderate)oval-com.redhat.rhsa-def-20150800 mediumRHSA-2015:0800 CVE-2014-8275 CVE-2015-0204 CVE-2015-0287 CVE-2015-0288 CVE-2015-0289 CVE-2015-0292 CVE-2015-0293 CVE-2016-0703 CVE-2016-0704
RHSA-2015:0800: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150800 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0800, CVE-2014-8275, CVE-2015-0204, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2016-0703, CVE-2016-0704 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that OpenSSL would accept ephemeral RSA keys when using non-export RSA cipher suites. A malicious server could make a TLS/SSL client using OpenSSL use a weaker key exchange method. (CVE-2015-0204) An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input (such as a PEM file) could use this flaw to cause the application to crash. Note: this flaw is not exploitable via the TLS/SSL protocol because the data being transferred is not Base64-encoded. (CVE-2015-0292) A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) Multiple flaws were found in the way OpenSSL parsed X.509 certificates. An attacker could use these flaws to modify an X.509 certificate to produce a certificate with a different fingerprint without invalidating its signature, and possibly bypass fingerprint-based blacklisting in applications. (CVE-2014-8275) An out-of-bounds write flaw was found in the way OpenSSL reused certain ASN.1 structures. A remote attacker could possibly use a specially crafted ASN.1 structure that, when parsed by an application, would cause that application to crash. (CVE-2015-0287) A NULL pointer dereference flaw was found in OpenSSL's X.509 certificate handling implementation. A specially crafted X.509 certificate could cause an application using OpenSSL to crash if the application attempted to convert the certificate to a certificate request. (CVE-2015-0288) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. An attacker able to make an application using OpenSSL verify, decrypt, or parse a specially crafted PKCS#7 input could cause that application to crash. TLS/SSL clients and servers using OpenSSL were not affected by this flaw. (CVE-2015-0289) Red Hat would like to thank the OpenSSL project for reporting CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and CVE-2015-0293. Upstream acknowledges Emilia Käsper of the OpenSSL development team as the original reporter of CVE-2015-0287, Brian Carpenter as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia Käsper of the OpenSSL development team as the original reporters of CVE-2015-0293. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2015:0806: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20150806 highRHSA-2015:0806 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488
RHSA-2015:0806: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150806 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0806, CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:0807: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20150807 highRHSA-2015:0807 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488
RHSA-2015:0807: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150807 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0807, CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:0808: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20150808 highRHSA-2015:0808 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488
RHSA-2015:0808: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150808 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0808, CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-0477) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:0809: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20150809 highRHSA-2015:0809 CVE-2005-1080 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488
RHSA-2015:0809: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150809 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0809, CVE-2005-1080, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2015-0469) A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions. (CVE-2015-0460) A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly. (CVE-2015-0488) Multiple flaws were discovered in the Beans and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-0477, CVE-2015-0470) A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted. (CVE-2005-1080, CVE-2015-0480) It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures. (CVE-2015-0478) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:0854: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20150854 highRHSA-2015:0854 CVE-2005-1080 CVE-2015-0458 CVE-2015-0459 CVE-2015-0460 CVE-2015-0469 CVE-2015-0470 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0484 CVE-2015-0486 CVE-2015-0488 CVE-2015-0491 CVE-2015-0492
RHSA-2015:0854: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150854 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0854, CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0470, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0486, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 45 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:0857: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20150857 highRHSA-2015:0857 CVE-2005-1080 CVE-2015-0458 CVE-2015-0459 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0484 CVE-2015-0488 CVE-2015-0491 CVE-2015-0492
RHSA-2015:0857: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150857 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0857, CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0484, CVE-2015-0488, CVE-2015-0491, CVE-2015-0492) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 79 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:0858: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20150858 highRHSA-2015:0858 CVE-2005-1080 CVE-2015-0458 CVE-2015-0459 CVE-2015-0460 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491
RHSA-2015:0858: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150858 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0858, CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2005-1080, CVE-2015-0458, CVE-2015-0459, CVE-2015-0460, CVE-2015-0469, CVE-2015-0477, CVE-2015-0478, CVE-2015-0480, CVE-2015-0488, CVE-2015-0491) The CVE-2015-0478 issue was discovered by Florian Weimer of Red Hat Product Security. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:0863: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20150863 mediumRHSA-2015:0863 CVE-2013-7423 CVE-2015-1781
RHSA-2015:0863: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150863 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0863, CVE-2013-7423, CVE-2015-1781 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1781) It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423) The CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat. This update also fixes the following bug: * Previously, the nscd daemon did not properly reload modified data when the user edited monitored nscd configuration files. As a consequence, nscd returned stale data to system processes. This update adds a system of inotify-based monitoring and stat-based backup monitoring for nscd configuration files. As a result, nscd now detects changes to its configuration files and reloads the data properly, which prevents it from returning stale data. (BZ#1194149) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:0864: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20150864 highRHSA-2015:0864 CVE-2014-3215 CVE-2014-3690 CVE-2014-7825 CVE-2014-7826 CVE-2014-8171 CVE-2014-8884 CVE-2014-9529 CVE-2014-9584 CVE-2015-1421
RHSA-2015:0864: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150864 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0864, CVE-2014-3215, CVE-2014-3690, CVE-2014-7825, CVE-2014-7826, CVE-2014-8171, CVE-2014-8884, CVE-2014-9529, CVE-2014-9584, CVE-2015-1421 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way seunshare, a utility for running executables under a different security context, used the capng_lock functionality of the libcap-ng library. The subsequent invocation of suid root binaries that relied on the fact that the setuid() system call, among others, also sets the saved set-user-ID when dropping the binaries' process privileges, could allow a local, unprivileged user to potentially escalate their privileges on the system. Note: the fix for this issue is the kernel part of the overall fix, and introduces the PR_SET_NO_NEW_PRIVS functionality and the related SELinux exec transitions support. (CVE-2014-3215, Important) * A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1421, Important) * It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2014-3690, Moderate) * An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-7825, Moderate) * An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges. (CVE-2014-7826, Moderate) * It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system. (CVE-2014-8171, Moderate) * A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. (CVE-2014-9529, Moderate) * A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system. (CVE-2014-8884, Low) * An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. (CVE-2014-9584, Low) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-3215 and CVE-2014-3690, Robert Święcki for reporting CVE-2014-7825 and CVE-2014-7826, and Carl Henrik Lunde for reporting CVE-2014-9584. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat. This update also fixes several bugs. Documentation for these changes is available from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:0867: qemu-kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20150867 highRHSA-2015:0867 CVE-2014-8106
RHSA-2015:0867: qemu-kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150867 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0867, CVE-2014-8106 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the Cirrus blit region checks were insufficient. A privileged guest user could use this flaw to write outside of VRAM- allocated buffer boundaries in the host's QEMU process address space with attacker-provided data. (CVE-2014-8106) This issue was found by Paolo Bonzini of Red Hat. This update also fixes the following bug: * Previously, the effective downtime during the last phase of a live migration would sometimes be much higher than the maximum downtime specified by 'migration_downtime' in vdsm.conf. This problem has been corrected. The value of 'migration_downtime' is now honored and the migration is aborted if the downtime cannot be achieved. (BZ#1142756) All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2015:0869: kvm security update (Important)oval-com.redhat.rhsa-def-20150869 highRHSA-2015:0869 CVE-2014-3610 CVE-2014-3611
RHSA-2015:0869: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150869 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0869, CVE-2014-3610, CVE-2014-3611 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM's Write to Model Specific Register (WRMSR) instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host's context. A privileged guest user could use this flaw to crash the host. (CVE-2014-3610) A race condition flaw was found in the way the Linux kernel's KVM subsystem handled PIT (Programmable Interval Timer) emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. (CVE-2014-3611) Red Hat would like to thank Lars Bull of Google and Nadav Amit for reporting the CVE-2014-3610 issue, and Lars Bull of Google for reporting the CVE-2014-3611 issue. All kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2015:0895: 389-ds-base security update (Important)oval-com.redhat.rhsa-def-20150895 highRHSA-2015:0895 CVE-2015-1854
RHSA-2015:0895: 389-ds-base security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150895 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0895, CVE-2015-1854 |
| Description | The 389 Directory Server is an LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. A flaw was found in the way Red Hat Directory Server performed authorization of modrdn operations. An unauthenticated attacker able to issue an ldapmodrdn call to the directory server could use this flaw to perform unauthorized modifications of entries in the directory server. (CVE-2015-1854) This issue was discovered by Simo Sorce of Red Hat. All 389-ds-base users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2015:0980: pcs security and bug fix update (Important)oval-com.redhat.rhsa-def-20150980 highRHSA-2015:0980 CVE-2015-1848 CVE-2015-3983
RHSA-2015:0980: pcs security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150980 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0980, CVE-2015-1848, CVE-2015-3983 |
| Description | The pcs packages provide a command-line tool and a web UI to configure and manage the Pacemaker and Corosync tools. It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI. (CVE-2015-1848) This issue was discovered by Tomas Jelinek of Red Hat. This update also fixes the following bug: * Previously, the Corosync tool allowed the two_node option and the auto_tie_breaker option to exist in the corosync.conf file at the same time. As a consequence, if both options were included, auto_tie_breaker was silently ignored and the two_node fence race decided which node would survive in the event of a communication break. With this update, the pcs daemon has been fixed so that it does not produce corosync.conf files with both two_node and auto_tie_breaker included. In addition, if both two_node and auto_tie_breaker are detected in corosync.conf, Corosync issues a message at start-up and disables two_node mode. As a result, auto_tie_breaker effectively overrides two_node mode if both options are specified. (BZ#1205848) All pcs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the pcsd daemon will be restarted automatically. |
RHSA-2015:0981: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20150981 highRHSA-2015:0981 CVE-2015-3331
RHSA-2015:0981: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0981, CVE-2015-3331 |
| Description | The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. (CVE-2015-3331, Important) The kernel-rt packages have been upgraded to version 3.10.0-229.4.1, which provides a number of bug fixes and enhancements over the previous version, including: * Audit subsystem not resolving path name on directory watches * audit watches do not track correctly after a rename * auditctl output is changed in RHEL 7 * megaraid_sas: non-booting system with intel_iommu=on kernel parameter * GFS2: kernel NULL pointer dereference in gfs2_inplace_reserve * Crypto adapter cannot be brought online - affect all HW * crypto/seqiv.c: wrong check of return code from crypto_rng_get_bytes * Backport crypto: sha256_ssse3 - also test for BMI2 * Null pointer at team_handle_frame+0x62/0x100 [team] * AES CTR x86_64 "by8" AVX optimization * Intel RDSEED - Fix for entropy counting * Intel SHA1 multi-buffer crypto implementation * Intel SHA1 AVX2 optimization support * mlx4_en: HW timestamp ends up in error queue of socket which does not have SO_TIMESTAMPING enabled (BZ#1209963) This update also fixes the following bugs: * Prior to this update, heavy lock contention occurred on systems with greater than 32 cores when large numbers of tasks went idle simultaneously. Consequently, all the idle CPUs attempted to acquire the run-queue (rq) lock of a CPU with extra tasks in order to pull those run-able tasks. This increased scheduler latency due to the lock contention. Instead of each idle CPU attempting to acquire the run-queue lock, now each idle CPU will send an IPI to let the overloaded CPU select one core to pull tasks from it. The result is less spin-lock contention on the rq lock and produces improved scheduler response time. (BZ#1210924) * The CONFIG_NO_HZ logic enabled/disabled the timer tick every time a CPU went into an idle state. This timer tick manipulation caused the system performance (throughput) to suffer. The CONFIG_NO_HZ configuration setting is now turned off by default, which increases the throughput due to the lower idle overhead while allowing system administrators to enable it selectively in their environment. (BZ#1210597) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2015:0983: tomcat security update (Moderate)oval-com.redhat.rhsa-def-20150983 mediumRHSA-2015:0983 CVE-2014-0227
RHSA-2015:0983: tomcat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150983 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0983, CVE-2014-0227 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) All Tomcat 7 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the tomcat service will be restarted automatically. |
RHSA-2015:0986: kexec-tools security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20150986 mediumRHSA-2015:0986 CVE-2015-0267
RHSA-2015:0986: kexec-tools security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150986 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0986, CVE-2015-0267 |
| Description | The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. It was found that the module-setup.sh script provided by kexec-tools created temporary files in an insecure way. A malicious, local user could use this flaw to conduct a symbolic link attack, allowing them to overwrite the contents of arbitrary files. (CVE-2015-0267) This issue was discovered by Harald Hoyer of Red Hat. This update also fixes the following bug: * On Red Hat Enterprise Linux Atomic Host systems, the kdump tool previously saved kernel crash dumps in the /sysroot/crash file instead of the /var/crash file. The parsing error that caused this problem has been fixed, and the kernel crash dumps are now correctly saved in /var/crash. (BZ#1206464) In addition, this update adds the following enhancement: * The makedumpfile command now supports the new sadump format that can represent more than 16 TB of physical memory space. This allows users of makedumpfile to read dump files over 16 TB, generated by sadump on certain upcoming server models. (BZ#1208753) All kexec-tools users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. |
RHSA-2015:0987: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20150987 highRHSA-2015:0987 CVE-2015-3331
RHSA-2015:0987: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150987 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0987, CVE-2015-3331 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AEC-GCM mode IPSec security association. (CVE-2015-3331, Important) This update also fixes the following bugs: * Previously, the kernel audit subsystem did not correctly track file path names which could lead to empty, or "(null)" path names in the PATH audit records. This update fixes the bug by correctly tracking file path names and displaying the names in the audit PATH records. (BZ#1197746) * Due to a change in the internal representation of field types, AUDIT_LOGINUID set to -1 (4294967295) by the audit API was asymmetrically converted to an AUDIT_LOGINUID_SET field with a value of 0, unrecognized by an older audit API. To fix this bug, the kernel takes note about the way the rule has been formulated and reports the rule in the originally given form. As a result, older versions of audit provide a report as expected, in the AUDIT_LOGINUID field type form, whereas the newer versions can migrate to the new AUDIT_LOGINUID_SET filed type. (BZ#1197748) * The GFS2 file system "Splice Read" operation, which is used for the sendfile() function, was not properly allocating a required multi-block reservation structure in memory. Consequently, when the GFS2 block allocator was called to assign blocks of data, it attempted to dereference the structure, which resulted in a kernel panic. With this update, "Splice read" operation properly allocates the necessary reservation structure in memory prior to calling the block allocator, and sendfile() thus works properly for GFS2. (BZ#1201256) * Moving an Open vSwitch (OVS) internal vport to a different net name space and subsequently deleting that name space led to a kernel panic. This bug has been fixed by removing the OVS internal vport at net name space deletion. (BZ#1202357) * Previously, the kernel audit subsystem was not correctly handling file and directory moves, leading to audit records that did not match the audit file watches. This fix correctly handles moves such that the audit file watches work correctly. (BZ#1202358) * Due to a regression, the crypto adapter could not be set online. A patch has been provided that fixes the device registration process so that the device can be used also before the registration process is completed, thus fixing this bug. (BZ#1205300) * Due to incorrect calculation for entropy during the entropy addition, the amount of entropy in the /dev/random file could be overestimated. The formula for the entropy addition has been changed, thus fixing this bug. (BZ#1211288) * Previously, the ansi_cprng and drbg utilities did not obey the call convention and returned the positive value on success instead of the correct value of zero. Consequently, Internet Protocol Security (IPsec) terminated unexpectedly when ansi_cprng or drbg were used. With this update, ansi_cprng and drbg have been changed to return zero on success, and IPsec now functions correctly. (BZ#1211487) * Due to a failure to clear the timestamp flag when reusing a tx descriptor in the mlx4_en driver, programs that did not request a hardware timestamp packet on their sent data received it anyway, resulting in unexpected behavior in certain applications. With this update, when reusing the tx descriptor in the mlx4_en driver in the aforementioned situation, the hardware timestamp flag is cleared, and applications now behave as expected. (BZ#1209240) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:0988: firefox security update (Critical)oval-com.redhat.rhsa-def-20150988 highRHSA-2015:0988 CVE-2015-0797 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716 CVE-2015-4496
RHSA-2015:0988: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20150988 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0988, CVE-2015-0797, CVE-2015-2708, CVE-2015-2710, CVE-2015-2713, CVE-2015-2716, CVE-2015-4496 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2708, CVE-2015-0797, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Firefox processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Firefox, could cause it to crash or execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2716) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Aki Helin, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:0990: pcs security and bug fix update (Important)oval-com.redhat.rhsa-def-20150990 highRHSA-2015:0990 CVE-2015-1848 CVE-2015-3983
RHSA-2015:0990: pcs security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150990 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0990, CVE-2015-1848, CVE-2015-3983 |
| Description | The pcs packages provide a command-line tool and a web UI to configure and manage the Pacemaker and Corosync tools. It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forge cookies and bypass authorization checks, possibly gaining elevated privileges in the pcsd web UI. Note: the pcsd web UI is not enabled by default. (CVE-2015-1848) This issue was discovered by Tomas Jelinek of Red Hat. This update also fixes the following bug: * When the IPv6 protocol was disabled on a system, starting the pcsd daemon on this system previously failed. This update adds the ability for pcsd to fall back to IPv4 when IPv6 is not available. As a result, pcsd starts properly and uses IPv4 if IPv6 is disabled. (BZ#1212115) All pcs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the pcsd daemon will be restarted automatically. |
RHSA-2015:0991: tomcat6 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20150991 mediumRHSA-2015:0991 CVE-2014-0227
RHSA-2015:0991: tomcat6 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20150991 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:0991, CVE-2014-0227 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227) This update also fixes the following bug: * Before this update, the tomcat6 init script did not try to kill the tomcat process if an attempt to stop it was unsuccessful, which would prevent tomcat from restarting properly. The init script was modified to correct this issue. (BZ#1207048) All Tomcat 6 users are advised to upgrade to these updated packages, which correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2015:0998: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20150998 highRHSA-2015:0998 CVE-2015-3456
RHSA-2015:0998: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150998 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0998, CVE-2015-3456 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2015:0999: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20150999 highRHSA-2015:0999 CVE-2015-3456
RHSA-2015:0999: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20150999 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:0999, CVE-2015-3456 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2015:1002: xen security update (Important)oval-com.redhat.rhsa-def-20151002 highRHSA-2015:1002 CVE-2015-3456
RHSA-2015:1002: xen security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151002 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1002, CVE-2015-3456 |
| Description | The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. |
RHSA-2015:1003: kvm security update (Important)oval-com.redhat.rhsa-def-20151003 highRHSA-2015:1003 CVE-2015-3456
RHSA-2015:1003: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1003, CVE-2015-3456 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. An out-of-bounds memory access flaw was found in the way QEMU's virtual Floppy Disk Controller (FDC) handled FIFO buffer access while processing certain FDC commands. A privileged guest user could use this flaw to crash the guest or, potentially, execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-3456) Red Hat would like to thank Jason Geffner of CrowdStrike for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2015:1012: thunderbird security update (Important)oval-com.redhat.rhsa-def-20151012 highRHSA-2015:1012 CVE-2015-2708 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716
RHSA-2015:1012: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151012 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1012, CVE-2015-2708, CVE-2015-2710, CVE-2015-2713, CVE-2015-2716 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2708, CVE-2015-2710, CVE-2015-2713) A heap-based buffer overflow flaw was found in the way Thunderbird processed compressed XML data. An attacker could create specially crafted compressed XML content that, when processed by Thunderbird, could cause it to crash or execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2716) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jesse Ruderman, Mats Palmgren, Byron Campen, Steve Fink, Atte Kettunen, Scott Bell, and Ucha Gobejishvili as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.7. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.7, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2015:1042: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20151042 highRHSA-2015:1042 CVE-2015-1805
RHSA-2015:1042: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151042 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1042, CVE-2015-1805 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important) The security impact of this issue was discovered by Red Hat. This update fixes the following bugs: * Due to a bug in the lpfc_device_reset_handler() function, a scsi command timeout could lead to a system crash. With this update, lpfc_device_reset_handler recovers storage without crashing. (BZ#1070964) * Due to the code decrementing the reclaim_in_progress counter without having incremented it first, severe spinlock contention occurred in the shrink_zone() function even though the vm.max_reclaims_in_progress feature was set to 1. This update provides a patch fixing the underlying source code, and spinlock contention no longer occurs in this scenario. (BZ#1164105) * A TCP socket using SACK that had a retransmission but recovered from it, failed to reset the retransmission timestamp. As a consequence, on certain connections, if a packet had to be re-transmitted, the retrans_stamp variable was only cleared when the next acked packet was received. This could lead to an early abortion of the TCP connection if this next packet also got lost. With this update, the socket clears retrans_stamp when the recovery is completed, thus fixing the bug. (BZ#1205521) * Previously, the signal delivery paths did not clear the TS_USEDFPU flag, which could cause problems in the switch_to() function and lead to floating-point unit (FPU) corruption. With this update, TS_USEDFPU is cleared as expected, and FPU is no longer under threat of corruption. (BZ#1193505) * A race condition in the exit_sem() function previously caused the semaphore undo list corruption. As a consequence, a kernel crash could occur. The corruption in the semaphore undo list has been fixed, and the kernel no longer crashes in this situation. (BZ#1124574) * Previously, when running the "virsh blockresize [Device] [Newsize]" command to resize the disk, the new size was not reflected in a Red Hat Enterprise Linux 5 Virtual Machine (VM). With this update, the new size is now reflected online immediately in a Red Hat Enterprise Linux 5 VM so it is no longer necessary to reboot the VM to see the new disk size. (BZ#1200855) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:1072: openssl security update (Moderate)oval-com.redhat.rhsa-def-20151072 mediumRHSA-2015:1072 CVE-2015-4000
RHSA-2015:1072: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151072 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1072, CVE-2015-4000 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2015:1081: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20151081 highRHSA-2015:1081 CVE-2014-9419 CVE-2014-9420 CVE-2014-9585 CVE-2015-1805 CVE-2015-3331
RHSA-2015:1081: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151081 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1081, CVE-2014-9419, CVE-2014-9420, CVE-2014-9585, CVE-2015-1805, CVE-2015-3331 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important) * A buffer overflow flaw was found in the way the Linux kernel's Intel AES-NI instructions optimized version of the RFC4106 GCM mode decryption functionality handled fragmented packets. A remote attacker could use this flaw to crash, or potentially escalate their privileges on, a system over a connection with an active AES-GCM mode IPSec security association. (CVE-2015-3331, Important) * An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process. (CVE-2014-9419, Low) * It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420, Low) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) Red Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420. The security impact of the CVE-2015-1805 issue was discovered by Red Hat. This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2015:1083: abrt security update (Important)oval-com.redhat.rhsa-def-20151083 highRHSA-2015:1083 CVE-2015-1869 CVE-2015-1870 CVE-2015-3142 CVE-2015-3147 CVE-2015-3150 CVE-2015-3151 CVE-2015-3159 CVE-2015-3315
RHSA-2015:1083: abrt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151083 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1083, CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, CVE-2015-3150, CVE-2015-3151, CVE-2015-3159, CVE-2015-3315 |
| Description | ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. (CVE-2015-3315) It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). (CVE-2015-3142) It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-1869) It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. (CVE-2015-1870) It was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT to attack, or to overwrite arbitrary files on the system. (CVE-2015-3147) Multiple directory traversal flaws were found in the abrt-dbus D-Bus service. A local attacker could use these flaws to read and write arbitrary files as the root user. (CVE-2015-3151) It was discovered that the abrt-dbus D-Bus service did not properly check the validity of the problem directory argument in the ChownProblemDir, DeleteElement, and DeleteProblem methods. A local attacker could use this flaw to take ownership of arbitrary files and directories, or to delete files and directories as the root user. (CVE-2015-3150) It was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. (CVE-2015-3159) All users of abrt are advised to upgrade to these updated packages, which correct these issues. |
RHSA-2015:1087: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20151087 highRHSA-2015:1087 CVE-2015-3209
RHSA-2015:1087: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151087 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1087, CVE-2015-3209 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. (CVE-2015-3209) Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2015:1090: wpa_supplicant security and enhancement update (Important)oval-com.redhat.rhsa-def-20151090 highRHSA-2015:1090 CVE-2015-1863 CVE-2015-4142
RHSA-2015:1090: wpa_supplicant security and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151090 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1090, CVE-2015-1863, CVE-2015-4142 |
| Description | The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A buffer overflow flaw was found in the way wpa_supplicant handled SSID information in the Wi-Fi Direct / P2P management frames. A specially crafted frame could allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash or, possibly, execute arbitrary code. (CVE-2015-1863) An integer underflow flaw, leading to a buffer over-read, was found in the way wpa_supplicant handled WMM Action frames. A specially crafted frame could possibly allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash. (CVE-2015-4142) Red Hat would like to thank Jouni Malinen of the wpa_supplicant upstream for reporting the CVE-2015-1863 issue. Upstream acknowledges Alibaba security team as the original reporter. This update also adds the following enhancement: * Prior to this update, wpa_supplicant did not provide a way to require the host name to be listed in an X.509 certificate's Common Name or Subject Alternative Name, and only allowed host name suffix or subject substring checks. This update introduces a new configuration directive, 'domain_match', which adds a full host name check. (BZ#1178263) All wpa_supplicant users are advised to upgrade to this updated package, which contains backported patches to correct these issues and add this enhancement. After installing this update, the wpa_supplicant service will be restarted automatically. |
RHSA-2015:1115: openssl security update (Moderate)oval-com.redhat.rhsa-def-20151115 mediumRHSA-2015:1115 CVE-2014-8176 CVE-2015-1789 CVE-2015-1790 CVE-2015-1791 CVE-2015-1792 CVE-2015-3216
RHSA-2015:1115: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151115 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1115, CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2015-3216 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An invalid free flaw was found in the way OpenSSL handled certain DTLS handshake messages. A malicious DTLS client or server could cause a DTLS server or client using OpenSSL to crash or, potentially, execute arbitrary code. (CVE-2014-8176) A flaw was found in the way the OpenSSL packages shipped with Red Hat Enterprise Linux 6 and 7 performed locking in the ssleay_rand_bytes() function. This issue could possibly cause a multi-threaded application using OpenSSL to perform an out-of-bounds read and crash. (CVE-2015-3216) An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A race condition was found in the session handling code of OpenSSL. This issue could possibly cause a multi-threaded TLS/SSL client using OpenSSL to double free session ticket data and crash. (CVE-2015-1791) A flaw was found in the way OpenSSL handled Cryptographic Message Syntax (CMS) messages. A CMS message with an unknown hash function identifier could cause an application using OpenSSL to enter an infinite loop. (CVE-2015-1792) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) Red Hat would like to thank the OpenSSL project for reporting CVE-2014-8176, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791 and CVE-2015-1792 flaws. Upstream acknowledges Praveen Kariyanahalli and Ivan Fratric as the original reporters of CVE-2014-8176, Robert Swiecki and Hanno Böck as the original reporters of CVE-2015-1789, Michal Zalewski as the original reporter of CVE-2015-1790, Emilia Käsper as the original report of CVE-2015-1791 and Johannes Bauer as the original reporter of CVE-2015-1792. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2015:1123: cups security update (Important)oval-com.redhat.rhsa-def-20151123 highRHSA-2015:1123 CVE-2014-9679 CVE-2015-1158 CVE-2015-1159
RHSA-2015:1123: cups security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151123 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1123, CVE-2014-9679, CVE-2015-1158, CVE-2015-1159 |
| Description | CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. A string reference count bug was found in cupsd, causing premature freeing of string objects. An attacker can submit a malicious print job that exploits this flaw to dismantle ACLs protecting privileged operations, allowing a replacement configuration file to be uploaded which in turn allows the attacker to run arbitrary code in the CUPS server (CVE-2015-1158) A cross-site scripting flaw was found in the cups web templating engine. An attacker could use this flaw to bypass the default configuration settings that bind the CUPS scheduler to the 'localhost' or loopback interface. (CVE-2015-1159) An integer overflow leading to a heap-based buffer overflow was found in the way cups handled compressed raster image files. An attacker could create a specially-crafted image file, which when passed via the cups Raster filter, could cause the cups filter to crash. (CVE-2014-9679) Red Hat would like to thank the CERT/CC for reporting CVE-2015-1158 and CVE-2015-1159 issues. All cups users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically. |
RHSA-2015:1135: php security and bug fix update (Important)oval-com.redhat.rhsa-def-20151135 highRHSA-2015:1135 CVE-2014-8142 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4604 CVE-2015-4605 CVE-2015-4643
RHSA-2015:1135: php security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1135, CVE-2014-8142, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-2301, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, CVE-2015-4604, CVE-2015-4605, CVE-2015-4643 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. (CVE-2015-3330) A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232) An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022) Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603) It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-2348, CVE-2015-4025, CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598) Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021) Multiple flaws were found in PHP's File Information (fileinfo) extension. A remote attacker could cause a PHP application to crash if it used fileinfo to identify type of attacker supplied files. (CVE-2014-9652, CVE-2015-4604, CVE-2015-4605) A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705) A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709) This update also fixes the following bugs: * The libgmp library in some cases terminated unexpectedly with a segmentation fault when being used with other libraries that use the GMP memory management. With this update, PHP no longer changes libgmp memory allocators, which prevents the described crash from occurring. (BZ#1212305) * When using the Open Database Connectivity (ODBC) API, the PHP process in some cases terminated unexpectedly with a segmentation fault. The underlying code has been adjusted to prevent this crash. (BZ#1212299) * Previously, running PHP on a big-endian system sometimes led to memory corruption in the fileinfo module. This update adjusts the behavior of the PHP pointer so that it can be freed without causing memory corruption. (BZ#1212298) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2015:1137: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20151137 highRHSA-2015:1137 CVE-2014-9420 CVE-2014-9529 CVE-2014-9584 CVE-2015-1573 CVE-2015-1593 CVE-2015-1805 CVE-2015-2830
RHSA-2015:1137: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151137 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1137, CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2015-1573, CVE-2015-1593, CVE-2015-1805, CVE-2015-2830 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important) * A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. (CVE-2014-9529, Moderate) * A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830, Low) * It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420, Low) * An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. (CVE-2014-9584, Low) * A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system. (CVE-2015-1573, Low) * An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593, Low) Red Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420 and CVE-2014-9584. The security impact of the CVE-2015-1805 issue was discovered by Red Hat. This update also fixes several bugs. Documentation for these changes is available from the following Knowledgebase article: https://access.redhat.com/articles/1469163 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:1139: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20151139 highRHSA-2015:1139 CVE-2014-9420 CVE-2014-9529 CVE-2014-9584 CVE-2015-1573 CVE-2015-1593 CVE-2015-1805 CVE-2015-2830
RHSA-2015:1139: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151139 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1139, CVE-2014-9420, CVE-2014-9529, CVE-2014-9584, CVE-2015-1573, CVE-2015-1593, CVE-2015-1805, CVE-2015-2830 |
| Description | The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important) * A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. (CVE-2014-9529, Moderate) * A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830, Low) * It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service. (CVE-2014-9420, Low) * An information leak flaw was found in the way the Linux kernel's ISO9660 file system implementation accessed data on an ISO9660 image with RockRidge Extension Reference (ER) records. An attacker with physical access to the system could use this flaw to disclose up to 255 bytes of kernel memory. (CVE-2014-9584, Low) * A flaw was found in the way the nft_flush_table() function of the Linux kernel's netfilter tables implementation flushed rules that were referencing deleted chains. A local user who has the CAP_NET_ADMIN capability could use this flaw to crash the system. (CVE-2015-1573, Low) * An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593, Low) Red Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420 and CVE-2014-9584. The security impact of CVE-2015-1805 was discovered by Red Hat. The kernel-rt packages have been upgraded to version 3.10.0-229.7.2, which provides a number of bug fixes and enhancements over the previous version, including: * storvsc: get rid of overly verbose warning messages * storvsc: force discovery of LUNs that may have been removed * storvsc: in responce to a scan event, scan the hos * storvsc: NULL pointer dereference fix * futex: Mention key referencing differences between shared and private futexes * futex: Ensure get_futex_key_refs() always implies a barrier * kernel module: set nx before marking module MODULE_STATE_COMING * kernel module: Clean up ro/nx after early module load failures * btrfs: make xattr replace operations atomic * megaraid_sas: revert: Add release date and update driver version * radeon: fix kernel segfault in hwmonitor (BZ#1223955) Bug fix: * There is an XFS optimization that depended on a spinlock to disable preemption using the preempt_disable() function. When CONFIG_PREEMPT_RT is enabled on realtime kernels, spinlocks do not disable preemption while held, so the XFS critical section was not protected from preemption. Systems on the Realtime kernel-rt could lock up in this XFS optimization when a task that locked all the counters was then preempted by a realtime task, causing all callers of that lock to block indefinitely. This update disables the optimization when building a kernel with CONFIG_PREEMPT_RT_FULL enabled. (BZ#1223955) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2015:1153: mailman security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151153 mediumRHSA-2015:1153 CVE-2015-2775
RHSA-2015:1153: mailman security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151153 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1153, CVE-2015-2775 |
| Description | Mailman is a program used to help manage email discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. (CVE-2015-2775) This update also fixes the following bugs: * Previously, it was impossible to configure Mailman in a way that Domain-based Message Authentication, Reporting & Conformance (DMARC) would recognize Sender alignment for Domain Key Identified Mail (DKIM) signatures. Consequently, Mailman list subscribers that belonged to a mail server with a "reject" policy for DMARC, such as yahoo.com or AOL.com, were unable to receive Mailman forwarded messages from senders residing in any domain that provided DKIM signatures. With this update, domains with a "reject" DMARC policy are recognized correctly, and Mailman list administrators are able to configure the way these messages are handled. As a result, after a proper configuration, subscribers now correctly receive Mailman forwarded messages in this scenario. (BZ#1229288) * Previously, the /etc/mailman file had incorrectly set permissions, which in some cases caused removing Mailman lists to fail with a "'NoneType' object has no attribute 'close'" message. With this update, the permissions value for /etc/mailman is correctly set to 2775 instead of 0755, and removing Mailman lists now works as expected. (BZ#1229307) * Prior to this update, the mailman utility incorrectly installed the tmpfiles configuration in the /etc/tmpfiles.d/ directory. As a consequence, changes made to mailman tmpfiles configuration were overwritten if the mailman packages were reinstalled or updated. The mailman utility now installs the tmpfiles configuration in the /usr/lib/tmpfiles.d/ directory, and changes made to them by the user are preserved on reinstall or update. (BZ#1229306) All mailman users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1154: libreswan security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151154 mediumRHSA-2015:1154 CVE-2015-3204
RHSA-2015:1154: libreswan security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151154 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1154, CVE-2015-3204 |
| Description | Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). A flaw was discovered in the way Libreswan's IKE daemon processed certain IKEv1 payloads. A remote attacker could send specially crafted IKEv1 payloads that, when processed, would lead to a denial of service (daemon crash). (CVE-2015-3204) Red Hat would like to thank Javantea for reporting this issue. This update fixes the following bugs: * Previously, the programs/pluto/state.h and programs/pluto/kernel_netlink.c files had a maximum SELinux context size of 257 and 1024 respectively. These restrictions set by libreswan limited the size of the context that can be exchanged by pluto (the IPSec daemon) when using a Labeled Internet Protocol Security (IPsec). The SElinux labels for Labeled IPsec have been extended to 4096 bytes and the mentioned restrictions no longer exist. (BZ#1198650) * On some architectures, the kernel AES_GCM IPsec algorithm did not work properly with acceleration drivers. On those kernels, some acceleration modules are added to the modprobe blacklist. However, Libreswan was ignoring this blacklist, leading to AES_GCM failures. This update adds support for the module blacklist to the libreswan packages and thus prevents the AES_GCM failures from occurring. (BZ#1208022) * An IPv6 issue has been resolved that prevented ipv6-icmp Neighbour Discovery from working properly once an IPsec tunnel is established (and one endpoint reboots). When upgrading, ensure that /etc/ipsec.conf is loading all /etc/ipsec.d/*conf files using the /etc/ipsec.conf "include" statement, or explicitly include this new configuration file in /etc/ipsec.conf. (BZ#1208023) * A FIPS self-test prevented libreswan from properly starting in FIPS mode. This bug has been fixed and libreswan now works in FIPS mode as expected. (BZ#1211146) In addition, this update adds the following enhancements: * A new option "seedbits=" has been added to pre-seed the Network Security Services (NSS) pseudo random number generator (PRNG) function with entropy from the /dev/random file on startup. This option is disabled by default. It can be enabled by setting the "seedbits=" option in the "config setup" section in the /etc/ipsec.conf file. (BZ#1198649) * The build process now runs a Cryptographic Algorithm Validation Program (CAVP) certification test on the Internet Key Exchange version 1 and 2 (IKEv1 and IKEv2) PRF/PRF+ functions. (BZ#1213652) All libreswan users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2015:1185: nss security update (Moderate)oval-com.redhat.rhsa-def-20151185 mediumRHSA-2015:1185 CVE-2015-2721 CVE-2015-4000
RHSA-2015:1185: nss security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151185 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1185, CVE-2015-2721, CVE-2015-4000 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in NSS to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. The nss and nss-util packages have been upgraded to upstream versions 3.19.1. The upgraded versions provide a number of bug fixes and enhancements over the previous versions. Users of nss and nss-util are advised to upgrade to these updated packages, which fix these security flaws, bugs, and add these enhancements. |
RHSA-2015:1189: kvm security update (Important)oval-com.redhat.rhsa-def-20151189 highRHSA-2015:1189 CVE-2015-3209
RHSA-2015:1189: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151189 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1189, CVE-2015-3209 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A flaw was found in the way QEMU's AMD PCnet Ethernet emulation handled multi-TMD packets with a length above 4096 bytes. A privileged guest user in a guest with an AMD PCNet ethernet card enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. (CVE-2015-3209) Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2015:1193: xerces-c security update (Moderate)oval-com.redhat.rhsa-def-20151193 mediumRHSA-2015:1193 CVE-2015-0252
RHSA-2015:1193: xerces-c security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151193 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1193, CVE-2015-0252 |
| Description | Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. (CVE-2015-0252) All xerces-c users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2015:1194: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20151194 mediumRHSA-2015:1194 CVE-2015-3165 CVE-2015-3166 CVE-2015-3167
RHSA-2015:1194: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151194 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1194, CVE-2015-3165, CVE-2015-3166, CVE-2015-3167 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). A double-free flaw was found in the connection handling. An unauthenticated attacker could exploit this flaw to crash the PostgreSQL back end by disconnecting at approximately the same time as the authentication time out is triggered. (CVE-2015-3165) It was discovered that PostgreSQL did not properly check the return values of certain standard library functions. If the system is in a state that would cause the standard library functions to fail, for example memory exhaustion, an authenticated user could exploit this flaw to disclose partial memory contents or cause the GSSAPI authentication to use an incorrect keytab file. (CVE-2015-3166) It was discovered that the pgcrypto module could return different error messages when decrypting certain data with an incorrect key. This can help an authenticated user to launch a possible cryptographic attack, although no suitable attack is currently known. (CVE-2015-3167) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Benkocs Norbert Attila as the original reporter of CVE-2015-3165 and Noah Misch as the original reporter of CVE-2015-3166 and CVE-2015-3167. All PostgreSQL users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2015:1197: openssl security update (Moderate)oval-com.redhat.rhsa-def-20151197 mediumRHSA-2015:1197 CVE-2015-1789 CVE-2015-1790 CVE-2015-4000
RHSA-2015:1197: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1197, CVE-2015-1789, CVE-2015-1790, CVE-2015-4000 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. An out-of-bounds read flaw was found in the X509_cmp_time() function of OpenSSL. A specially crafted X.509 certificate or a Certificate Revocation List (CRL) could possibly cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2015-1789) A NULL pointer dereference was found in the way OpenSSL handled certain PKCS#7 inputs. A specially crafted PKCS#7 input with missing EncryptedContent data could cause an application using OpenSSL to crash. (CVE-2015-1790) A flaw was found in the way the TLS protocol composes the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenSSL to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Future updates may raise this limit to 1024 bits. Red Hat would like to thank the OpenSSL project for reporting CVE-2015-1789 and CVE-2015-1790. Upstream acknowledges Robert Swiecki and Hanno Böck as the original reporters of CVE-2015-1789, and Michal Zalewski as the original reporter of CVE-2015-1790. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2015:1207: firefox security update (Critical)oval-com.redhat.rhsa-def-20151207 highRHSA-2015:1207 CVE-2015-2722 CVE-2015-2724 CVE-2015-2725 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2731 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743
RHSA-2015:1207: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151207 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1207, CVE-2015-2722, CVE-2015-2724, CVE-2015-2725, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741, CVE-2015-2743 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) It was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741) A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined with another vulnerability, it could allow execution of arbitrary code with the privileges of the user running Firefox. (CVE-2015-2743) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas Pehrson, Jann Horn, Paul Bandha, Holger Fuhrmannek, Herre, Looben Yan, Ronald Crane, and Jonas Jenwald as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:1210: abrt security update (Moderate)oval-com.redhat.rhsa-def-20151210 mediumRHSA-2015:1210 CVE-2015-1869 CVE-2015-1870 CVE-2015-3142 CVE-2015-3147 CVE-2015-3159 CVE-2015-3315
RHSA-2015:1210: abrt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151210 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1210, CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, CVE-2015-3159, CVE-2015-3315 |
| Description | ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. It was found that ABRT was vulnerable to multiple race condition and symbolic link flaws. A local attacker could use these flaws to potentially escalate their privileges on the system. (CVE-2015-3315) It was discovered that the kernel-invoked coredump processor provided by ABRT wrote core dumps to files owned by other system users. This could result in information disclosure if an application crashed while its current directory was a directory writable to by other users (such as /tmp). (CVE-2015-3142) It was discovered that the default event handling scripts installed by ABRT did not handle symbolic links correctly. A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-1869) It was found that the ABRT event scripts created a user-readable copy of an sosreport file in ABRT problem directories, and included excerpts of /var/log/messages selected by the user-controlled process name, leading to an information disclosure. (CVE-2015-1870) It was discovered that, when moving problem reports between certain directories, abrt-handle-upload did not verify that the new problem directory had appropriate permissions and did not contain symbolic links. An attacker able to create a crafted problem report could use this flaw to expose other parts of ABRT, or to overwrite arbitrary files on the system. (CVE-2015-3147) It was discovered that the abrt-action-install-debuginfo-to-abrt-cache helper program did not properly filter the process environment before invoking abrt-action-install-debuginfo. A local attacker could use this flaw to escalate their privileges on the system. (CVE-2015-3159) The CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, and CVE-2015-3159 issues were discovered by Florian Weimer of Red Hat Product Security. All users of abrt are advised to upgrade to these updated packages, which correct these issues. |
RHSA-2015:1218: php security update (Moderate)oval-com.redhat.rhsa-def-20151218 mediumRHSA-2015:1218 CVE-2014-9425 CVE-2014-9705 CVE-2014-9709 CVE-2015-0232 CVE-2015-0273 CVE-2015-2301 CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3411 CVE-2015-3412 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148 CVE-2015-4598 CVE-2015-4599 CVE-2015-4600 CVE-2015-4601 CVE-2015-4602 CVE-2015-4603 CVE-2015-4643
RHSA-2015:1218: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151218 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1218, CVE-2014-9425, CVE-2014-9705, CVE-2014-9709, CVE-2015-0232, CVE-2015-0273, CVE-2015-2301, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603, CVE-2015-4643 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. (CVE-2015-4024) An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application. (CVE-2015-0232) An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP's FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-4022) Multiple flaws were discovered in the way PHP performed object unserialization. Specially crafted input processed by the unserialize() function could cause a PHP application to crash or, possibly, execute arbitrary code. (CVE-2015-0273, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603) It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions. (CVE-2015-4026, CVE-2015-3411, CVE-2015-3412, CVE-2015-4598) Multiple flaws were found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened. (CVE-2015-2301, CVE-2015-2783, CVE-2015-3307, CVE-2015-3329, CVE-2015-4021) A heap buffer overflow flaw was found in the enchant_broker_request_dict() function of PHP's enchant extension. An attacker able to make a PHP application enchant dictionaries could possibly cause it to crash. (CVE-2014-9705) A buffer over-read flaw was found in the GD library used by the PHP gd extension. A specially crafted GIF file could cause a PHP application using the imagecreatefromgif() function to crash. (CVE-2014-9709) A double free flaw was found in zend_ts_hash_graceful_destroy() function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash. (CVE-2014-9425) All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect. |
RHSA-2015:1221: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151221 mediumRHSA-2015:1221 CVE-2011-5321 CVE-2015-1593 CVE-2015-2830 CVE-2015-2922 CVE-2015-3636
RHSA-2015:1221: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151221 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1221, CVE-2011-5321, CVE-2015-1593, CVE-2015-2830, CVE-2015-2922, CVE-2015-3636 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A NULL pointer dereference flaw was found in the way the Linux kernel's virtual console implementation handled reference counting when accessing pseudo-terminal device files (/dev/pts/*). A local, unprivileged attacker could use this flaw to crash the system. (CVE-2011-5321, Moderate) * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) * An integer overflow flaw was found in the way the Linux kernel randomized the stack for processes on certain 64-bit architecture systems, such as x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593, Low) * A flaw was found in the way the Linux kernel's 32-bit emulation implementation handled forking or closing of a task with an 'int80' entry. A local user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-2830, Low) * It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922, Low) These updated kernel packages also include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal: https://access.redhat.com/articles/1506133 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. |
RHSA-2015:1228: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20151228 highRHSA-2015:1228 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2659 CVE-2015-2808 CVE-2015-3149 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760
RHSA-2015:1228: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151228 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1228, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2659, CVE-2015-2808, CVE-2015-3149, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) It was discovered that the GCM (Galois Counter Mode) implementation in the Security component of OpenJDK failed to properly perform a null check. This could cause the Java Virtual Machine to crash when an application performed encryption using a block cipher in the GCM mode. (CVE-2015-2659) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Multiple insecure temporary file use issues were found in the way the Hotspot component in OpenJDK created performance statistics and error log files. A local attacker could possibly make a victim using OpenJDK overwrite arbitrary files using a symlink attack. Note: This issue was originally fixed as CVE-2015-0383, but the fix was regressed in the RHSA-2015:0809 advisory. (CVE-2015-3149) All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:1229: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20151229 highRHSA-2015:1229 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760
RHSA-2015:1229: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151229 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1229, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:1230: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20151230 highRHSA-2015:1230 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760
RHSA-2015:1230: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151230 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1230, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 SSL/TLS cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:1241: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20151241 highRHSA-2015:1241 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2659 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760
RHSA-2015:1241: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151241 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1241, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2659, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. Note: This update forces the TLS/SSL client implementation in Oracle JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 51 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:1242: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20151242 highRHSA-2015:1242 CVE-2015-2590 CVE-2015-2596 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4736 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760
RHSA-2015:1242: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151242 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1242, CVE-2015-2590, CVE-2015-2596, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2590, CVE-2015-2596, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. Note: This update forces the TLS/SSL client implementation in Oracle JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 85 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:1243: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20151243 highRHSA-2015:1243 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2627 CVE-2015-2628 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760
RHSA-2015:1243: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151243 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1243, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2627, CVE-2015-2628, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760) Note: With this update, Oracle JDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. Note: This update forces the TLS/SSL client implementation in Oracle JDK to reject DH key sizes below 768 bits to address the CVE-2015-4000 issue. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 101 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:1249: httpd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20151249 lowRHSA-2015:1249 CVE-2013-5704
RHSA-2015:1249: httpd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20151249 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:1249, CVE-2013-5704 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header restrictions defined with mod_headers. (CVE-2013-5704) This update also fixes the following bugs: * The order of mod_proxy workers was not checked when httpd configuration was reloaded. When mod_proxy workers were removed, added, or their order was changed, their parameters and scores could become mixed. The order of mod_proxy workers has been made internally consistent during configuration reload. (BZ#1149906) * The local host certificate created during firstboot contained CA extensions, which caused the httpd service to return warning messages. This has been addressed by local host certificates being generated with the "-extensions v3_req" option. (BZ#906476) * The default mod_ssl configuration no longer enables support for SSL cipher suites using the single DES, IDEA, or SEED encryption algorithms. (BZ#1086771) * The apachectl script did not take into account the HTTPD_LANG variable set in the /etc/sysconfig/httpd file during graceful restarts. Consequently, httpd did not use a changed value of HTTPD_LANG when the daemon was restarted gracefully. The script has been fixed to handle the HTTPD_LANG variable correctly. (BZ#963146) * The mod_deflate module failed to check the original file size while extracting files larger than 4 GB, making it impossible to extract large files. Now, mod_deflate checks the original file size properly according to RFC1952, and it is able to decompress files larger than 4 GB. (BZ#1057695) * The httpd service did not check configuration before restart. When a configuration contained an error, an attempt to restart httpd gracefully failed. Now, httpd checks configuration before restart and if the configuration is in an inconsistent state, an error message is printed, httpd is not stopped and a restart is not performed. (BZ#1146194) * The SSL_CLIENT_VERIFY environment variable was incorrectly handled when the "SSLVerifyClient optional_no_ca" and "SSLSessionCache" options were used. When an SSL session was resumed, the SSL_CLIENT_VERIFY value was set to "SUCCESS" instead of the previously set "GENEROUS". SSL_CLIENT_VERIFY is now correctly set to GENEROUS in this scenario. (BZ#1149703) * The ab utility did not correctly handle situations when an SSL connection was closed after some data had already been read. As a consequence, ab did not work correctly with SSL servers and printed "SSL read failed" error messages. With this update, ab works as expected with HTTPS servers. (BZ#1045477) * When a client presented a revoked certificate, log entries were created only at the debug level. The log level of messages regarding a revoked certificate has been increased to INFO, and administrators are now properly informed of this situation. (BZ#1161328) In addition, this update adds the following enhancement: * A mod_proxy worker can now be set into drain mode (N) using the balancer-manager web interface or using the httpd configuration file. A worker in drain mode accepts only existing sticky sessions destined for itself and ignores all other requests. The worker waits until all clients currently connected to this worker complete their work before the worker is stopped. As a result, drain mode enables to perform maintenance on a worker without affecting clients. (BZ#767130) Users of httpd are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. After installing the updated packages, the httpd service will be restarted automatically. |
RHSA-2015:1254: curl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151254 mediumRHSA-2015:1254 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148
RHSA-2015:1254: curl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151254 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1254, CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613) A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707) It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl to access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150) It was discovered that libcurl implemented aspects of the NTLM and Negotatiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specifc way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148) Red Hat would like to thank the cURL project for reporting these issues. Bug fixes: * An out-of-protocol fallback to SSL version 3.0 (SSLv3.0) was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSLv3.0 through the libcurl API. (BZ#1154059) * A single upload transfer through the FILE protocol opened the destination file twice. If the inotify kernel subsystem monitored the file, two events were produced unnecessarily. The file is now opened only once per upload. (BZ#883002) * Utilities using libcurl for SCP/SFTP transfers could terminate unexpectedly when the system was running in FIPS mode. (BZ#1008178) * Using the "--retry" option with the curl utility could cause curl to terminate unexpectedly with a segmentation fault. Now, adding "--retry" no longer causes curl to crash. (BZ#1009455) * The "curl --trace-time" command did not use the correct local time when printing timestamps. Now, "curl --trace-time" works as expected. (BZ#1120196) * The valgrind utility could report dynamically allocated memory leaks on curl exit. Now, curl performs a global shutdown of the NetScape Portable Runtime (NSPR) library on exit, and valgrind no longer reports the memory leaks. (BZ#1146528) * Previously, libcurl returned an incorrect value of the CURLINFO_HEADER_SIZE field when a proxy server appended its own headers to the HTTP response. Now, the returned value is valid. (BZ#1161163) Enhancements: * The "--tlsv1.0", "--tlsv1.1", and "--tlsv1.2" options are available for specifying the minor version of the TLS protocol to be negotiated by NSS. The "--tlsv1" option now negotiates the highest version of the TLS protocol supported by both the client and the server. (BZ#1012136) * It is now possible to explicitly enable or disable the ECC and the new AES cipher suites to be used for TLS. (BZ#1058767, BZ#1156422) All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2015:1272: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151272 mediumRHSA-2015:1272 CVE-2014-3184 CVE-2014-3940 CVE-2014-4652 CVE-2014-8133 CVE-2014-8709 CVE-2014-9683 CVE-2015-0239 CVE-2015-3339
RHSA-2015:1272: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151272 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1272, CVE-2014-3184, CVE-2014-3940, CVE-2014-4652, CVE-2014-8133, CVE-2014-8709, CVE-2014-9683, CVE-2015-0239, CVE-2015-3339 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate) * A buffer overflow flaw was found in the way the Linux kernel's eCryptfs implementation decoded encrypted file names. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-9683, Moderate) * A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-3339, Moderate) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * An information leak flaw was found in the way the Linux kernel's Advanced Linux Sound Architecture (ALSA) implementation handled access of the user control's state. A local, privileged user could use this flaw to leak kernel memory to user space. (CVE-2014-4652, Low) * It was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT (which espfix checks), and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8133, Low) * An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low) * It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. (CVE-2015-0239, Low) Red Hat would like to thank Andy Lutomirski for reporting the CVE-2014-8133 issue, and Nadav Amit for reporting the CVE-2015-0239 issue. This update fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 6.7 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information: https://access.redhat.com/articles/1466073 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2015:1287: freeradius security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151287 mediumRHSA-2015:1287 CVE-2014-2015
RHSA-2015:1287: freeradius security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151287 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1287, CVE-2014-2015 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.
A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap
module handled long password hashes. An attacker able to make radiusd
process a malformed password hash could cause the daemon to crash.
(CVE-2014-2015)
The freeradius packages have been upgraded to upstream version 2.2.6, which
provides a number of bug fixes and enhancements over the previous version,
including:
* The number of dictionaries have been updated.
* This update implements several Extensible Authentication Protocol
(EAP) improvements.
* A number of new expansions have been added, including: %{randstr:...},
%{hex:...}, %{sha1:...}, %{base64:...}, %{tobase64:...}, and
%{base64tohex:...}.
* Hexadecimal numbers (0x...) are now supported in %{expr:...} expansions.
* This update adds operator support to the rlm_python module.
* The Dynamic Host Configuration Protocol (DHCP) and DHCP relay code have
been finalized.
* This update adds the rlm_cache module to cache arbitrary attributes.
For a complete list of bug fixes and enhancements provided by this rebase,
see the freeradius changelog linked to in the References section.
(BZ#1078736)
This update also fixes the following bugs:
* The /var/log/radius/radutmp file was configured to rotate at one-month
intervals, even though this was unnecessary. This update removes
/var/log/radius/radutmp from the installed logrotate utility configuration
in the /etc/logrotate.d/radiusd file, and /var/log/radius/radutmp is no
longer rotated. (BZ#904578)
* The radiusd service could not write the output file created by the
raddebug utility. The raddebug utility now sets appropriate ownership to
the output file, allowing radiusd to write the output. (BZ#921563)
* After starting raddebug using the "raddebug -t 0" command, raddebug
exited immediately. A typo in the special case comparison has been fixed,
and raddebug now runs for 11.5 days in this situation. (BZ#921567)
* MS-CHAP authentication failed when the User-Name and MS-CHAP-User-Name
attributes used different encodings, even when the user provided correct
credentials. Now, MS-CHAP authentication properly handles mismatching
character encodings. Authentication with correct credentials no longer
fails in this situation. (BZ#1060319)
* Automatically generated default certificates used the SHA-1 algorithm
message digest, which is considered insecure. The default certificates now
use the more secure SHA-256 algorithm message digest. (BZ#1135439)
* During the Online Certificate Status Protocol (OCSP) validation, radiusd
terminated unexpectedly with a segmentation fault after attempting to
access the next update field that was not provided by the OCSP responder.
Now, radiusd does not crash in this situation and instead continues to
complete the OCSP validation. (BZ#1142669)
* Prior to this update, radiusd failed to work with some of the more recent
MikroTIK attributes, because the installed directory.mikrotik file did not
include them. This update adds MikroTIK attributes with IDs up to 22 to
dictionary.mikrotik, and radiusd now works as expected with these
attributes. (BZ#1173388)
Users of freeradius are advised to upgrade to these updated packages, which
correct these issues and add these enhancements. After installing this
update, the radiusd service will be restarted automatically.
|
RHSA-2015:1320: ppc64-diag security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151320 mediumRHSA-2015:1320 CVE-2014-4038 CVE-2014-4039
RHSA-2015:1320: ppc64-diag security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151320 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1320, CVE-2014-4038, CVE-2014-4039 |
| Description | The ppc64-diag packages provide diagnostic tools for Linux on the 64-bit PowerPC platforms. The platform diagnostics write events reported by the firmware to the service log, provide automated responses to urgent events, and notify system administrators or connected service frameworks about the reported events. Multiple insecure temporary file use flaws were found in the way the ppc64-diag utility created certain temporary files. A local attacker could possibly use either of these flaws to perform a symbolic link attack and overwrite arbitrary files with the privileges of the user running ppc64-diag, or obtain sensitive information from the temporary files. (CVE-2014-4038, CVE-2014-4039) The ppc64-diag packages have been upgraded to upstream version 2.6.7, which provides a number of bug fixes and enhancements over the previous version. (BZ#1148142) This update also fixes the following bugs: * Previously, the "explain_syslog" and "syslog_to_svclog" commands failed with a "No such file or directory" error message. With this update, the ppc64-diag package specifies the location of the message_catalog directory correctly, which prevents the described error from occurring. (BZ#1139655) * Prior to this update, the /var/lock/subsys/rtas_errd file was incorrectly labeled for SELinux as "system_u:object_r:var_lock_t:s0". This update corrects the SELinux label to "system_u:object_r:rtas_errd_var_lock_t:s0". (BZ#1131501) Users of ppc64-diag are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:1330: python security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151330 mediumRHSA-2015:1330 CVE-2013-1752 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185
RHSA-2015:1330: python security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151330 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1330, CVE-2013-1752, CVE-2014-1912, CVE-2014-4650, CVE-2014-7185 |
| Description | Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the socket.recvfrom_into() function failed to check the size of the supplied buffer. This could lead to a buffer overflow when the function was called with an insufficiently sized buffer. (CVE-2014-1912) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) These updated python packages also include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal: https://access.redhat.com/articles/1495363 All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. |
RHSA-2015:1344: autofs security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151344 mediumRHSA-2015:1344 CVE-2014-8169
RHSA-2015:1344: autofs security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151344 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1344, CVE-2014-8169 |
| Description | The autofs utility controls the operation of the automount daemon. The
daemon automatically mounts file systems when in use and unmounts them when
they are not busy.
It was found that program-based automounter maps that used interpreted
languages such as Python would use standard environment variables to locate
and load modules of those languages. A local attacker could potentially use
this flaw to escalate their privileges on the system. (CVE-2014-8169)
Note: This issue has been fixed by adding the "AUTOFS_" prefix to the
affected environment variables so that they are not used to subvert the
system. A configuration option ("force_standard_program_map_env") to
override this prefix and to use the environment variables without the
prefix has been added. In addition, warnings have been added to the manual
page and to the installed configuration file. Now, by default the standard
variables of the program map are provided only with the prefix added to
its name.
Red Hat would like to thank the Georgia Institute of Technology for
reporting this issue.
Bug fixes:
* If the "ls *" command was executed before a valid mount, the autofs
program failed on further mount attempts inside the mount point, whether
the mount point was valid or not. While attempting to mount, the "ls *"
command of the root directory of an indirect mount was executed, which
led to an attempt to mount "*", causing it to be added to the negative
map entry cache. This bug has been fixed by checking for and not adding
"*" while updating the negative map entry cache. (BZ#1163957)
* The autofs program by design did not mount host map entries that were
duplicate exports in an NFS server export list. The duplicate entries in a
multi-mount map entry were recognized as a syntax error and autofs refused
to perform mounts when the duplicate entries occurred. Now, autofs has been
changed to continue mounting the last seen instance of the duplicate entry
rather than fail, and to report the problem in the log files to alert the
system administrator. (BZ#1124083)
* The autofs program did not recognize the yp map type in the master map.
This was caused by another change in the master map parser to fix a problem
with detecting the map format associated with mapping the type in the
master map. The change led to an incorrect length for the type comparison
of yp maps that resulted in a match operation failure. This bug has been
fixed by correcting the length which is used for the comparison.
(BZ#1153130)
* The autofs program did not update the export list of the Sun-format maps
of the network shares exported from an NFS server. This happened due to a
change of the Sun-format map parser leading to the hosts map update to stop
working on the map re-read operation. The bug has been now fixed by
selectively preventing this type of update only for the Sun-formatted maps.
The updates of the export list on the Sun-format maps are now visible and
refreshing of the export list is no longer supported for the Sun-formatted
hosts map. (BZ#1156387)
* Within changes made for adding of the Sun-format maps, an incorrect check
was added that caused a segmentation fault in the Sun-format map parser in
certain circumstances. This has been now fixed by analyzing the intent of
the incorrect check and changing it in order to properly identify the
conditions without causing a fault. (BZ#1175671)
* A bug in the autofs program map lookup module caused an incorrect map
format type comparison. The incorrect comparison affected the Sun-format
program maps where it led to the unused macro definitions. The bug in the
comparison has been fixed so that the macro definitions are not present for
the Sun-format program maps. (BZ#1201195)
Users of autofs are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.
|
RHSA-2015:1347: pki-core security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151347 mediumRHSA-2015:1347 CVE-2012-2662
RHSA-2015:1347: pki-core security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151347 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1347, CVE-2012-2662 |
| Description | Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem. Multiple cross-site scripting flaws were discovered in the Red Hat Certificate System Agent and End Entity pages. An attacker could use these flaws to perform a cross-site scripting (XSS) attack against victims using the Certificate System's web interface. (CVE-2012-2662) This update also fixes the following bugs: * Previously, pki-core required the SSL version 3 (SSLv3) protocol ranges to communicate with the 389-ds-base packages. However, recent changes to 389-ds-base disabled the default use of SSLv3 and enforced using protocol ranges supported by secure protocols, such as the TLS protocol. As a consequence, the CA failed to install during an Identity Management (IdM) server installation. This update adds TLS-related parameters to the server.xml file of the CA to fix this problem, and running the ipa-server-install command now installs the CA as expected. (BZ#1171848) * Previously, the ipa-server-install script failed when attempting to configure a stand-alone CA on systems with OpenJDK version 1.8.0 installed. The pki-core build and runtime dependencies have been modified to use OpenJDK version 1.7.0 during the stand-alone CA configuration. As a result, ipa-server-install no longer fails in this situation. (BZ#1212557) * Creating a Red Hat Enterprise Linux 7 replica from a Red Hat Enterprise Linux 6 replica running the CA service sometimes failed in IdM deployments where the initial Red Hat Enterprise Linux 6 CA master had been removed. This could cause problems in some situations, such as when migrating from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7. The bug occurred due to a problem in a previous version of IdM where the subsystem user, created during the initial CA server installation, was removed together with the initial master. This update adds the restore-subsystem-user.py script that restores the subsystem user in the described situation, thus enabling administrators to create a Red Hat Enterprise Linux 7 replica in this scenario. (BZ#1225589) * Several Java import statements specify wildcard arguments. However, due to the use of wildcard arguments in the import statements of the source code contained in the Red Hat Enterprise Linux 6 maintenance branch, a name space collision created the potential for an incorrect class to be utilized. As a consequence, the Token Processing System (TPS) rebuild test failed with an error message. This update addresses the bug by supplying the fully named class in all of the affected areas, and the TPS rebuild test no longer fails. (BZ#1144188) * Previously, pki-core failed to build with the rebased version of the CMake build system during the TPS rebuild test. The pki-core build files have been updated to comply with the rebased version of CMake. As a result, pki-core builds successfully in the described scenario. (BZ#1144608) Users of pki-core are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1378: hivex security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151378 mediumRHSA-2015:1378 CVE-2014-9273
RHSA-2015:1378: hivex security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151378 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1378, CVE-2014-9273 |
| Description | Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk. It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application. (CVE-2014-9273) Red Hat would like to thank Mahmoud Al-Qudsi of NeoSmart Technologies for reporting this issue. This update also fixes the following bug: * The hivex(3) man page previously contained a typographical error. This update fixes the typo. (BZ#1164693) All hivex users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1385: net-snmp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151385 mediumRHSA-2015:1385 CVE-2014-3565
RHSA-2015:1385: net-snmp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151385 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1385, CVE-2014-3565 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash. (CVE-2014-3565) This update also fixes the following bugs: * The HOST-RESOURCES-MIB::hrSystemProcesses object was not implemented because parts of the HOST-RESOURCES-MIB module were rewritten in an earlier version of net-snmp. Consequently, HOST-RESOURCES-MIB::hrSystemProcesses did not provide information on the number of currently loaded or running processes. With this update, HOST-RESOURCES-MIB::hrSystemProcesses has been implemented, and the net-snmp daemon reports as expected. (BZ#1134335) * The Net-SNMP agent daemon, snmpd, reloaded the system ARP table every 60 seconds. As a consequence, snmpd could cause a short CPU usage spike on busy systems with a large APR table. With this update, snmpd does not reload the full ARP table periodically, but monitors the table changes using a netlink socket. (BZ#789500) * Previously, snmpd used an invalid pointer to the current time when periodically checking certain conditions specified by the "monitor" option in the /etc/snmpd/snmpd.conf file. Consequently, snmpd terminated unexpectedly on start with a segmentation fault if a certain entry with the "monitor" option was used. Now, snmpd initializes the correct pointer to the current time, and snmpd no longer crashes on start. (BZ#1050970) * Previously, snmpd expected 8-bit network interface indices when processing HOST-RESOURCES-MIB::hrDeviceTable. If an interface index of a local network interface was larger than 30,000 items, snmpd could terminate unexpectedly due to accessing invalid memory. Now, processing of all network sizes is enabled, and snmpd no longer crashes in the described situation. (BZ#1195547) * The snmpdtrapd service incorrectly checked for errors when forwarding a trap with a RequestID value of 0, and logged "Forward failed" even though the trap was successfully forwarded. This update fixes snmptrapd checks and the aforementioned message is now logged only when appropriate. (BZ#1146948) * Previously, snmpd ignored the value of the "storageUseNFS" option in the /etc/snmpd/snmpd.conf file. As a consequence, NFS drivers were shown as "Network Disks", even though "storageUseNFS" was set to "2" to report them as "Fixed Disks" in HOST-RESOURCES-MIB::hrStorageTable. With this update, snmpd takes the "storageUseNFS" option value into account, and "Fixed Disks" NFS drives are reported correctly. (BZ#1125793) * Previously, the Net-SNMP python binding used an incorrect size (8 bytes instead of 4) for variables of IPADDRESS type. Consequently, applications that were using Net-SNMP Python bindings could send malformed SNMP messages. With this update, the bindings now use 4 bytes for variables with IPADRESS type, and only valid SNMP messages are sent. (BZ#1100099) * Previously, the snmpd service did not cut values in HOST-RESOURCES-MIB::hrStorageTable to signed 32-bit integers, as required by SNMP standards, and provided the values as unsigned integers. As a consequence, the HOST-RESOURCES-MIB::hrStorageTable implementation did not conform to RFC 2790. The values are now cut to 32-bit signed integers, and snmpd is therefore standard compliant. (BZ#1104293) Users of net-snmp are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1409: sudo security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151409 mediumRHSA-2015:1409 CVE-2014-9680
RHSA-2015:1409: sudo security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151409 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1409, CVE-2014-9680 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. (CVE-2014-9680) Note: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed. This update also fixes the following bugs: * Previously, the sudo utility child processes could sometimes become unresponsive because they ignored the SIGPIPE signal. With this update, SIGPIPE handler is properly restored in the function that reads passwords from the user, and the child processes no longer ignore SIGPIPE. As a result, sudo child processes do not hang in this situation. (BZ#1094548) * Prior to this update, the order in which sudo rules were processed did not honor the user-defined sudoOrder attribute. Consequently, sudo rules were processed in an undefined order even when the user defined the order in sudoOrder. The implementation of SSSD support in sudo has been modified to sort the rules according to the sudoOrder value, and sudo rules are now sorted in the order defined by the user in sudoOrder. (BZ#1138581) * Previously, sudo became unresponsive after the user issued a command when a sudoers source was mentioned multiple times in the /etc/nsswitch.conf file. The problem occurred when nsswitch.conf contained, for example, the "sudoers: files sss sss" entry. The sudoers source processing code has been fixed to correctly handle multiple instances of the same sudoers source. As a result, sudo no longer hangs when a sudoers source is mentioned multiple times in /etc/nsswitch.conf. (BZ#1147498) In addition, this update adds the following enhancement: * The sudo utility now supports I/O logs compressed using the zlib library. With this update, sudo can generate zlib compressed I/O logs and also process zlib compressed I/O logs generated by other versions of sudo with zlib support. (BZ#1106433) All sudo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. |
RHSA-2015:1417: mailman security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151417 mediumRHSA-2015:1417 CVE-2002-0389 CVE-2015-2775
RHSA-2015:1417: mailman security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151417 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1417, CVE-2002-0389, CVE-2015-2775 |
| Description | Mailman is a program used to help manage e-mail discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman. (CVE-2015-2775) It was found that mailman stored private email messages in a world-readable directory. A local user could use this flaw to read private mailing list archives. (CVE-2002-0389) This update also fixes the following bugs: * Previously, it was impossible to configure Mailman in a way that Domain-based Message Authentication, Reporting & Conformance (DMARC) would recognize Sender alignment for Domain Key Identified Mail (DKIM) signatures. Consequently, Mailman list subscribers that belonged to a mail server with a "reject" policy for DMARC, such as yahoo.com or AOL.com, were unable to receive Mailman forwarded messages from senders residing in any domain that provided DKIM signatures. With this update, domains with a "reject" DMARC policy are recognized correctly, and Mailman list administrators are able to configure the way these messages are handled. As a result, after a proper configuration, subscribers now correctly receive Mailman forwarded messages in this scenario. (BZ#1095359) * Mailman used a console encoding when generating a subject for a "welcome email" when new mailing lists were created by the "newlist" command. Consequently, when the console encoding did not match the encoding used by Mailman for that particular language, characters in the "welcome email" could be displayed incorrectly. Mailman has been fixed to use the correct encoding, and characters in the "welcome email" are now displayed properly. (BZ#1056366) * The "rmlist" command used a hardcoded path to list data based on the VAR_PREFIX configuration variable. As a consequence, when the list was created outside of VAR_PREFIX, it was impossible to remove it using the "rmlist" command. With this update, the "rmlist" command uses the correct LIST_DATA_DIR value instead of VAR_PREFIX, and it is now possible to remove the list in described situation. (BZ#1008139) * Due to an incompatibility between Python and Mailman in Red Hat Enterprise Linux 6, when moderators were approving a moderated message to a mailing list and checked the "Preserve messages for the site administrator" checkbox, Mailman failed to approve the message and returned an error. This incompatibility has been fixed, and Mailman now approves messages as expected in this scenario. (BZ#765807) * When Mailman was set to not archive a list but the archive was not set to private, attachments sent to that list were placed in a public archive. Consequently, users of Mailman web interface could list private attachments because httpd configuration of public archive directory allows listing all files in the archive directory. The httpd configuration of Mailman has been fixed to not allow listing of private archive directory, and users of Mailman web interface are no longer able to list private attachments. (BZ#745409) Users of mailman are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1419: libxml2 security and bug fix update (Low)oval-com.redhat.rhsa-def-20151419 lowRHSA-2015:1419 CVE-2015-1819
RHSA-2015:1419: libxml2 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20151419 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:1419, CVE-2015-1819 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory. (CVE-2015-1819) This issue was discovered by Florian Weimer of Red Hat Product Security. This update also fixes the following bug: This update fixes an error that occurred when running a test case for the serialization of HTML documents. (BZ#1004513) Users of libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2015:1424: pacemaker security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151424 mediumRHSA-2015:1424 CVE-2015-1867
RHSA-2015:1424: pacemaker security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151424 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1424, CVE-2015-1867 |
| Description | The Pacemaker Resource Manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well. (CVE-2015-1867) This update also fixes the following bugs: * Due to a race condition, nodes that gracefully shut down occasionally had difficulty rejoining the cluster. As a consequence, nodes could come online and be shut down again immediately by the cluster. This bug has been fixed, and the "shutdown" attribute is now cleared properly. (BZ#1198638) * Prior to this update, the pacemaker utility caused an unexpected termination of the attrd daemon after a system update to Red Hat Enterprise Linux 6.6. The bug has been fixed so that attrd no longer crashes when pacemaker starts. (BZ#1205292) * Previously, the access control list (ACL) of the pacemaker utility allowed a role assignment to the Cluster Information Base (CIB) with a read-only permission. With this update, ACL is enforced and can no longer be bypassed by the user without the write permission, thus fixing this bug. (BZ#1207621) * Prior to this update, the ClusterMon (crm_mon) utility did not trigger an external agent script with the "-E" parameter to monitor the Cluster Information Base (CIB) when the pacemaker utility was used. A patch has been provided to fix this bug, and crm_mon now calls the agent script when the "-E" parameter is used. (BZ#1208896) Users of pacemaker are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1439: wpa_supplicant security and enhancement update (Low)oval-com.redhat.rhsa-def-20151439 lowRHSA-2015:1439 CVE-2015-4142
RHSA-2015:1439: wpa_supplicant security and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20151439 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:1439, CVE-2015-4142 |
| Description | The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. An integer underflow flaw, leading to a buffer over-read, was found in the way wpa_supplicant handled WMM Action frames. A specially crafted frame could possibly allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash. (CVE-2015-4142) This update includes the following enhancement: * Prior to this update, wpa_supplicant did not provide a way to require the host name to be listed in an X.509 certificate's Common Name or Subject Alternative Name, and only allowed host name suffix or subject substring checks. This update introduces a new configuration directive, 'domain_match', which adds a full host name check. (BZ#1186806) All wpa_supplicant users are advised to upgrade to this updated package, which contains a backported patch to correct this issue and adds this enhancement. After installing this update, the wpa_supplicant service will be restarted automatically. |
RHSA-2015:1443: bind security update (Important)oval-com.redhat.rhsa-def-20151443 highRHSA-2015:1443 CVE-2015-4620
RHSA-2015:1443: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151443 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1443, CVE-2015-4620 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:1447: grep security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20151447 lowRHSA-2015:1447 CVE-2012-5667 CVE-2015-1345
RHSA-2015:1447: grep security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20151447 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:1447, CVE-2012-5667, CVE-2015-1345 |
| Description | The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way grep parsed large lines of data. An attacker able to trick a user into running grep on a specially crafted data file could use this flaw to crash grep or, potentially, execute arbitrary code with the privileges of the user running grep. (CVE-2012-5667) A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) The grep packages have been upgraded to upstream version 2.20, which provides a number of bug fixes and enhancements over the previous version. Notably, the speed of various operations has been improved significantly. Now, the recursive grep utility uses the fts function of the gnulib library for directory traversal, so that it can handle much larger directories without reporting the "File name too long" error message, and it can operate faster when dealing with large directory hierarchies. (BZ#982215, BZ#1064668, BZ#1126757, BZ#1167766, BZ#1171806) This update also fixes the following bugs: * Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class. Consequently, regular expressions that used \w and \W in some cases had incorrect results. An upstream patch which fixes the matching problem has been applied, and \w is now matched to the [_[:alnum:]] character and \W to the [^_[:alnum:]] character consistently. (BZ#799863) * Previously, the "--fixed-regexp" command-line option was not included in the grep(1) manual page. Consequently, the manual page was inconsistent with the built-in help of the grep utility. To fix this bug, grep(1) has been updated to include a note informing the user that "--fixed-regexp" is an obsolete option. Now, the built-in help and manual page are consistent regarding the "--fixed-regexp" option. (BZ#1103270) * Previously, the Perl Compatible Regular Expression (PCRE) library did not work correctly when matching non-UTF-8 text in UTF-8 mode. Consequently, an error message about invalid UTF-8 byte sequence characters was returned. To fix this bug, patches from upstream have been applied to the PCRE library and the grep utility. As a result, PCRE now skips non-UTF-8 characters as non-matching text without returning any error message. (BZ#1193030) All grep users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:1455: thunderbird security update (Important)oval-com.redhat.rhsa-def-20151455 highRHSA-2015:1455 CVE-2015-2724 CVE-2015-2725 CVE-2015-2731 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741
RHSA-2015:1455: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151455 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1455, CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740, CVE-2015-2741 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2731, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) It was found that Thunderbird skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message as JavaScript is disabled by default for mail messages. They could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew McCreight, Herre, Ronald Crane, and David Keeler as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 31.8. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 31.8, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2015:1457: gnutls security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151457 mediumRHSA-2015:1457 CVE-2014-8155 CVE-2015-0282 CVE-2015-0294
RHSA-2015:1457: gnutls security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151457 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1457, CVE-2014-8155, CVE-2015-0282, CVE-2015-0294 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). It was found that GnuTLS did not check activation and expiration dates of CA certificates. This could cause an application using GnuTLS to incorrectly accept a certificate as valid when its issuing CA is already expired. (CVE-2014-8155) It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate. An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed hashing algorithm during certificate verification. (CVE-2015-0282) It was discovered that GnuTLS did not check if all sections of X.509 certificates indicate the same signature algorithm. This flaw, in combination with a different flaw, could possibly lead to a bypass of the certificate signature check. (CVE-2015-0294) The CVE-2014-8155 issue was discovered by Marcel Kolaja of Red Hat. The CVE-2015-0282 and CVE-2015-0294 issues were discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team. This update also fixes the following bug: * Previously, under certain circumstances, the certtool utility could generate X.509 certificates which contained a negative modulus. Consequently, such certificates could have interoperation problems with the software using them. The bug has been fixed, and certtool no longer generates X.509 certificates containing a negative modulus. (BZ#1036385) Users of gnutls are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1458: libreoffice security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151458 mediumRHSA-2015:1458 CVE-2015-1774
RHSA-2015:1458: libreoffice security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151458 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1458, CVE-2015-1774 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. A flaw was found in the way the LibreOffice HWP (Hangul Word Processor) file filter processed certain HWP documents. An attacker able to trick a user into opening a specially crafted HWP document could possibly use this flaw to execute arbitrary code with the privileges of the user opening that document. (CVE-2015-1774) The libreoffice packages have been upgraded to upstream version 4.2.8.2, which provides a number of bug fixes and enhancements over the previous version, including: * OpenXML interoperability has been improved. * This update adds additional statistics functions to the Calc application, thus improving interoperability with Microsoft Excel and its "Analysis ToolPak" add-in. * Various performance improvements have been implemented in Calc. * This update adds new import filters for importing files from the Appple Keynote and Abiword applications. * The export filter for the MathML markup language has been improved. * This update adds a new start screen that includes thumbnails of recently opened documents. * A visual clue is now displayed in the Slide Sorter window for slides with transitions or animations. * This update improves trend lines in charts. * LibreOffice now supports BCP 47 language tags. For a complete list of bug fixes and enhancements provided by this rebase, see the libreoffice change log linked from the References section. (BZ#1150048) Users of libreoffice are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:1459: ntp security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151459 mediumRHSA-2015:1459 CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405
RHSA-2015:1459: ntp security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1459, CVE-2014-9297, CVE-2014-9298, CVE-2014-9750, CVE-2014-9751, CVE-2015-1798, CVE-2015-1799, CVE-2015-3405 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. (CVE-2014-9298) A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799) A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405) A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash. (CVE-2014-9297) It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key. (CVE-2015-1798) The CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvár of Red Hat. Bug fixes: * The ntpd daemon truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. The maximum length of keys has now been changed to 32 bytes. (BZ#1053551) * The ntp-keygen utility used the exponent of 3 when generating RSA keys, and generating RSA keys failed when FIPS mode was enabled. ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1184421) * The ntpd daemon included a root delay when calculating its root dispersion. Consequently, the NTP server reported larger root dispersion than it should have and clients could reject the source when its distance reached the maximum synchronization distance (1.5 seconds by default). Calculation of root dispersion has been fixed, the root dispersion is now reported correctly, and clients no longer reject the server due to a large synchronization distance. (BZ#1045376) * The ntpd daemon dropped incoming NTP packets if their source port was lower than 123 (the NTP port). Clients behind Network Address Translation (NAT) were unable to synchronize with the server if their source port was translated to ports below 123. With this update, ntpd no longer checks the source port number. (BZ#1171630) Enhancements: * This update introduces configurable access of memory segments used for Shared Memory Driver (SHM) reference clocks. Previously, only the first two memory segments were created with owner-only access, allowing just two SHM reference clocks to be used securely on a system. Now, the owner-only access to SHM is configurable with the "mode" option, and it is therefore possible to use more SHM reference clocks securely. (BZ#1122015) * Support for nanosecond resolution has been added to the SHM reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock (for example, with the timemaster service from the linuxptp package), the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now enables sub-microsecond synchronization of the system clock. (BZ#1117704) |
RHSA-2015:1460: wireshark security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151460 mediumRHSA-2015:1460 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 CVE-2015-0562 CVE-2015-0564 CVE-2015-2189 CVE-2015-2191
RHSA-2015:1460: wireshark security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151460 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1460, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191 |
| Description | Wireshark, previously known as Ethereal, is a network protocol analyzer, which is used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2014-8714, CVE-2014-8712, CVE-2014-8713, CVE-2014-8711, CVE-2014-8710, CVE-2015-0562, CVE-2015-0564, CVE-2015-2189, CVE-2015-2191) This update also fixes the following bugs: * Previously, the Wireshark tool did not support Advanced Encryption Standard Galois/Counter Mode (AES-GCM) cryptographic algorithm. As a consequence, AES-GCM was not decrypted. Support for AES-GCM has been added to Wireshark, and AES-GCM is now correctly decrypted. (BZ#1095065) * Previously, when installing the system using the kickstart method, a dependency on the shadow-utils packages was missing from the wireshark packages, which could cause the installation to fail with a "bad scriptlet" error message. With this update, shadow-utils are listed as required in the wireshark packages spec file, and kickstart installation no longer fails. (BZ#1121275) * Prior to this update, the Wireshark tool could not decode types of elliptic curves in Datagram Transport Layer Security (DTLS) Client Hello. Consequently, Wireshark incorrectly displayed elliptic curves types as data. A patch has been applied to address this bug, and Wireshark now decodes elliptic curves types properly. (BZ#1131203) * Previously, a dependency on the gtk2 packages was missing from the wireshark packages. As a consequence, the Wireshark tool failed to start under certain circumstances due to an unresolved symbol, "gtk_combo_box_text_new_with_entry", which was added in gtk version 2.24. With this update, a dependency on gtk2 has been added, and Wireshark now always starts as expected. (BZ#1160388) In addition, this update adds the following enhancements: * With this update, the Wireshark tool supports process substitution, which feeds the output of a process (or processes) into the standard input of another process using the "<(command_list)" syntax. When using process substitution with large files as input, Wireshark failed to decode such input. (BZ#1104210) * Wireshark has been enhanced to enable capturing packets with nanosecond time stamp precision, which allows better analysis of recorded network traffic. (BZ#1146578) All wireshark users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2015:1462: ipa security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151462 mediumRHSA-2015:1462 CVE-2010-5312 CVE-2012-6662
RHSA-2015:1462: ipa security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151462 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1462, CVE-2010-5312, CVE-2012-6662 |
| Description | Two cross-site scripting (XSS) flaws were found in jQuery, which impacted the Identity Management web administrative interface, and could allow an authenticated user to inject arbitrary HTML or web script into the interface. (CVE-2010-5312, CVE-2012-6662) Note: The IdM version provided by this update no longer uses jQuery. Bug fixes: * The ipa-server-install, ipa-replica-install, and ipa-client-install utilities are not supported on machines running in FIPS-140 mode. Previously, IdM did not warn users about this. Now, IdM does not allow running the utilities in FIPS-140 mode, and displays an explanatory message. (BZ#1131571) * If an Active Directory (AD) server was specified or discovered automatically when running the ipa-client-install utility, the utility produced a traceback instead of informing the user that an IdM server is expected in this situation. Now, ipa-client-install detects the AD server and fails with an explanatory message. (BZ#1132261) * When IdM servers were configured to require the TLS protocol version 1.1 (TLSv1.1) or later in the httpd server, the ipa utility failed. With this update, running ipa works as expected with TLSv1.1 or later. (BZ#1154687) * In certain high-load environments, the Kerberos authentication step of the IdM client installer can fail. Previously, the entire client installation failed in this situation. This update modifies ipa-client-install to prefer the TCP protocol over the UDP protocol and to retry the authentication attempt in case of failure. (BZ#1161722) * If ipa-client-install updated or created the /etc/nsswitch.conf file, the sudo utility could terminate unexpectedly with a segmentation fault. Now, ipa-client-install puts a new line character at the end of nsswitch.conf if it modifies the last line of the file, fixing this bug. (BZ#1185207) * The ipa-client-automount utility failed with the "UNWILLING_TO_PERFORM" LDAP error when the nsslapd-minssf Red Hat Directory Server configuration parameter was set to "1". This update modifies ipa-client-automount to use encrypted connection for LDAP searches by default, and the utility now finishes successfully even with nsslapd-minssf specified. (BZ#1191040) * If installing an IdM server failed after the Certificate Authority (CA) installation, the "ipa-server-install --uninstall" command did not perform a proper cleanup. After the user issued "ipa-server-install --uninstall" and then attempted to install the server again, the installation failed. Now, "ipa-server-install --uninstall" removes the CA-related files in the described situation, and ipa-server-install no longer fails with the mentioned error message. (BZ#1198160) * Running ipa-client-install added the "sss" entry to the sudoers line in nsswitch.conf even if "sss" was already configured and the entry was present in the file. Duplicate "sss" then caused sudo to become unresponsive. Now, ipa-client-install no longer adds "sss" if it is already present in nsswitch.conf. (BZ#1198339) * After running ipa-client-install, it was not possible to log in using SSH under certain circumstances. Now, ipa-client-install no longer corrupts the sshd_config file, and the sshd service can start as expected, and logging in using SSH works in the described situation. (BZ#1201454) * An incorrect definition of the dc attribute in the /usr/share/ipa/05rfc2247.ldif file caused bogus error messages to be returned during migration. The attribute has been fixed, but the bug persists if the copy-schema-to-ca.py script was run on Red Hat Enterprise Linux 6.6 prior to running it on Red Hat Enterprise Linux 6.7. To work around this problem, manually copy /usr/share/ipa/schema/05rfc2247.ldif to /etc/dirsrv/slapd-PKI-IPA/schema/ and restart IdM. (BZ#1220788) All ipa users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1471: bind security update (Important)oval-com.redhat.rhsa-def-20151471 highRHSA-2015:1471 CVE-2015-4620
RHSA-2015:1471: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151471 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1471, CVE-2015-4620 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND performed DNSSEC validation. An attacker able to make BIND (functioning as a DNS resolver with DNSSEC validation enabled) resolve a name in an attacker-controlled domain could cause named to exit unexpectedly with an assertion failure. (CVE-2015-4620) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:1482: libuser security update (Important)oval-com.redhat.rhsa-def-20151482 highRHSA-2015:1482 CVE-2015-3245 CVE-2015-3246
RHSA-2015:1482: libuser security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151482 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1482, CVE-2015-3245, CVE-2015-3246 |
| Description | The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages. Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root. (CVE-2015-3245, CVE-2015-3246) Red Hat would like to thank Qualys for reporting these issues. All libuser users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:1483: libuser security update (Important)oval-com.redhat.rhsa-def-20151483 highRHSA-2015:1483 CVE-2015-3245 CVE-2015-3246
RHSA-2015:1483: libuser security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151483 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1483, CVE-2015-3245, CVE-2015-3246 |
| Description | The libuser library implements a standardized interface for manipulating and administering user and group accounts. Sample applications that are modeled after applications from the shadow password suite (shadow-utils) are included in these packages. Two flaws were found in the way the libuser library handled the /etc/passwd file. A local attacker could use an application compiled against libuser (for example, userhelper) to manipulate the /etc/passwd file, which could result in a denial of service or possibly allow the attacker to escalate their privileges to root. (CVE-2015-3245, CVE-2015-3246) Red Hat would like to thank Qualys for reporting these issues. All libuser users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:1507: qemu-kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20151507 highRHSA-2015:1507 CVE-2015-3214 CVE-2015-5154
RHSA-2015:1507: qemu-kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151507 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1507, CVE-2015-3214, CVE-2015-5154 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest. (CVE-2015-5154) An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. (CVE-2015-3214) Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue was discovered by Kevin Wolf of Red Hat. This update also fixes the following bug: * Due to an incorrect implementation of portable memory barriers, the QEMU emulator in some cases terminated unexpectedly when a virtual disk was under heavy I/O load. This update fixes the implementation in order to achieve correct synchronization between QEMU's threads. As a result, the described crash no longer occurs. (BZ#1233643) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2015:1510: clutter security update (Moderate)oval-com.redhat.rhsa-def-20151510 mediumRHSA-2015:1510 CVE-2015-3213
RHSA-2015:1510: clutter security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151510 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1510, CVE-2015-3213 |
| Description | Clutter is a library for creating fast, visually rich, graphical user interfaces. Clutter is used for rendering the GNOME desktop environment. A flaw was found in the way clutter processed certain mouse and touch gestures. An attacker could use this flaw to bypass the screen lock. (CVE-2015-3213) All clutter users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using clutter must be restarted for the update to take effect. |
RHSA-2015:1513: bind security update (Important)oval-com.redhat.rhsa-def-20151513 highRHSA-2015:1513 CVE-2015-5477
RHSA-2015:1513: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151513 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1513, CVE-2015-5477 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:1514: bind security update (Important)oval-com.redhat.rhsa-def-20151514 highRHSA-2015:1514 CVE-2015-5477
RHSA-2015:1514: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151514 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1514, CVE-2015-5477 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:1515: bind97 security update (Important)oval-com.redhat.rhsa-def-20151515 highRHSA-2015:1515 CVE-2015-5477
RHSA-2015:1515: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151515 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1515, CVE-2015-5477 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A flaw was found in the way BIND handled requests for TKEY DNS resource records. A remote attacker could use this flaw to make named (functioning as an authoritative DNS server or a DNS resolver) exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2015-5477) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jonathan Foote as the original reporter. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:1526: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20151526 highRHSA-2015:1526 CVE-2015-2590 CVE-2015-2601 CVE-2015-2621 CVE-2015-2625 CVE-2015-2628 CVE-2015-2632 CVE-2015-2808 CVE-2015-4000 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760
RHSA-2015:1526: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151526 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1526, CVE-2015-2590, CVE-2015-2601, CVE-2015-2621, CVE-2015-2625, CVE-2015-2628, CVE-2015-2632, CVE-2015-2808, CVE-2015-4000, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the 2D, CORBA, JMX, Libraries and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. (CVE-2015-4760, CVE-2015-2628, CVE-2015-4731, CVE-2015-2590, CVE-2015-4732, CVE-2015-4733) A flaw was found in the way the Libraries component of OpenJDK verified Online Certificate Status Protocol (OCSP) responses. An OCSP response with no nextUpdate date specified was incorrectly handled as having unlimited validity, possibly causing a revoked X.509 certificate to be interpreted as valid. (CVE-2015-4748) It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons. (CVE-2015-2601) A flaw was found in the RC4 encryption algorithm. When using certain keys for RC4 encryption, an attacker could obtain portions of the plain text from the cipher text without the knowledge of the encryption key. (CVE-2015-2808) Note: With this update, OpenJDK now disables RC4 TLS/SSL cipher suites by default to address the CVE-2015-2808 issue. Refer to Red Hat Bugzilla bug 1207101, linked to in the References section, for additional details about this change. A flaw was found in the way the TLS protocol composed the Diffie-Hellman (DH) key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them to decrypt all traffic. (CVE-2015-4000) Note: This update forces the TLS/SSL client implementation in OpenJDK to reject DH key sizes below 768 bits, which prevents sessions to be downgraded to export-grade keys. Refer to Red Hat Bugzilla bug 1223211, linked to in the References section, for additional details about this change. It was discovered that the JNDI component in OpenJDK did not handle DNS resolutions correctly. An attacker able to trigger such DNS errors could cause a Java application using JNDI to consume memory and CPU time, and possibly block further DNS resolution. (CVE-2015-4749) Multiple information leak flaws were found in the JMX and 2D components in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2015-2621, CVE-2015-2632) A flaw was found in the way the JSSE component in OpenJDK performed X.509 certificate identity verification when establishing a TLS/SSL connection to a host identified by an IP address. In certain cases, the certificate was accepted as valid if it was issued for a host name to which the IP address resolves rather than for the IP address. (CVE-2015-2625) All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:1534: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20151534 mediumRHSA-2015:1534 CVE-2014-9715 CVE-2015-2666 CVE-2015-2922 CVE-2015-3636
RHSA-2015:1534: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151534 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1534, CVE-2014-9715, CVE-2015-2666, CVE-2015-2922, CVE-2015-3636 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel's netfilter connection tracking implementation loaded extensions. An attacker on a local network could potentially send a sequence of specially crafted packets that would initiate the loading of a large number of extensions, causing the targeted system in that network to crash. (CVE-2014-9715, Moderate) * A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place. (CVE-2015-2666, Moderate) * It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system. (CVE-2015-3636, Moderate) * It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets. (CVE-2015-2922, Low) Red Hat would like to thank Nathan Hoad for reporting the CVE-2014-9715 issue. This update also fixes several bugs. Refer to the following Knowledgebase article for further information: https://access.redhat.com/articles/1474193 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:1565: kernel-rt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151565 mediumRHSA-2015:1565 CVE-2014-9715 CVE-2015-2666 CVE-2015-2922 CVE-2015-3636
RHSA-2015:1565: kernel-rt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151565 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1565, CVE-2014-9715, CVE-2015-2666, CVE-2015-2922, CVE-2015-3636 |
| Description | The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.
* An integer overflow flaw was found in the way the Linux kernel's
netfilter connection tracking implementation loaded extensions. An attacker
on a local network could potentially send a sequence of specially crafted
packets that would initiate the loading of a large number of extensions,
causing the targeted system in that network to crash. (CVE-2014-9715,
Moderate)
* A stack-based buffer overflow flaw was found in the Linux kernel's early
load microcode functionality. On a system with UEFI Secure Boot enabled, a
local, privileged user could use this flaw to increase their privileges to
the kernel (ring0) level, bypassing intended restrictions in place.
(CVE-2015-2666, Moderate)
* It was found that the Linux kernel's ping socket implementation did not
properly handle socket unhashing during spurious disconnects, which could
lead to a use-after-free flaw. On x86-64 architecture systems, a local user
able to create ping sockets could use this flaw to crash the system.
On non-x86-64 architecture systems, a local user able to create ping
sockets could use this flaw to escalate their privileges on the system.
(CVE-2015-3636, Moderate)
* It was found that the Linux kernel's TCP/IP protocol suite implementation
for IPv6 allowed the Hop Limit value to be set to a smaller value than the
default one. An attacker on a local network could use this flaw to prevent
systems on that network from sending or receiving network packets.
(CVE-2015-2922, Low)
Red Hat would like to thank Nathan Hoad for reporting the CVE-2014-9715
issue.
The kernel-rt packages have been upgraded to version 3.10.0-229.11.1, which
provides a number of bug fixes and enhancements over the previous version,
including:
* drbg: Add stdrng alias and increase priority
* seqiv / eseqiv / chainiv: Move IV seeding into init function
* ipv4: kABI fix for 0bbf87d backport
* ipv4: Convert ipv4.ip_local_port_range to be per netns
* libceph: tcp_nodelay support
* ipr: Increase default adapter init stage change timeout
* fix use-after-free bug in usb_hcd_unlink_urb()
* libceph: fix double __remove_osd() problem
* ext4: fix data corruption caused by unwritten and delayed extents
* sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT
* nfs: Fixing lease renewal (Benjamin Coddington)
* control hard lockup detection default
* Fix print-once on enable
* watchdog: update watchdog_thresh properly and watchdog attributes
atomically
* module: Call module notifier on failure after complete_formation()
(BZ#1234470)
This update also fixes the following bugs:
* The megasas driver used the smp_processor_id() function within a
preemptible context, which caused warning messages to be returned to the
console. The function has been changed to raw_smp_processor_id() so that a
lock is held while getting the processor ID. As a result, correct
operations are now allowed without any console warnings being produced.
(BZ#1235304)
* In the NFSv4 file system, non-standard usage of the
write_seqcount_{begin,end}() functions were used, which caused the realtime
code to try to sleep while locks were held. As a consequence, the
"scheduling while atomic" error messages were returned. The underlying
source code has been modified to use the __write_seqcount_{begin,end}()
functions that do not hold any locks, allowing correct execution of
realtime. (BZ#1235301)
All kernel-rt users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements. The system must be
rebooted for this update to take effect.
|
RHSA-2015:1581: firefox security update (Important)oval-com.redhat.rhsa-def-20151581 highRHSA-2015:1581 CVE-2015-4495
RHSA-2015:1581: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151581 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1581, CVE-2015-4495 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox. (CVE-2015-4495) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.1.1 ESR, which corrects this issue. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:1586: firefox security update (Critical)oval-com.redhat.rhsa-def-20151586 highRHSA-2015:1586 CVE-2015-4473 CVE-2015-4475 CVE-2015-4478 CVE-2015-4479 CVE-2015-4480 CVE-2015-4484 CVE-2015-4485 CVE-2015-4486 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491 CVE-2015-4492 CVE-2015-4493
RHSA-2015:1586: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151586 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1586, CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4484, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491, CVE-2015-4492, CVE-2015-4493 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478, CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491, CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4492) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Aki Helin, André Bargull, Massimiliano Tomassoli, laf.intel, Massimiliano Tomassoli, Tyson Smith, Jukka Jylänki, Gustavo Grieco, Abhishek Arya, Ronald Crane, and Looben Yang as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:1623: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20151623 highRHSA-2015:1623 CVE-2015-5364 CVE-2015-5366
RHSA-2015:1623: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151623 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1623, CVE-2015-5364, CVE-2015-5366 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Two flaws were found in the way the Linux kernel's networking
implementation handled UDP packets with incorrect checksum values. A remote
attacker could potentially use these flaws to trigger an infinite loop in
the kernel, resulting in a denial of service on the system, or cause a
denial of service in applications using the edge triggered epoll
functionality. (CVE-2015-5364, CVE-2015-5366, Important)
This update also fixes the following bugs:
* When removing a directory, and a reference was held to that directory by
a reference to a negative child dentry, the directory dentry was previously
not killed. In addition, once the negative child dentry was killed, an
unlinked and unused dentry was present in the cache. As a consequence,
deadlock could be caused by forcing the dentry eviction while the file
system in question was frozen. With this update, all unused dentries are
unhashed and evicted just after a successful directory removal, which
avoids the deadlock, and the system no longer hangs in the aforementioned
scenario. (BZ#1243400)
* Due to the broken s_umount lock ordering, a race condition occurred when
an unlinked file was closed and the sync (or syncfs) utility was run at the
same time. As a consequence, deadlock occurred on a frozen file system
between sync and a process trying to unfreeze the file system. With this
update, sync (or syncfs) is skipped on a frozen file system, and deadlock
no longer occurs in the aforementioned situation. (BZ#1243404)
* Previously, in the scenario when a file was opened by file handle
(fhandle) with its dentry not present in dcache ("cold dcache") and then
making use of the unlink() and close() functions, the inode was not freed
upon the close() system call. As a consequence, the iput() final was
delayed indefinitely. A patch has been provided to fix this bug, and the
inode is now freed as expected. (BZ#1243406)
* Due to a corrupted Executable and Linkable Format (ELF) header in the
/proc/vmcore file, the kdump utility failed to provide any information.
The underlying source code has been patched, and kdump now provides
debuging information for kernel crashes as intended. (BZ#1245195)
* Previously, running the multipath request queue caused regressions in
cases where paths failed regularly under I/O load. This regression
manifested as I/O stalls that exceeded 300 seconds. This update reverts the
changes aimed to reduce running the multipath request queue resulting in
I/O completing in a timely manner. (BZ#1246095)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.
|
RHSA-2015:1627: glibc security update (Moderate)oval-com.redhat.rhsa-def-20151627 mediumRHSA-2015:1627 CVE-2013-7424
RHSA-2015:1627: glibc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151627 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1627, CVE-2013-7424 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. An invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support. (CVE-2013-7424) All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:1628: mysql55-mysql security update (Moderate)oval-com.redhat.rhsa-def-20151628 mediumRHSA-2015:1628 CVE-2014-6568 CVE-2015-0374 CVE-2015-0381 CVE-2015-0382 CVE-2015-0391 CVE-2015-0411 CVE-2015-0432 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 CVE-2015-4816 CVE-2015-4819 CVE-2015-4864 CVE-2015-4879
RHSA-2015:1628: mysql55-mysql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151628 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1628, CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757, CVE-2015-4816, CVE-2015-4819, CVE-2015-4864, CVE-2015-4879 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2014-6568, CVE-2015-0374, CVE-2015-0381, CVE-2015-0382, CVE-2015-0391, CVE-2015-0411, CVE-2015-0432, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MySQL to version 5.5.45. Refer to the MySQL Release Notes listed in the References section for a complete list of changes. All MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically. |
RHSA-2015:1633: subversion security update (Moderate)oval-com.redhat.rhsa-def-20151633 mediumRHSA-2015:1633 CVE-2015-0248 CVE-2015-0251 CVE-2015-3187
RHSA-2015:1633: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151633 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1633, CVE-2015-0248, CVE-2015-0251, CVE-2015-3187 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3187. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. |
RHSA-2015:1634: sqlite security update (Moderate)oval-com.redhat.rhsa-def-20151634 mediumRHSA-2015:1634 CVE-2015-3416
RHSA-2015:1634: sqlite security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151634 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1634, CVE-2015-3416 |
| Description | SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416) All sqlite users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2015:1635: sqlite security update (Moderate)oval-com.redhat.rhsa-def-20151635 mediumRHSA-2015:1635 CVE-2015-3414 CVE-2015-3415 CVE-2015-3416
RHSA-2015:1635: sqlite security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151635 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1635, CVE-2015-3414, CVE-2015-3415, CVE-2015-3416 |
| Description | SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A flaw was found in the way SQLite handled dequoting of collation-sequence names. A local attacker could submit a specially crafted COLLATE statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3414) It was found that SQLite's sqlite3VdbeExec() function did not properly implement comparison operators. A local attacker could submit a specially crafted CHECK statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3415) It was found that SQLite's sqlite3VXPrintf() function did not properly handle precision and width values during floating-point conversions. A local attacker could submit a specially crafted SELECT statement that would crash the SQLite process, or have other unspecified impacts. (CVE-2015-3416) All sqlite users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2015:1636: net-snmp security update (Moderate)oval-com.redhat.rhsa-def-20151636 mediumRHSA-2015:1636 CVE-2015-5621 CVE-2018-1000116
RHSA-2015:1636: net-snmp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151636 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1636, CVE-2015-5621, CVE-2018-1000116 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. It was discovered that the snmp_pdu_parse() function could leave incompletely parsed varBind variables in the list of variables. A remote, unauthenticated attacker could use this flaw to crash snmpd or, potentially, execute arbitrary code on the system with the privileges of the user running snmpd. (CVE-2015-5621) Red Hat would like to thank Qinghao Tang of QIHU 360 company, China for reporting this issue. All net-snmp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:1640: pam security update (Moderate)oval-com.redhat.rhsa-def-20151640 mediumRHSA-2015:1640 CVE-2015-3238
RHSA-2015:1640: pam security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151640 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1640, CVE-2015-3238 |
| Description | Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs to handle authentication. It was discovered that the _unix_run_helper_binary() function of PAM's unix_pam module could write to a blocking pipe, possibly causing the function to become unresponsive. An attacker able to supply large passwords to the unix_pam module could use this flaw to enumerate valid user accounts, or cause a denial of service on the system. (CVE-2015-3238) Red Hat would like to thank Sebastien Macke of Trustwave SpiderLabs for reporting this issue. All pam users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2015:1664: nss security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151664 mediumRHSA-2015:1664 CVE-2015-2721 CVE-2015-2730
RHSA-2015:1664: nss security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151664 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1664, CVE-2015-2721, CVE-2015-2730 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. (CVE-2015-2721) A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan as the original reporter of CVE-2015-2721, and Watson Ladd as the original reporter of CVE-2015-2730. The nss packages have been upgraded to upstream version 3.19.1, which provides a number of bug fixes and enhancements over the previous version. All nss users are advised to upgrade to these updated packages, which correct these issues. |
RHSA-2015:1665: mariadb security update (Moderate)oval-com.redhat.rhsa-def-20151665 mediumRHSA-2015:1665 CVE-2015-0433 CVE-2015-0441 CVE-2015-0499 CVE-2015-0501 CVE-2015-0505 CVE-2015-2568 CVE-2015-2571 CVE-2015-2573 CVE-2015-2582 CVE-2015-2620 CVE-2015-2643 CVE-2015-2648 CVE-2015-3152 CVE-2015-4737 CVE-2015-4752 CVE-2015-4757 CVE-2015-4864
RHSA-2015:1665: mariadb security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151665 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1665, CVE-2015-0433, CVE-2015-0441, CVE-2015-0499, CVE-2015-0501, CVE-2015-0505, CVE-2015-2568, CVE-2015-2571, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-3152, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757, CVE-2015-4864 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. It was found that the MySQL client library permitted but did not require a client to use SSL/TLS when establishing a secure connection to a MySQL server using the "--ssl" option. A man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server. (CVE-2015-3152) This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-0501, CVE-2015-2568, CVE-2015-0499, CVE-2015-2571, CVE-2015-0433, CVE-2015-0441, CVE-2015-0505, CVE-2015-2573, CVE-2015-2582, CVE-2015-2620, CVE-2015-2643, CVE-2015-2648, CVE-2015-4737, CVE-2015-4752, CVE-2015-4757) These updated packages upgrade MariaDB to version 5.5.44. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. All MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically. |
RHSA-2015:1667: httpd security update (Moderate)oval-com.redhat.rhsa-def-20151667 mediumRHSA-2015:1667 CVE-2015-3183 CVE-2015-3185
RHSA-2015:1667: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151667 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1667, CVE-2015-3183, CVE-2015-3185 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) It was discovered that in httpd 2.4, the internal API function ap_some_auth_required() could incorrectly indicate that a request was authenticated even when no authentication was used. An httpd module using this API function could consequently allow access that should have been denied. (CVE-2015-3185) All httpd users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd service will be restarted automatically. |
RHSA-2015:1668: httpd security update (Moderate)oval-com.redhat.rhsa-def-20151668 mediumRHSA-2015:1668 CVE-2015-3183
RHSA-2015:1668: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151668 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1668, CVE-2015-3183 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP request smuggling attacks. (CVE-2015-3183) All httpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd service will be restarted automatically. |
RHSA-2015:1682: thunderbird security update (Important)oval-com.redhat.rhsa-def-20151682 highRHSA-2015:1682 CVE-2015-4473 CVE-2015-4487 CVE-2015-4488 CVE-2015-4489 CVE-2015-4491
RHSA-2015:1682: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151682 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1682, CVE-2015-4473, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4491 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4473, CVE-2015-4491, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Gary Kwong, Christian Holler, Byron Campen, Gustavo Grieco, and Ronald Crane as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.2. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.2, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2015:1693: firefox security update (Critical)oval-com.redhat.rhsa-def-20151693 highRHSA-2015:1693 CVE-2015-4497 CVE-2015-4498
RHSA-2015:1693: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151693 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1693, CVE-2015-4497, CVE-2015-4498 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4497) A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user inso installing an add-on from a malicious source. (CVE-2015-4498) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jean-Max Reymond, Ucha Gobejishvili, and Bas Venis as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.2.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:1694: gdk-pixbuf2 security update (Moderate)oval-com.redhat.rhsa-def-20151694 mediumRHSA-2015:1694 CVE-2015-4491
RHSA-2015:1694: gdk-pixbuf2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151694 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1694, CVE-2015-4491 |
| Description | gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. An integer overflow, leading to a heap-based buffer overflow, was found in the way gdk-pixbuf, an image loading library for GNOME, scaled certain bitmap format images. An attacker could use a specially crafted BMP image file that, when processed by an application compiled against the gdk-pixbuf library, would cause that application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2015-4491) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gustavo Grieco as the original reporter. All gdk-pixbuf2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:1695: jakarta-taglibs-standard security update (Important)oval-com.redhat.rhsa-def-20151695 highRHSA-2015:1695 CVE-2015-0254
RHSA-2015:1695: jakarta-taglibs-standard security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151695 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1695, CVE-2015-0254 |
| Description | jakarta-taglibs-standard is the Java Standard Tag Library (JSTL). This library is used in conjunction with Tomcat and Java Server Pages (JSP). It was found that the Java Standard Tag Library (JSTL) allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution. (CVE-2015-0254) Note: jakarta-taglibs-standard users may need to take additional steps after applying this update. Detailed instructions on the additional steps can be found here: https://access.redhat.com/solutions/1584363 All jakarta-taglibs-standard users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:1699: nss-softokn security update (Moderate)oval-com.redhat.rhsa-def-20151699 mediumRHSA-2015:1699 CVE-2015-2730
RHSA-2015:1699: nss-softokn security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151699 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1699, CVE-2015-2730 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. (CVE-2015-2730) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Watson Ladd as the original reporter of this issue. All nss-softokn users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:1700: pcs security update (Important)oval-com.redhat.rhsa-def-20151700 highRHSA-2015:1700 CVE-2015-5189 CVE-2015-5190
RHSA-2015:1700: pcs security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151700 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1700, CVE-2015-5189, CVE-2015-5190 |
| Description | The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute arbitrary code with root privileges on the server hosting the web UI. (CVE-2015-5190) A race condition was found in the way the pcsd web UI backend performed authorization of user requests. An attacker could use this flaw to send a request that would be evaluated as originating from a different user, potentially allowing the attacker to perform actions with permissions of a more privileged user. (CVE-2015-5189) These issues were discovered by Tomáš Jelínek of Red Hat. All pcs users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1705: bind security update (Important)oval-com.redhat.rhsa-def-20151705 highRHSA-2015:1705 CVE-2015-5722
RHSA-2015:1705: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151705 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1705, CVE-2015-5722 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. (CVE-2015-5722) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:1706: bind security update (Important)oval-com.redhat.rhsa-def-20151706 highRHSA-2015:1706 CVE-2015-5722
RHSA-2015:1706: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151706 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1706, CVE-2015-5722 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. (CVE-2015-5722) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:1707: bind97 security update (Important)oval-com.redhat.rhsa-def-20151707 highRHSA-2015:1707 CVE-2015-5722
RHSA-2015:1707: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151707 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1707, CVE-2015-5722 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. (CVE-2015-5722) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Hanno Böck as the original reporter. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:1708: libXfont security update (Important)oval-com.redhat.rhsa-def-20151708 highRHSA-2015:1708 CVE-2015-1802 CVE-2015-1803 CVE-2015-1804
RHSA-2015:1708: libXfont security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151708 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1708, CVE-2015-1802, CVE-2015-1803, CVE-2015-1804 |
| Description | The libXfont package provides the X.Org libXfont runtime library. X.Org is an open source implementation of the X Window System. An integer overflow flaw was found in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1802) An integer truncation flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server or, potentially, execute arbitrary code with the privileges of the X.Org server. (CVE-2015-1804) A NULL pointer dereference flaw was discovered in the way libXfont processed certain Glyph Bitmap Distribution Format (BDF) fonts. A malicious, local user could use this flaw to crash the X.Org server. (CVE-2015-1803) All libXfont users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2015:1714: spice security update (Important)oval-com.redhat.rhsa-def-20151714 highRHSA-2015:1714 CVE-2015-3247
RHSA-2015:1714: spice security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151714 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1714, CVE-2015-3247 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-3247) This issue was discovered by Frediano Ziglio of Red Hat. All spice users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2015:1715: spice-server security update (Important)oval-com.redhat.rhsa-def-20151715 highRHSA-2015:1715 CVE-2015-3247
RHSA-2015:1715: spice-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151715 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1715, CVE-2015-3247 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-3247) This issue was discovered by Frediano Ziglio of Red Hat. All spice-server users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2015:1741: haproxy security update (Important)oval-com.redhat.rhsa-def-20151741 highRHSA-2015:1741 CVE-2015-3281
RHSA-2015:1741: haproxy security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151741 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1741, CVE-2015-3281 |
| Description | HAProxy provides high availability, load balancing, and proxying for TCP and HTTP-based applications. An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could possibly use this flaw to leak certain memory buffer contents from a past request or session. (CVE-2015-3281) All haproxy users are advised to upgrade to this updated package, which contains a backported patch to correct this issue. |
RHSA-2015:1742: subversion security update (Moderate)oval-com.redhat.rhsa-def-20151742 mediumRHSA-2015:1742 CVE-2015-0248 CVE-2015-0251 CVE-2015-3184 CVE-2015-3187
RHSA-2015:1742: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151742 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1742, CVE-2015-0248, CVE-2015-0251, CVE-2015-3184, CVE-2015-3187 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. The mod_dav_svn module is used with the Apache HTTP Server to allow access to Subversion repositories via HTTP. An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server (both svnserve and httpd with the mod_dav_svn module) to crash. (CVE-2015-0248) It was found that the mod_authz_svn module did not properly restrict anonymous access to Subversion repositories under certain configurations when used with Apache httpd 2.4.x. This could allow a user to anonymously access files in a Subversion repository, which should only be accessible to authenticated users. (CVE-2015-3184) It was found that the mod_dav_svn module did not properly validate the svn:author property of certain requests. An attacker able to create new revisions could use this flaw to spoof the svn:author property. (CVE-2015-0251) It was found that when an SVN server (both svnserve and httpd with the mod_dav_svn module) searched the history of a file or a directory, it would disclose its location in the repository if that file or directory was not readable (for example, if it had been moved). (CVE-2015-3187) Red Hat would like to thank the Apache Software Foundation for reporting these issues. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter of CVE-2015-0248 and CVE-2015-0251, and C. Michael Pilato of CollabNet as the original reporter of CVE-2015-3184 and CVE-2015-3187 flaws. All subversion users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, for the update to take effect, you must restart the httpd daemon, if you are using mod_dav_svn, and the svnserve daemon, if you are serving Subversion repositories via the svn:// protocol. |
RHSA-2015:1778: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20151778 highRHSA-2015:1778 CVE-2014-9585 CVE-2015-0275 CVE-2015-1333 CVE-2015-3212 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366
RHSA-2015:1778: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151778 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1778, CVE-2014-9585, CVE-2015-0275, CVE-2015-1333, CVE-2015-3212, CVE-2015-4700, CVE-2015-5364, CVE-2015-5366 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code. (CVE-2015-4700, Important) * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) * A flaw was found in the way the Linux kernel's ext4 file system handled the "page size > block size" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. (CVE-2015-0275, Moderate) * It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. (CVE-2015-1333, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. (CVE-2015-3212, Moderate) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) Red Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700, and Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275 issue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue was discovered by Ji Jianwen of Red Hat Engineering. This update also fixes several bugs. Refer to the following Knowledgebase article for further information: https://access.redhat.com/articles/1614563 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:1788: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20151788 highRHSA-2015:1788 CVE-2014-9585 CVE-2015-0275 CVE-2015-1333 CVE-2015-3212 CVE-2015-4700 CVE-2015-5364 CVE-2015-5366
RHSA-2015:1788: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151788 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1788, CVE-2014-9585, CVE-2015-0275, CVE-2015-1333, CVE-2015-3212, CVE-2015-4700, CVE-2015-5364, CVE-2015-5366 |
| Description | The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the kernel's implementation of the Berkeley Packet Filter (BPF). A local attacker could craft BPF code to crash the system by creating a situation in which the JIT compiler would fail to correctly optimize the JIT image on the last pass. This would lead to the CPU executing instructions that were not part of the JIT code. (CVE-2015-4700, Important) * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) * A flaw was found in the way the Linux kernel's ext4 file system handled the "page size > block size" condition when the fallocate zero range functionality was used. A local attacker could use this flaw to crash the system. (CVE-2015-0275, Moderate) * It was found that the Linux kernel's keyring implementation would leak memory when adding a key to a keyring via the add_key() function. A local attacker could use this flaw to exhaust all available memory on the system. (CVE-2015-1333, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled Address Configuration lists when performing Address Configuration Change (ASCONF). A local attacker could use this flaw to crash the system via a race condition triggered by setting certain ASCONF options on a socket. (CVE-2015-3212, Moderate) * An information leak flaw was found in the way the Linux kernel's Virtual Dynamic Shared Object (vDSO) implementation performed address randomization. A local, unprivileged user could use this flaw to leak kernel memory addresses to user-space. (CVE-2014-9585, Low) Red Hat would like to thank Daniel Borkmann for reporting CVE-2015-4700, and Canonical for reporting the CVE-2015-1333 issue. The CVE-2015-0275 issue was discovered by Xiong Zhou of Red Hat, and the CVE-2015-3212 issue was discovered by Ji Jianwen of Red Hat Engineering. The kernel-rt packages have been upgraded to version 3.10.0-229.13.1, which provides a number of bug fixes and enhancements over the previous version, including: * Fix regression in scsi_send_eh_cmnd() * boot hangs at "Console: switching to colour dummy device 80x25" * Update tcp stack to 3.17 kernel * Missing some code from patch "(...) Fix VGA switcheroo problem related to hotplug" * ksoftirqd high CPU usage due to stray tasklet from ioatdma driver * During Live Partition Mobility (LPM) testing, RHEL 7.1 LPARs will crash in kmem_cache_alloc (BZ#1253809) This update also fixes the following bug: * The hwlat_detector.ko module samples the clock and records any intervals between reads that exceed a specified threshold. However, the module previously tracked the maximum interval seen for the "inner" interval but did not record when the "outer" interval was greater. A patch has been applied to fix this bug, and hwlat_detector.ko now correctly records if the outer interval is the maximal interval encountered during the run. (BZ#1252365) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2015:1793: qemu-kvm security fix update (Moderate)oval-com.redhat.rhsa-def-20151793 mediumRHSA-2015:1793 CVE-2015-5165
RHSA-2015:1793: qemu-kvm security fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151793 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1793, CVE-2015-5165 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. (CVE-2015-5165) Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Donghai Zhu of Alibaba as the original reporter. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2015:1833: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20151833 mediumRHSA-2015:1833 CVE-2015-5165
RHSA-2015:1833: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151833 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1833, CVE-2015-5165 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An information leak flaw was found in the way QEMU's RTL8139 emulation implementation processed network packets under RTL8139 controller's C+ mode of operation. An unprivileged guest user could use this flaw to read up to 65 KB of uninitialized QEMU heap memory. (CVE-2015-5165) Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Donghai Zhu of Alibaba as the original reporter. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2015:1834: firefox security update (Critical)oval-com.redhat.rhsa-def-20151834 highRHSA-2015:1834 CVE-2015-4500 CVE-2015-4506 CVE-2015-4509 CVE-2015-4511 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180
RHSA-2015:1834: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151834 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1834, CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4500, CVE-2015-4506, CVE-2015-4509, CVE-2015-4511, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Khalil Zhani, Atte Kettunen, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.3.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:1840: openldap security update (Important)oval-com.redhat.rhsa-def-20151840 highRHSA-2015:1840 CVE-2015-6908
RHSA-2015:1840: openldap security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151840 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1840, CVE-2015-6908 |
| Description | OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap package contains configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way the OpenLDAP server daemon (slapd) parsed certain Basic Encoding Rules (BER) data. A remote attacker could use this flaw to crash slapd via a specially crafted packet. (CVE-2015-6908) All openldap users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:1852: thunderbird security update (Important)oval-com.redhat.rhsa-def-20151852 highRHSA-2015:1852 CVE-2015-4500 CVE-2015-4509 CVE-2015-4517 CVE-2015-4519 CVE-2015-4520 CVE-2015-4521 CVE-2015-4522 CVE-2015-7174 CVE-2015-7175 CVE-2015-7176 CVE-2015-7177 CVE-2015-7180
RHSA-2015:1852: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151852 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1852, CVE-2015-4500, CVE-2015-4509, CVE-2015-4517, CVE-2015-4519, CVE-2015-4520, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4500, CVE-2015-4509, CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175, CVE-2015-7176, CVE-2015-7177, CVE-2015-7180) Two information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to disclose sensitive information or, in certain cases, crash. (CVE-2015-4519, CVE-2015-4520) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Ronald Crane, Mario Gomes, and Ehsan Akhgari as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.3.0 You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.3.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2015:1889: spice-server security update (Important)oval-com.redhat.rhsa-def-20151889 highRHSA-2015:1889 CVE-2015-5260 CVE-2015-5261
RHSA-2015:1889: spice-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151889 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1889, CVE-2015-5260, CVE-2015-5261 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. (CVE-2015-5261) A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surface_id" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-5260) These issues were discovered by Frediano Ziglio of Red Hat. All spice-server users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2015:1890: spice security update (Important)oval-com.redhat.rhsa-def-20151890 highRHSA-2015:1890 CVE-2015-5260 CVE-2015-5261
RHSA-2015:1890: spice security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151890 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1890, CVE-2015-5260, CVE-2015-5261 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. A heap-based buffer overflow flaw was found in the way SPICE handled certain guest QXL commands related to surface creation. A user in a guest could use this flaw to read and write arbitrary memory locations on the host. (CVE-2015-5261) A heap-based buffer overflow flaw was found in the way spice handled certain QXL commands related to the "surface_id" parameter. A user in a guest could use this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. (CVE-2015-5260) These issues were discovered by Frediano Ziglio of Red Hat. All spice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1917: libwmf security update (Important)oval-com.redhat.rhsa-def-20151917 highRHSA-2015:1917 CVE-2015-0848 CVE-2015-4588 CVE-2015-4695 CVE-2015-4696
RHSA-2015:1917: libwmf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151917 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1917, CVE-2015-0848, CVE-2015-4588, CVE-2015-4695, CVE-2015-4696 |
| Description | libwmf is a library for reading and converting Windows Metafile Format (WMF) vector graphics. libwmf is used by applications such as GIMP and ImageMagick. It was discovered that libwmf did not correctly process certain WMF (Windows Metafiles) with embedded BMP images. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly use this flaw to execute arbitrary code with the privileges of the user running the application. (CVE-2015-0848, CVE-2015-4588) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash or execute arbitrary code with the privileges of the user running the application. (CVE-2015-4696) It was discovered that libwmf did not properly process certain WMF files. By tricking a victim into opening a specially crafted WMF file in an application using libwmf, a remote attacker could possibly exploit this flaw to cause a crash. (CVE-2015-4695) All users of libwmf are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using libwmf must be restarted for the update to take effect. |
RHSA-2015:1919: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20151919 highRHSA-2015:1919 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911
RHSA-2015:1919: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151919 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1919, CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911) A flaw was found in the way the Libraries component in OpenJDK handled certificate revocation lists (CRL). In certain cases, CRL checking code could fail to report a revoked certificate, causing the application to accept it as trusted. (CVE-2015-4868) It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy. (CVE-2015-4872) Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806, CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:1920: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20151920 highRHSA-2015:1920 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911
RHSA-2015:1920: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151920 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1920, CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911) It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy. (CVE-2015-4872) Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806, CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:1921: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20151921 highRHSA-2015:1921 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911
RHSA-2015:1921: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151921 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1921, CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911) It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy. (CVE-2015-4872) Multiple flaws were found in the Libraries, 2D, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806, CVE-2015-4840, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:1924: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20151924 highRHSA-2015:1924 CVE-2015-5279
RHSA-2015:1924: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151924 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1924, CVE-2015-5279 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2015:1925: kvm security update (Important)oval-com.redhat.rhsa-def-20151925 highRHSA-2015:1925 CVE-2015-5279
RHSA-2015:1925: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151925 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1925, CVE-2015-5279 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Note: The procedure in the Solution section must be performed before this update will take effect. |
RHSA-2015:1926: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20151926 highRHSA-2015:1926 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4868 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4901 CVE-2015-4902 CVE-2015-4903 CVE-2015-4906 CVE-2015-4908 CVE-2015-4911 CVE-2015-4916
RHSA-2015:1926: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151926 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1926, CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4868, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4901, CVE-2015-4902, CVE-2015-4903, CVE-2015-4906, CVE-2015-4908, CVE-2015-4911, CVE-2015-4916) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 65 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:1927: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20151927 highRHSA-2015:1927 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911
RHSA-2015:1927: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151927 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1927, CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4810, CVE-2015-4835, CVE-2015-4840, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4871, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 91 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:1928: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20151928 highRHSA-2015:1928 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911
RHSA-2015:1928: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151928 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1928, CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4902, CVE-2015-4903, CVE-2015-4911) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 105 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2015:1930: ntp security update (Important)oval-com.redhat.rhsa-def-20151930 highRHSA-2015:1930 CVE-2015-5300 CVE-2015-7704
RHSA-2015:1930: ntp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20151930 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1930, CVE-2015-5300, CVE-2015-7704 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check timestamps in Kiss-of-Death packets. A remote attacker could use this flaw to send a crafted Kiss-of-Death packet to an ntpd client that would increase the client's polling interval value, and effectively disable synchronization with the server. (CVE-2015-7704) It was found that ntpd did not correctly implement the threshold limitation for the '-g' option, which is used to set the time without any restrictions. A man-in-the-middle attacker able to intercept NTP traffic between a connecting client and an NTP server could use this flaw to force that client to make multiple steps larger than the panic threshold, effectively changing the time to an arbitrary value. (CVE-2015-5300) Red Hat would like to thank Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg of Boston University for reporting these issues. All ntp users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the update, the ntpd daemon will restart automatically. |
RHSA-2015:1943: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20151943 mediumRHSA-2015:1943 CVE-2015-1779
RHSA-2015:1943: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151943 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1943, CVE-2015-1779 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. It was found that the QEMU's websocket frame decoder processed incoming frames without limiting resources used to process the header and the payload. An attacker able to access a guest's VNC console could use this flaw to trigger a denial of service on the host by exhausting all available memory and CPU. (CVE-2015-1779) This issue was discovered by Daniel P. Berrange of Red Hat. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2015:1977: kernel-rt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151977 mediumRHSA-2015:1977 CVE-2014-8559 CVE-2015-5156
RHSA-2015:1977: kernel-rt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151977 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1977, CVE-2014-8559, CVE-2015-5156 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the system. (CVE-2014-8559, Moderate) * A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate) The CVE-2015-5156 issue was discovered by Jason Wang of Red Hat. The kernel-rt packages have been upgraded to version 3.10.0-229.20.1, which provides a number of bug fixes and enhancements over the previous version, including: * Unexpected completion is detected on Intel Ethernet x540 * Divide by zero error in intel_pstate_timer_func() [ inline s64 div_s64_rem() ] * NFS Recover from stateid-type error on SETATTR * pNFS RHEL 7.1 Data Server connection remains after umount due to lseg refcount leak * Race during NFS v4.0 recovery and standard IO. * Fix ip6t_SYNPROXY for namespaces and connection delay * synproxy window size and sequence number behaviour causes long connection delay * Crash in kmem_cache_alloc() during disk stress testing (using ipr) * xfs: sync/backport to upstream v4.1 * iscsi_session recovery_tmo revert back to default when a path becomes active * read from MD raid1 can fail if read from resync target fails * backport scsi-mq * unable to handle kernel paging request at 0000000000237037 [zswap] (BZ#1266915) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add this enhancement. The system must be rebooted for this update to take effect. |
RHSA-2015:1978: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151978 mediumRHSA-2015:1978 CVE-2014-8559 CVE-2015-5156
RHSA-2015:1978: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151978 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1978, CVE-2014-8559, CVE-2015-5156 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the system. (CVE-2014-8559, Moderate) * A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate) The CVE-2015-5156 issue was discovered by Jason Wang of Red Hat. This update also fixes several bugs and adds one enhancement. Refer to the following Knowledgebase article for further information: https://access.redhat.com/articles/2039563 All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. |
RHSA-2015:1979: libreswan security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20151979 mediumRHSA-2015:1979 CVE-2015-3240
RHSA-2015:1979: libreswan security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20151979 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:1979, CVE-2015-3240 |
| Description | Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). A flaw was discovered in the way Libreswan's IKE daemon processed IKE KE payloads. A remote attacker could send specially crafted IKE payload with a KE payload of g^x=0 that, when processed, would lead to a denial of service (daemon crash). (CVE-2015-3240) This issue was discovered by Paul Wouters of Red Hat. Note: Please note that when upgrading from an earlier version of Libreswan, the existing CA certificates in the /etc/ipsec.d/cacerts/ directory and the existing certificate revocation list (CRL) files from the /etc/ipsec.d/crls/ directory are automatically imported into the NSS database. Once completed, these directories are no longer used by Libreswan. To install new CA certificates or new CRLS, the certutil and crlutil commands must be used to import these directly into the Network Security Services (NSS) database. This update also adds the following enhancements: * This update adds support for RFC 7383 IKEv2 Fragmentation, RFC 7619 Auth Null and ID Null, INVALID_KE renegotiation, CRL and OCSP support via NSS, AES_CTR and AES_GCM support for IKEv2, CAVS testing for FIPS compliance. In addition, this update enforces FIPS algorithms restrictions in FIPS mode, and runs Composite Application Validation System (CAVS) testing for FIPS compliance during package build. A new Cryptographic Algorithm Validation Program (CAVP) binary can be used to re-run the CAVS tests at any time. Regardless of FIPS mode, the pluto daemon runs RFC test vectors for various algorithms. Furthermore, compiling on all architectures now enables the "-Werror" GCC option, which enhances the security by making all warnings into errors. (BZ#1263346) * This update also fixes several memory leaks and introduces a sub-second packet retransmit option. (BZ#1268773) * This update improves migration support from Openswan to Libreswan. Specifically, all Openswan options that can take a time value without a suffix are now supported, and several new keywords for use in the /etc/ipsec.conf file have been introduced. See the relevant man pages for details. (BZ#1268775) * With this update, loopback support via the "loopback=" option has been deprecated. (BZ#1270673) All Libreswan users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2015:1980: nss and nspr security update (Critical)oval-com.redhat.rhsa-def-20151980 highRHSA-2015:1980 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183
RHSA-2015:1980: nss and nspr security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151980 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1980, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library. (CVE-2015-7181, CVE-2015-7182) A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library. (CVE-2015-7183) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Tyson Smith, David Keeler and Ryan Sleevi as the original reporter. All nss and nspr users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1981: nss, nss-util, and nspr security update (Critical)oval-com.redhat.rhsa-def-20151981 highRHSA-2015:1981 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183
RHSA-2015:1981: nss, nss-util, and nspr security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1981, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183 |
| Description | Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library. (CVE-2015-7181, CVE-2015-7182) A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library. (CVE-2015-7183) Note: Applications using NSPR's PL_ARENA_ALLOCATE, PR_ARENA_ALLOCATE, PL_ARENA_GROW, or PR_ARENA_GROW macros need to be rebuild against the fixed nspr packages to completely resolve the CVE-2015-7183 issue. This erratum includes nss and nss-utils packages rebuilt against the fixed nspr version. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Tyson Smith, David Keeler and Ryan Sleevi as the original reporter. All nss, nss-util and nspr users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:1982: firefox security update (Critical)oval-com.redhat.rhsa-def-20151982 highRHSA-2015:1982 CVE-2015-4513 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200
RHSA-2015:1982: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20151982 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:1982, CVE-2015-4513, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4513, CVE-2015-7189, CVE-2015-7194, CVE-2015-7196, CVE-2015-7198, CVE-2015-7197) A same-origin policy bypass flaw was found in the way Firefox handled certain cross-origin resource sharing (CORS) requests. A web page containing malicious content could cause Firefox to disclose sensitive information. (CVE-2015-7193) A same-origin policy bypass flaw was found in the way Firefox handled URLs containing IP addresses with white-space characters. This could lead to cross-site scripting attacks. (CVE-2015-7188) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong, Michał Bentkowski, Looben Yang, Shinto K Anto, Gustavo Grieco, Vytautas Staraitis, Ronald Crane, and Ehsan Akhgari as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.4.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:2019: sssd security and bug fix update (Low)oval-com.redhat.rhsa-def-20152019 lowRHSA-2015:2019 CVE-2015-5292
RHSA-2015:2019: sssd security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20152019 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:2019, CVE-2015-5292 |
| Description | The System Security Services Daemon (SSSD) service provides a set of
daemons to manage access to remote directories and authentication
mechanisms. It also provides the Name Service Switch (NSS) and the
Pluggable Authentication Modules (PAM) interfaces toward the system, and a
pluggable back-end system to connect to multiple different account sources.
It was found that SSSD's Privilege Attribute Certificate (PAC) responder
plug-in would leak a small amount of memory on each authentication request.
A remote attacker could potentially use this flaw to exhaust all available
memory on the system by making repeated requests to a Kerberized daemon
application configured to authenticate using the PAC responder plug-in.
(CVE-2015-5292)
This update also fixes the following bugs:
* Previously, SSSD did not correctly handle sudo rules that applied to
groups with names containing special characters, such as the "(" opening
parenthesis sign. Consequently, SSSD skipped such sudo rules. The internal
sysdb search has been modified to escape special characters when searching
for objects to which sudo rules apply. As a result, SSSD applies the
described sudo rules as expected. (BZ#1258398)
* Prior to this update, SSSD did not correctly handle group names
containing special Lightweight Directory Access Protocol (LDAP) characters,
such as the "(" or ")" parenthesis signs. When a group name contained one
or more such characters, the internal cache cleanup operation failed with
an I/O error. With this update, LDAP special characters in the
Distinguished Name (DN) of a cache entry are escaped before the cleanup
operation starts. As a result, the cleanup operation completes successfully
in the described situation. (BZ#1264098)
* Applications performing Kerberos authentication previously increased the
memory footprint of the Kerberos plug-in that parses the Privilege
Attribute Certificate (PAC) information. The plug-in has been updated to
free the memory it allocates, thus fixing this bug. (BZ#1268783)
* Previously, when malformed POSIX attributes were defined in an Active
Directory (AD) LDAP server, SSSD unexpectedly switched to offline mode.
This update relaxes certain checks for AD POSIX attribute validity. As a
result, SSSD now works as expected even when malformed POSIX attributes are
present in AD and no longer enters offline mode in the described situation.
(BZ#1268784)
All sssd users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing the
update, the sssd service will be restarted automatically. Additionally, all
running applications using the PAC responder plug-in must be restarted for
the changes to take effect.
|
RHSA-2015:2065: xen security update (Important)oval-com.redhat.rhsa-def-20152065 highRHSA-2015:2065 CVE-2015-5279
RHSA-2015:2065: xen security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152065 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2065, CVE-2015-5279 |
| Description | The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A heap buffer overflow flaw was found in the way QEMU's NE2000 NIC emulation implementation handled certain packets received over the network. A privileged user inside a guest could use this flaw to crash the QEMU instance (denial of service) or potentially execute arbitrary code on the host. (CVE-2015-5279) Red Hat would like to thank Qinghao Tang of QIHU 360 Inc. for reporting this issue. All xen users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, all running fully-virtualized guests must be restarted for this update to take effect. |
RHSA-2015:2078: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20152078 mediumRHSA-2015:2078 CVE-2015-5288 CVE-2015-5289
RHSA-2015:2078: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152078 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2078, CVE-2015-5288, CVE-2015-5289 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. (CVE-2015-5288) A stack overflow flaw was discovered in the way the PostgreSQL core server processed certain JSON or JSONB input. An authenticated attacker could possibly use this flaw to crash the server backend by sending specially crafted JSON or JSONB input. (CVE-2015-5289) Please note that SSL renegotiation is now disabled by default. For more information, please refer to PostgreSQL's 2015-10-08 Security Update Release notes, linked to in the References section. All PostgreSQL users are advised to upgrade to these updated packages, which correct these issues. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2015:2079: binutils security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152079 mediumRHSA-2015:2079 CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 CVE-2014-8738
RHSA-2015:2079: binutils security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152079 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2079, CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738 |
| Description | The binutils packages provide a set of binary utilities. Multiple buffer overflow flaws were found in the libbdf library used by various binutils utilities. If a user were tricked into processing a specially crafted file with an application using the libbdf library, it could cause the application to crash or, potentially, execute arbitrary code. (CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8738) An integer overflow flaw was found in the libbdf library used by various binutils utilities. If a user were tricked into processing a specially crafted file with an application using the libbdf library, it could cause the application to crash. (CVE-2014-8484) A directory traversal flaw was found in the strip and objcopy utilities. A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities. (CVE-2014-8737) This update fixes the following bugs: * Binary files started by the system loader could lack the Relocation Read-Only (RELRO) protection even though it was explicitly requested when the application was built. This bug has been fixed on multiple architectures. Applications and all dependent object files, archives, and libraries built with an alpha or beta version of binutils should be rebuilt to correct this defect. (BZ#1200138, BZ#1175624) * The ld linker on 64-bit PowerPC now correctly checks the output format when asked to produce a binary in another format than PowerPC. (BZ#1226864) * An important variable that holds the symbol table for the binary being debugged has been made persistent, and the objdump utility on 64-bit PowerPC is now able to access the needed information without reading an invalid memory region. (BZ#1172766) * Undesirable runtime relocations described in RHBA-2015:0974. (BZ#872148) The update adds these enhancements: * New hardware instructions of the IBM z Systems z13 are now supported by assembler, disassembler, and linker, as well as Single Instruction, Multiple Data (SIMD) instructions. (BZ#1182153) * Expressions of the form: "FUNC@localentry" to refer to the local entry point for the FUNC function (if defined) are now supported by the PowerPC assembler. These are required by the ELFv2 ABI on the little-endian variant of IBM Power Systems. (BZ#1194164) All binutils users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2015:2081: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20152081 mediumRHSA-2015:2081 CVE-2015-5288
RHSA-2015:2081: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152081 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2081, CVE-2015-5288 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). A memory leak error was discovered in the crypt() function of the pgCrypto extension. An authenticated attacker could possibly use this flaw to disclose a limited amount of the server memory. (CVE-2015-5288) All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2015:2086: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20152086 highRHSA-2015:2086 CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911
RHSA-2015:2086: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152086 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2086, CVE-2015-4734, CVE-2015-4803, CVE-2015-4805, CVE-2015-4806, CVE-2015-4835, CVE-2015-4842, CVE-2015-4843, CVE-2015-4844, CVE-2015-4860, CVE-2015-4872, CVE-2015-4881, CVE-2015-4882, CVE-2015-4883, CVE-2015-4893, CVE-2015-4903, CVE-2015-4911 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860, CVE-2015-4805, CVE-2015-4844) Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2015-4803, CVE-2015-4893, CVE-2015-4911) It was discovered that the Security component in OpenJDK failed to properly check if a certificate satisfied all defined constraints. In certain cases, this could cause a Java application to accept an X.509 certificate which does not meet requirements of the defined policy. (CVE-2015-4872) Multiple flaws were found in the Libraries, CORBA, JAXP, JGSS, and RMI components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4806, CVE-2015-4882, CVE-2015-4842, CVE-2015-4734, CVE-2015-4903) Red Hat would like to thank Andrea Palazzo of Truel IT for reporting the CVE-2015-4806 issue. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2015:2088: openssh security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152088 mediumRHSA-2015:2088 CVE-2015-5600 CVE-2015-6563 CVE-2015-6564
RHSA-2015:2088: openssh security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152088 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2088, CVE-2015-5600, CVE-2015-6563, CVE-2015-6564 |
| Description | OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563) A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564) It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600) It was found that the OpenSSH ssh-agent, a program to hold private keys used for public key authentication, was vulnerable to password guessing attacks. An attacker able to connect to the agent could use this flaw to conduct a brute-force attack to unlock keys in the ssh-agent. (BZ#1238238) This update fixes the following bugs: * Previously, the sshd_config(5) man page was misleading and could thus confuse the user. This update improves the man page text to clearly describe the AllowGroups feature. (BZ#1150007) * The limit for the function for restricting the number of files listed using the wildcard character (*) that prevents the Denial of Service (DoS) for both server and client was previously set too low. Consequently, the user reaching the limit was prevented from listing a directory with a large number of files over Secure File Transfer Protocol (SFTP). This update increases the aforementioned limit, thus fixing this bug. (BZ#1160377) * When the ForceCommand option with a pseudoterminal was used and the MaxSession option was set to "2", multiplexed SSH connections did not work as expected. After the user attempted to open a second multiplexed connection, the attempt failed if the first connection was still open. This update modifies OpenSSH to issue only one audit message per session, and the user is thus able to open two multiplexed connections in this situation. (BZ#1199112) * The ssh-copy-id utility failed if the account on the remote server did not use an sh-like shell. Remote commands have been modified to run in an sh-like shell, and ssh-copy-id now works also with non-sh-like shells. (BZ#1201758) * Due to a race condition between auditing messages and answers when using ControlMaster multiplexing, one session in the shared connection randomly and unexpectedly exited the connection. This update fixes the race condition in the auditing code, and multiplexing connections now work as expected even with a number of sessions created at once. (BZ#1240613) In addition, this update adds the following enhancements: * As not all Lightweight Directory Access Protocol (LDAP) servers possess a default schema, as expected by the ssh-ldap-helper program, this update provides the user with an ability to adjust the LDAP query to get public keys from servers with a different schema, while the default functionality stays untouched. (BZ#1201753) * With this enhancement update, the administrator is able to set permissions for files uploaded using Secure File Transfer Protocol (SFTP). (BZ#1197989) * This update provides the LDAP schema in LDAP Data Interchange Format (LDIF) format as a complement to the old schema previously accepted by OpenLDAP. (BZ#1184938) * With this update, the user can selectively disable the Generic Security Services API (GSSAPI) key exchange algorithms as any normal key exchange. (BZ#1253062) Users of openssh are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:2101: python security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152101 mediumRHSA-2015:2101 CVE-2013-1752 CVE-2013-1753 CVE-2014-4616 CVE-2014-4650 CVE-2014-7185
RHSA-2015:2101: python security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152101 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2101, CVE-2013-1752, CVE-2013-1753, CVE-2014-4616, CVE-2014-4650, CVE-2014-7185 |
| Description | Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC). It was discovered that the Python xmlrpclib module did not restrict the size of gzip-compressed HTTP responses. A malicious XMLRPC server could cause an XMLRPC client using xmlrpclib to consume an excessive amount of memory. (CVE-2013-1753) It was discovered that multiple Python standard library modules implementing network protocols (such as httplib or smtplib) failed to restrict the sizes of server responses. A malicious server could cause a client using one of the affected modules to consume an excessive amount of memory. (CVE-2013-1752) It was discovered that the CGIHTTPServer module incorrectly handled URL encoded paths. A remote attacker could use this flaw to execute scripts outside of the cgi-bin directory, or disclose the source code of the scripts in the cgi-bin directory. (CVE-2014-4650) An integer overflow flaw was found in the way the buffer() function handled its offset and size arguments. An attacker able to control these arguments could use this flaw to disclose portions of the application memory or cause it to crash. (CVE-2014-7185) A flaw was found in the way the json module handled negative index arguments passed to certain functions (such as raw_decode()). An attacker able to control the index value passed to one of the affected functions could possibly use this flaw to disclose portions of the application memory. (CVE-2014-4616) The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to make it possible to enable certificate verification by default. However, for backwards compatibility, verification remains disabled by default. Future updates may change this default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219108) This update also fixes the following bugs: * Subprocesses used with the Eventlet library or regular threads previously tried to close epoll file descriptors twice, which led to an "Invalid argument" error. Subprocesses have been fixed to close the file descriptors only once. (BZ#1103452) * When importing the readline module from a Python script, Python no longer produces erroneous random characters on stdout. (BZ#1189301) * The cProfile utility has been fixed to print all values that the "-s" option supports when this option is used without a correct value. (BZ#1237107) * The load_cert_chain() function now accepts "None" as a keyfile argument. (BZ#1250611) In addition, this update adds the following enhancements: * Security enhancements as described in PEP 466 have been backported to the Python standard library, for example, new features of the ssl module: Server Name Indication (SNI) support, support for new TLSv1.x protocols, new hash algorithms in the hashlib module, and many more. (BZ#1111461) * Support for the ssl.PROTOCOL_TLSv1_2 protocol has been added to the ssl library. (BZ#1192015) * The ssl.SSLSocket.version() method is now available to access information about the version of the SSL protocol used in a connection. (BZ#1259421) All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2015:2108: cpio security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20152108 mediumRHSA-2015:2108 CVE-2014-9112
RHSA-2015:2108: cpio security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152108 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2108, CVE-2014-9112 |
| Description | The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. A heap-based buffer overflow flaw was found in cpio's list_file() function. An attacker could provide a specially crafted archive that, when processed by cpio, would crash cpio, or potentially lead to arbitrary code execution. (CVE-2014-9112) This update fixes the following bugs: * Previously, during archive creation, cpio internals did not detect a read() system call failure. Based on the premise that the call succeeded, cpio terminated unexpectedly with a segmentation fault without processing further files. The underlying source code has been patched, and an archive is now created successfully. (BZ#1138148) * Previously, running the cpio command without parameters on Red Hat Enterprise Linux 7 with Russian as the default language resulted in an error message that was not accurate in Russian due to an error in spelling. This has been corrected and the Russian error message is spelled correctly. (BZ#1075513) All cpio users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:2111: grep security and bug fix update (Low)oval-com.redhat.rhsa-def-20152111 lowRHSA-2015:2111 CVE-2015-1345
RHSA-2015:2111: grep security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20152111 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:2111, CVE-2015-1345 |
| Description | The grep utility searches through textual input for lines that contain a match to a specified pattern and then prints the matching lines. The GNU grep utilities include grep, egrep, and fgrep. A heap-based buffer overflow flaw was found in the way grep processed certain pattern and text combinations. An attacker able to trick a user into running grep on specially crafted input could use this flaw to crash grep or, potentially, read from uninitialized memory. (CVE-2015-1345) This update also fixes the following bugs: * Prior to this update, the \w and \W symbols were inconsistently matched to the [:alnum:] character class. Consequently, using regular expressions with "\w" and "\W" could lead to incorrect results. With this update, "\w" is consistently matched to the [_[:alnum:]] character, and "\W" is consistently matched to the [^_[:alnum:]] character. (BZ#1159012) * Previously, the Perl Compatible Regular Expression (PCRE) matcher (selected by the "-P" parameter in grep) did not work correctly when matching non-UTF-8 text in UTF-8 locales. Consequently, an error message about invalid UTF-8 byte sequence characters was returned. To fix this bug, patches from upstream have been applied to the grep utility. As a result, PCRE now skips non-UTF-8 characters as non-matching text without returning any error message. (BZ#1217080) All grep users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:2131: openldap security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152131 mediumRHSA-2015:2131 CVE-2014-8182 CVE-2015-3276
RHSA-2015:2131: openldap security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152131 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2131, CVE-2014-8182, CVE-2015-3276 |
| Description | OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. A flaw was found in the way OpenLDAP parsed OpenSSL-style cipher strings. As a result, OpenLDAP could potentially use ciphers that were not intended to be enabled. (CVE-2015-3276) This issue was discovered by Martin Poole of the Red Hat Software Maintenance Engineering group. The openldap packages have been upgraded to upstream version 2.4.40, which provides a number of bug fixes and one enhancement over the previous version: * The ORDERING matching rules have been added to the ppolicy attribute type descriptions. * The server no longer terminates unexpectedly when processing SRV records. * Missing objectClass information has been added, which enables the user to modify the front-end configuration by standard means. (BZ#1147982) This update also fixes the following bugs: * Previously, OpenLDAP did not properly handle a number of simultaneous updates. As a consequence, sending a number of parallel update requests to the server could cause a deadlock. With this update, a superfluous locking mechanism causing the deadlock has been removed, thus fixing the bug. (BZ#1125152) * The httpd service sometimes terminated unexpectedly with a segmentation fault on the libldap library unload. The underlying source code has been modified to prevent a bad memory access error that caused the bug to occur. As a result, httpd no longer crashes in this situation. (BZ#1158005) * After upgrading the system from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7, symbolic links to certain libraries unexpectedly pointed to locations belonging to the openldap-devel package. If the user uninstalled openldap-devel, the symbolic links were broken and the "rpm -V openldap" command sometimes produced errors. With this update, the symbolic links no longer get broken in the described situation. If the user downgrades openldap to version 2.4.39-6 or earlier, the symbolic links might break. After such downgrade, it is recommended to verify that the symbolic links did not break. To do this, make sure the yum-plugin-verify package is installed and obtain the target libraries by running the "rpm -V openldap" or "yum verify openldap" command. (BZ#1230263) In addition, this update adds the following enhancement: * OpenLDAP clients now automatically choose the Network Security Services (NSS) default cipher suites for communication with the server. It is no longer necessary to maintain the default cipher suites manually in the OpenLDAP source code. (BZ#1245279) All openldap users are advised to upgrade to these updated packages, which correct these issues and add this enhancement. |
RHSA-2015:2140: libssh2 security and bug fix update (Low)oval-com.redhat.rhsa-def-20152140 lowRHSA-2015:2140 CVE-2015-1782
RHSA-2015:2140: libssh2 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20152140 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:2140, CVE-2015-1782 |
| Description | The libssh2 packages provide a library that implements the SSH2 protocol. A flaw was found in the way the kex_agree_methods() function of libssh2 performed a key exchange when negotiating a new SSH session. A man-in-the-middle attacker could use a crafted SSH_MSG_KEXINIT packet to crash a connecting libssh2 client. (CVE-2015-1782) This update also fixes the following bugs: * Previously, libssh2 did not correctly adjust the size of the receive window while reading from an SSH channel. This caused downloads over the secure copy (SCP) protocol to consume an excessive amount of memory. A series of upstream patches has been applied on the libssh2 source code to improve handling of the receive window size. Now, SCP downloads work as expected. (BZ#1080459) * Prior to this update, libssh2 did not properly initialize an internal variable holding the SSH agent file descriptor, which caused the agent destructor to close the standard input file descriptor by mistake. An upstream patch has been applied on libssh2 sources to properly initialize the internal variable. Now, libssh2 closes only the file descriptors it owns. (BZ#1147717) All libssh2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect. |
RHSA-2015:2151: xfsprogs security, bug fix and enhancement update (Low)oval-com.redhat.rhsa-def-20152151 lowRHSA-2015:2151 CVE-2012-2150
RHSA-2015:2151: xfsprogs security, bug fix and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20152151 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:2151, CVE-2012-2150 |
| Description | The xfsprogs packages contain a set of commands to use the XFS file system, including the mkfs.xfs command to construct an XFS system. It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of obfuscation described in its man page. In case a user with the necessary privileges used xfs_metadump and relied on the advertised obfuscation, the generated data could contain unexpected traces of potentially sensitive information. (CVE-2012-2150) The xfsprogs packages have been upgraded to upstream version 3.2.2, which provides a number of bug fixes and enhancements over the previous version. This release also includes updates present in upstream version 3.2.3, although it omits the mkfs.xfs default disk format change (for metadata checksumming) which is present upstream. (BZ#1223991) Users of xfsprogs are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHSA-2015:2152: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20152152 highRHSA-2015:2152 CVE-2010-5313 CVE-2013-7421 CVE-2014-3647 CVE-2014-7842 CVE-2014-8171 CVE-2014-9419 CVE-2014-9644 CVE-2015-0239 CVE-2015-2925 CVE-2015-3288 CVE-2015-3339 CVE-2015-4170 CVE-2015-5283 CVE-2015-6526 CVE-2015-7553 CVE-2015-7613 CVE-2015-7837 CVE-2015-8215 CVE-2016-0774
RHSA-2015:2152: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152152 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2152, CVE-2010-5313, CVE-2013-7421, CVE-2014-3647, CVE-2014-7842, CVE-2014-8171, CVE-2014-9419, CVE-2014-9644, CVE-2015-0239, CVE-2015-2925, CVE-2015-3288, CVE-2015-3339, CVE-2015-4170, CVE-2015-5283, CVE-2015-6526, CVE-2015-7553, CVE-2015-7613, CVE-2015-7837, CVE-2015-8215, CVE-2016-0774 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. (CVE-2015-2925, Important) * A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system. (CVE-2015-7613, Important) * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. (CVE-2010-5313, CVE-2014-7842, Moderate) * A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest. (CVE-2014-3647, Moderate) * It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker could use this flaw to lock up the system. (CVE-2014-8171, Moderate) * A race condition flaw was found between the chown and execve system calls. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-3339, Moderate) * A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2015-4170, Moderate) * A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded. (CVE-2015-5283, Moderate) * A flaw was found in the way the Linux kernel's perf subsystem retrieved userlevel stack traces on PowerPC systems. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2015-6526, Moderate) * A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. (CVE-2013-7421, CVE-2014-9644, Low) * An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process. (CVE-2014-9419, Low) * It was found that the Linux kernel KVM subsystem's sysenter instruction emulation was not sufficient. An unprivileged guest user could use this flaw to escalate their privileges by tricking the hypervisor to emulate a SYSENTER instruction in 16-bit mode, if the guest OS did not initialize the SYSENTER model-specific registers (MSRs). Note: Certified guest operating systems for Red Hat Enterprise Linux with KVM do initialize the SYSENTER MSRs and are thus not vulnerable to this issue when running on a KVM hypervisor. (CVE-2015-0239, Low) * A flaw was found in the way the Linux kernel handled the securelevel functionality after performing a kexec operation. A local attacker could use this flaw to bypass the security mechanism of the securelevel/secureboot combination. (CVE-2015-7837, Low) |
RHSA-2015:2154: krb5 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152154 mediumRHSA-2015:2154 CVE-2014-5355 CVE-2015-2694
RHSA-2015:2154: krb5 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152154 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2154, CVE-2014-5355, CVE-2015-2694 |
| Description | Kerberos is a network authentication system, which can improve the security
of your network by eliminating the insecure practice of sending passwords
over the network in unencrypted form. It allows clients and servers to
authenticate to each other with the help of a trusted third party, the
Kerberos key distribution center (KDC).
It was found that the krb5_read_message() function of MIT Kerberos did not
correctly sanitize input, and could create invalid krb5_data objects.
A remote, unauthenticated attacker could use this flaw to crash a Kerberos
child process via a specially crafted request. (CVE-2014-5355)
A flaw was found in the OTP kdcpreauth module of MIT kerberos.
An unauthenticated remote attacker could use this flaw to bypass the
requires_preauth flag on a client principal and obtain a ciphertext
encrypted in the principal's long-term key. This ciphertext could be used
to conduct an off-line dictionary attack against the user's password.
(CVE-2015-2694)
The krb5 packages have been upgraded to upstream version 1.13.2, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1203889)
Notably, this update fixes the following bugs:
* Previously, the RADIUS support (libkrad) in krb5 was sending krb5
authentication for Transmission Control Protocol (TCP) transports multiple
times, accidentally using a code path intended to be used only for
unreliable transport types, for example User Datagram Protocol (UDP)
transports. A patch that fixes the problem by disabling manual retries for
reliable transports, such as TCP, has been applied, and the correct code
path is now used in this situation. (BZ#1251586)
* Attempts to use Kerberos single sign-on (SSO) to access SAP NetWeaver
systems sometimes failed. The SAP NetWeaver developer trace displayed the
following error message:
No credentials were supplied, or the credentials were
unavailable or inaccessible
Unable to establish the security context
Querying SSO credential lifetime has been modified to trigger credential
acquisition, thus preventing the error from occurring. Now, the user can
successfully use Kerberos SSO for accessing SAP NetWeaver systems.
(BZ#1252454)
All krb5 users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.
|
RHSA-2015:2155: file security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20152155 mediumRHSA-2015:2155 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2014-9652 CVE-2014-9653
RHSA-2015:2155: file security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152155 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2155, CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9652, CVE-2014-9653 |
| Description | The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Multiple denial of service flaws were found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use either of these flaws to crash file, or an application using file, via a specially crafted CDF file. (CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587) Two flaws were found in the way file processed certain Pascal strings. A remote attacker could cause file to crash if it was used to identify the type of the attacker-supplied file. (CVE-2014-3478, CVE-2014-9652) Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting the CVE-2014-8116 and CVE-2014-8117 issues. The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluža of the Red Hat Web Stack Team The file packages have been updated to ensure correct operation on Power little endian and ARM 64-bit hardware architectures. (BZ#1224667, BZ#1224668, BZ#1157850, BZ#1067688). All file users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:2159: curl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152159 mediumRHSA-2015:2159 CVE-2014-3613 CVE-2014-3707 CVE-2014-8150 CVE-2015-3143 CVE-2015-3148
RHSA-2015:2159: curl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152159 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2159, CVE-2014-3613, CVE-2014-3707, CVE-2014-8150, CVE-2015-3143, CVE-2015-3148 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. It was found that the libcurl library did not correctly handle partial literal IP addresses when parsing received HTTP cookies. An attacker able to trick a user into connecting to a malicious server could use this flaw to set the user's cookie to a crafted domain, making other cookie-related issues easier to exploit. (CVE-2014-3613) A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. (CVE-2014-3707) It was discovered that the libcurl library failed to properly handle URLs with embedded end-of-line characters. An attacker able to make an application using libcurl access a specially crafted URL via an HTTP proxy could use this flaw to inject additional headers to the request or construct additional requests. (CVE-2014-8150) It was discovered that libcurl implemented aspects of the NTLM and Negotatiate authentication incorrectly. If an application uses libcurl and the affected mechanisms in a specifc way, certain requests to a previously NTLM-authenticated server could appears as sent by the wrong authenticated user. Additionally, the initial set of credentials for HTTP Negotiate-authenticated requests could be reused in subsequent requests, although a different set of credentials was specified. (CVE-2015-3143, CVE-2015-3148) Red Hat would like to thank the cURL project for reporting these issues. Bug fixes: * An out-of-protocol fallback to SSL 3.0 was available with libcurl. Attackers could abuse the fallback to force downgrade of the SSL version. The fallback has been removed from libcurl. Users requiring this functionality can explicitly enable SSL 3.0 through the libcurl API. (BZ#1154060) * TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl. You can explicitly disable them through the libcurl API. (BZ#1170339) * FTP operations such as downloading files took a significantly long time to complete. Now, the FTP implementation in libcurl correctly sets blocking direction and estimated timeout for connections, resulting in faster FTP transfers. (BZ#1218272) Enhancements: * With the updated packages, it is possible to explicitly enable or disable new Advanced Encryption Standard (AES) cipher suites to be used for the TLS protocol. (BZ#1066065) * The libcurl library did not implement a non-blocking SSL handshake, which negatively affected performance of applications based on the libcurl multi API. The non-blocking SSL handshake has been implemented in libcurl, and the libcurl multi API now immediately returns the control back to the application whenever it cannot read or write data from or to the underlying network socket. (BZ#1091429) * The libcurl library used an unnecessarily long blocking delay for actions with no active file descriptors, even for short operations. Some actions, such as resolving a host name using /etc/hosts, took a long time to complete. The blocking code in libcurl has been modified so that the initial delay is short and gradually increases until an event occurs. (BZ#1130239) All curl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2015:2172: glibc security update (Important)oval-com.redhat.rhsa-def-20152172 highRHSA-2015:2172 CVE-2015-5277
RHSA-2015:2172: glibc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152172 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2172, CVE-2015-5277 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents) in certain cases. A local attacker could potentially use this flaw to escalate their privileges. (CVE-2015-5277) This issue was discovered by Sumit Bose and Lukáš Slebodník of Red Hat. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:2180: rubygem-bundler and rubygem-thor security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152180 mediumRHSA-2015:2180 CVE-2013-0334
RHSA-2015:2180: rubygem-bundler and rubygem-thor security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2180, CVE-2013-0334 |
| Description | Bundler manages an application's dependencies through its entire life, across many machines, systematically and repeatably. Thor is a toolkit for building powerful command-line interfaces. A flaw was found in the way Bundler handled gems available from multiple sources. An attacker with access to one of the sources could create a malicious gem with the same name, which they could then use to trick a user into installing, potentially resulting in execution of code from the attacker-supplied malicious gem. (CVE-2013-0334) Bundler has been upgraded to upstream version 1.7.8 and Thor has been upgraded to upstream version 1.19.1, both of which provide a number of bug fixes and enhancements over the previous versions. (BZ#1194243, BZ#1209921) All rubygem-bundler and rubygem-thor users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:2184: realmd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152184 mediumRHSA-2015:2184 CVE-2015-2704
RHSA-2015:2184: realmd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152184 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2184, CVE-2015-2704 |
| Description | The realmd DBus system service manages discovery of and enrollment in realms and domains, such as Active Directory or Identity Management (IdM). The realmd service detects available domains, automatically configures the system, and joins it as an account to a domain. A flaw was found in the way realmd parsed certain input when writing configuration into the sssd.conf or smb.conf file. A remote attacker could use this flaw to inject arbitrary configurations into these files via a newline character in an LDAP response. (CVE-2015-2704) It was found that the realm client would try to automatically join an active directory domain without authentication, which could potentially lead to privilege escalation within a specified domain. (BZ#1205751) The realmd packages have been upgraded to upstream version 0.16.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#1174911) This update also fixes the following bugs: * Joining a Red Hat Enterprise Linux machine to a domain using the realm utility creates /home/domainname/[username]/ directories for domain users. Previously, SELinux labeled the domain users' directories incorrectly. As a consequence, the domain users sometimes experienced problems with SELinux policy. This update modifies the realmd service default behavior so that the domain users' directories are compatible with the standard SELinux policy. (BZ#1241832) * Previously, the realm utility was unable to join or discover domains with domain names containing underscore (_). The realmd service has been modified to process underscores in domain names correctly, which fixes the described bug. (BZ#1243771) In addition, this update adds the following enhancement: * The realmd utility now allows the user to disable automatic ID mapping from the command line. To disable the mapping, pass the "--automatic-id-mapping=no" option to the realmd utility. (BZ#1230941) All realmd users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:2199: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152199 mediumRHSA-2015:2199 CVE-2013-7423 CVE-2015-1472 CVE-2015-1473 CVE-2015-1781
RHSA-2015:2199: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152199 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2199, CVE-2013-7423, CVE-2015-1472, CVE-2015-1473, CVE-2015-1781 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423) A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1781) A heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use these flaws to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472, CVE-2015-1473) An integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. An attacker able to make an application call this function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (BZ#1195762) A flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application. (BZ#1197730) The CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat. These updated glibc packages also include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal: https://access.redhat.com/articles/2050743 All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2015:2231: ntp security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152231 mediumRHSA-2015:2231 CVE-2014-9297 CVE-2014-9298 CVE-2014-9750 CVE-2014-9751 CVE-2015-1798 CVE-2015-1799 CVE-2015-3405
RHSA-2015:2231: ntp security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152231 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2231, CVE-2014-9297, CVE-2014-9298, CVE-2014-9750, CVE-2014-9751, CVE-2015-1798, CVE-2015-1799, CVE-2015-3405 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. It was found that because NTP's access control was based on a source IP address, an attacker could bypass source IP restrictions and send malicious control and configuration packets by spoofing ::1 addresses. (CVE-2014-9298, CVE-2014-9751) A denial of service flaw was found in the way NTP hosts that were peering with each other authenticated themselves before updating their internal state variables. An attacker could send packets to one peer host, which could cascade to other peers, and stop the synchronization process among the reached peers. (CVE-2015-1799) A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server. (CVE-2015-3405) A stack-based buffer overflow was found in the way the NTP autokey protocol was implemented. When an NTP client decrypted a secret received from an NTP server, it could cause that client to crash. (CVE-2014-9297, CVE-2014-9750) It was found that ntpd did not check whether a Message Authentication Code (MAC) was present in a received packet when ntpd was configured to use symmetric cryptographic keys. A man-in-the-middle attacker could use this flaw to send crafted packets that would be accepted by a client or a peer without the attacker knowing the symmetric key. (CVE-2015-1798) The CVE-2015-1798 and CVE-2015-1799 issues were discovered by Miroslav Lichvár of Red Hat. Bug fixes: * The ntpd service truncated symmetric keys specified in the key file to 20 bytes. As a consequence, it was impossible to configure NTP authentication to work with peers that use longer keys. With this update, the maximum key length has been changed to 32 bytes. (BZ#1191111) * The ntpd service could previously join multicast groups only when starting, which caused problems if ntpd was started during system boot before network was configured. With this update, ntpd attempts to join multicast groups every time network configuration is changed. (BZ#1207014) * Previously, the ntp-keygen utility used the exponent of 3 when generating RSA keys. Consequently, generating RSA keys failed when FIPS mode was enabled. With this update, ntp-keygen has been modified to use the exponent of 65537, and generating keys in FIPS mode now works as expected. (BZ#1191116) * The ntpd service dropped incoming NTP packets if their source port was lower than 123 (the NTP port). With this update, ntpd no longer checks the source port number, and clients behind NAT are now able to correctly synchronize with the server. (BZ#1171640) Enhancements: * This update adds support for configurable Differentiated Services Code Points (DSCP) in NTP packets, simplifying configuration in large networks where different NTP implementations or versions are using different DSCP values. (BZ#1202828) * This update adds the ability to configure separate clock stepping thresholds for each direction (backward and forward). Use the "stepback" and "stepfwd" options to configure each threshold. (BZ#1193154) * Support for nanosecond resolution has been added to the Structural Health Monitoring (SHM) reference clock. Prior to this update, when a Precision Time Protocol (PTP) hardware clock was used as a time source to synchronize the system clock, the accuracy of the synchronization was limited due to the microsecond resolution of the SHM protocol. The nanosecond extension in the SHM protocol now allows sub-microsecond synchronization of the system clock. (BZ#1117702) All ntp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. |
RHSA-2015:2233: tigervnc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152233 mediumRHSA-2015:2233 CVE-2014-8240 CVE-2014-8241
RHSA-2015:2233: tigervnc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152233 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2233, CVE-2014-8240, CVE-2014-8241 |
| Description | Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigervnc packages contain a client which allows users to connect to other desktops running a VNC server. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way TigerVNC handled screen sizes. A malicious VNC server could use this flaw to cause a client to crash or, potentially, execute arbitrary code on the client. (CVE-2014-8240) A NULL pointer dereference flaw was found in TigerVNC's XRegion. A malicious VNC server could use this flaw to cause a client to crash. (CVE-2014-8241) The tigervnc packages have been upgraded to upstream version 1.3.1, which provides a number of bug fixes and enhancements over the previous version. (BZ#1199453) This update also fixes the following bug: * The position of the mouse cursor in the VNC session was not correctly communicated to the VNC viewer, resulting in cursor misplacement. The method of displaying the remote cursor has been changed, and cursor movements on the VNC server are now accurately reflected on the VNC client. (BZ#1100661) All tigervnc users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:2237: rest security update (Low)oval-com.redhat.rhsa-def-20152237 lowRHSA-2015:2237 CVE-2015-2675
RHSA-2015:2237: rest security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20152237 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:2237, CVE-2015-2675 |
| Description | The rest library was designed to make it easier to access web services that claim to be RESTful. A RESTful service should have URLs that represent remote objects, which methods can then be called on. It was found that the OAuth implementation in librest, a helper library for RESTful services, incorrectly truncated the pointer returned by the rest_proxy_call_get_url call. An attacker could use this flaw to crash an application using the librest library. (CVE-2015-2675) All users of rest are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using librest must be restarted for the update to take effect. |
RHSA-2015:2241: chrony security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152241 mediumRHSA-2015:2241 CVE-2015-1821 CVE-2015-1822 CVE-2015-1853
RHSA-2015:2241: chrony security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152241 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2241, CVE-2015-1821, CVE-2015-1822, CVE-2015-1853 |
| Description | The chrony suite, chronyd and chronyc, is an advanced implementation of the
Network Time Protocol (NTP), specially designed to support systems with
intermittent connections. It can synchronize the system clock with NTP
servers, hardware reference clocks, and manual input. It can also operate
as an NTPv4 (RFC 5905) server or peer to provide a time service to other
computers in the network.
An out-of-bounds write flaw was found in the way chrony stored certain
addresses when configuring NTP or cmdmon access. An attacker that has the
command key and is allowed to access cmdmon (only localhost is allowed by
default) could use this flaw to crash chronyd or, possibly, execute
arbitrary code with the privileges of the chronyd process. (CVE-2015-1821)
An uninitialized pointer use flaw was found when allocating memory to save
unacknowledged replies to authenticated command requests. An attacker that
has the command key and is allowed to access cmdmon (only localhost is
allowed by default) could use this flaw to crash chronyd or, possibly,
execute arbitrary code with the privileges of the chronyd process.
(CVE-2015-1822)
A denial of service flaw was found in the way chrony hosts that were
peering with each other authenticated themselves before updating their
internal state variables. An attacker could send packets to one peer host,
which could cascade to other peers, and stop the synchronization process
among the reached peers. (CVE-2015-1853)
These issues were discovered by Miroslav Lichvár of Red Hat.
The chrony packages have been upgraded to upstream version 2.1.1, which
provides a number of bug fixes and enhancements over the previous version.
Notable enhancements include:
* Updated to NTP version 4 (RFC 5905)
* Added pool directive to specify pool of NTP servers
* Added leapsecmode directive to select how to correct clock for leap
second
* Added smoothtime directive to smooth served time and enable leap smear
* Added asynchronous name resolving with POSIX threads
* Ready for year 2036 (next NTP era)
* Improved clock control
* Networking code reworked to open separate client sockets for each NTP
server
(BZ#1117882)
This update also fixes the following bug:
* The chronyd service previously assumed that network interfaces specified
with the "bindaddress" directive were ready when the service was started.
This could cause chronyd to fail to bind an NTP server socket to the
interface if the interface was not ready. With this update, chronyd uses
the IP_FREEBIND socket option, enabling it to bind to an interface later,
not only when the service starts. (BZ#1169353)
In addition, this update adds the following enhancement:
* The chronyd service now supports four modes of handling leap seconds,
configured using the "leapsecmode" option. The clock can be either stepped
by the kernel (the default "system" mode), stepped by chronyd ("step"
mode), slowly adjusted by slewing ("slew" mode), or the leap second can be
ignored and corrected later in normal operation ("ignore" mode). If you
select slewing, the correction will always start at 00:00:00 UTC and will
be applied at a rate specified in the "maxslewrate" option. (BZ#1206504)
All chrony users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.
|
RHSA-2015:2248: netcf security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152248 mediumRHSA-2015:2248 CVE-2014-8119
RHSA-2015:2248: netcf security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152248 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2248, CVE-2014-8119 |
| Description | The netcf packages contain a library for modifying the network configuration of a system. Network configuration is expressed in a platform-independent XML format, which netcf translates into changes to the system's "native" network configuration files. A denial of service flaw was found in netcf. A specially crafted interface name could cause an application using netcf (such as the libvirt daemon) to crash. (CVE-2014-8119) This issue was discovered by Hao Liu of Red Hat. The netcf packages have been upgraded to upstream version 0.2.8, which provides a number of bug fixes and enhancements over the previous version. (BZ#1206680) Users of netcf are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. |
RHSA-2015:2290: pcs security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152290 mediumRHSA-2015:2290 CVE-2015-3225
RHSA-2015:2290: pcs security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152290 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2290, CVE-2015-3225 |
| Description | The pcs package provides a configuration tool for Corosync and Pacemaker. It permits users to easily view, modify and create Pacemaker based clusters. The pcs package includes Rack, which provides a minimal interface between webservers that support Ruby and Ruby frameworks. A flaw was found in a way Rack processed parameters of incoming requests. An attacker could use this flaw to send a crafted request that would cause an application using Rack to crash. (CVE-2015-3225) Red Hat would like to thank Ruby upstream developers for reporting this. Upstream acknowledges Tomek Rabczak from the NCC Group as the original reporter. The pcs package has been upgraded to upstream version 0.9.143, which provides a number of bug fixes and enhancements over the previous version. (BZ#1198265) The following enhancements are described in more detail in the Red Hat Enterprise Linux 7.2 Release Notes, linked to from the References section: * The pcs resource move and pcs resource ban commands now display a warning message to clarify the commands' behavior (BZ#1201452) * New command to move a Pacemaker resource to its preferred node (BZ#1122818) This update also fixes the following bugs: * Before this update, a bug caused location, ordering, and colocation constraints related to a resource group to be removed when removing any resource from that group. This bug has been fixed, and the constraints are now preserved until the group has no resources left, and is removed. (BZ#1158537) * Previously, when a user disabled a resource clone or multi-state resource, and then later enabled a primitive resource within it, the clone or multi-state resource remained disabled. With this update, enabling a resource within a disabled clone or multi-state resource enables it. (BZ#1218979) * When the web UI displayed a list of resource attributes, a bug caused the list to be truncated at the first "=" character. This update fixes the bug and now the web UI displays lists of resource attributes correctly. (BZ#1243579) * The documentation for the "pcs stonith confirm" command was not clear. This could lead to incorrect usage of the command, which could in turn cause data corruption. With this update, the documentation has been improved and the "pcs stonith confirm" command is now more clearly explained. (BZ#1245264) * Previously, if there were any unauthenticated nodes, creating a new cluster, adding a node to an existing cluster, or adding a cluster to the web UI failed with the message "Node is not authenticated". With this update, when the web UI detects a problem with authentication, the web UI displays a dialog to authenticate nodes as necessary. (BZ#1158569) * Previously, the web UI displayed only primitive resources. Thus there was no way to set attributes, constraints and other properties separately for a parent resource and a child resource. This has now been fixed, and resources are displayed in a tree structure, meaning all resource elements can be viewed and edited independently. (BZ#1189857) In addition, this update adds the following enhancements: * A dashboard has been added which shows the status of clusters in the web UI. Previously, it was not possible to view all important information about clusters in one place. Now, a dashboard showing the status of clusters has been added to the main page of the web UI. (BZ#1158566) * With this update, the pcsd daemon automatically synchronizes pcsd configuration across a cluster. This enables the web UI to be run from any node, allowing management even if any particular node is down. (BZ#1158577) * The web UI can now be used to set permissions for users and groups on a cluster. This allows users and groups to have their access restricted to certain operations on certain clusters. (BZ#1158571) All pcs users are advised to upgrade to this updated package, which corrects these issues and add these enhancements. |
RHSA-2015:2315: NetworkManager security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152315 mediumRHSA-2015:2315 CVE-2015-0272 CVE-2015-2924
RHSA-2015:2315: NetworkManager security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152315 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2315, CVE-2015-0272, CVE-2015-2924 |
| Description | NetworkManager is a system network service that manages network devices
and connections.
It was discovered that NetworkManager would set device MTUs based on MTU
values received in IPv6 RAs (Router Advertisements), without sanity
checking the MTU value first. A remote attacker could exploit this flaw to
create a denial of service attack, by sending a specially crafted IPv6 RA
packet to disturb IPv6 communication. (CVE-2015-0272)
A flaw was found in the way NetworkManager handled router advertisements.
An unprivileged user on a local network could use IPv6 Neighbor Discovery
ICMP to broadcast a non-route with a low hop limit, causing machines to
lower the hop limit on existing IPv6 routes. If this limit is small enough,
IPv6 packets would be dropped before reaching the final destination.
(CVE-2015-2924)
The network-manager-applet and NetworkManager-libreswan packages have been
upgraded to upstream versions 1.0.6, and provide a number of bug fixes and
enhancements over the previous versions. (BZ#1177582, BZ#1243057)
Bugs:
* It was not previously possible to set the Wi-Fi band to the "a" or "bg"
values to lock to a specific frequency band. NetworkManager has been fixed,
and it now sets the wpa_supplicant's "freq_list" option correctly, which
enables proper Wi-Fi band locking. (BZ#1254461)
* NetworkManager immediately failed activation of devices that did not have
a carrier early in the boot process. The legacy network.service then
reported activation failure. Now, NetworkManager has a grace period during
which it waits for the carrier to appear. Devices that have a carrier down
for a short time on system startup no longer cause the legacy
network.service to fail. (BZ#1079353)
* NetworkManager brought down a team device if the teamd service managing
it exited unexpectedly, and the team device was deactivated. Now,
NetworkManager respawns the teamd instances that disappear and is able to
recover from a teamd failure avoiding disruption of the team device
operation. (BZ#1145988)
* NetworkManager did not send the FQDN DHCP option even if host name was
set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the
DNS records for clients running NetworkManager. Now, NetworkManager sends
the FQDN option with DHCP requests, and the DHCP server is able to create
DNS records for such clients. (BZ#1212597)
* The command-line client was not validating the vlan.flags property
correctly, and a spurious warning message was displayed when the nmcli tool
worked with VLAN connections. The validation routine has been fixed, and
the warning message no longer appears. (BZ#1244048)
* NetworkManager did not propagate a media access control (MAC) address
change from a bonding interface to a VLAN interface on top of it.
Consequently, a VLAN interface on top of a bond used an incorrect MAC
address. Now, NetworkManager synchronizes the addresses correctly.
(BZ#1264322)
Enhancements:
* IPv6 Privacy extensions are now enabled by default. NetworkManager checks
the per-network configuration files, NetworkManager.conf, and then falls
back to "/proc/sys/net/ipv6/conf/default/use_tempaddr" to determine and set
IPv6 privacy settings at device activation. (BZ#1187525)
* The NetworkManager command-line tool, nmcli, now allows setting the
wake-on-lan property to 0 ("none", "disable", "disabled"). (BZ#1260584)
* NetworkManager now provides information about metered connections.
(BZ#1200452)
* NetworkManager daemon and the connection editor now support setting the
Maximum Transmission Unit (MTU) of a bond. It is now possible to change MTU
of a bond interface in a GUI. (BZ#1177582, BZ#1177860)
* NetworkManager daemon and the connection editor now support setting the
MTU of a team, allowing to change MTU of a teaming interface. (BZ#1255927)
NetworkManager users are advised to upgrade to these updated packages,
which correct these issues and add these enhancements.
|
RHSA-2015:2345: net-snmp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20152345 mediumRHSA-2015:2345 CVE-2014-3565
RHSA-2015:2345: net-snmp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152345 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2345, CVE-2014-3565 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. A denial of service flaw was found in the way snmptrapd handled certain SNMP traps when started with the "-OQ" option. If an attacker sent an SNMP trap containing a variable with a NULL type where an integer variable type was expected, it would cause snmptrapd to crash. (CVE-2014-3565) This update also fixes the following bugs: * Previously, the clientaddr option in the snmp.conf file affected outgoing messages sent only over IPv4. With this release, outgoing IPv6 messages are correctly sent from the interface specified by clientaddr. (BZ#1190679) * The Net-SNMP daemon, snmpd, did not properly clean memory when reloading its configuration file with multiple "exec" entries. Consequently, the daemon terminated unexpectedly. Now, the memory is properly cleaned, and snmpd no longer crashes on reload. (BZ#1228893) * Prior to this update, snmpd did not parse complete IPv4 traffic statistics, but reported the number of received or sent bytes in the IP-MIB::ipSystemStatsTable only for IPv6 packets and not for IPv4. This affected objects ipSystemStatsInOctets, ipSystemStatsOutOctets, ipSystemStatsInMcastOctets, and ipSystemStatsOutMcastOctets. Now, the statistics reported by snmpd are collected for IPv4 as well. (BZ#1235697) * The Net-SNMP daemon, snmpd, did not correctly detect the file system change from read-only to read-write. Consequently, after remounting the file system into the read-write mode, the daemon reported it to be still in the read-only mode. A patch has been applied, and snmpd now detects the mode changes as expected. (BZ#1241897) All net-snmp users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:2355: sssd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20152355 lowRHSA-2015:2355 CVE-2015-5292
RHSA-2015:2355: sssd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20152355 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:2355, CVE-2015-5292 |
| Description | The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It was found that SSSD's Privilege Attribute Certificate (PAC) responder plug-in would leak a small amount of memory on each authentication request. A remote attacker could potentially use this flaw to exhaust all available memory on the system by making repeated requests to a Kerberized daemon application configured to authenticate using the PAC responder plug-in. (CVE-2015-5292) The sssd packages have been upgraded to upstream version 1.13.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1205554) Several enhancements are described in the Red Hat Enterprise Linux 7.2 Release Notes, linked to in the References section: * SSSD smart card support (BZ#854396) * Cache authentication in SSSD (BZ#910187) * SSSD supports overriding automatically discovered AD site (BZ#1163806) * SSSD can now deny SSH access to locked accounts (BZ#1175760) * SSSD enables UID and GID mapping on individual clients (BZ#1183747) * Background refresh of cached entries (BZ#1199533) * Multi-step prompting for one-time and long-term passwords (BZ#1200873) * Caching for initgroups operations (BZ#1206575) Bugs fixed: * When the SELinux user content on an IdM server was set to an empty string, the SSSD SELinux evaluation utility returned an error. (BZ#1192314) * If the ldap_child process failed to initialize credentials and exited with an error multiple times, operations that create files in some cases started failing due to an insufficient amount of i-nodes. (BZ#1198477) * The SRV queries used a hard coded TTL timeout, and environments that wanted the SRV queries to be valid for a certain time only were blocked. Now, SSSD parses the TTL value out of the DNS packet. (BZ#1199541) * Previously, initgroups operation took an excessive amount of time. Now, logins and ID processing are faster for setups with AD back end and disabled ID mapping. (BZ#1201840) * When an IdM client with Red Hat Enterprise Linux 7.1 or later was connecting to a server with Red Hat Enterprise Linux 7.0 or earlier, authentication with an AD trusted domain caused the sssd_be process to terminate unexpectedly. (BZ#1202170) * If replication conflict entries appeared during HBAC processing, the user was denied access. Now, the replication conflict entries are skipped and users are permitted access. (BZ#1202245) * The array of SIDs no longer contains an uninitialized value and SSSD no longer crashes. (BZ#1204203) * SSSD supports GPOs from different domain controllers and no longer crashes when processing GPOs from different domain controllers. (BZ#1205852) * SSSD could not refresh sudo rules that contained groups with special characters, such as parentheses, in their name. (BZ#1208507) * The IPA names are not qualified on the client side if the server already qualified them, and IdM group members resolve even if default_domain_suffix is used on the server side. (BZ#1211830) * The internal cache cleanup task has been disabled by default to improve performance of the sssd_be process. (BZ#1212489) * Now, default_domain_suffix is not considered anymore for autofs maps. (BZ#1216285) * The user can set subdomain_inherit=ignore_group-members to disable fetching group members for trusted domains. (BZ#1217350) * The group resolution failed with an error message: "Error: 14 (Bad address)". The binary GUID handling has been fixed. (BZ#1226119) Enhancements added: * The description of default_domain_suffix has been improved in the manual pages. (BZ#1185536) * With the new "%0" template option, users on SSSD IdM clients can now use home directories set on AD. (BZ#1187103) All sssd users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:2360: cups-filters security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152360 mediumRHSA-2015:2360 CVE-2015-3258 CVE-2015-3279
RHSA-2015:2360: cups-filters security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152360 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2360, CVE-2015-3258, CVE-2015-3279 |
| Description | The cups-filters packages contain back ends, filters, and other software that was once part of the core Common UNIX Printing System (CUPS) distribution but is now maintained independently. A heap-based buffer overflow flaw and an integer overflow flaw leading to a heap-based buffer overflow were discovered in the way the texttopdf utility of cups-filter processed print jobs with a specially crafted line size. An attacker able to submit print jobs could use these flaws to crash texttopdf or, possibly, execute arbitrary code with the privileges of the "lp" user. (CVE-2015-3258, CVE-2015-3279) The CVE-2015-3258 issue was discovered by Petr Sklenar of Red Hat. Notably, this update also fixes the following bug: * Previously, when polling CUPS printers from a CUPS server, when a printer name contained an underscore (_), the client displayed the name containing a hyphen (-) instead. This made the print queue unavailable. With this update, CUPS allows the underscore character in printer names, and printers appear as shown on the CUPS server as expected. (BZ#1167408) In addition, this update adds the following enhancement: * Now, the information from local and remote CUPS servers is cached during each poll, and the CUPS server load is reduced. (BZ#1191691) All cups-filters users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. |
RHSA-2015:2369: openhpi security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20152369 lowRHSA-2015:2369 CVE-2015-3248
RHSA-2015:2369: openhpi security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20152369 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:2369, CVE-2015-3248 |
| Description | OpenHPI is an open source project created with the intent of providing an implementation of the SA Forum's Hardware Platform Interface (HPI). HPI provides an abstracted interface to managing computer hardware, typically for chassis and rack based servers. HPI includes resource modeling, access to and control over sensor, control, watchdog, and inventory data associated with resources, abstracted System Event Log interfaces, hardware events and alerts, and a managed hotswap interface. It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory. (CVE-2015-3248) This issue was discovered by Marko Myllynen of Red Hat. The openhpi packages have been upgraded to upstream version 3.4.0, which provides a number of bug fixes and enhancements over the previous version. (BZ#1127908) This update also fixes the following bug: * Network timeouts were handled incorrectly in the openhpid daemon. As a consequence, network connections could fail when external plug-ins were used. With this update, handling of network socket timeouts has been improved in openhpid, and the described problem no longer occurs. (BZ#1208127) All openhpi users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. |
RHSA-2015:2378: squid security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20152378 mediumRHSA-2015:2378 CVE-2015-3455
RHSA-2015:2378: squid security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152378 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2378, CVE-2015-3455 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. It was found that Squid configured with client-first SSL-bump did not correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a Squid server using a specially crafted X.509 certificate. (CVE-2015-3455) This update fixes the following bugs: * Previously, the squid process did not handle file descriptors correctly when receiving Simple Network Management Protocol (SNMP) requests. As a consequence, the process gradually accumulated open file descriptors. This bug has been fixed and squid now handles SNMP requests correctly, closing file descriptors when necessary. (BZ#1198778) * Under high system load, the squid process sometimes terminated unexpectedly with a segmentation fault during reboot. This update provides better memory handling during reboot, thus fixing this bug. (BZ#1225640) Users of squid are advised to upgrade to these updated packages, which fix these bugs. After installing this update, the squid service will be restarted automatically. |
RHSA-2015:2383: pacemaker security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152383 mediumRHSA-2015:2383 CVE-2015-1867
RHSA-2015:2383: pacemaker security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152383 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2383, CVE-2015-1867 |
| Description | The Pacemaker Resource Manager is a collection of technologies working
together to provide data integrity and the ability to maintain
application availability in the event of a failure.
A flaw was found in the way pacemaker, a cluster resource manager,
evaluated added nodes in certain situations. A user with read-only access
could potentially assign any other existing roles to themselves and then
add privileges to other users as well. (CVE-2015-1867)
The pacemaker packages have been upgraded to upstream version 1.1.13, which
provides a number of bug fixes and enhancements over the previous version.
(BZ#1234680)
This update also fixes the following bugs:
* When a Pacemaker cluster included an Apache resource, and Apache's
mod_systemd module was enabled, systemd rejected notifications sent by
Apache. As a consequence, a large number of errors in the following format
appeared in the system log:
Got notification message from PID XXXX, but reception only permitted
for PID YYYY
With this update, the lrmd daemon now unsets the "NOTIFY_SOCKET" variable
in the described circumstances, and these error messages are no longer
logged. (BZ#1150184)
* Previously, specifying a remote guest node as a part of a group resource
in a Pacemaker cluster caused the node to stop working. This update adds
support for remote guests in Pacemaker group resources, and the described
problem no longer occurs. (BZ#1168637)
* When a resource in a Pacemaker cluster failed to start, Pacemaker updated
the resource's last failure time and incremented its fail count even if the
"on-fail=ignore" option was used. This in some cases caused unintended
resource migrations when a resource start failure occurred. Now, Pacemaker
does not update the fail count when "on-fail=ignore" is used. As a result,
the failure is displayed in the cluster status output, but is properly
ignored and thus does not cause resource migration. (BZ#1200849)
* Previously, Pacemaker supported semicolon characters (";") as delimiters
when parsing the pcmk_host_map string, but not when parsing the
pcmk_host_list string. To ensure consistent user experience, semicolons are
now supported as delimiters for parsing pcmk_host_list, as well.
(BZ#1206232)
In addition, this update adds the following enhancements:
* If a Pacemaker location constraint has the "resource-discovery=never"
option, Pacemaker now does not attempt to determine whether a specified
service is running on the specified node. In addition, if multiple location
constraints for a given resource specify "resource-discovery=exclusive",
then Pacemaker attempts resource discovery only on the nodes specified in
those constraints. This allows Pacemaker to skip resource discovery on
nodes where attempting the operation would lead to error or other
undesirable behavior. (BZ#1108853)
* The procedure of configuring fencing for redundant power supplies has
been simplified in order to prevent multiple nodes accessing cluster
resources at the same time and thus causing data corruption. For further
information, see the "Fencing: Configuring STONITH" chapter of the High
Availability Add-On Reference manual. (BZ#1206647)
* The output of the "crm_mon" and "pcs_status" commands has been modified
to be clearer and more concise, and thus easier to read when reporting
the status of a Pacemaker cluster with a large number of remote nodes and
cloned resources. (BZ#1115840)
All pacemaker users are advised to upgrade to these updated packages, which
correct these issues and add these enhancements.
|
RHSA-2015:2393: wireshark security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152393 mediumRHSA-2015:2393 CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713 CVE-2014-8714 CVE-2015-0562 CVE-2015-0563 CVE-2015-0564 CVE-2015-2188 CVE-2015-2189 CVE-2015-2191 CVE-2015-3182 CVE-2015-3810 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813 CVE-2015-6243 CVE-2015-6244 CVE-2015-6245 CVE-2015-6246 CVE-2015-6248
RHSA-2015:2393: wireshark security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152393 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2393, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3182, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248 |
| Description | The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-2188, CVE-2015-2189, CVE-2015-2191, CVE-2015-3810, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2014-8710, CVE-2014-8711, CVE-2014-8712, CVE-2014-8713, CVE-2014-8714, CVE-2015-0562, CVE-2015-0563, CVE-2015-0564, CVE-2015-3182, CVE-2015-6243, CVE-2015-6244, CVE-2015-6245, CVE-2015-6246, CVE-2015-6248) The CVE-2015-3182 issue was discovered by Martin Žember of Red Hat. The wireshark packages have been upgraded to upstream version 1.10.14, which provides a number of bug fixes and enhancements over the previous version. (BZ#1238676) This update also fixes the following bug: * Prior to this update, when using the tshark utility to capture packets over the interface, tshark failed to create output files in the .pcap format even if it was specified using the "-F" option. This bug has been fixed, the "-F" option is now honored, and the result saved in the .pcap format as expected. (BZ#1227199) In addition, this update adds the following enhancement: * Previously, wireshark included only microseconds in the .pcapng format. With this update, wireshark supports nanosecond time stamp precision to allow for more accurate time stamps. (BZ#1213339) All wireshark users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. All running instances of Wireshark must be restarted for the update to take effect. |
RHSA-2015:2401: grub2 security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20152401 lowRHSA-2015:2401 CVE-2015-5281
RHSA-2015:2401: grub2 security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20152401 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:2401, CVE-2015-5281 |
| Description | The grub2 packages provide version 2 of the Grand Unified Bootloader
(GRUB), a highly configurable and customizable bootloader with modular
architecture. The packages support a variety of kernel formats, file
systems, computer architectures, and hardware devices.
It was discovered that grub2 builds for EFI systems contained modules that
were not suitable to be loaded in a Secure Boot environment. An attacker
could use this flaw to circumvent the Secure Boot mechanisms and load
non-verified code. Attacks could use the boot menu if no password was set,
or the grub2 configuration file if the attacker has root privileges on the
system. (CVE-2015-5281)
This update also fixes the following bugs:
* In one of the earlier updates, GRUB2 was modified to escape forward slash
(/) characters in several different places. In one of these places, the
escaping was unnecessary and prevented certain types of kernel command-line
arguments from being passed to the kernel correctly. With this update,
GRUB2 no longer escapes the forward slash characters in the mentioned
place, and the kernel command-line arguments work as expected. (BZ#1125404)
* Previously, GRUB2 relied on a timing mechanism provided by legacy
hardware, but not by the Hyper-V Gen2 hypervisor, to calibrate its timer
loop. This prevented GRUB2 from operating correctly on Hyper-V Gen2.
This update modifies GRUB2 to use a different mechanism on Hyper-V Gen2 to
calibrate the timing. As a result, Hyper-V Gen2 hypervisors now work as
expected. (BZ#1150698)
* Prior to this update, users who manually configured GRUB2 to use the
built-in GNU Privacy Guard (GPG) verification observed the following error
on boot:
alloc magic is broken at [addr]: [value] Aborted.
Consequently, the boot failed. The GRUB2 built-in GPG verification has been
modified to no longer free the same memory twice. As a result, the
mentioned error no longer occurs. (BZ#1167977)
* Previously, the system sometimes did not recover after terminating
unexpectedly and failed to reboot. To fix this problem, the GRUB2 packages
now enforce file synchronization when creating the GRUB2 configuration
file, which ensures that the required configuration files are written to
disk. As a result, the system now reboots successfully after crashing.
(BZ#1212114)
* Previously, if an unconfigured network driver instance was selected and
configured when the GRUB2 bootloader was loaded on a different instance,
GRUB2 did not receive notifications of the Address Resolution Protocol
(ARP) replies. Consequently, GRUB2 failed with the following error message:
error: timeout: could not resolve hardware address.
With this update, GRUB2 selects the network driver instance from which it
was loaded. As a result, ARP packets are processed correctly. (BZ#1257475)
In addition, this update adds the following enhancement:
* Sorting of GRUB2 boot menu has been improved. GRUB2 now uses the
rpmdevtools package to sort available kernels and the configuration file is
being generated correctly with the most recent kernel version listed at the
top. (BZ#1124074)
All grub2 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement.
|
RHSA-2015:2411: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20152411 highRHSA-2015:2411 CVE-2013-7421 CVE-2014-8171 CVE-2014-9419 CVE-2014-9644 CVE-2015-2925 CVE-2015-3339 CVE-2015-4170 CVE-2015-5283 CVE-2015-7613 CVE-2015-7837
RHSA-2015:2411: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152411 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2411, CVE-2013-7421, CVE-2014-8171, CVE-2014-9419, CVE-2014-9644, CVE-2015-2925, CVE-2015-3339, CVE-2015-4170, CVE-2015-5283, CVE-2015-7613, CVE-2015-7837 |
| Description | The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. (CVE-2015-2925, Important) * A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system. (CVE-2015-7613, Important) * It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system. (CVE-2014-8171, Moderate) * A race condition flaw was found between the chown and execve system calls. When changing the owner of a setuid user binary to root, the race condition could momentarily make the binary setuid root. A local, unprivileged user could potentially use this flaw to escalate their privileges on the system. (CVE-2015-3339, Moderate) * A flaw was discovered in the way the Linux kernel's TTY subsystem handled the tty shutdown phase. A local, unprivileged user could use this flaw to cause a denial of service on the system by holding a reference to the ldisc lock during tty shutdown, causing a deadlock. (CVE-2015-4170, Moderate) * A NULL pointer dereference flaw was found in the SCTP implementation. A local user could use this flaw to cause a denial of service on the system by triggering a kernel panic when creating multiple sockets in parallel while the system did not have the SCTP module loaded. (CVE-2015-5283, Moderate) * A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel. (CVE-2013-7421, CVE-2014-9644, Low) * An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage (TLS) during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process. (CVE-2014-9419, Low) * A flaw was found in the way the Linux kernel handled the securelevel functionality after performing a kexec operation. A local attacker could use this flaw to bypass the security mechanism of the securelevel/secureboot combination. (CVE-2015-7837, Low) Red Hat would like to thank Linn Crosetto of HP for reporting the CVE-2015-7837 issue. The CVE-2015-5283 issue was discovered by Ji Jianwen from Red Hat engineering. The kernel-rt packages have been upgraded to version 3.10.0-326.rt56.204, which provides a number of bug fixes and enhancements. (BZ#1201915, BZ#1211724) This update also fixes several bugs and adds multiple enhancements. Refer to the following Red Hat Knowledgebase article for information on the most significant of these changes: https://access.redhat.com/articles/2055783 All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2015:2417: autofs security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20152417 mediumRHSA-2015:2417 CVE-2014-8169
RHSA-2015:2417: autofs security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152417 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2417, CVE-2014-8169 |
| Description | The autofs utility controls the operation of the automount daemon. The
daemon automatically mounts file systems when in use and unmounts them when
they are not busy.
It was found that program-based automounter maps that used interpreted
languages such as Python used standard environment variables to locate
and load modules of those languages. A local attacker could potentially use
this flaw to escalate their privileges on the system. (CVE-2014-8169)
Note: This issue has been fixed by adding the "AUTOFS_" prefix to the
affected environment variables so that they are not used to subvert the
system. A configuration option ("force_standard_program_map_env") to
override this prefix and to use the environment variables without the
prefix has been added. In addition, warnings have been added to the manual
page and to the installed configuration file. Now, by default the standard
variables of the program map are provided only with the prefix added to
its name.
Red Hat would like to thank the Georgia Institute of Technology for
reporting this issue.
Notably, this update fixes the following bugs:
* When the "ls *" command was run in the root of an indirect mount, autofs
attempted to literally mount the wildcard character (*) causing it to be
added to the negative cache. If done before a valid mount, autofs then
failed on further mount attempts inside the mount point, valid or not. This
has been fixed, and wildcard map entries now function in the described
situation. (BZ#1166457)
* When autofs encountered a syntax error consisting of a duplicate entry in
a multimap entry, it reported an error and did not mount the map entry.
With this update, autofs has been amended to report the problem in the log
to alert the system administrator and use the last seen instance of the
duplicate entry rather than fail. (BZ#1205600)
* In the ldap and sss lookup modules, the map reading functions did not
distinguish between the "no entry found" and "service not available"
errors. Consequently, when the "service not available" response was
returned from a master map read, autofs did not update the mounts.
An "entry not found" return does not prevent the map update, so the ldap
and sss lookup modules were updated to distinguish between these two
returns and now work as expected. (BZ#1233065)
In addition, this update adds the following enhancement:
* The description of the configuration parameter map_hash_table_size was
missing from the autofs.conf(5) man page and its description in the
configuration file comments was insufficient. A description of the
parameter has been added to autofs.conf(5), and the configuration file
comments have been updated. (BZ#1238573)
All autofs users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add this
enhancement.
|
RHSA-2015:2455: unbound security and bug fix update (Low)oval-com.redhat.rhsa-def-20152455 lowRHSA-2015:2455 CVE-2014-8602
RHSA-2015:2455: unbound security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20152455 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2015:2455, CVE-2014-8602 |
| Description | The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. A denial of service flaw was found in unbound that an attacker could use to trick the unbound resolver into following an endless loop of delegations, consuming an excessive amount of resources. (CVE-2014-8602) This update also fixes the following bugs: * Prior to this update, there was a mistake in the time configuration in the cron job invoking unbound-anchor to update the root zone key. Consequently, unbound-anchor was invoked once a month instead of every day, thus not complying with RFC 5011. The cron job has been replaced with a systemd timer unit that is invoked on a daily basis. Now, the root zone key validity is checked daily at a random time within a 24-hour window, and compliance with RFC 5011 is ensured. (BZ#1180267) * Previously, the unbound packages were installing their configuration file for the systemd-tmpfiles utility into the /etc/tmpfiles.d/ directory. As a consequence, changes to unbound made by the administrator in /etc/tmpfiles.d/ could be overwritten on package reinstallation or update. To fix this bug, unbound has been amended to install the configuration file into the /usr/lib/tmpfiles.d/ directory. As a result, the system administrator's configuration in /etc/tmpfiles.d/ is preserved, including any changes, on package reinstallation or update. (BZ#1180995) * The unbound server default configuration included validation of DNS records using the DNSSEC Look-aside Validation (DLV) registry. The Internet Systems Consortium (ISC) plans to deprecate the DLV registry service as no longer needed, and unbound could execute unnecessary steps. Therefore, the use of the DLV registry has been removed from the unbound server default configuration. Now, unbound does not try to perform DNS records validation using the DLV registry. (BZ#1223339) All unbound users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:2504: libreport security update (Moderate)oval-com.redhat.rhsa-def-20152504 mediumRHSA-2015:2504 CVE-2015-5302
RHSA-2015:2504: libreport security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152504 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2504, CVE-2015-5302 |
| Description | libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. ABRT (Automatic Bug Reporting Tool) uses libreport. It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not intended to be made public, including host names, IP addresses, or command line options. (CVE-2015-5302) This flaw did not affect default installations of ABRT on Red Hat Enterprise Linux as they do not post data to Red Hat Bugzilla. This feature can however be enabled, potentially impacting modified ABRT instances. As a precaution, Red Hat has identified bugs filed by such non-default Red Hat Enterprise Linux users of ABRT and marked them private. This issue was discovered by Bastien Nocera of Red Hat. All users of libreport are advised to upgrade to these updated packages, which corrects this issue. |
RHSA-2015:2505: abrt and libreport security update (Moderate)oval-com.redhat.rhsa-def-20152505 mediumRHSA-2015:2505 CVE-2015-5273 CVE-2015-5287 CVE-2015-5302
RHSA-2015:2505: abrt and libreport security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152505 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2505, CVE-2015-5273, CVE-2015-5287, CVE-2015-5302 |
| Description | ABRT (Automatic Bug Reporting Tool) is a tool to help users to detect defects in applications and to create a bug report with all the information needed by a maintainer to fix it. It uses a plug-in system to extend its functionality. libreport provides an API for reporting different problems in applications to different bug targets, such as Bugzilla, FTP, and Trac. It was found that the ABRT debug information installer (abrt-action-install-debuginfo-to-abrt-cache) did not use temporary directories in a secure way. A local attacker could use the flaw to create symbolic links and files at arbitrary locations as the abrt user. (CVE-2015-5273) It was discovered that the kernel-invoked coredump processor provided by ABRT did not handle symbolic links correctly when writing core dumps of ABRT programs to the ABRT dump directory (/var/spool/abrt). A local attacker with write access to an ABRT problem directory could use this flaw to escalate their privileges. (CVE-2015-5287) It was found that ABRT may have exposed unintended information to Red Hat Bugzilla during crash reporting. A bug in the libreport library caused changes made by a user in files included in a crash report to be discarded. As a result, Red Hat Bugzilla attachments may contain data that was not intended to be made public, including host names, IP addresses, or command line options. (CVE-2015-5302) This flaw did not affect default installations of ABRT on Red Hat Enterprise Linux as they do not post data to Red Hat Bugzilla. This feature can however be enabled, potentially impacting modified ABRT instances. As a precaution, Red Hat has identified bugs filed by such non-default Red Hat Enterprise Linux users of ABRT and marked them private. Red Hat would like to thank Philip Pettersson of Samsung for reporting the CVE-2015-5273 and CVE-2015-5287 issues. The CVE-2015-5302 issue was discovered by Bastien Nocera of Red Hat. All users of abrt and libreport are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:2519: thunderbird security update (Important)oval-com.redhat.rhsa-def-20152519 highRHSA-2015:2519 CVE-2015-4513 CVE-2015-7189 CVE-2015-7193 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200
RHSA-2015:2519: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152519 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2519, CVE-2015-4513, CVE-2015-7189, CVE-2015-7193, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-4513, CVE-2015-7189, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200) A same-origin policy bypass flaw was found in the way Thunderbird handled certain cross-origin resource sharing (CORS) requests. A web page containing malicious content could cause Thunderbird to disclose sensitive information. (CVE-2015-7193) Note: All of the above issues cannot be exploited by a specially crafted HTML mail message because JavaScript is disabled by default for mail messages. However, they could be exploited in other ways in Thunderbird (for example, by viewing the full remote content of an RSS feed). Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong, Looben Yang, Shinto K Anto, Ronald Crane, and Ehsan Akhgari as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.4.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.4.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2015:2521: jakarta-commons-collections security update (Important)oval-com.redhat.rhsa-def-20152521 highRHSA-2015:2521 CVE-2015-7501
RHSA-2015:2521: jakarta-commons-collections security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152521 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2521, CVE-2015-7501 |
| Description | The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization. Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of jakarta-commons-collections are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using the commons-collections library must be restarted for the update to take effect. |
RHSA-2015:2522: apache-commons-collections security update (Important)oval-com.redhat.rhsa-def-20152522 highRHSA-2015:2522 CVE-2015-7501
RHSA-2015:2522: apache-commons-collections security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152522 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2522, CVE-2015-7501 |
| Description | The Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization. Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of apache-commons-collections are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using the commons-collections library must be restarted for the update to take effect. |
RHSA-2015:2549: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20152549 mediumRHSA-2015:2549 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8710
RHSA-2015:2549: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152549 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2549, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, CVE-2015-8710 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955) Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2015:2550: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20152550 mediumRHSA-2015:2550 CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2015-8710
RHSA-2015:2550: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152550 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2550, CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, CVE-2015-8710 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Several denial of service flaws were found in libxml2, a library providing support for reading, modifying, and writing XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or in certain cases crash the application. (CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500 CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317, BZ#1213957, BZ#1281955) Red Hat would like to thank the GNOME project for reporting CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-8241, CVE-2015-8242, and CVE-2015-8317. Upstream acknowledges Kostya Serebryany of Google as the original reporter of CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, and CVE-2015-7500; Hugh Davenport as the original reporter of CVE-2015-8241 and CVE-2015-8242; and Hanno Boeck as the original reporter of CVE-2015-8317. The CVE-2015-1819 issue was discovered by Florian Weimer of Red Hat Product Security. All libxml2 users are advised to upgrade to these updated packages, which contain a backported patch to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. |
RHSA-2015:2552: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20152552 highRHSA-2015:2552 CVE-2015-5307 CVE-2015-8104
RHSA-2015:2552: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152552 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2552, CVE-2015-5307, CVE-2015-8104 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) and #DB (debug exception) is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel. (CVE-2015-5307, CVE-2015-8104, Important) Red Hat would like to thank Ben Serebrin of Google Inc. for reporting the CVE-2015-5307 issue. This update also fixes the following bugs: * On Intel Xeon v5 platforms, the processor frequency was always tied to the highest possible frequency. Switching p-states on these client platforms failed. This update sets the idle frequency, busy frequency, and processor frequency values by determining the range and adjusting the minimal and maximal percent limit values. Now, switching p-states on the aforementioned client platforms proceeds successfully. (BZ#1273926) * Due to a validation error of in-kernel memory-mapped I/O (MMIO) tracing, a VM became previously unresponsive when connected to Red Hat Enterprise Virtualization Hypervisor. The provided patch fixes this bug by dropping the check in MMIO handler, and a VM continues running as expected. (BZ#1275150) * Due to retry-able command errors, the NVMe driver previously leaked I/O descriptors and DMA mappings. As a consequence, the kernel could become unresponsive during the hot-unplug operation if a driver was removed. This update fixes the driver memory leak bug on command retries, and the kernel no longer hangs in this situation. (BZ#1279792) * The hybrid_dma_data() function was not initialized before use, which caused an invalid memory access when hot-plugging a PCI card. As a consequence, a kernel oops occurred. The provided patch makes sure hybrid_dma_data() is initialized before use, and the kernel oops no longer occurs in this situation. (BZ#1279793) * When running PowerPC (PPC) KVM guests and the host was experiencing a lot of page faults, for example because it was running low on memory, the host sometimes triggered an incorrect kind of interrupt in the guest: a data storage exception instead of a data segment exception. This caused a kernel panic of the PPC KVM guest. With this update, the host kernel synthesizes a segment fault if the corresponding Segment Lookaside Buffer (SLB) lookup fails, which prevents the kernel panic from occurring. (BZ#1281423) * The kernel accessed an incorrect area of the khugepaged process causing Logical Partitioning (LPAR) to become unresponsive, and an oops occurred in medlp5. The backported upstream patch prevents an LPAR hang, and the oops no longer occurs. (BZ#1281424) * When the sctp module was loaded and a route to an association endpoint was removed after receiving an Out-of-The-Blue (OOTB) chunk but before incrementing the "dropped because of missing route" SNMP statistic, a Null Pointer Dereference kernel panic previously occurred. This update fixes the race condition between OOTB response and route removal. (BZ#1281426) * The cpuscaling test of the certification test suite previously failed due to a rounding bug in the intel-pstate driver. This bug has been fixed and the cpuscaling test now passes. (BZ#1281491) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:2561: git security update (Moderate)oval-com.redhat.rhsa-def-20152561 mediumRHSA-2015:2561 CVE-2015-7545
RHSA-2015:2561: git security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152561 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2561, CVE-2015-7545 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system. (BZ#1269794) All git users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:2594: libpng security update (Moderate)oval-com.redhat.rhsa-def-20152594 mediumRHSA-2015:2594 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472
RHSA-2015:2594: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152594 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2594, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:2595: libpng12 security update (Moderate)oval-com.redhat.rhsa-def-20152595 mediumRHSA-2015:2595 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472
RHSA-2015:2595: libpng12 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152595 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2595, CVE-2015-7981, CVE-2015-8126, CVE-2015-8472 |
| Description | The libpng12 packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) An array-indexing error was discovered in the png_convert_to_rfc1123() function of libpng. An attacker could possibly use this flaw to cause an out-of-bounds read by tricking an unsuspecting user into processing a specially crafted PNG image. (CVE-2015-7981) All libpng12 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:2596: libpng security update (Moderate)oval-com.redhat.rhsa-def-20152596 mediumRHSA-2015:2596 CVE-2015-8126 CVE-2015-8472
RHSA-2015:2596: libpng security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152596 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2596, CVE-2015-8126, CVE-2015-8472 |
| Description | The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. It was discovered that the png_get_PLTE() and png_set_PLTE() functions of libpng did not correctly calculate the maximum palette sizes for bit depths of less than 8. In case an application tried to use these functions in combination with properly calculated palette sizes, this could lead to a buffer overflow or out-of-bounds reads. An attacker could exploit this to cause a crash or potentially execute arbitrary code by tricking an unsuspecting user into processing a specially crafted PNG image. However, the exact impact is dependent on the application using the library. (CVE-2015-8126, CVE-2015-8472) All libpng users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. |
RHSA-2015:2616: openssl security update (Moderate)oval-com.redhat.rhsa-def-20152616 mediumRHSA-2015:2616 CVE-2015-3195
RHSA-2015:2616: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152616 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2616, CVE-2015-3195 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2015:2617: openssl security update (Moderate)oval-com.redhat.rhsa-def-20152617 mediumRHSA-2015:2617 CVE-2015-3194 CVE-2015-3195 CVE-2015-3196
RHSA-2015:2617: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152617 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2617, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. (CVE-2015-3194) A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS#7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash. (CVE-2015-3195) A race condition flaw, leading to a double free, was found in the way OpenSSL handled pre-shared key (PSK) identify hints. A remote attacker could use this flaw to crash a multi-threaded SSL/TLS client using OpenSSL. (CVE-2015-3196) All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2015:2619: libreoffice security update (Moderate)oval-com.redhat.rhsa-def-20152619 mediumRHSA-2015:2619 CVE-2015-4551 CVE-2015-5212 CVE-2015-5213 CVE-2015-5214
RHSA-2015:2619: libreoffice security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152619 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2619, CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. (CVE-2015-4551) An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5212) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5213) It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5214) All libreoffice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2015:2623: grub2 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20152623 mediumRHSA-2015:2623 CVE-2015-8370
RHSA-2015:2623: grub2 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20152623 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2015:2623, CVE-2015-8370 |
| Description | The grub2 packages provide version 2 of the Grand Unified Bootloader (GRUB), a highly configurable and customizable bootloader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. A flaw was found in the way the grub2 handled backspace characters entered in username and password prompts. An attacker with access to the system console could use this flaw to bypass grub2 password protection and gain administrative access to the system. (CVE-2015-8370) This update also fixes the following bug: * When upgrading from Red Hat Enterprise Linux 7.1 and earlier, a configured boot password was not correctly migrated to the newly introduced user.cfg configuration files. This could possibly prevent system administrators from changing grub2 configuration during system boot even if they provided the correct password. This update corrects the password migration script and the incorrectly generated user.cfg file. (BZ#1290089) All grub2 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For this update to take effect on BIOS-based machines, grub2 needs to be reinstalled as documented in the "Reinstalling GRUB 2 on BIOS-Based Machines" section of the Red Hat Enterprise Linux 7 System Administrator's Guide linked to in the References section. No manual action is needed on UEFI-based machines. |
RHSA-2015:2636: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20152636 highRHSA-2015:2636 CVE-2015-2925 CVE-2015-5307 CVE-2015-7613 CVE-2015-7872 CVE-2015-8104
RHSA-2015:2636: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152636 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2636, CVE-2015-2925, CVE-2015-5307, CVE-2015-7613, CVE-2015-7872, CVE-2015-8104 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system. (CVE-2015-2925, Important) * It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) and #DB (debug exception) is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel. (CVE-2015-5307, CVE-2015-8104, Important) * A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system. (CVE-2015-7613, Important) * It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-7872, Important) Red Hat would like to thank Ben Serebrin of Google Inc. for reporting the CVE-2015-5307 issue. This update also fixes the following bugs: * Previously, Human Interface Device (HID) ran a report on an unaligned buffer, which could cause a page fault interrupt and an oops when the end of the report was read. This update fixes this bug by padding the end of the report with extra bytes, so the reading of the report never crosses a page boundary. As a result, a page fault and subsequent oops no longer occur. (BZ#1268203) * The NFS client was previously failing to detect a directory loop for some NFS server directory structures. This failure could cause NFS inodes to remain referenced after attempting to unmount the file system, leading to a kernel crash. Loop checks have been added to VFS, which effectively prevents this problem from occurring. (BZ#1272858) * Due to a race whereby the nfs_wb_pages_cancel() and nfs_commit_release_pages() calls both removed a request from the nfs_inode struct type, the kernel panicked with negative nfs_inode.npages count. The provided upstream patch performs the required serialization by holding the inode i_lock over the check of PagePrivate and locking the request, thus preventing the race and kernel panic from occurring. (BZ#1273721) * Due to incorrect URB_ISO_ASAP semantics, playing an audio file using a USB sound card could previously fail for some hardware configurations. This update fixes the bug, and playing audio from a USB sound card now works as expected. (BZ#1273916) * Inside hugetlb, region data structures were protected by a combination of a memory map semaphore and a single hugetlb instance mutex. However, a page-fault scalability improvement backported to the kernel on previous releases removed the single hugetlb instance mutex and introduced a new mutex table, making the locking combination insufficient, leading to possible race windows that could cause corruption and undefined behavior. This update fixes the problem by introducing a required spinlock to the region tracking functions for proper serialization. The problem only affects software using huge pages through hugetlb interface. (BZ#1274599) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2015:2655: bind security update (Important)oval-com.redhat.rhsa-def-20152655 highRHSA-2015:2655 CVE-2015-8000
RHSA-2015:2655: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152655 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2655, CVE-2015-8000 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. (CVE-2015-8000) Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs. Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:2656: bind security update (Important)oval-com.redhat.rhsa-def-20152656 highRHSA-2015:2656 CVE-2015-8000
RHSA-2015:2656: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152656 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2656, CVE-2015-8000 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. (CVE-2015-8000) Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs. Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:2657: firefox security update (Critical)oval-com.redhat.rhsa-def-20152657 highRHSA-2015:2657 CVE-2015-7201 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222
RHSA-2015:2657: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20152657 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2657, CVE-2015-7201, CVE-2015-7205, CVE-2015-7210, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214, CVE-2015-7222 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-7201, CVE-2015-7205, CVE-2015-7210, CVE-2015-7212, CVE-2015-7213, CVE-2015-7222) A flaw was found in the way Firefox handled content using the 'data:' and 'view-source:' URIs. An attacker could use this flaw to bypass the same-origin policy and read data from cross-site URLs and local files. (CVE-2015-7214) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrei Vaida, Jesse Ruderman, Bob Clary, Looben Yang, Abhishek Arya, Ronald Crane, Gerald Squelart, and Tsubasa Iinuma as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.5.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2015:2658: bind97 security update (Important)oval-com.redhat.rhsa-def-20152658 highRHSA-2015:2658 CVE-2015-8000
RHSA-2015:2658: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152658 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2658, CVE-2015-8000 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive server to crash. (CVE-2015-8000) Note: This issue affects authoritative servers as well as recursive servers, however authoritative servers are at limited risk if they perform authentication when making recursive queries to resolve addresses for servers listed in NS RRSETs. Red Hat would like to thank ISC for reporting this issue. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2015:2671: jakarta-commons-collections security update (Important)oval-com.redhat.rhsa-def-20152671 highRHSA-2015:2671 CVE-2015-7501
RHSA-2015:2671: jakarta-commons-collections security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152671 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2671, CVE-2015-7501 |
| Description | The Jakarta/Apache Commons Collections library provides new interfaces, implementations, and utilities to extend the features of the Java Collections Framework. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library. (CVE-2015-7501) With this update, deserialization of certain classes in the commons-collections library is no longer allowed. Applications that require those classes to be deserialized can use the system property "org.apache.commons.collections.enableUnsafeSerialization" to re-enable their deserialization. Further information about this security flaw may be found at: https://access.redhat.com/solutions/2045023 All users of jakarta-commons-collections are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications using the commons-collections library must be restarted for the update to take effect. |
RHSA-2015:2694: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20152694 highRHSA-2015:2694 CVE-2015-7504 CVE-2015-7512
RHSA-2015:2694: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20152694 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2015:2694, CVE-2015-7504, CVE-2015-7512 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow flaw was discovered in the way QEMU's AMD PC-Net II Ethernet Controller emulation received certain packets in loopback mode. A privileged user (with the CAP_SYS_RAWIO capability) inside a guest could use this flaw to crash the host QEMU process (resulting in denial of service) or, potentially, execute arbitrary code with privileges of the host QEMU process. (CVE-2015-7504) A buffer overflow flaw was found in the way QEMU's AMD PC-Net II emulation validated certain received packets from a remote host in non-loopback mode. A remote, unprivileged attacker could potentially use this flaw to execute arbitrary code on the host with the privileges of the QEMU process. Note that to exploit this flaw, the guest network interface must have a large MTU limit. (CVE-2015-7512) Red Hat would like to thank Qinghao Tang of QIHU 360 Marvel Team and Ling Liu of Qihoo 360 Inc. for reporting the CVE-2015-7504 issue, and Ling Liu of Qihoo 360 Inc. for reporting the CVE-2015-7512 issue. The CVE-2015-7512 issue was independently discovered by Jason Wang of Red Hat. All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2016:0001: thunderbird security update (Important)oval-com.redhat.rhsa-def-20160001 highRHSA-2016:0001 CVE-2015-7201 CVE-2015-7205 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214
RHSA-2016:0001: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160001 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0001, CVE-2015-7201, CVE-2015-7205, CVE-2015-7212, CVE-2015-7213, CVE-2015-7214 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2015-7201, CVE-2015-7205, CVE-2015-7212, CVE-2015-7213) A flaw was found in the way Thunderbird handled content using the 'data:' and 'view-source:' URIs. An attacker could use this flaw to bypass the same-origin policy and read data from cross-site URLs and local files. (CVE-2015-7214) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Andrei Vaida, Jesse Ruderman, Bob Clary, Abhishek Arya, Ronald Crane, and Tsubasa Iinuma as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.5.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.5.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2016:0005: rpcbind security update (Moderate)oval-com.redhat.rhsa-def-20160005 mediumRHSA-2016:0005 CVE-2015-7236
RHSA-2016:0005: rpcbind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160005 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0005, CVE-2015-7236 |
| Description | The rpcbind utility is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. A use-after-free flaw related to the PMAP_CALLIT operation and TCP/UDP connections was discovered in rpcbind. A remote attacker could possibly exploit this flaw to crash the rpcbind service by performing a series of UDP and TCP calls. (CVE-2015-7236) All rpcbind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the rpcbind service is running, it will be automatically restarted after installing this update. |
RHSA-2016:0006: samba security update (Moderate)oval-com.redhat.rhsa-def-20160006 mediumRHSA-2016:0006 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330
RHSA-2016:0006: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160006 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0006, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. (CVE-2015-7540) Multiple buffer over-read flaws were found in the way Samba handled malformed inputs in certain encodings. An authenticated, remote attacker could possibly use these flaws to disclose portions of the server memory. (CVE-2015-5330) A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. (CVE-2015-5296) A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights. (CVE-2015-5299) An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path. (CVE-2015-5252) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher of the Samba Team and Sernet.de as the original reporters of CVE-2015-5296, partha@exablox.com as the original reporter of CVE-2015-5299, Jan "Yenya" Kasprzak and the Computer Systems Unit team at Faculty of Informatics, Masaryk University as the original reporters of CVE-2015-5252 flaws, and Douglas Bagnall as the original reporter of CVE-2015-5330. All samba users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2016:0007: nss security update (Moderate)oval-com.redhat.rhsa-def-20160007 mediumRHSA-2016:0007 CVE-2015-7575
RHSA-2016:0007: nss security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160007 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0007, CVE-2015-7575 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the NSS library must be restarted, or the system rebooted. |
RHSA-2016:0008: openssl security update (Moderate)oval-com.redhat.rhsa-def-20160008 mediumRHSA-2016:0008 CVE-2015-7575
RHSA-2016:0008: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160008 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0008, CVE-2015-7575 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All openssl users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2016:0009: libldb security update (Moderate)oval-com.redhat.rhsa-def-20160009 mediumRHSA-2016:0009 CVE-2015-3223 CVE-2015-5330
RHSA-2016:0009: libldb security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160009 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0009, CVE-2015-3223, CVE-2015-5330 |
| Description | The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. A denial of service flaw was found in the ldb_wildcard_compare() function of libldb. A remote attacker could send a specially crafted packet that, when processed by an application using libldb (for example the AD LDAP server in Samba), would cause that application to consume an excessive amount of memory and crash. (CVE-2015-3223) A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server. (CVE-2015-5330) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Thilo Uttendorfer as the original reporter of CVE-2015-3223, and Douglas Bagnall as the original reporter of CVE-2015-5330. All libldb users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2016:0010: samba4 security update (Moderate)oval-com.redhat.rhsa-def-20160010 mediumRHSA-2016:0010 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299 CVE-2015-5330 CVE-2015-7540
RHSA-2016:0010: samba4 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160010 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0010, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A denial of service flaw was found in the LDAP server provided by the AD DC in the Samba process daemon. A remote attacker could exploit this flaw by sending a specially crafted packet, which could cause the server to consume an excessive amount of memory and crash. (CVE-2015-7540) Multiple buffer over-read flaws were found in the way Samba handled malformed inputs in certain encodings. An authenticated, remote attacker could possibly use these flaws to disclose portions of the server memory. (CVE-2015-5330) A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. (CVE-2015-5296) A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights. (CVE-2015-5299) An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path. (CVE-2015-5252) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher of the Samba Team and Sernet.de as the original reporters of CVE-2015-5296, partha@exablox.com as the original reporter of CVE-2015-5299, Jan "Yenya" Kasprzak and the Computer Systems Unit team at Faculty of Informatics, Masaryk University as the original reporters of CVE-2015-5252 flaws, and Douglas Bagnall as the original reporter of CVE-2015-5330. All samba4 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the smb service will be restarted automatically. |
RHSA-2016:0011: samba security update (Moderate)oval-com.redhat.rhsa-def-20160011 mediumRHSA-2016:0011 CVE-2015-5252 CVE-2015-5296 CVE-2015-5299
RHSA-2016:0011: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160011 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0011, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A man-in-the-middle vulnerability was found in the way "connection signing" was implemented by Samba. A remote attacker could use this flaw to downgrade an existing Samba client connection and force the use of plain text. (CVE-2015-5296) A missing access control flaw was found in Samba. A remote, authenticated attacker could use this flaw to view the current snapshot on a Samba share, despite not having DIRECTORY_LIST access rights. (CVE-2015-5299) An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path. (CVE-2015-5252) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher of the Samba Team and Sernet.de as the original reporters of CVE-2015-5296, partha@exablox.com as the original reporter of CVE-2015-5299, Jan "Yenya" Kasprzak and the Computer Systems Unit team at Faculty of Informatics, Masaryk University as the original reporters of CVE-2015-5252. All samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2016:0012: gnutls security update (Moderate)oval-com.redhat.rhsa-def-20160012 mediumRHSA-2016:0012 CVE-2015-7575
RHSA-2016:0012: gnutls security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160012 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0012, CVE-2015-7575 |
| Description | The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) All gnutls users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted. |
RHSA-2016:0043: openssh security update (Moderate)oval-com.redhat.rhsa-def-20160043 mediumRHSA-2016:0043 CVE-2016-0777 CVE-2016-0778
RHSA-2016:0043: openssh security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160043 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0043, CVE-2016-0777, CVE-2016-0778 |
| Description | OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. An information leak flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to leak portions of memory (possibly including private SSH keys) of a successfully authenticated OpenSSH client. (CVE-2016-0777) A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options. (CVE-2016-0778) Red Hat would like to thank Qualys for reporting these issues. All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. |
RHSA-2016:0045: kernel security update (Important)oval-com.redhat.rhsa-def-20160045 highRHSA-2016:0045 CVE-2015-5364 CVE-2015-5366
RHSA-2016:0045: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160045 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0045, CVE-2015-5364, CVE-2015-5366 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * Two flaws were found in the way the Linux kernel's networking implementation handled UDP packets with incorrect checksum values. A remote attacker could potentially use these flaws to trigger an infinite loop in the kernel, resulting in a denial of service on the system, or cause a denial of service in applications using the edge triggered epoll functionality. (CVE-2015-5364, CVE-2015-5366, Important) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2016:0049: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20160049 highRHSA-2016:0049 CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494
RHSA-2016:0049: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160049 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0049, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2016:0050: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20160050 highRHSA-2016:0050 CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494
RHSA-2016:0050: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160050 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0050, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the password-based encryption (PBE) implementation in the Libraries component in OpenJDK used an incorrect key length. This could, in certain cases, lead to generation of keys that were weaker than expected. (CVE-2016-0475) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2016:0053: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20160053 highRHSA-2016:0053 CVE-2015-4871 CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494
RHSA-2016:0053: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160053 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0053, CVE-2015-4871, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2016:0054: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20160054 highRHSA-2016:0054 CVE-2015-4871 CVE-2015-7575 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494
RHSA-2016:0054: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160054 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0054, CVE-2015-4871, CVE-2015-7575, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to impersonate a TLS server or an authenticated TLS client. (CVE-2015-7575) Multiple flaws were discovered in the Libraries, Networking, and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2015-4871, CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2016:0055: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20160055 highRHSA-2016:0055 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0475 CVE-2016-0483 CVE-2016-0494
RHSA-2016:0055: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160055 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0055, CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0475, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.8.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 8 Update 71 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2016:0056: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20160056 highRHSA-2016:0056 CVE-2015-7575 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494
RHSA-2016:0056: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160056 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0056, CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-7575, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 95 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2016:0057: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20160057 highRHSA-2016:0057 CVE-2015-8126 CVE-2015-8472 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494
RHSA-2016:0057: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160057 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0057, CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes several vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2015-8126, CVE-2015-8472, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 111 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect. |
RHSA-2016:0063: ntp security update (Important)oval-com.redhat.rhsa-def-20160063 highRHSA-2016:0063 CVE-2015-8138
RHSA-2016:0063: ntp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160063 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0063, CVE-2015-8138 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source. It was discovered that ntpd as a client did not correctly check the originate timestamp in received packets. A remote attacker could use this flaw to send a crafted packet to an ntpd client that would effectively disable synchronization with the server, or push arbitrary offset/delay measurements to modify the time on the client. (CVE-2015-8138) All ntp users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. After installing the update, the ntpd daemon will restart automatically. |
RHSA-2016:0064: kernel security update (Important)oval-com.redhat.rhsa-def-20160064 highRHSA-2016:0064 CVE-2016-0728
RHSA-2016:0064: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160064 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0064, CVE-2016-0728 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2016-0728, Important) Red Hat would like to thank the Perception Point research team for reporting this issue. All kernel users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2016:0065: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20160065 highRHSA-2016:0065 CVE-2016-0728
RHSA-2016:0065: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160065 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0065, CVE-2016-0728 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * A use-after-free flaw was found in the way the Linux kernel's key management subsystem handled keyring object reference counting in certain error path of the join_session_keyring() function. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2016-0728, Important) Red Hat would like to thank the Perception Point research team for reporting this issue. All kernel-rt users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2016:0067: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20160067 highRHSA-2016:0067 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494
RHSA-2016:0067: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160067 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0067, CVE-2016-0402, CVE-2016-0448, CVE-2016-0466, CVE-2016-0483, CVE-2016-0494 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. An out-of-bounds write flaw was found in the JPEG image format decoder in the AWT component in OpenJDK. A specially crafted JPEG image could cause a Java application to crash or, possibly execute arbitrary code. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2016-0483) An integer signedness issue was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions. (CVE-2016-0494) It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory. (CVE-2016-0466) Multiple flaws were discovered in the Networking and JMX components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-0402, CVE-2016-0448) Note: This update also disallows the use of the MD5 hash algorithm in the certification path processing. The use of MD5 can be re-enabled by removing MD5 from the jdk.certpath.disabledAlgorithms security property defined in the java.security file. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. |
RHSA-2016:0071: firefox security update (Critical)oval-com.redhat.rhsa-def-20160071 highRHSA-2016:0071 CVE-2016-1930 CVE-2016-1935
RHSA-2016:0071: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160071 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0071, CVE-2016-1930, CVE-2016-1935 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1930, CVE-2016-1935) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.6.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2016:0073: bind security update (Moderate)oval-com.redhat.rhsa-def-20160073 mediumRHSA-2016:0073 CVE-2015-8704
RHSA-2016:0073: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160073 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0073, CVE-2015-8704 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) Red Hat would like to thank ISC for reporting this issue. All bind users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2016:0074: bind97 security update (Moderate)oval-com.redhat.rhsa-def-20160074 mediumRHSA-2016:0074 CVE-2015-8704
RHSA-2016:0074: bind97 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160074 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0074, CVE-2015-8704 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND processed certain malformed Address Prefix List (APL) records. A remote, authenticated attacker could use this flaw to cause named to crash. (CVE-2015-8704) Red Hat would like to thank ISC for reporting this issue. All bind97 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2016:0082: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20160082 highRHSA-2016:0082 CVE-2016-1714
RHSA-2016:0082: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160082 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0082, CVE-2016-1714 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-1714) Red Hat would like to thank Donghai Zhu of Alibaba for reporting this issue. All qemu-kvm users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2016:0083: qemu-kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20160083 highRHSA-2016:0083 CVE-2016-1714
RHSA-2016:0083: qemu-kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160083 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0083, CVE-2016-1714 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. An out-of-bounds read/write flaw was discovered in the way QEMU's Firmware Configuration device emulation processed certain firmware configurations. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-1714) Red Hat would like to thank Donghai Zhu of Alibaba for reporting this issue. This update also fixes the following bugs: * Incorrect handling of the last sector of an image file could trigger an assertion failure in qemu-img. This update changes the handling of the last sector, and no assertion failure occurs. (BZ#1298828) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2016:0152: sos security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20160152 mediumRHSA-2016:0152 CVE-2015-7529
RHSA-2016:0152: sos security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160152 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0152, CVE-2015-7529 |
| Description | The sos package contains a set of tools that gather information from system hardware, logs and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. (CVE-2015-7529) This issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bug: * Previously, when the hpasm plug-in ran the "hpasmcli" command in a Python Popen constructor or a system pipeline, the command would hang and eventually time out after 300 seconds. Sos was forced to wait for the time out to finish, unnecessarily prolonging its run time. With this update, the timeout of the "hpasmcli" command has been set to 0, eliminating the delay and speeding up sos completion time. (BZ#1291828) All sos users are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2016:0175: glibc security and bug fix update (Critical)oval-com.redhat.rhsa-def-20160175 highRHSA-2016:0175 CVE-2015-7547
RHSA-2016:0175: glibc security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160175 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0175, CVE-2015-7547 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) This issue was discovered by the Google Security Team and Red Hat. This update also fixes the following bugs: * The dynamic loader has been enhanced to allow the loading of more shared libraries that make use of static thread local storage. While static thread local storage is the fastest access mechanism it may also prevent the shared library from being loaded at all since the static storage space is a limited and shared process-global resource. Applications which would previously fail with "dlopen: cannot load any more object with static TLS" should now start up correctly. (BZ#1291270) * A bug in the POSIX realtime support would cause asynchronous I/O or certain timer API calls to fail and return errors in the presence of large thread-local storage data that exceeded PTHREAD_STACK_MIN in size (generally 16 KiB). The bug in librt has been corrected and the impacted APIs no longer return errors when large thread-local storage data is present in the application. (BZ#1301625) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2016:0176: glibc security and bug fix update (Critical)oval-com.redhat.rhsa-def-20160176 highRHSA-2016:0176 CVE-2015-5229 CVE-2015-7547
RHSA-2016:0176: glibc security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160176 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0176, CVE-2015-5229, CVE-2015-7547 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: this issue is only exposed when libresolv is called from the nss_dns NSS service module. (CVE-2015-7547) It was discovered that the calloc implementation in glibc could return memory areas which contain non-zero bytes. This could result in unexpected application behavior such as hangs or crashes. (CVE-2015-5229) The CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat. Red Hat would like to thank Jeff Layton for reporting the CVE-2015-5229 issue. This update also fixes the following bugs: * The existing implementation of the "free" function causes all memory pools beyond the first to return freed memory directly to the operating system as quickly as possible. This can result in performance degradation when the rate of free calls is very high. The first memory pool (the main pool) does provide a method to rate limit the returns via M_TRIM_THRESHOLD, but this method is not available to subsequent memory pools. With this update, the M_TRIM_THRESHOLD method is extended to apply to all memory pools, which improves performance for threads with very high amounts of free calls and limits the number of "madvise" system calls. The change also increases the total transient memory usage by processes because the trim threshold must be reached before memory can be freed. To return to the previous behavior, you can either set M_TRIM_THRESHOLD using the "mallopt" function, or set the MALLOC_TRIM_THRESHOLD environment variable to 0. (BZ#1298930) * On the little-endian variant of 64-bit IBM Power Systems (ppc64le), a bug in the dynamic loader could cause applications compiled with profiling enabled to fail to start with the error "monstartup: out of memory". The bug has been corrected and applications compiled for profiling now start correctly. (BZ#1298956) All glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2016:0185: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20160185 highRHSA-2016:0185 CVE-2015-5157 CVE-2015-7872
RHSA-2016:0185: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160185 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0185, CVE-2015-5157, CVE-2015-7872 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-7872, Important) * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system. (CVE-2015-5157, Moderate) This update also fixes the following bugs: * Previously, processing packets with a lot of different IPv6 source addresses caused the kernel to return warnings concerning soft-lockups due to high lock contention and latency increase. With this update, lock contention is reduced by backing off concurrent waiting threads on the lock. As a result, the kernel no longer issues warnings in the described scenario. (BZ#1285370) * Prior to this update, block device readahead was artificially limited. As a consequence, the read performance was poor, especially on RAID devices. Now, per-device readahead limits are used for each device instead of a global limit. As a result, read performance has improved, especially on RAID devices. (BZ#1287550) * After injecting an EEH error, the host was previously not recovering and observing I/O hangs in HTX tool logs. This update makes sure that when one or both of EEH_STATE_MMIO_ACTIVE and EEH_STATE_MMIO_ENABLED flags is marked in the PE state, the PE's IO path is regarded as enabled as well. As a result, the host no longer hangs and recovers as expected. (BZ#1289101) * The genwqe device driver was previously using the GFP_ATOMIC flag for allocating consecutive memory pages from the kernel's atomic memory pool, even in non-atomic situations. This could lead to allocation failures during memory pressure. With this update, the genwqe driver's memory allocations use the GFP_KERNEL flag, and the driver can allocate memory even during memory pressure situations. (BZ#1289450) * The nx842 co-processor for IBM Power Systems could in some circumstances provide invalid data due to a data corruption bug during uncompression. With this update, all compression and uncompression calls to the nx842 co-processor contain a cyclic redundancy check (CRC) flag, which forces all compression and uncompression operations to check data integrity and prevents the co-processor from providing corrupted data. (BZ#1289451) * A failed "updatepp" operation on the little-endian variant of IBM Power Systems could previously cause a wrong hash value to be used for the next hash insert operation in the page table. This could result in a missing hash pte update or invalidate operation, potentially causing memory corruption. With this update, the hash value is always recalculated after a failed "updatepp" operation, avoiding memory corruption. (BZ#1289452) * Large Receive Offload (LRO) flag disabling was not being propagated downwards from above devices in vlan and bond hierarchy, breaking the flow of traffic. This problem has been fixed and LRO flags now propagate correctly. (BZ#1292072) * Due to rounding errors in the CPU frequency of the intel_pstate driver, the CPU frequency never reached the value requested by the user. A kernel patch has been applied to fix these rounding errors. (BZ#1296276) * When running several containers (up to 100), reports of hung tasks were previously reported. This update fixes the AB-BA deadlock in the dm_destroy() function, and the hung reports no longer occur. (BZ#1296566) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2016:0188: sos security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20160188 mediumRHSA-2016:0188 CVE-2015-7529
RHSA-2016:0188: sos security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160188 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0188, CVE-2015-7529 |
| Description | The sos package contains a set of utilities that gather information from system hardware, logs, and configuration files. The information can then be used for diagnostic purposes and debugging. An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the system. (CVE-2015-7529) This issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bug: * Previously, the sosreport tool was not collecting the /var/lib/ceph and /var/run/ceph directories when run with the ceph plug-in enabled, causing the generated sosreport archive to miss vital troubleshooting information about ceph. With this update, the ceph plug-in for sosreport collects these directories, and the generated report contains more useful information. (BZ#1291347) All users of sos are advised to upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2016:0189: polkit security update (Moderate)oval-com.redhat.rhsa-def-20160189 mediumRHSA-2016:0189 CVE-2015-3256
RHSA-2016:0189: polkit security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160189 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0189, CVE-2015-3256 |
| Description | PolicyKit is a toolkit for defining and handling authorizations. A denial of service flaw was found in how polkit handled authorization requests. A local, unprivileged user could send malicious requests to polkit, which could then cause the polkit daemon to corrupt its memory and crash. (CVE-2015-3256) All polkit users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect. |
RHSA-2016:0197: firefox security update (Critical)oval-com.redhat.rhsa-def-20160197 highRHSA-2016:0197 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1969
RHSA-2016:0197: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0197, CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1969 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523) All Firefox users should upgrade to these updated packages, which contain Firefox version 38.6.1 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2016:0204: 389-ds-base security and bug fix update (Important)oval-com.redhat.rhsa-def-20160204 highRHSA-2016:0204 CVE-2016-0741
RHSA-2016:0204: 389-ds-base security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160204 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0204, CVE-2016-0741 |
| Description | The 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. An infinite-loop vulnerability was discovered in the 389 directory server, where the server failed to correctly handle unexpectedly closed client connections. A remote attacker able to connect to the server could use this flaw to make the directory server consume an excessive amount of CPU and stop accepting connections (denial of service). (CVE-2016-0741) This update fixes the following bugs: * Previously, if a simple paged results search failed in the back end, the simple paged results slot was not released. Consequently, the simple paged results slots in a connection object could be accumulated. With this update, the simple paged results slot is released correctly when a search fails, and unused simple paged results slots are no longer left in a connection object. (BZ#1290725) * Previously, when several values of the same attribute were deleted using the ldapmodify command, and at least one of them was added again during the same operation, the equality index was not updated. As a consequence, an exact search for the re-added attribute value did not return the entry. The logic of the index code has been modified to update the index if at least one of the values in the entry changes, and the exact search for the re-added attribute value now returns the correct entry. (BZ#1290726) * Prior to this update, when the cleanAllRUV task was running, a bogus attrlist_replace error message was logged repeatedly due to a memory corruption. With this update, the appropriate memory copy function memmove is used, which fixes the memory corruption. As a result, the error messages are no longer logged in this scenario. (BZ#1295684) * To fix a simple paged results bug, an exclusive lock on a connection was previously added. This consequently caused a self deadlock in a particular case. With this update, the exclusive lock on a connection has been changed to the re-entrant type, and the self deadlock no longer occurs. (BZ#1298105) * Previously, an unnecessary lock was sometimes acquired on a connection object, which could consequently cause a deadlock. A patch has been applied to remove the unnecessary locking, and the deadlock no longer occurs. (BZ#1299346) Users of 389-ds-base are advised to upgrade to these updated packages, which correct these issues. After installing this update, the 389 server service will be restarted automatically. |
RHSA-2016:0212: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20160212 highRHSA-2016:0212 CVE-2015-5157 CVE-2015-7872
RHSA-2016:0212: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160212 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0212, CVE-2015-5157, CVE-2015-7872 |
| Description | The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's keys subsystem did not correctly garbage collect uninstantiated keyrings. A local attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-7872, Important) * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system. (CVE-2015-5157, Moderate) The kernel-rt packages have been upgraded to version 3.10.0-327.10.1, which provides a number of bug fixes and enhancements, including: * [md] dm: fix AB-BA deadlock in __dm_destroy() * [md] revert "dm-mpath: fix stalls when handling invalid ioctl * [cpufreq] intel_pstate: Fix limits->max_perf and limits->max_policy_pct rounding errors * [cpufreq] revert "intel_pstate: fix rounding error in max_freq_pct" * [crypto] nx: 842 - Add CRC and validation support * [of] return NUMA_NO_NODE from fallback of_node_to_nid() (BZ#1282591) This update also fixes the following bugs: * Because the realtime kernel replaces most of the spinlocks with rtmutexes, the locking scheme used in both NAPI polling and busy polling could become out of synchronization with the State Machine they protected. This could cause system performance degradation or even a livelock situation when a machine with faster NICs (10g or 40g) was subject to a heavy pressure receiving network packets. The locking schemes on NAPI polling and busy polling routines have been hardened to enforce the State machine sanity to help ensure the system continues to function properly under pressure. (BZ#1293230) * A possible livelock in the NAPI polling and busy polling routines could lead the system to a livelock on threads running at high, realtime, priorities. The threads running at priorities lower than the ones of the threads involved in the livelock were prevented from running on the CPUs affected by the livelock. Among those lower priority threads are the rcuc/ threads. With this update, right before (4 jiffies) a RCU stall is detected, the rcuc/ threads on the CPUs facing the livelock have their priorities boosted above the priority of the threads involved in the livelock. The softirq code has also been updated to be more robust. These modifications allow the rcuc/ threads to execute even under system pressure, mitigating the RCU stalls. (BZ#1293229) * Multiple CPUs trying to take an rq lock previously caused large latencies on machines with many CPUs. On systems with more than 32 cores, this update uses the "push" rather than "pull" approach and provides multiple changes to the scheduling of rq locks. As a result, machines no longer suffer from multiplied latencies on large CPU systems. (BZ#1282597) * Previously, the SFC driver for 10 GB cards executed polling in NAPI mode, using a locking mechanism similar to a "trylock". Consequently, when running on a Realtime kernel, a livelock could occur. This update modifies the locking mechanism so that once the lock is taken it is not released until the operation is complete. (BZ#1282609) All kernel-rt users are advised to upgrade to these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect. |
RHSA-2016:0258: thunderbird security update (Important)oval-com.redhat.rhsa-def-20160258 highRHSA-2016:0258 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1930 CVE-2016-1935
RHSA-2016:0258: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160258 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0258, CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1930, CVE-2016-1935 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1930, CVE-2016-1935) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christian Holler, Nils Ohlmeier, Gary Kwong, Jesse Ruderman, Carsten Book, Randell Jesup, and Aki Helin as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.6.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.6.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2016:0301: openssl security update (Important)oval-com.redhat.rhsa-def-20160301 highRHSA-2016:0301 CVE-2015-3197 CVE-2016-0702 CVE-2016-0705 CVE-2016-0797 CVE-2016-0800
RHSA-2016:0301: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160301 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0301, CVE-2015-3197, CVE-2016-0702, CVE-2016-0705, CVE-2016-0797, CVE-2016-0800 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to recover RSA private keys. (CVE-2016-0702) A double-free flaw was found in the way OpenSSL parsed certain malformed DSA (Digital Signature Algorithm) private keys. An attacker could create specially crafted DSA private keys that, when processed by an application compiled against OpenSSL, could cause the application to crash. (CVE-2016-0705) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; Adam Langley (Google/BoringSSL) as the original reporter of CVE-2016-0705; Yuval Yarom (University of Adelaide and NICTA), Daniel Genkin (Technion and Tel Aviv University), Nadia Heninger (University of Pennsylvania) as the original reporters of CVE-2016-0702; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2016:0302: openssl security update (Important)oval-com.redhat.rhsa-def-20160302 highRHSA-2016:0302 CVE-2015-3197 CVE-2016-0797 CVE-2016-0800
RHSA-2016:0302: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160302 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0302, CVE-2015-3197, CVE-2016-0797, CVE-2016-0800 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. It is possible to re-enable the SSLv2 protocol in the 'SSLv23' connection methods by default by setting the OPENSSL_ENABLE_SSL2 environment variable before starting an application that needs to have SSLv2 enabled. For more information, refer to the knowledge base article linked to in the References section. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) An integer overflow flaw, leading to a NULL pointer dereference or a heap-based memory corruption, was found in the way some BIGNUM functions of OpenSSL were implemented. Applications that use these functions with large untrusted input could crash or, potentially, execute arbitrary code. (CVE-2016-0797) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; and Guido Vranken as the original reporter of CVE-2016-0797. All openssl users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. |
RHSA-2016:0346: postgresql security update (Important)oval-com.redhat.rhsa-def-20160346 highRHSA-2016:0346 CVE-2016-0773
RHSA-2016:0346: postgresql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160346 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0346, CVE-2016-0773 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. This update upgrades PostgreSQL to version 9.2.15. Refer to the Release Notes linked to in the References section for a detailed list of changes since the previous version. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2016:0347: postgresql security update (Important)oval-com.redhat.rhsa-def-20160347 highRHSA-2016:0347 CVE-2016-0773
RHSA-2016:0347: postgresql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160347 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0347, CVE-2016-0773 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). An integer overflow flaw, leading to a heap-based buffer overflow, was found in the PostgreSQL handling code for regular expressions. A remote attacker could use a specially crafted regular expression to cause PostgreSQL to crash or possibly execute arbitrary code. (CVE-2016-0773) Red Hat would like to thank PostgreSQL upstream for reporting this issue. Upstream acknowledges Tom Lane and Greg Stark as the original reporters. All PostgreSQL users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update. |
RHSA-2016:0370: nss-util security update (Critical)oval-com.redhat.rhsa-def-20160370 highRHSA-2016:0370 CVE-2016-1950
RHSA-2016:0370: nss-util security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160370 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0370, CVE-2016-1950 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util library must be restarted, or the system rebooted. |
RHSA-2016:0371: nss security update (Critical)oval-com.redhat.rhsa-def-20160371 highRHSA-2016:0371 CVE-2016-1950
RHSA-2016:0371: nss security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160371 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0371, CVE-2016-1950 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss library must be restarted, or the system rebooted. |
RHSA-2016:0372: openssl098e security update (Important)oval-com.redhat.rhsa-def-20160372 highRHSA-2016:0372 CVE-2015-0293 CVE-2015-3197 CVE-2016-0703 CVE-2016-0704 CVE-2016-0800
RHSA-2016:0372: openssl098e security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160372 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0372, CVE-2015-0293, CVE-2015-3197, CVE-2016-0703, CVE-2016-0704, CVE-2016-0800 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. (CVE-2016-0800) Note: This issue was addressed by disabling the SSLv2 protocol by default when using the 'SSLv23' connection methods, and removing support for weak SSLv2 cipher suites. For more information, refer to the knowledge base article linked to in the References section. It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle.(CVE-2016-0703) It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle. (CVE-2016-0704) Note: The CVE-2016-0703 and CVE-2016-0704 issues could allow for more efficient exploitation of the CVE-2016-0800 issue via the DROWN attack. A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled. (CVE-2015-0293) A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that have been disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. (CVE-2015-3197) Red Hat would like to thank the OpenSSL project for reporting these issues. Upstream acknowledges Nimrod Aviram and Sebastian Schinzel as the original reporters of CVE-2016-0800 and CVE-2015-3197; David Adrian (University of Michigan) and J. Alex Halderman (University of Michigan) as the original reporters of CVE-2016-0703 and CVE-2016-0704; and Sean Burford (Google) and Emilia Käsper (OpenSSL development team) as the original reporters of CVE-2015-0293. All openssl098e users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. For the update to take effect, all services linked to the openssl098e library must be restarted, or the system rebooted. |
RHSA-2016:0373: firefox security update (Critical)oval-com.redhat.rhsa-def-20160373 highRHSA-2016:0373 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1973 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802
RHSA-2016:0373: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160373 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0373, CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1973, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802 |
| Description | Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973, CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, Abdulrahman Alqabandi, ca0nguyen, lokihardt, Dominique Hazaël-Massieux, Nicolas Grégoire, Tsubasa Iinuma, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. All Firefox users should upgrade to these updated packages, which contain Firefox version 38.7.0 ESR, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect. |
RHSA-2016:0428: libssh2 security update (Moderate)oval-com.redhat.rhsa-def-20160428 mediumRHSA-2016:0428 CVE-2016-0787
RHSA-2016:0428: libssh2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160428 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0428, CVE-2016-0787 |
| Description | The libssh2 packages provide a library that implements the SSHv2 protocol. A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters. (CVE-2016-0787) Red Hat would like to thank Aris Adamantiadis for reporting this issue. All libssh2 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect. |
RHSA-2016:0430: xerces-c security update (Important)oval-com.redhat.rhsa-def-20160430 highRHSA-2016:0430 CVE-2016-0729
RHSA-2016:0430: xerces-c security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160430 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0430, CVE-2016-0729 |
| Description | Xerces-C is a validating XML parser written in a portable subset of C++. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2016-0729) Red Hat would like to thank Gustavo Grieco for reporting this issue. All xerces-c users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using Xerces-C must be restarted for the update to take effect. |
RHSA-2016:0448: samba security update (Moderate)oval-com.redhat.rhsa-def-20160448 mediumRHSA-2016:0448 CVE-2015-7560
RHSA-2016:0448: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160448 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0448, CVE-2015-7560 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2016:0449: samba4 security update (Moderate)oval-com.redhat.rhsa-def-20160449 mediumRHSA-2016:0449 CVE-2015-7560
RHSA-2016:0449: samba4 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160449 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0449, CVE-2015-7560 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled ACLs on symbolic links. An authenticated user could use this flaw to gain access to an arbitrary file or directory by overwriting its ACL. (CVE-2015-7560) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jeremy Allison (Google) and the Samba team as the original reporters. All samba4 users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the smb service will be restarted automatically. |
RHSA-2016:0450: kernel security update (Important)oval-com.redhat.rhsa-def-20160450 highRHSA-2016:0450 CVE-2013-2596 CVE-2015-2151
RHSA-2016:0450: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160450 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0450, CVE-2013-2596, CVE-2015-2151 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * It was found that the Xen hypervisor x86 CPU emulator implementation did not correctly handle certain instructions with segment overrides, potentially resulting in a memory corruption. A malicious guest user could use this flaw to read arbitrary data relating to other guests, cause a denial of service on the host, or potentially escalate their privileges on the host. (CVE-2015-2151, Important) This update also fixes the following bugs: * Previously, the CPU power of a CPU group could be zero. As a consequence, a kernel panic occurred at "find_busiest_group+570" with do_divide_error. The provided patch ensures that the division is only performed if the CPU power is not zero, and the aforementioned panic no longer occurs. (BZ#1209728) * Prior to this update, a bug occurred when performing an online resize of an ext4 file system which had been previously converted from ext3. As a consequence, the kernel crashed. The provided patch fixes online resizing for such file systems by limiting the blockgroup search loop for non-extent files, and the mentioned kernel crash no longer occurs. (BZ#1301100) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect. |
RHSA-2016:0458: bind97 security update (Important)oval-com.redhat.rhsa-def-20160458 highRHSA-2016:0458 CVE-2016-1285 CVE-2016-1286
RHSA-2016:0458: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160458 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0458, CVE-2016-1285, CVE-2016-1286 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. (CVE-2016-1286) A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. (CVE-2016-1285) Red Hat would like to thank ISC for reporting these issues. All bind97 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2016:0459: bind security update (Important)oval-com.redhat.rhsa-def-20160459 highRHSA-2016:0459 CVE-2016-1285 CVE-2016-1286
RHSA-2016:0459: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0459, CVE-2016-1285, CVE-2016-1286 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. A denial of service flaw was found in the way BIND parsed signature records for DNAME records. By sending a specially crafted query, a remote attacker could use this flaw to cause named to crash. (CVE-2016-1286) A denial of service flaw was found in the way BIND processed certain control channel input. A remote attacker able to send a malformed packet to the control channel could use this flaw to cause named to crash. (CVE-2016-1285) Red Hat would like to thank ISC for reporting these issues. All bind users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, the BIND daemon (named) will be restarted automatically. |
RHSA-2016:0460: thunderbird security update (Important)oval-com.redhat.rhsa-def-20160460 highRHSA-2016:0460 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1960 CVE-2016-1961 CVE-2016-1964 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802
RHSA-2016:0460: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160460 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0460, CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1964, CVE-2016-1966, CVE-2016-1974, CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957, CVE-2016-1960, CVE-2016-1961, CVE-2016-1974, CVE-2016-1964, CVE-2016-1966) Multiple security flaws were found in the graphite2 font library shipped with Thunderbird. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Nicolas Golubovic, Jose Martinez, Romina Santillan, ca0nguyen, lokihardt, Nicolas Grégoire, the Communications Electronics Security Group (UK) of the GCHQ, Holger Fuhrmannek, Ronald Crane, and Tyson Smith as the original reporters of these issues. For technical details regarding these flaws, refer to the Mozilla security advisories for Thunderbird 38.7.0. You can find a link to the Mozilla advisories in the References section of this erratum. All Thunderbird users should upgrade to this updated package, which contains Thunderbird version 38.7.0, which corrects these issues. After installing the update, Thunderbird must be restarted for the changes to take effect. |
RHSA-2016:0465: openssh security update (Moderate)oval-com.redhat.rhsa-def-20160465 mediumRHSA-2016:0465 CVE-2016-1908 CVE-2016-3115
RHSA-2016:0465: openssh security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160465 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0465, CVE-2016-1908, CVE-2016-3115 |
| Description | OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115) An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. |
RHSA-2016:0466: openssh security update (Moderate)oval-com.redhat.rhsa-def-20160466 mediumRHSA-2016:0466 CVE-2015-5600 CVE-2016-3115
RHSA-2016:0466: openssh security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160466 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0466, CVE-2015-5600, CVE-2016-3115 |
| Description | OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. It was discovered that the OpenSSH server did not sanitize data received in requests to enable X11 forwarding. An authenticated client with restricted SSH access could possibly use this flaw to bypass intended restrictions. (CVE-2016-3115) It was discovered that the OpenSSH sshd daemon did not check the list of keyboard-interactive authentication methods for duplicates. A remote attacker could use this flaw to bypass the MaxAuthTries limit, making it easier to perform password guessing attacks. (CVE-2015-5600) All openssh users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. |
RHSA-2016:0491: foomatic security update (Moderate)oval-com.redhat.rhsa-def-20160491 mediumRHSA-2016:0491 CVE-2010-5325 CVE-2015-8327 CVE-2015-8560
RHSA-2016:0491: foomatic security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160491 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0491, CVE-2010-5325, CVE-2015-8327, CVE-2015-8560 |
| Description | Foomatic is a comprehensive, spooler-independent database of printers, printer drivers, and driver descriptions. The package also includes spooler-independent command line interfaces to manipulate queues and to print files and manipulate print jobs. It was discovered that the unhtmlify() function of foomatic-rip did not correctly calculate buffer sizes, possibly leading to a heap-based memory corruption. A malicious attacker could exploit this flaw to cause foomatic-rip to crash or, possibly, execute arbitrary code. (CVE-2010-5325) It was discovered that foomatic-rip failed to remove all shell special characters from inputs used to construct command lines for external programs run by the filter. An attacker could possibly use this flaw to execute arbitrary commands. (CVE-2015-8327, CVE-2015-8560) All foomatic users should upgrade to this updated package, which contains backported patches to correct these issues. |
RHSA-2016:0492: tomcat6 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20160492 mediumRHSA-2016:0492 CVE-2014-7810
RHSA-2016:0492: tomcat6 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160492 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0492, CVE-2014-7810 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) This update also fixes the following bug: * Previously, using a New I/O (NIO) connector in the Apache Tomcat 6 servlet resulted in a large memory leak. An upstream patch has been applied to fix this bug, and the memory leak no longer occurs. (BZ#1301646) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect. |
RHSA-2016:0493: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20160493 mediumRHSA-2016:0493 CVE-2015-8629 CVE-2015-8631
RHSA-2016:0493: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160493 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0493, CVE-2015-8629, CVE-2015-8631 |
| Description | Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, running Kerberos services (krb5kdc, kadmin, and kprop) will be restarted automatically. |
RHSA-2016:0494: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20160494 mediumRHSA-2016:0494 CVE-2016-0774
RHSA-2016:0494: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160494 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0494, CVE-2016-0774 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space. (CVE-2016-0774, Moderate) The security impact of this issue was discovered by Red Hat. This update also fixes the following bugs: * In the anon_vma structure, the degree counts number of child anon_vmas and of VMAs which points to this anon_vma. Failure to decrement the parent's degree in the unlink_anon_vma() function, when its list was empty, previously triggered a BUG_ON() assertion. The provided patch makes sure the anon_vma degree is always decremented when the VMA list is empty, thus fixing this bug. (BZ#1318364) * When running Internet Protocol Security (IPSEC) on external storage encrypted with LUKS under a substantial load on the system, data corruptions could previously occur. A set of upstream patches has been provided, and data corruption is no longer reported in this situation. (BZ#1298994) * Due to prematurely decremented calc_load_task, the calculated load average was off by up to the number of CPUs in the machine. As a consequence, job scheduling worked improperly causing a drop in the system performance. This update keeps the delta of the CPU going into NO_HZ idle separately, and folds the pending idle delta into the global active count while correctly aging the averages for the idle-duration when leaving NO_HZ mode. Now, job scheduling works correctly, ensuring balanced CPU load. (BZ#1300349) * Due to a regression in the Red Hat Enterprise Linux 6.7 kernel, the cgroup OOM notifier accessed a cgroup-specific internal data structure without a proper locking protection, which led to a kernel panic. This update adjusts the cgroup OOM notifier to lock internal data properly, thus fixing the bug. (BZ#1302763) * GFS2 had a rare timing window that sometimes caused it to reference an uninitialized variable. Consequently, a kernel panic occurred. The code has been changed to reference the correct value during this timing window, and the kernel no longer panics. (BZ#1304332) * Due to a race condition whereby a cache operation could be submitted after a cache object was killed, the kernel occasionally crashed on systems running the cachefilesd service. The provided patch prevents the race condition by adding serialization in the code that makes the object unavailable. As a result, all subsequent operations targetted on the object are rejected and the kernel no longer crashes in this scenario. (BZ#1308471) This update also adds this enhancement: * The lpfc driver has been updated to version 11.0.0.4. (BZ#1297838) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. |
RHSA-2016:0496: git security update (Important)oval-com.redhat.rhsa-def-20160496 highRHSA-2016:0496 CVE-2016-2315 CVE-2016-2324
RHSA-2016:0496: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160496 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0496, CVE-2016-2315, CVE-2016-2324 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. An integer truncation flaw and an integer overflow flaw, both leading to a heap-based buffer overflow, were found in the way Git processed certain path information. A remote attacker could create a specially crafted Git repository that would cause a Git client or server to crash or, possibly, execute arbitrary code. (CVE-2016-2315, CVE-2016-2324) All git users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. |
RHSA-2016:0511: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20160511 highRHSA-2016:0511 CVE-2016-0636
RHSA-2016:0511: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160511 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0511, CVE-2016-0636 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es): * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636) |
RHSA-2016:0512: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20160512 highRHSA-2016:0512 CVE-2016-0636
RHSA-2016:0512: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0512, CVE-2016-0636 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit for compiling and executing Java programs. Security Fix(es): * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636) |
RHSA-2016:0513: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20160513 highRHSA-2016:0513 CVE-2016-0636
RHSA-2016:0513: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160513 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0513, CVE-2016-0636 |
| Description | The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es): * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636) |
RHSA-2016:0514: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20160514 highRHSA-2016:0514 CVE-2016-0636
RHSA-2016:0514: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160514 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0514, CVE-2016-0636 |
| Description | The java-1.8.0-openjdk packages contain the latest version of the Open Java Development Kit (OpenJDK), OpenJDK 8. These packages provide a fully compliant implementation of Java SE 8. Security Fix(es): * An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. (CVE-2016-0636) |
RHSA-2016:0515: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20160515 highRHSA-2016:0515 CVE-2016-0636
RHSA-2016:0515: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160515 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0515, CVE-2016-0636 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 7 Update 99. Security Fix(es): This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636) |
RHSA-2016:0516: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20160516 highRHSA-2016:0516 CVE-2016-0636
RHSA-2016:0516: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160516 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0516, CVE-2016-0636 |
| Description | The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update provides Oracle Java 8 Update 77. Security Fix(es): This update fixes one vulnerability in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about this flaw can be found on the Oracle Security Alert page listed in the References section. (CVE-2016-0636) |
RHSA-2016:0532: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20160532 mediumRHSA-2016:0532 CVE-2015-8629 CVE-2015-8630 CVE-2015-8631
RHSA-2016:0532: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160532 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0532, CVE-2015-8629, CVE-2015-8630, CVE-2015-8631 |
| Description | Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * A memory leak flaw was found in the krb5_unparse_name() function of the MIT Kerberos kadmind service. An authenticated attacker could repeatedly send specially crafted requests to the server, which could cause the server to consume large amounts of memory resources, ultimately leading to a denial of service due to memory exhaustion. (CVE-2015-8631) * An out-of-bounds read flaw was found in the kadmind service of MIT Kerberos. An authenticated attacker could send a maliciously crafted message to force kadmind to read beyond the end of allocated memory, and write the memory contents to the KDC database if the attacker has write permission, leading to information disclosure. (CVE-2015-8629) * A NULL pointer dereference flaw was found in the procedure used by the MIT Kerberos kadmind service to store policies: the kadm5_create_principal_3() and kadm5_modify_principal() function did not ensure that a policy was given when KADM5_POLICY was set. An authenticated attacker with permissions to modify the database could use this flaw to add or modify a principal with a policy set to NULL, causing the kadmind service to crash. (CVE-2015-8630) The CVE-2015-8631 issue was discovered by Simo Sorce of Red Hat. |
RHSA-2016:0534: mariadb security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20160534 mediumRHSA-2016:0534 CVE-2015-4792 CVE-2015-4802 CVE-2015-4815 CVE-2015-4816 CVE-2015-4819 CVE-2015-4826 CVE-2015-4830 CVE-2015-4836 CVE-2015-4858 CVE-2015-4861 CVE-2015-4870 CVE-2015-4879 CVE-2015-4913 CVE-2016-0505 CVE-2016-0546 CVE-2016-0596 CVE-2016-0597 CVE-2016-0598 CVE-2016-0600 CVE-2016-0606 CVE-2016-0608 CVE-2016-0609 CVE-2016-0616 CVE-2016-0642 CVE-2016-0651 CVE-2016-2047 CVE-2016-3471
RHSA-2016:0534: mariadb security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160534 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0534, CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616, CVE-2016-0642, CVE-2016-0651, CVE-2016-2047, CVE-2016-3471 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: MariaDB (5.5.47). Refer to the MariaDB Release Notes listed in the References section for a complete list of changes. Security Fix(es): * It was found that the MariaDB client library did not properly check host names against server identities noted in the X.509 certificates when establishing secure connections using TLS/SSL. A man-in-the-middle attacker could possibly use this flaw to impersonate a server to a client. (CVE-2016-2047) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2015-4792, CVE-2015-4802, CVE-2015-4815, CVE-2015-4816, CVE-2015-4819, CVE-2015-4826, CVE-2015-4830, CVE-2015-4836, CVE-2015-4858, CVE-2015-4861, CVE-2015-4870, CVE-2015-4879, CVE-2015-4913, CVE-2016-0505, CVE-2016-0546, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0600, CVE-2016-0606, CVE-2016-0608, CVE-2016-0609, CVE-2016-0616) Bug Fix(es): * When more than one INSERT operation was executed concurrently on a non-empty InnoDB table with an AUTO_INCREMENT column defined as a primary key immediately after starting MariaDB, a race condition could occur. As a consequence, one of the concurrent INSERT operations failed with a "Duplicate key" error message. A patch has been applied to prevent the race condition. Now, each row inserted as a result of the concurrent INSERT operations receives a unique primary key, and the operations no longer fail in this scenario. (BZ#1303946) |
RHSA-2016:0561: Red Hat Enterprise Linux 5 One-Year Retirement Notice (Low)oval-com.redhat.rhsa-def-20160561 lowRHSA-2016:0561
RHSA-2016:0561: Red Hat Enterprise Linux 5 One-Year Retirement Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20160561 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:0561 |
| Description | In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected urgent priority bug fixes for RHEL 5.11 (the final RHEL 5 release). On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released (RHEL 4, RHEL 5, etc.) content. In addition, limited technical support will be available through Red Hat's Global Support Services as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (search for "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical impact security fixes and selected urgent priority bug fixes for RHEL 5.11. RHEL 5 ELS coverage will conclude on November 30, 2020. Note that the RHEL 5 ELS Add-On is available for the x86 (32- and 64-bit) architecture only. The RHEL 5 ELS Add-On is not available for the Itanium architecture. To take advantage of a more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/site/support/policy/updates/errata/ |
RHSA-2016:0591: nss, nss-util, and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20160591 mediumRHSA-2016:0591 CVE-2016-1978 CVE-2016-1979
RHSA-2016:0591: nss, nss-util, and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160591 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0591, CVE-2016-1978, CVE-2016-1979 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nss-util 3.21.0, nspr 4.11.0. (BZ#1300629, BZ#1299874, BZ#1299861) Security Fix(es): * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla Project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. |
RHSA-2016:0594: graphite2 security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20160594 highRHSA-2016:0594 CVE-2016-1521 CVE-2016-1522 CVE-2016-1523 CVE-2016-1526
RHSA-2016:0594: graphite2 security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160594 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0594, CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526 |
| Description | Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2 (1.3.6). Security Fix(es): * Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to cause the application to crash or, potentially, execute arbitrary code with the privileges of the application. (CVE-2016-1521, CVE-2016-1522, CVE-2016-1523, CVE-2016-1526) |
RHSA-2016:0611: samba security update (Critical)oval-com.redhat.rhsa-def-20160611 highRHSA-2016:0611 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118
RHSA-2016:0611: samba security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160611 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0611, CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115. |
RHSA-2016:0612: samba and samba4 security, bug fix, and enhancement update (Critical)oval-com.redhat.rhsa-def-20160612 highRHSA-2016:0612 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118
RHSA-2016:0612: samba and samba4 security, bug fix, and enhancement update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160612 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0612, CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a newer upstream version: Samba (4.2.10). Refer to the Release Notes listed in the References section for a complete list of changes. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not validate SSL/TLS certificates in certain connections. A man-in-the-middle attacker could use this flaw to spoof a Samba server using a specially crafted SSL/TLS certificate. (CVE-2016-2113) * It was discovered that Samba did not enforce Server Message Block (SMB) signing for clients using the SMB1 protocol. A man-in-the-middle attacker could use this flaw to modify traffic between a client and a server. (CVE-2016-2114) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, and CVE-2016-2115. |
RHSA-2016:0613: samba3x security update (Critical)oval-com.redhat.rhsa-def-20160613 highRHSA-2016:0613 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112 CVE-2016-2115 CVE-2016-2118
RHSA-2016:0613: samba3x security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160613 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0613, CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). (CVE-2015-5370) Note: While Samba packages as shipped in Red Hat Enterprise Linux do not support running Samba as an AD DC, this flaw applies to all roles Samba implements. * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) * It was found that Samba's LDAP implementation did not enforce integrity protection for LDAP connections. A man-in-the-middle attacker could use this flaw to downgrade LDAP connections to use no integrity protection, allowing them to hijack such connections. (CVE-2016-2112) * It was found that Samba did not enable integrity protection for IPC traffic by default. A man-in-the-middle attacker could use this flaw to view and modify the data sent between a Samba server and a client. (CVE-2016-2115) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Jouni Knuutinen (Synopsis) as the original reporter of CVE-2015-5370; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118, CVE-2016-2110, CVE-2016-2112, and CVE-2016-2115. |
RHSA-2016:0621: samba security update (Important)oval-com.redhat.rhsa-def-20160621 highRHSA-2016:0621 CVE-2016-2110 CVE-2016-2111 CVE-2016-2118
RHSA-2016:0621: samba security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160621 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0621, CVE-2016-2110, CVE-2016-2111, CVE-2016-2118 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. (CVE-2016-2118) * Several flaws were found in Samba's implementation of NTLMSSP authentication. An unauthenticated, man-in-the-middle attacker could use this flaw to clear the encryption and integrity flags of a connection, causing data to be transmitted in plain text. The attacker could also force the client or server into sending data in plain text even if encryption was explicitly requested for that connection. (CVE-2016-2110) * It was discovered that Samba configured as a Domain Controller would establish a secure communication channel with a machine using a spoofed computer name. A remote attacker able to observe network traffic could use this flaw to obtain session-related information about the spoofed machine. (CVE-2016-2111) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2016-2118 and CVE-2016-2110. |
RHSA-2016:0650: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20160650 highRHSA-2016:0650 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427
RHSA-2016:0650: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160650 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0650, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2016:0651: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20160651 highRHSA-2016:0651 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427
RHSA-2016:0651: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160651 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0651, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) |
RHSA-2016:0675: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20160675 highRHSA-2016:0675 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427
RHSA-2016:0675: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160675 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0675, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2016:0676: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20160676 highRHSA-2016:0676 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427
RHSA-2016:0676: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160676 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:05+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0676, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) |
RHSA-2016:0677: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20160677 highRHSA-2016:0677 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3422 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449
RHSA-2016:0677: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160677 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0677, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 91. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) |
RHSA-2016:0678: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20160678 highRHSA-2016:0678 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3422 CVE-2016-3425 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449
RHSA-2016:0678: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160678 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0678, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 101. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) |
RHSA-2016:0679: java-1.6.0-sun security update (Critical)oval-com.redhat.rhsa-def-20160679 highRHSA-2016:0679 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3422 CVE-2016-3425 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449
RHSA-2016:0679: java-1.6.0-sun security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160679 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0679, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 115. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449) |
RHSA-2016:0684: nss and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20160684 mediumRHSA-2016:0684 CVE-2016-1978 CVE-2016-1979
RHSA-2016:0684: nss and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160684 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0684, CVE-2016-1978, CVE-2016-1979 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss 3.21.0, nspr 4.11.0. (BZ#1297944, BZ#1297943) Security Fix(es): * A use-after-free flaw was found in the way NSS handled DHE (Diffie-Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. |
RHSA-2016:0685: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20160685 mediumRHSA-2016:0685 CVE-2016-1978 CVE-2016-1979
RHSA-2016:0685: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160685 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0685, CVE-2016-1978, CVE-2016-1979 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a newer upstream version: nss (3.21.0), nss-util (3.21.0), nspr (4.11.0). (BZ#1310581, BZ#1303021, BZ#1299872) Security Fix(es): * A use-after-free flaw was found in the way NSS handled DHE (Diffie–Hellman key exchange) and ECDHE (Elliptic Curve Diffie-Hellman key exchange) handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute arbitrary code using the permissions of the user running the application. (CVE-2016-1978) * A use-after-free flaw was found in the way NSS processed certain DER (Distinguished Encoding Rules) encoded cryptographic keys. An attacker could use this flaw to create a specially crafted DER encoded certificate which, when parsed by an application compiled against the NSS library, could cause that application to crash, or execute arbitrary code using the permissions of the user running the application. (CVE-2016-1979) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Eric Rescorla as the original reporter of CVE-2016-1978; and Tim Taubert as the original reporter of CVE-2016-1979. Bug Fix(es): * The nss-softokn package has been updated to be compatible with NSS 3.21. (BZ#1326221) |
RHSA-2016:0695: firefox security update (Critical)oval-com.redhat.rhsa-def-20160695 highRHSA-2016:0695 CVE-2016-1526 CVE-2016-2805 CVE-2016-2806 CVE-2016-2807 CVE-2016-2808 CVE-2016-2814
RHSA-2016:0695: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160695 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0695, CVE-2016-1526, CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.1.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, CESG (the Information Security Arm of GCHQ), Sascha Just, Jesse Ruderman, Christian Holler, Tyson Smith, Boris Zbarsky, David Bolter, Carsten Book, Mats Palmgren, Gary Kwong, and Randell Jesup as the original reporters. |
RHSA-2016:0706: mercurial security update (Important)oval-com.redhat.rhsa-def-20160706 highRHSA-2016:0706 CVE-2016-3068 CVE-2016-3069
RHSA-2016:0706: mercurial security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160706 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0706, CVE-2016-3068, CVE-2016-3069 |
| Description | Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix(es): * It was discovered that Mercurial failed to properly check Git sub-repository URLs. A Mercurial repository that includes a Git sub-repository with a specially crafted URL could cause Mercurial to execute arbitrary code. (CVE-2016-3068) * It was discovered that the Mercurial convert extension failed to sanitize special characters in Git repository names. A Git repository with a specially crafted name could cause Mercurial to execute arbitrary code when the Git repository was converted to a Mercurial repository. (CVE-2016-3069) Red Hat would like to thank Blake Burkhart for reporting these issues. |
RHSA-2016:0715: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20160715 mediumRHSA-2016:0715 CVE-2015-5157 CVE-2015-8767
RHSA-2016:0715: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160715 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0715, CVE-2015-5157, CVE-2015-8767 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way the Linux kernel handled IRET faults during the processing of NMIs. An unprivileged, local user could use this flaw to crash the system or, potentially (although highly unlikely), escalate their privileges on the system. (CVE-2015-5157, Moderate) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service. (CVE-2015-8767, Moderate) Bug Fix(es): * When the nvme driver held the queue lock for too long, for example during DMA mapping, a lockup occurred leading to nvme hard-lockup panic. This update fixes the underlying source code, and nvme now works as expected.(BZ#1314209) * Due to a regression, a Unix domain datagram socket could come to a deadlock when sending a datagram to itself. The provided patch adds another "sk" check to the unix_dgram_sendmsg() function, and the aforementioned deadlock no longer occurs. (BZ#1315696) * Previously, writing a large file using direct I/O in 16 MB chunks sometimes caused a pathological allocation pattern where 16 MB chunks of large free extent were allocated to a file in reversed order. The provided patch avoids the backward allocation, and writing a large file using direct I/O now proceeds successfully. (BZ#1320031) * MD RAID1 devices that repeatedly became hot removed and re-added could become mismatched due to a race condition. This caused them to return stale data, leading to data corruption. The provided set of patches fixes this bug, and hot removals and re-additions of md devices now work as expected. (BZ#1320863) * A couple of previous fixes caused a deadlock on the "rq" lock leading to a kernel panic on CPU 0. The provided set of patches reverts the relevant commits, thus preventing the panic from occurring. (BZ#1326043) Enhancement(s): * VLAN support has been updated to integrate some of the latest upstream features. This update also makes sure that Null pointer crashes related to VLAN support in bonding mode no longer occur and that tag stripping and insertion work as expected. (BZ#1315706) * This update adds additional model numbers for Broadwell to perf. (BZ#1320035) |
RHSA-2016:0722: openssl security update (Important)oval-com.redhat.rhsa-def-20160722 highRHSA-2016:0722 CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842
RHSA-2016:0722: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160722 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0722, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. |
RHSA-2016:0723: java-1.6.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20160723 highRHSA-2016:0723 CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3427
RHSA-2016:0723: java-1.6.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20160723 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0723, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3425, CVE-2016-3427 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) |
RHSA-2016:0724: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20160724 highRHSA-2016:0724 CVE-2016-3710
RHSA-2016:0724: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160724 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0724, CVE-2016-3710 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue. |
RHSA-2016:0726: ImageMagick security update (Important)oval-com.redhat.rhsa-def-20160726 highRHSA-2016:0726 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718
RHSA-2016:0726: ImageMagick security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160726 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0726, CVE-2016-3714, CVE-2016-3715, CVE-2016-3716, CVE-2016-3717, CVE-2016-3718 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es): * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-3714) * It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would allow the attacker to delete, move, or disclose the contents of arbitrary files. (CVE-2016-3715, CVE-2016-3716, CVE-2016-3717) * A server-side request forgery flaw was discovered in the way ImageMagick processed certain images. A remote attacker could exploit this flaw to mislead an application using ImageMagick or an unsuspecting user using the ImageMagick utilities into, for example, performing HTTP(S) requests or opening FTP sessions via specially crafted images. (CVE-2016-3718) Note: This update contains an updated /etc/ImageMagick/policy.xml file that disables the EPHEMERAL, HTTPS, HTTP, URL, FTP, MVG, MSL, TEXT, and LABEL coders. If you experience any problems after the update, it may be necessary to manually adjust the policy.xml file to match your requirements. Please take additional precautions to ensure that your applications using the ImageMagick library do not process malicious or untrusted files before doing so. |
RHSA-2016:0741: openssh security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20160741 mediumRHSA-2016:0741 CVE-2015-5352 CVE-2015-6563 CVE-2015-6564 CVE-2016-1908
RHSA-2016:0741: openssh security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160741 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0741, CVE-2015-5352, CVE-2015-6563, CVE-2015-6564, CVE-2016-1908 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * It was found that the OpenSSH client did not properly enforce the ForwardX11Timeout setting. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2015-5352) * A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. (CVE-2015-6563) * A use-after-free flaw was found in OpenSSH. An attacker able to fully compromise a non-privileged pre-authentication process using a different flaw could possibly cause sshd to crash or execute arbitrary code with root privileges. (CVE-2015-6564) * An access flaw was discovered in OpenSSH; the OpenSSH client did not correctly handle failures to generate authentication cookies for untrusted X11 forwarding. A malicious or compromised remote X application could possibly use this flaw to establish a trusted connection to the local X server, even if only untrusted X11 forwarding was requested. (CVE-2016-1908) For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. |
RHSA-2016:0760: file security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20160760 mediumRHSA-2016:0760 CVE-2014-3538 CVE-2014-3587 CVE-2014-3710 CVE-2014-8116 CVE-2014-8117 CVE-2014-9620 CVE-2014-9653
RHSA-2016:0760: file security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160760 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0760, CVE-2014-3538, CVE-2014-3587, CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653 |
| Description | The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es): * Multiple flaws were found in the file regular expression rules for detecting various files. A remote attacker could use these flaws to cause file to consume an excessive amount of CPU. (CVE-2014-3538) * A denial of service flaw was found in the way file parsed certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash file via a specially crafted CDF file. (CVE-2014-3587) * Multiple flaws were found in the way file parsed Executable and Linkable Format (ELF) files. A remote attacker could use these flaws to cause file to crash, disclose portions of its memory, or consume an excessive amount of system resources. (CVE-2014-3710, CVE-2014-8116, CVE-2014-8117, CVE-2014-9620, CVE-2014-9653) Red Hat would like to thank Thomas Jarosch (Intra2net AG) for reporting CVE-2014-8116 and CVE-2014-8117. The CVE-2014-3538 issue was discovered by Jan Kaluža (Red Hat Web Stack Team) and the CVE-2014-3710 issue was discovered by Francisco Alonso (Red Hat Product Security). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. |
RHSA-2016:0778: icedtea-web security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20160778 mediumRHSA-2016:0778 CVE-2015-5234 CVE-2015-5235
RHSA-2016:0778: icedtea-web security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160778 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0778, CVE-2015-5234, CVE-2015-5235 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. The following packages have been upgraded to a newer upstream version: icedtea-web (1.6.2). (BZ#1275523) Security Fix(es): * It was discovered that IcedTea-Web did not properly sanitize applet URLs when storing applet trust settings. A malicious web page could use this flaw to inject trust-settings configuration, and cause applets to be executed without user approval. (CVE-2015-5234) * It was discovered that IcedTea-Web did not properly determine an applet's origin when asking the user if the applet should be run. A malicious page could use this flaw to cause IcedTea-Web to execute the applet without user approval, or confuse the user into approving applet execution based on an incorrectly indicated applet origin. (CVE-2015-5235) Red Hat would like to thank Andrea Palazzo (Truel IT) for reporting these issues. For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. |
RHSA-2016:0780: ntp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20160780 mediumRHSA-2016:0780 CVE-2015-5194 CVE-2015-5195 CVE-2015-5219 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7852 CVE-2015-7977 CVE-2015-7978
RHSA-2016:0780: ntp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160780 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0780, CVE-2015-5194, CVE-2015-5195, CVE-2015-5219, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7977, CVE-2015-7978 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) * A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701) * An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852) * A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977) * A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978) * It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194) * It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195) * It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219) * It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-7703) The CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvár (Red Hat). For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.8 Release Notes and Red Hat Enterprise Linux 6.8 Technical Notes linked from the References section. |
RHSA-2016:0855: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20160855 mediumRHSA-2016:0855 CVE-2010-5313 CVE-2013-4312 CVE-2014-7842 CVE-2014-8134 CVE-2015-5156 CVE-2015-7509 CVE-2015-8215 CVE-2015-8324 CVE-2015-8543 CVE-2016-3841
RHSA-2016:0855: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20160855 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:0855, CVE-2010-5313, CVE-2013-4312, CVE-2014-7842, CVE-2014-8134, CVE-2015-5156, CVE-2015-7509, CVE-2015-8215, CVE-2015-8324, CVE-2015-8543, CVE-2016-3841 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was found that reporting emulation failures to user space could lead to either a local (CVE-2014-7842) or a L2->L1 (CVE-2010-5313) denial of service. In the case of a local denial of service, an attacker must have access to the MMIO area or be able to access an I/O port. Please note that on certain systems, HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way. (CVE-2010-5313, CVE-2014-7842, Moderate) * It was found that the Linux kernel did not properly account file descriptors passed over the unix socket against the process limit. A local user could use this flaw to exhaust all available memory on the system. (CVE-2013-4312, Moderate) * A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate) * It was found that the Linux kernel's IPv6 network stack did not properly validate the value of the MTU variable when it was set. A remote attacker could potentially use this flaw to disrupt a target system's networking (packet loss) by setting an invalid MTU value, for example, via a NetworkManager daemon that is processing router advertisement packets running on the target system. (CVE-2015-8215, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's network subsystem handled socket creation with an invalid protocol identifier. A local user could use this flaw to crash the system. (CVE-2015-8543, Moderate) * It was found that the espfix functionality does not work for 32-bit KVM paravirtualized guests. A local, unprivileged guest user could potentially use this flaw to leak kernel stack addresses. (CVE-2014-8134, Low) * A flaw was found in the way the Linux kernel's ext4 file system driver handled non-journal file systems with an orphan list. An attacker with physical access to the system could use this flaw to crash the system or, although unlikely, escalate their privileges on the system. (CVE-2015-7509, Low) * A NULL pointer dereference flaw was found in the way the Linux kernel's ext4 file system driver handled certain corrupted file system images. An attacker with physical access to the system could use this flaw to crash the system. (CVE-2015-8324, Low) Red Hat would like to thank Nadav Amit for reporting CVE-2010-5313 and CVE-2014-7842, Andy Lutomirski for reporting CVE-2014-8134, and Dmitriy Monakhov (OpenVZ) for reporting CVE-2015-8324. The CVE-2015-5156 issue was discovered by Jason Wang (Red Hat). Additional Changes: * Refer to Red Hat Enterprise Linux 6.8 Release Notes for information on new kernel features and known issues, and Red Hat Enterprise Linux Technical Notes for information on device driver updates, important changes to external kernel parameters, notable bug fixes, and technology previews. Both of these documents are linked to in the References section. |
RHSA-2016:0996: openssl security update (Important)oval-com.redhat.rhsa-def-20160996 highRHSA-2016:0996 CVE-2016-0799 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2842
RHSA-2016:0996: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160996 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0996, CVE-2016-0799, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2842 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) * Two integer overflow flaws, leading to buffer overflows, were found in the way the EVP_EncodeUpdate() and EVP_EncryptUpdate() functions of OpenSSL parsed very large amounts of input data. A remote attacker could use these flaws to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of the user running that application. (CVE-2016-2105, CVE-2016-2106) * It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. A remote attacker could possibly use this flaw to retrieve plain text from encrypted packets by using a TLS/SSL or DTLS server as a padding oracle. (CVE-2016-2107) * Several flaws were found in the way BIO_*printf functions were implemented in OpenSSL. Applications which passed large amounts of untrusted data through these functions could crash or potentially execute code with the permissions of the user running such an application. (CVE-2016-0799, CVE-2016-2842) * A denial of service flaw was found in the way OpenSSL parsed certain ASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs. An application using OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocate an excessive amount of data. (CVE-2016-2109) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108, CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, and CVE-2016-0799. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters of CVE-2016-2108; Guido Vranken as the original reporter of CVE-2016-2842, CVE-2016-2105, CVE-2016-2106, and CVE-2016-0799; and Juraj Somorovsky as the original reporter of CVE-2016-2107. |
RHSA-2016:0997: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20160997 highRHSA-2016:0997 CVE-2016-3710
RHSA-2016:0997: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20160997 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:0997, CVE-2016-3710 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations via I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting this issue. |
RHSA-2016:1025: pcre security update (Important)oval-com.redhat.rhsa-def-20161025 highRHSA-2016:1025 CVE-2015-2328 CVE-2015-3217 CVE-2015-5073 CVE-2015-8385 CVE-2015-8386 CVE-2015-8388 CVE-2015-8391 CVE-2016-3191
RHSA-2016:1025: pcre security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161025 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1025, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8385, CVE-2015-8386, CVE-2015-8388, CVE-2015-8391, CVE-2016-3191 |
| Description | PCRE is a Perl-compatible regular expression library. Security Fix(es): * Multiple flaws were found in the way PCRE handled malformed regular expressions. An attacker able to make an application using PCRE process a specially crafted regular expression could use these flaws to cause the application to crash or, possibly, execute arbitrary code. (CVE-2015-8385, CVE-2016-3191, CVE-2015-2328, CVE-2015-3217, CVE-2015-5073, CVE-2015-8388, CVE-2015-8391, CVE-2015-8386) |
RHSA-2016:1033: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20161033 highRHSA-2016:1033 CVE-2016-0758 CVE-2016-3044
RHSA-2016:1033: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161033 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1033, CVE-2016-0758, CVE-2016-3044 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important) Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue. Bug Fix(es): * Under certain conditions, the migration threads could race with the CPU hotplug, which could cause a deadlock. A set of patches has been provided to fix this bug, and the deadlock no longer occurs in the system. (BZ#1299338) * A bug in the code that cleans up revoked delegations could previously cause a soft lockup in the NFS server. This patch fixes the underlying source code, so the lockup no longer occurs. (BZ#1311582) * The second attempt to reload Common Application Programming Interface (CAPI) devices on the little-endian variant of IBM Power Systems previously failed. The provided set of patches fixes this bug, and reloading works as intended. (BZ#1312396) * Due to inconsistencies in page size of IOMMU, the NVMe device, and the kernel, the BUG_ON signal previously occurred in the nvme_setup_prps() function, leading to the system crash while setting up the DMA transfer. The provided patch sets the default NVMe page size to 4k, thus preventing the system crash. (BZ#1312399) * Previously, on a system using the Infiniband mlx5 driver used for the SRP stack, a hard lockup previously occurred after the kernel exceeded time with lock held with interrupts blocked. As a consequence, the system panicked. This update fixes this bug, and the system no longer panics in this situation. (BZ#1313814) * On the little-endian variant of IBM Power Systems, the kernel previously crashed in the bitmap_weight() function while running the memory affinity script. The provided patch fortifies the topology setup and prevents sd->child from being set to NULL when it is already NULL. As a result, the memory affinity script runs successfully. (BZ#1316158) * When a KVM guest wrote random values to the special-purpose registers (SPR) Instruction Authority Mask Register (IAMR), the guest and the corresponding QEMU process previously hung. This update adds the code which sets SPRs to a suitable neutral value on guest exit, thus fixing this bug. (BZ#1316636) * Under heavy iSCSI traffic load, the system previously panicked due to a race in the locking code leading to a list corruption. This update fixes this bug, and the system no longer panics in this situation. (BZ#1316812) * During SCSI exception handling (triggered by some irregularities), the driver could previously use an already retired SCSI command. As a consequence, a kernel panic or data corruption occurred. The provided patches fix this bug, and exception handling now proceeds successfully. (BZ#1316820) * When the previously opened /dev/tty, which pointed to a pseudo terminal (pty) pair, was the last file closed, a kernel crash could previously occur. The underlying source code has been fixed, preventing this bug. (BZ#1320297) * Previously, when using VPLEX and FCoE via the bnx2fc driver, different degrees of data corruption occurred. The provided patch fixes the FCP Response (RSP) residual parsing in bnx2fc, which prevents the aforementioned corruption. (BZ#1322279) |
RHSA-2016:1041: thunderbird security update (Important)oval-com.redhat.rhsa-def-20161041 highRHSA-2016:1041 CVE-2016-2805 CVE-2016-2807
RHSA-2016:1041: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161041 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1041, CVE-2016-2805, CVE-2016-2807 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 38.8.0. Security Fix(es): * Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-2805, CVE-2016-2807) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Phil Ringalda, Christian Holler, and Tyson Smith as the original reporters. |
RHSA-2016:1051: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20161051 highRHSA-2016:1051 CVE-2016-0758
RHSA-2016:1051: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161051 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1051, CVE-2016-0758 |
| Description | The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt (3.10.0-327.18.2). This version provides a number of bug fixes and enhancements, including: * [scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts * [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO * [scsi] scsi_error: should not get sense for timeout IO in scsi error handler * [scsi] Revert libiscsi: Reduce locking contention in fast path * [mm] madvise: fix MADV_WILLNEED on shmem swapouts * [cpufreq] intel_pstate: decrease number of "HWP enabled" messages and enable HWP per CPU * [kernel] sched: Robustify topology setup * [kernel] sched/fair: Disable tg load_avg/runnable_avg update for root_task_group * [kernel] sched/fair: Move hot load_avg/runnable_avg into separate cacheline * [ib] mlx5: Fix RC transport send queue overhead computation * [fs] nfsd: fix clp->cl_revoked list deletion causing softlock in nfsd * [fs] ceph: multiple updates (BZ#1322033) Security Fix(es): * A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important) Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue. Bug Fix(es): * The hotplug lock and the console semaphore could be acquired in an incorrect order, which could previously lead to a deadlock causing the system console to freeze. The underlying code has been adjusted to acquire the locks in the correct order, resolving the bug with the console. (BZ#1324767) |
RHSA-2016:1086: libndp security update (Moderate)oval-com.redhat.rhsa-def-20161086 mediumRHSA-2016:1086 CVE-2016-3698
RHSA-2016:1086: libndp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161086 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1086, CVE-2016-3698 |
| Description | Libndp is a library (used by NetworkManager) that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fix(es): * It was found that libndp did not properly validate and check the origin of Neighbor Discovery Protocol (NDP) messages. An attacker on a non-local network could use this flaw to advertise a node as a router, allowing them to perform man-in-the-middle attacks on a connecting client, or disrupt the network connectivity of that client. (CVE-2016-3698) Red Hat would like to thank Julien Bernard (Viagénie) for reporting this issue. |
RHSA-2016:1137: openssl security update (Important)oval-com.redhat.rhsa-def-20161137 highRHSA-2016:1137 CVE-2016-2108
RHSA-2016:1137: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161137 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1137, CVE-2016-2108 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. (CVE-2016-2108) Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and David Benjamin (Google) as the original reporters. |
RHSA-2016:1138: squid security update (Moderate)oval-com.redhat.rhsa-def-20161138 mediumRHSA-2016:1138 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4554 CVE-2016-4556
RHSA-2016:1138: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161138 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1138, CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4554, CVE-2016-4556 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051) * Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) * An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230. (CVE-2016-4554) * An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack. (CVE-2016-4556) |
RHSA-2016:1139: squid security update (Moderate)oval-com.redhat.rhsa-def-20161139 mediumRHSA-2016:1139 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556
RHSA-2016:1139: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161139 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1139, CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051) * Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) * An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid. (CVE-2016-4553) * An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230. (CVE-2016-4554) * A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process. (CVE-2016-4555) * An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack. (CVE-2016-4556) |
RHSA-2016:1140: squid34 security update (Moderate)oval-com.redhat.rhsa-def-20161140 mediumRHSA-2016:1140 CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 CVE-2016-4553 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556
RHSA-2016:1140: squid34 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161140 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1140, CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, CVE-2016-4553, CVE-2016-4554, CVE-2016-4555, CVE-2016-4556 |
| Description | The "squid34" packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Note that apart from "squid34", this version of Red Hat Enterprise Linux also includes the "squid" packages which provide Squid version 3.1. Security Fix(es): * A buffer overflow flaw was found in the way the Squid cachemgr.cgi utility processed remotely relayed Squid input. When the CGI interface utility is used, a remote attacker could possibly use this flaw to execute arbitrary code. (CVE-2016-4051) * Buffer overflow and input validation flaws were found in the way Squid processed ESI responses. If Squid was used as a reverse proxy, or for TLS/HTTPS interception, a remote attacker able to control ESI components on an HTTP server could use these flaws to crash Squid, disclose parts of the stack memory, or possibly execute arbitrary code as the user running Squid. (CVE-2016-4052, CVE-2016-4053, CVE-2016-4054) * An input validation flaw was found in the way Squid handled intercepted HTTP Request messages. An attacker could use this flaw to bypass the protection against issues related to CVE-2009-0801, and perform cache poisoning attacks on Squid. (CVE-2016-4553) * An input validation flaw was found in Squid's mime_get_header_field() function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid operating as interception or reverse-proxy to contact the wrong origin server. It could also be used for cache poisoning for client not following RFC 7230. (CVE-2016-4554) * A NULL pointer dereference flaw was found in the way Squid processes ESI responses. If Squid was used as a reverse proxy or for TLS/HTTPS interception, a malicious server could use this flaw to crash the Squid worker process. (CVE-2016-4555) * An incorrect reference counting flaw was found in the way Squid processes ESI responses. If Squid is configured as reverse-proxy, for TLS/HTTPS interception, an attacker controlling a server accessed by Squid, could crash the squid worker, causing a Denial of Service attack. (CVE-2016-4556) |
RHSA-2016:1141: ntp security update (Moderate)oval-com.redhat.rhsa-def-20161141 mediumRHSA-2016:1141 CVE-2015-7979 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550 CVE-2016-2518
RHSA-2016:1141: ntp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161141 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1141, CVE-2015-7979, CVE-2016-1547, CVE-2016-1548, CVE-2016-1550, CVE-2016-2518 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * A denial of service flaw was found in the way NTP handled preemptable client associations. A remote attacker could send several crypto NAK packets to a victim client, each with a spoofed source address of an existing associated peer, preventing that client from synchronizing its time. (CVE-2016-1547) * It was found that an ntpd client could be forced to change from basic client/server mode to the interleaved symmetric mode. A remote attacker could use a spoofed packet that, when processed by an ntpd client, would cause that client to reject all future legitimate server responses, effectively disabling time synchronization on that client. (CVE-2016-1548) * A flaw was found in the way NTP's libntp performed message authentication. An attacker able to observe the timing of the comparison function used in packet authentication could potentially use this flaw to recover the message digest. (CVE-2016-1550) * An out-of-bounds access flaw was found in the way ntpd processed certain packets. An authenticated attacker could use a crafted packet to create a peer association with hmode of 7 and larger, which could potentially (although highly unlikely) cause ntpd to crash. (CVE-2016-2518) The CVE-2016-1548 issue was discovered by Miroslav Lichvar (Red Hat). |
RHSA-2016:1204: spice-server security update (Important)oval-com.redhat.rhsa-def-20161204 highRHSA-2016:1204 CVE-2016-0749 CVE-2016-2150
RHSA-2016:1204: spice-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161204 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1204, CVE-2016-0749, CVE-2016-2150 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es): * A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process. (CVE-2016-0749) * A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. (CVE-2016-2150) The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and the CVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat). |
RHSA-2016:1205: spice security update (Important)oval-com.redhat.rhsa-def-20161205 highRHSA-2016:1205 CVE-2016-0749 CVE-2016-2150
RHSA-2016:1205: spice security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161205 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1205, CVE-2016-0749, CVE-2016-2150 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash the QEMU-KVM process or execute arbitrary code with the privileges of the host's QEMU-KVM process. (CVE-2016-0749) * A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host. (CVE-2016-2150) The CVE-2016-0749 issue was discovered by Jing Zhao (Red Hat) and the CVE-2016-2150 issue was discovered by Frediano Ziglio (Red Hat). |
RHSA-2016:1217: firefox security update (Critical)oval-com.redhat.rhsa-def-20161217 highRHSA-2016:1217 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821 CVE-2016-2822 CVE-2016-2828 CVE-2016-2831
RHSA-2016:1217: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20161217 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1217, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2828, CVE-2016-2831 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.2.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2828, CVE-2016-2831) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges sushi Anton Larsson, firehack, Jordi Chancel, Christian Holler, Sylvestre Ledru, Tyson Smith, jomo, Jesse Ruderman, Julian Seward, Timothy Nikkel, Karl Tomlinson, Olli Pettay, and Gary Kwong as the original reporters. |
RHSA-2016:1237: ImageMagick security update (Important)oval-com.redhat.rhsa-def-20161237 highRHSA-2016:1237 CVE-2015-8895 CVE-2015-8896 CVE-2015-8897 CVE-2015-8898 CVE-2016-5118 CVE-2016-5239 CVE-2016-5240
RHSA-2016:1237: ImageMagick security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161237 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1237, CVE-2015-8895, CVE-2015-8896, CVE-2015-8897, CVE-2015-8898, CVE-2016-5118, CVE-2016-5239, CVE-2016-5240 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es): * It was discovered that ImageMagick did not properly sanitize certain input before using it to invoke processes. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5118) * It was discovered that ImageMagick did not properly sanitize certain input before passing it to the gnuplot delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would lead to arbitrary execution of shell commands with the privileges of the user running the application. (CVE-2016-5239) * Multiple flaws have been discovered in ImageMagick. A remote attacker could, for example, create specially crafted images that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities, would result in a memory corruption and, potentially, execution of arbitrary code, a denial of service, or an application crash. (CVE-2015-8896, CVE-2015-8895, CVE-2016-5240, CVE-2015-8897, CVE-2015-8898) |
RHSA-2016:1267: setroubleshoot and setroubleshoot-plugins security update (Important)oval-com.redhat.rhsa-def-20161267 highRHSA-2016:1267 CVE-2016-4444 CVE-2016-4445 CVE-2016-4446 CVE-2016-4989
RHSA-2016:1267: setroubleshoot and setroubleshoot-plugins security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161267 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1267, CVE-2016-4444, CVE-2016-4445, CVE-2016-4446, CVE-2016-4989 |
| Description | The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache (AVC) messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. Security Fix(es): * Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with root privileges. (CVE-2016-4445, CVE-2016-4989) * Shell command injection flaws were found in the way the setroubleshoot allow_execmod and allow_execstack plugins executed external commands. A local attacker able to trigger an execmod or execstack SELinux denial could use these flaws to execute arbitrary code with root privileges. (CVE-2016-4444, CVE-2016-4446) The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red Hat) and the CVE-2016-4445 and CVE-2016-4989 issues were discovered by Red Hat Product Security. |
RHSA-2016:1277: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20161277 highRHSA-2016:1277 CVE-2015-8767 CVE-2016-4565
RHSA-2016:1277: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161277 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1277, CVE-2015-8767, CVE-2016-4565 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2361921. Security Fixes: * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service. (CVE-2015-8767, Moderate) Red Hat would like to thank Jann Horn for reporting CVE-2016-4565. Bug Fixes: * When Small Computer System Interface (SCSI) devices were removed or deleted, a system crash could occur due to a race condition between listing all SCSI devices and SCSI device removal. The provided patch ensures that the starting node for the klist_iter_init_node() function is actually a member of the list before using it. As a result, a system crash no longer occurs in the described scenario. (BZ#1333403) * This update offers a reworked series of patches for the resizable hash table (rhashtable) including a number of backported bug fixes and enhancements from upstream. (BZ#1328801) * Previously, the same value of the mperf Model-Specific Register (MSR) read twice in a row could lead to a kernel panic due to the divide-by-zero error. The provided patch fixes this bug, and the kernel now handles two identical values of mperf gracefully. (BZ#1334438) * When a transparent proxy application was running and the number of established connections on the computer exceeded one million, unrelated processes, such as curl or ssh, were unable to bind to a local IP on the box to initiate a connection. The provided patch fixes the cooperation of the REUSEADDR/NOREUSEADDR socket option, and thus prevents the local port from being exhausted. As a result, the aforementioned bug no longer occurs in the described scenario. (BZ#1323960) * Previously, the kernel support for non-local bind for the IPv6 protocol was incomplete. As a consequence, an attempt to bind a socket to an IPv6 address that is not assigned to the host could fail. The provided patch includes changes in the ip_nonlocal_bind variable, which is now set to allow binding to an IPv6 address that is not assigned to the host. As a result, Linux servers are now able to bind to non-local IPv6 addresses as expected. (BZ#1324502) * On some servers with a faster CPU, USB initialization could previously lead to a kernel hang during boot. If this inconvenience occurred when booting the second kernel during the kdump operation, the kdump service failed and the vmcore was lost. The provided upstream patch fixes this bug, and the kernel no longer hangs after USB initialization. (BZ#1327581) * Previously, when running iperf servers using the mlx4_en module, a kernel panic occurred. The underlying source code has been fixed, and the kernel panic no longer occurs in the described scenario. (BZ#1327583) |
RHSA-2016:1292: libxml2 security update (Important)oval-com.redhat.rhsa-def-20161292 highRHSA-2016:1292 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449
RHSA-2016:1292: libxml2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161292 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1292, CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or execute arbitrary code with the permissions of the user running the application. (CVE-2016-1834, CVE-2016-1840) Multiple denial of service flaws were found in libxml2. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, could cause that application to crash. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1835, CVE-2016-1836, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-3627, CVE-2016-3705, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449) |
RHSA-2016:1293: setroubleshoot and setroubleshoot-plugins security update (Important)oval-com.redhat.rhsa-def-20161293 highRHSA-2016:1293 CVE-2016-4444 CVE-2016-4446 CVE-2016-4989
RHSA-2016:1293: setroubleshoot and setroubleshoot-plugins security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161293 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1293, CVE-2016-4444, CVE-2016-4446, CVE-2016-4989 |
| Description | The setroubleshoot packages provide tools to help diagnose SELinux problems. When Access Vector Cache (AVC) messages are returned, an alert can be generated that provides information about the problem and helps to track its resolution. The setroubleshoot-plugins package provides a set of analysis plugins for use with setroubleshoot. Each plugin has the capacity to analyze SELinux AVC data and system data to provide user friendly reports describing how to interpret SELinux AVC denials. Security Fix(es): * Shell command injection flaws were found in the way the setroubleshoot executed external commands. A local attacker able to trigger certain SELinux denials could use these flaws to execute arbitrary code with privileges of the setroubleshoot user. (CVE-2016-4989) * Shell command injection flaws were found in the way the setroubleshoot allow_execmod and allow_execstack plugins executed external commands. A local attacker able to trigger an execmod or execstack SELinux denial could use these flaws to execute arbitrary code with privileges of the setroubleshoot user. (CVE-2016-4444, CVE-2016-4446) The CVE-2016-4444 and CVE-2016-4446 issues were discovered by Milos Malik (Red Hat) and the CVE-2016-4989 issue was discovered by Red Hat Product Security. Note: On Red Hat Enterprise Linux 7.0 and 7.1, the setroubleshoot is run with root privileges. Therefore, these issues could allow an attacker to execute arbitrary code with root privileges. |
RHSA-2016:1296: ocaml security update (Moderate)oval-com.redhat.rhsa-def-20161296 mediumRHSA-2016:1296 CVE-2015-8869
RHSA-2016:1296: ocaml security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161296 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1296, CVE-2015-8869 |
| Description | OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers (a fast bytecode compiler and an optimizing native-code compiler), an interactive top level system, parsing tools (Lex, Yacc, Camlp4), a replay debugger, a documentation generator, and a comprehensive library. Security Fix(es): * OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes size arguments to internal memmove calls to be sign-extended from 32- to 64-bits before being passed to the memmove function. This leads to arguments between 2GiB and 4GiB being interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Further, arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak. (CVE-2015-8869) |
RHSA-2016:1301: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20161301 highRHSA-2016:1301 CVE-2015-8767 CVE-2016-3707 CVE-2016-4565
RHSA-2016:1301: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161301 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1301, CVE-2015-8767, CVE-2016-3707, CVE-2016-4565 |
| Description | The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a newer upstream version: kernel-rt (3.10.0-327.22.1). This version provides a number of bug fixes and enhancements, including: * [netdrv] ixgbevf: fix spoofed packets with random MAC and use ether_addr_copy instead of memcpy * [mm] mmu_notifier: fix memory corruption * [mm] hugetlbfs: optimize when NUMA=n * [mm] optimize put_mems_allowed() usage * [x86] mm: suitable memory should go to ZONE_MOVABLE * [fs] xfs: fix splice/direct-IO deadlock * [acpi] tables: Add acpi_subtable_proc to ACPI table parsers * [acpi] table: Add new function to get table entries * [net] ipv6: Nonlocal bind * [net] ipv4: bind ip_nonlocal_bind to current netns (BZ#1335747) Security Fix(es): * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) * A race condition flaw was found in the way the Linux kernel's SCTP implementation handled sctp_accept() during the processing of heartbeat timeout events. A remote attacker could use this flaw to prevent further connections to be accepted by the SCTP server running on the system, resulting in a denial of service. (CVE-2015-8767, Moderate) * A flaw was found in the way the realtime kernel processed specially crafted ICMP echo requests. A remote attacker could use this flaw to trigger a sysrql function based on values in the ICMP packet, allowing them to remotely restart the system. Note that this feature is not enabled by default and requires elevated privileges to be configured. (CVE-2016-3707, Moderate) Red Hat would like to thank Jann Horn for reporting CVE-2016-4565. Bug Fix(es): * Previously, configuration changes to the Hewlett Packard Smart Array (HPSA) driver during I/O operations could set the phys_disk pointer to NULL. Consequently, kernel oops could occur while the HPSA driver was submitting ioaccel2 commands. An upstream patch has been provided to fix this bug, and the oops in the hpsa_scsi_ioaccel_raid_map() function no longer occurs. (BZ#1335411) * In a previous code update one extra spin_lock operation was left untouched. Consequently, a deadlock could occur when looping through cache pages. With this update, the extra lock operation has been removed from the source code and the deadlock no longer occurs in the described situation. (BZ#1327073) |
RHSA-2016:1392: thunderbird security update (Important)oval-com.redhat.rhsa-def-20161392 highRHSA-2016:1392 CVE-2016-2818
RHSA-2016:1392: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161392 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1392, CVE-2016-2818 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.2.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-2818) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Gary Kwong, Jesse Ruderman, Tyson Smith, Timothy Nikkel, Sylvestre Ledru, Julian Seward, Olli Pettay, and Karl Tomlinson as the original reporters. |
RHSA-2016:1406: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20161406 highRHSA-2016:1406 CVE-2016-4565
RHSA-2016:1406: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161406 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1406, CVE-2016-4565 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw was found in the way certain interfaces of the Linux kernel's Infiniband subsystem used write() as bi-directional ioctl() replacement, which could lead to insufficient memory security checks when being invoked using the the splice() system call. A local unprivileged user on a system with either Infiniband hardware present or RDMA Userspace Connection Manager Access module explicitly loaded, could use this flaw to escalate their privileges on the system. (CVE-2016-4565, Important) Red Hat would like to thank Jann Horn for reporting this issue. This update also fixes the following bugs: * When providing some services and using the Integrated Services Digital Network (ISDN), the system could terminate unexpectedly due to the call of the tty_ldisc_flush() function. The provided patch removes this call and the system no longer hangs in the described scenario. (BZ#1337443) * An update to the Red Hat Enterprise Linux 6.8 kernel added calls of two functions provided by the ipv6.ko kernel module, which added a dependency on that module. On systems where ipv6.ko was prevented from being loaded, the nfsd.ko and lockd.ko modules were unable to be loaded. Consequently, it was not possible to run an NFS server or to mount NFS file systems as a client. The underlying source code has been fixed by adding the symbol_get() function, which determines if nfsd.ko and lock.ko are loaded into memory and calls them through function pointers, not directly. As a result, the aforementioned kernel modules are allowed to be loaded even if ipv6.ko is not, and the NFS mount works as expected. (BZ#1341496) * After upgrading the kernel, CPU load average increased compared to the prior kernel version due to the modification of the scheduler. The provided patch set reverts the calculation algorithm of this load average to the the previous version thus resulting in relatively lower values under the same system load. (BZ#1343015) |
RHSA-2016:1421: httpd security update (Important)oval-com.redhat.rhsa-def-20161421 highRHSA-2016:1421 CVE-2016-5387
RHSA-2016:1421: httpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161421 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1421, CVE-2016-5387 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) Note: After this update, httpd will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. |
RHSA-2016:1422: httpd security and bug fix update (Important)oval-com.redhat.rhsa-def-20161422 highRHSA-2016:1422 CVE-2016-5387
RHSA-2016:1422: httpd security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161422 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1422, CVE-2016-5387 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5387) Note: After this update, httpd will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Bug Fix(es): * In a caching proxy configuration, the mod_cache module would treat content as stale if the Expires header changed when refreshing a cached response. As a consequence, an origin server returning content without a fixed Expires header would not be treated as cacheable. The mod_cache module has been fixed to ignore changes in the Expires header when refreshing content. As a result, such content is now cacheable, improving performance and reducing load at the origin server. (BZ#1347648) * The HTTP status code 451 "Unavailable For Legal Reasons" was not usable in the httpd configuration. As a consequence, modules such as mod_rewrite could not be configured to return a 451 error if required for legal purposes. The 451 status code has been added to the list of available error codes, and modules can now be configured to return a 451 error if required. (BZ#1353269) |
RHSA-2016:1458: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20161458 highRHSA-2016:1458 CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610
RHSA-2016:1458: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20161458 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1458, CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2016:1475: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20161475 highRHSA-2016:1475 CVE-2016-3458 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3552 CVE-2016-3587 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610
RHSA-2016:1475: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20161475 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1475, CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 101. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552, CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610) |
RHSA-2016:1476: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20161476 highRHSA-2016:1476 CVE-2016-3458 CVE-2016-3498 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3511 CVE-2016-3550 CVE-2016-3606
RHSA-2016:1476: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20161476 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1476, CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3606 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 111. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3606) |
RHSA-2016:1477: java-1.6.0-sun security update (Moderate)oval-com.redhat.rhsa-def-20161477 mediumRHSA-2016:1477 CVE-2016-3458 CVE-2016-3500 CVE-2016-3503 CVE-2016-3508 CVE-2016-3550
RHSA-2016:1477: java-1.6.0-sun security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161477 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1477, CVE-2016-3458, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3550 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 121. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3458, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508, CVE-2016-3550) |
RHSA-2016:1486: samba security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20161486 mediumRHSA-2016:1486 CVE-2016-2119
RHSA-2016:1486: samba security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161486 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1486, CVE-2016-2119 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. (CVE-2016-2119) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter. Bug Fix(es): * Previously, the "net" command in some cases failed to join the client to Active Directory (AD) because the permissions setting prevented modification of the supported Kerberos encryption type LDAP attribute. With this update, Samba has been fixed to allow joining an AD domain as a user. In addition, Samba now uses the machine account credentials to set up the Kerberos encryption types within AD for the joined machine. As a result, using "net" to join a domain now works more reliably. (BZ#1351260) * Previously, the idmap_hash module worked incorrectly when it was used together with other modules. As a consequence, user and group IDs were not mapped properly. A patch has been applied to skip already configured modules. Now, the hash module can be used as the default idmap configuration back end and IDs are resolved correctly. (BZ#1350759) |
RHSA-2016:1487: samba4 security update (Moderate)oval-com.redhat.rhsa-def-20161487 mediumRHSA-2016:1487 CVE-2016-2119
RHSA-2016:1487: samba4 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161487 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1487, CVE-2016-2119 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * A flaw was found in the way Samba initiated signed DCE/RPC connections. A man-in-the-middle attacker could use this flaw to downgrade the connection to not use signing and therefore impersonate the server. (CVE-2016-2119) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Stefan Metzmacher as the original reporter. |
RHSA-2016:1504: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20161504 highRHSA-2016:1504 CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3598 CVE-2016-3606 CVE-2016-3610
RHSA-2016:1504: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161504 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1504, CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the Hotspot and Libraries components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-3606, CVE-2016-3598, CVE-2016-3610) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) |
RHSA-2016:1538: golang security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20161538 mediumRHSA-2016:1538 CVE-2015-5739 CVE-2015-5740 CVE-2015-5741 CVE-2016-3959 CVE-2016-5386
RHSA-2016:1538: golang security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161538 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1538, CVE-2015-5739, CVE-2015-5740, CVE-2015-5741, CVE-2016-3959, CVE-2016-5386 |
| Description | The golang packages provide the Go programming language compiler. The following packages have been upgraded to a newer upstream version: golang (1.6.3). (BZ#1346331) Security Fix(es): * An input-validation flaw was discovered in the Go programming language built in CGI implementation, which set the environment variable "HTTP_PROXY" using the incoming "Proxy" HTTP-request header. The environment variable "HTTP_PROXY" is used by numerous web clients, including Go's net/http package, to specify a proxy server to use for HTTP and, in some cases, HTTPS requests. This meant that when a CGI-based web application ran, an attacker could specify a proxy server which the application then used for subsequent outgoing requests, allowing a man-in-the-middle attack. (CVE-2016-5386) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. |
RHSA-2016:1539: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20161539 highRHSA-2016:1539 CVE-2015-8660 CVE-2016-2143 CVE-2016-4470
RHSA-2016:1539: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161539 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1539, CVE-2015-8660, CVE-2016-2143, CVE-2016-4470 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2460971. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate) * It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process. (CVE-2016-2143, Moderate) Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). Bug Fix(es): * The glibc headers and the Linux headers share certain definitions of key structures that are required to be defined in kernel and in userspace. In some instances both userspace and sanitized kernel headers have to be included in order to get the structure definitions required by the user program. Unfortunately because the glibc and Linux headers don't coordinate this can result in compilation errors. The glibc headers have therefore been fixed to coordinate with Linux UAPI-based headers. With the header coordination compilation errors no longer occur. (BZ#1331285) * When running the TCP/IPv6 traffic over the mlx4_en networking interface on the big endian architectures, call traces reporting about a "hw csum failure" could occur. With this update, the mlx4_en driver has been fixed by correction of the checksum calculation for the big endian architectures. As a result, the call trace error no longer appears in the log messages. (BZ#1337431) * Under significant load, some applications such as logshifter could generate bursts of log messages too large for the system logger to spool. Due to a race condition, log messages from that application could then be lost even after the log volume dropped to manageable levels. This update fixes the kernel mechanism used to notify the transmitter end of the socket used by the system logger that more space is available on the receiver side, removing a race condition which previously caused the sender to stop transmitting new messages and allowing all log messages to be processed correctly. (BZ#1337513) * Previously, after heavy open or close of the Accelerator Function Unit (AFU) contexts, the interrupt packet went out and the AFU context did not see any interrupts. Consequently, a kernel panic could occur. The provided patch set fixes handling of the interrupt requests, and kernel panic no longer occurs in the described situation. (BZ#1338886) * net: recvfrom would fail on short buffer. (BZ#1339115) * Backport rhashtable changes from upstream. (BZ#1343639) * Server Crashing after starting Glusterd & creating volumes. (BZ#1344234) * RAID5 reshape deadlock fix. (BZ#1344313) * BDX perf uncore support fix. (BZ#1347374) |
RHSA-2016:1541: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20161541 highRHSA-2016:1541 CVE-2015-8660 CVE-2016-4470
RHSA-2016:1541: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161541 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1541, CVE-2015-8660, CVE-2016-4470 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate) Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). The kernel-rt packages have been upgraded to the kernel-3.10.0-327.28.2.el7 source tree, which provides a number of bug fixes over the previous version. (BZ#1350307) This update also fixes the following bugs: * Previously, use of the get/put_cpu_var() function in function refill_stock() from the memcontrol cgroup code lead to a "scheduling while atomic" warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1347171) * Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time. This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348523) |
RHSA-2016:1546: libtiff security update (Important)oval-com.redhat.rhsa-def-20161546 highRHSA-2016:1546 CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320
RHSA-2016:1546: libtiff security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161546 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1546, CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655, CVE-2015-1547, CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) |
RHSA-2016:1547: libtiff security update (Important)oval-com.redhat.rhsa-def-20161547 highRHSA-2016:1547 CVE-2014-8127 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2014-9655 CVE-2015-1547 CVE-2015-7554 CVE-2015-8665 CVE-2015-8668 CVE-2015-8683 CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2016-3632 CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5320
RHSA-2016:1547: libtiff security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161547 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1547, CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2014-9655, CVE-2015-1547, CVE-2015-7554, CVE-2015-8665, CVE-2015-8668, CVE-2015-8683, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2015-8784, CVE-2016-3632, CVE-2016-3945, CVE-2016-3990, CVE-2016-3991, CVE-2016-5320 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2014-9655, CVE-2015-1547, CVE-2015-8784, CVE-2015-8683, CVE-2015-8665, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, CVE-2016-3990, CVE-2016-5320) * Multiple flaws have been discovered in various libtiff tools (bmp2tiff, pal2rgb, thumbnail, tiff2bw, tiff2pdf, tiffcrop, tiffdither, tiffsplit, tiff2rgba). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2014-8127, CVE-2014-8129, CVE-2014-8130, CVE-2014-9330, CVE-2015-7554, CVE-2015-8668, CVE-2016-3632, CVE-2016-3945, CVE-2016-3991) |
RHSA-2016:1551: firefox security update (Critical)oval-com.redhat.rhsa-def-20161551 highRHSA-2016:1551 CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265
RHSA-2016:1551: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20161551 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1551, CVE-2016-2830, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-5252, CVE-2016-5254, CVE-2016-5258, CVE-2016-5259, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.3.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-2836, CVE-2016-5258, CVE-2016-5259, CVE-2016-5252, CVE-2016-5263, CVE-2016-2830, CVE-2016-2838, CVE-2016-5254, CVE-2016-5262, CVE-2016-5264, CVE-2016-5265, CVE-2016-2837) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Looben Yang, Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda, Philipp, Toni Huttunen, Georg Koppen, Abhishek Arya, Atte Kettunen, Nils, Nikita Arykov, and Abdulrahman Alqabandi as the original reporters. |
RHSA-2016:1573: squid security update (Moderate)oval-com.redhat.rhsa-def-20161573 mediumRHSA-2016:1573 CVE-2016-5408
RHSA-2016:1573: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161573 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1573, CVE-2016-5408 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * It was found that the fix for CVE-2016-4051 released via RHSA-2016:1138 did not properly prevent the stack overflow in the munge_other_line() function. A remote attacker could send specially crafted data to the Squid proxy, which would exploit the cachemgr CGI utility, possibly triggering execution of arbitrary code. (CVE-2016-5408) Red Hat would like to thank Amos Jeffries (Squid) for reporting this issue. |
RHSA-2016:1585: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20161585 mediumRHSA-2016:1585 CVE-2016-5403
RHSA-2016:1585: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161585 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1585, CVE-2016-5403 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting this issue. |
RHSA-2016:1602: mariadb security update (Important)oval-com.redhat.rhsa-def-20161602 highRHSA-2016:1602 CVE-2016-0640 CVE-2016-0641 CVE-2016-0643 CVE-2016-0644 CVE-2016-0646 CVE-2016-0647 CVE-2016-0648 CVE-2016-0649 CVE-2016-0650 CVE-2016-0666 CVE-2016-3452 CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440 CVE-2016-5444
RHSA-2016:1602: mariadb security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161602 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1602, CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.50). Security Fix(es): * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed in the References section. (CVE-2016-0640, CVE-2016-0641, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0666, CVE-2016-3452, CVE-2016-3477, CVE-2016-3521, CVE-2016-3615, CVE-2016-5440, CVE-2016-5444) |
RHSA-2016:1606: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20161606 mediumRHSA-2016:1606 CVE-2016-5126 CVE-2016-5403
RHSA-2016:1606: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161606 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1606, CVE-2016-5126, CVE-2016-5403 |
| Description | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * Quick Emulator(Qemu) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap buffer overflow issue. It could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside guest could use this flaw to crash the Qemu process resulting in DoS or potentially leverage it to execute arbitrary code with privileges of the Qemu process on the host. (CVE-2016-5126) * Quick emulator(Qemu) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement and therefore causes unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank hongzhenhao (Marvel Team) for reporting CVE-2016-5403. |
RHSA-2016:1609: php security update (Moderate)oval-com.redhat.rhsa-def-20161609 mediumRHSA-2016:1609 CVE-2016-5385
RHSA-2016:1609: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161609 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1609, CVE-2016-5385 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. |
RHSA-2016:1613: php security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20161613 mediumRHSA-2016:1613 CVE-2016-5385
RHSA-2016:1613: php security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161613 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1613, CVE-2016-5385 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * It was discovered that PHP did not properly protect against the HTTP_PROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5385) Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. Bug Fix(es): * Previously, an incorrect logic in the SAPI header callback routine caused that the callback counter was not incremented. Consequently, when a script included a header callback, it could terminate unexpectedly with a segmentation fault. With this update, the callback counter is properly managed, and scripts with a header callback implementation work as expected. (BZ#1346758) |
RHSA-2016:1626: python security update (Moderate)oval-com.redhat.rhsa-def-20161626 mediumRHSA-2016:1626 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5699
RHSA-2016:1626: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161626 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1626, CVE-2016-0772, CVE-2016-1000110, CVE-2016-5699 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000110) * It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls() function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) * It was found that the Python's httplib library (used by urllib, urllib2 and others) did not properly check HTTPConnection.putheader() function arguments. An attacker could use this flaw to inject additional headers in a Python application that allowed user provided header names or values. (CVE-2016-5699) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-1000110. |
RHSA-2016:1632: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20161632 highRHSA-2016:1632 CVE-2016-5696
RHSA-2016:1632: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161632 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1632, CVE-2016-5696 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue. |
RHSA-2016:1633: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20161633 highRHSA-2016:1633 CVE-2016-5696
RHSA-2016:1633: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161633 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1633, CVE-2016-5696 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao from Cyber Security Group in the CS department of University of California, Riverside, for reporting this issue. |
RHSA-2016:1664: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20161664 highRHSA-2016:1664 CVE-2016-5696
RHSA-2016:1664: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161664 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1664, CVE-2016-5696 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the changes by probing packets. An off-path attacker could use this flaw to either terminate TCP connection and/or inject payload into non-secured TCP connection between two endpoints on the network. (CVE-2016-5696, Important) Red Hat would like to thank Yue Cao (Cyber Security Group of the CS department of University of California in Riverside) for reporting this issue. Bug Fix(es): * When loading the Direct Rendering Manager (DRM) kernel module, the kernel panicked if DRM was previously unloaded. The kernel panic was caused by a memory leak of the ID Resolver (IDR2). With this update, IDR2 is loaded during kernel boot, and the kernel panic no longer occurs in the described scenario. (BZ#1353827) * When more than one process attempted to use the "configfs" directory entry at the same time, a kernel panic in some cases occurred. With this update, a race condition between a directory entry and a lookup operation has been fixed. As a result, the kernel no longer panics in the described scenario. (BZ#1353828) * When shutting down the system by running the halt -p command, a kernel panic occurred due to a conflict between the kernel offlining CPUs and the sched command, which used the sched group and the sched domain data without first checking the data. The underlying source code has been fixed by adding a check to avoid the conflict. As a result, the described scenario no longer results in a kernel panic. (BZ#1343894) * In some cases, running the ipmitool command caused a kernel panic due to a race condition in the ipmi message handler. This update fixes the race condition, and the kernel panic no longer occurs in the described scenario. (BZ#1355980) * Previously, multiple Very Secure FTP daemon (vsftpd) processes on a directory with a large number of files led to a high contention rate on each inode's spinlock, which caused excessive CPU usage. With this update, a spinlock to protect a single memory-to-memory copy has been removed from the ext4_getattr() function. As a result, system CPU usage has been reduced and is no longer excessive in the described situation. (BZ#1355981) * When the gfs2_grow utility is used to extend Global File System 2 (GFS2), the next block allocation causes the GFS2 kernel module to re-read its resource group index. If multiple processes in the GFS2 module raced to do the same thing, one process sometimes overwrote a valid object pointer with an invalid pointer, which caused either a kernel panic or a file system corruption. This update ensures that the resource group object pointer is not overwritten. As a result, neither kernel panic nor file system corruption occur in the described scenario. (BZ#1347539) * Previously, the SCSI Remote Protocol over InfiniBand (IB-SRP) was disabled due to a bug in the srp_queue() function. As a consequence, an attempt to enable the Remote Direct Memory Access (RDMA) at boot caused the kernel to crash. With this update, srp_queue() has been fixed, and the system now boots as expected when RDMA is enabled. (BZ#1348062) Enhancement(s): * This update optimizes the efficiency of the Transmission Control Protocol (TCP) when the peer is using a window under 537 bytes in size. As a result, devices that use maximum segment size (MSS) of 536 bytes or fewer will experience improved network performance. (BZ#1354446) |
RHSA-2016:1776: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20161776 highRHSA-2016:1776 CVE-2016-3458 CVE-2016-3500 CVE-2016-3508 CVE-2016-3550 CVE-2016-3606
RHSA-2016:1776: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161776 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1776, CVE-2016-3458, CVE-2016-3500, CVE-2016-3508, CVE-2016-3550, CVE-2016-3606 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es): * An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. (CVE-2016-3606) * Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed. (CVE-2016-3500, CVE-2016-3508) * Multiple flaws were found in the CORBA and Hotsport components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2016-3458, CVE-2016-3550) |
RHSA-2016:1797: ipa security update (Moderate)oval-com.redhat.rhsa-def-20161797 mediumRHSA-2016:1797 CVE-2016-5404
RHSA-2016:1797: ipa security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20161797 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:1797, CVE-2016-5404 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * An insufficient permission check issue was found in the way IPA server treats certificate revocation requests. An attacker logged in with the 'retrieve certificate' permission enabled could use this flaw to revoke certificates, possibly triggering a denial of service attack. (CVE-2016-5404) This issue was discovered by Fraser Tweedale (Red Hat). |
RHSA-2016:1809: thunderbird security update (Important)oval-com.redhat.rhsa-def-20161809 highRHSA-2016:1809 CVE-2016-2836
RHSA-2016:1809: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161809 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1809, CVE-2016-2836 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.3.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-2836) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Carsten Book, Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Phil Ringnalda, and Philipp as the original reporters. |
RHSA-2016:1844: libarchive security update (Important)oval-com.redhat.rhsa-def-20161844 highRHSA-2016:1844 CVE-2015-8916 CVE-2015-8917 CVE-2015-8919 CVE-2015-8920 CVE-2015-8921 CVE-2015-8922 CVE-2015-8923 CVE-2015-8924 CVE-2015-8925 CVE-2015-8926 CVE-2015-8928 CVE-2015-8930 CVE-2015-8931 CVE-2015-8932 CVE-2015-8934 CVE-2016-1541 CVE-2016-4300 CVE-2016-4302 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-6250 CVE-2016-7166
RHSA-2016:1844: libarchive security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161844 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1844, CVE-2015-8916, CVE-2015-8917, CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8922, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8930, CVE-2015-8931, CVE-2015-8932, CVE-2015-8934, CVE-2016-1541, CVE-2016-4300, CVE-2016-4302, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-6250, CVE-2016-7166 |
| Description | The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418) * Multiple out-of-bounds write flaws were found in libarchive. Specially crafted ZIP, 7ZIP, or RAR files could cause a heap overflow, potentially allowing code execution in the context of the application using libarchive. (CVE-2016-1541, CVE-2016-4300, CVE-2016-4302) * Multiple out-of-bounds read flaws were found in libarchive. Specially crafted LZA/LZH, AR, MTREE, ZIP, TAR, or RAR files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8919, CVE-2015-8920, CVE-2015-8921, CVE-2015-8923, CVE-2015-8924, CVE-2015-8925, CVE-2015-8926, CVE-2015-8928, CVE-2015-8934) * Multiple NULL pointer dereference flaws were found in libarchive. Specially crafted RAR, CAB, or 7ZIP files could cause an application using libarchive to crash. (CVE-2015-8916, CVE-2015-8917, CVE-2015-8922) * Multiple infinite loop / resource exhaustion flaws were found in libarchive. Specially crafted GZIP or ISO files could cause the application to consume an excessive amount of resources, eventually leading to a crash on memory exhaustion. (CVE-2016-7166, CVE-2015-8930) * A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809) * An integer overflow flaw, leading to a buffer overflow, was found in libarchive's construction of ISO9660 volumes. Attempting to create an ISO9660 volume with 2 GB or 4 GB file names could cause the application to attempt to allocate 20 GB of memory. If this were to succeed, it could lead to an out of bounds write on the heap and potential code execution. (CVE-2016-6250) * Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted MTREE archives, Compress streams, or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8931, CVE-2015-8932, CVE-2016-5844) Red Hat would like to thank Insomnia Security for reporting CVE-2016-5418. |
RHSA-2016:1847: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20161847 highRHSA-2016:1847 CVE-2016-3134 CVE-2016-4997 CVE-2016-4998 CVE-2016-6197 CVE-2016-6198
RHSA-2016:1847: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161847 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1847, CVE-2016-3134, CVE-2016-4997, CVE-2016-4998, CVE-2016-6197, CVE-2016-6198 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset. (CVE-2016-3134, Important) * A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. (CVE-2016-4997, Important) * An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate) Bug Fix(es): * In some cases, running the ipmitool command caused a kernel panic due to a race condition in the ipmi message handler. This update fixes the race condition, and the kernel panic no longer occurs in the described scenario. (BZ#1353947) * Previously, running I/O-intensive operations in some cases caused the system to terminate unexpectedly after a null pointer dereference in the kernel. With this update, a set of patches has been applied to the 3w-9xxx and 3w-sas drivers that fix this bug. As a result, the system no longer crashes in the described scenario. (BZ#1362040) * Previously, the Stream Control Transmission Protocol (SCTP) sockets did not inherit the SELinux labels properly. As a consequence, the sockets were labeled with the unlabeled_t SELinux type which caused SCTP connections to fail. The underlying source code has been modified, and SCTP connections now works as expected. (BZ#1354302) * Previously, the bnx2x driver waited for transmission completions when recovering from a parity event, which substantially increased the recovery time. With this update, bnx2x does not wait for transmission completion in the described circumstances. As a result, the recovery of bnx2x after a parity event now takes less time. (BZ#1351972) Enhancement(s): * With this update, the audit subsystem enables filtering of processes by name besides filtering by PID. Users can now audit by executable name (with the "-F exe=<path-to-executable>" option), which allows expression of many new audit rules. This functionality can be used to create events when specific applications perform a syscall. (BZ#1345774) * With this update, the Nonvolatile Memory Express (NVMe) and the multi-queue block layer (blk_mq) have been upgraded to the Linux 4.5 upstream version. Previously, a race condition between timeout and freeing request in blk_mq occurred, which could affect the blk_mq_tag_to_rq() function and consequently a kernel oops could occur. The provided patch fixes this race condition by updating the tags with the active request. The patch simplifies blk_mq_tag_to_rq() and ensures that the two requests are not active at the same time. (BZ#1350352) * The Hyper-V storage driver (storvsc) has been upgraded from upstream. This update provides moderate performance improvement of I/O operations when using storvscr for certain workloads. (BZ#1360161) Additional Changes: Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/2592321 |
RHSA-2016:1850: libarchive security update (Important)oval-com.redhat.rhsa-def-20161850 highRHSA-2016:1850 CVE-2015-8920 CVE-2015-8921 CVE-2015-8932 CVE-2016-4809 CVE-2016-5418 CVE-2016-5844 CVE-2016-7166
RHSA-2016:1850: libarchive security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161850 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1850, CVE-2015-8920, CVE-2015-8921, CVE-2015-8932, CVE-2016-4809, CVE-2016-5418, CVE-2016-5844, CVE-2016-7166 |
| Description | The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * A flaw was found in the way libarchive handled hardlink archive entries of non-zero size. Combined with flaws in libarchive's file system sandboxing, this issue could cause an application using libarchive to overwrite arbitrary files with arbitrary data from the archive. (CVE-2016-5418) * Multiple out-of-bounds read flaws were found in libarchive. Specially crafted AR or MTREE files could cause the application to read data out of bounds, potentially disclosing a small amount of application memory, or causing an application crash. (CVE-2015-8920, CVE-2015-8921) * A denial of service vulnerability was found in libarchive's handling of GZIP streams. A crafted GZIP file could cause libarchive to allocate an excessive amount of memory, eventually leading to a crash. (CVE-2016-7166) * A denial of service vulnerability was found in libarchive. A specially crafted CPIO archive containing a symbolic link to a large target path could cause memory allocation to fail, causing an application using libarchive that attempted to view or extract such archive to crash. (CVE-2016-4809) * Multiple instances of undefined behavior due to arithmetic overflow were found in libarchive. Specially crafted Compress streams or ISO9660 volumes could potentially cause the application to fail to read the archive, or to crash. (CVE-2015-8932, CVE-2016-5844) Red Hat would like to thank Insomnia Security for reporting CVE-2016-5418. |
RHSA-2016:1875: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20161875 highRHSA-2016:1875 CVE-2016-3134 CVE-2016-4997 CVE-2016-4998 CVE-2016-6197 CVE-2016-6198
RHSA-2016:1875: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161875 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1875, CVE-2016-3134, CVE-2016-4997, CVE-2016-4998, CVE-2016-6197, CVE-2016-6198 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. The kernel-rt packages have been upgraded to the kernel-3.10.0-327.36.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1366538) Security Fix(es): * A security flaw was found in the Linux kernel in the mark_source_chains() function in "net/ipv4/netfilter/ip_tables.c". It is possible for a user-supplied "ipt_entry" structure to have a large "next_offset" field. This field is not bounds checked prior to writing to a counter value at the supplied offset. (CVE-2016-3134, Important) * A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitrary kernel memory when unloading a kernel module. This action is usually restricted to root-privileged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS and the user is granted elevated privileges. (CVE-2016-4997, Important) * An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate) |
RHSA-2016:1912: firefox security update (Critical)oval-com.redhat.rhsa-def-20161912 highRHSA-2016:1912 CVE-2016-5250 CVE-2016-5257 CVE-2016-5261 CVE-2016-5270 CVE-2016-5272 CVE-2016-5274 CVE-2016-5276 CVE-2016-5277 CVE-2016-5278 CVE-2016-5280 CVE-2016-5281 CVE-2016-5284
RHSA-2016:1912: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20161912 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1912, CVE-2016-5250, CVE-2016-5257, CVE-2016-5261, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.4.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Groß, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters. |
RHSA-2016:1940: openssl security update (Important)oval-com.redhat.rhsa-def-20161940 highRHSA-2016:1940 CVE-2016-2177 CVE-2016-2178 CVE-2016-2179 CVE-2016-2180 CVE-2016-2181 CVE-2016-2182 CVE-2016-6302 CVE-2016-6304 CVE-2016-6306
RHSA-2016:1940: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161940 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1940, CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6304, CVE-2016-6306 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * It was discovered that OpenSSL did not always use constant time operations when computing Digital Signature Algorithm (DSA) signatures. A local attacker could possibly use this flaw to obtain a private DSA key belonging to another user or service running on the same system. (CVE-2016-2178) * It was discovered that the Datagram TLS (DTLS) implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory. (CVE-2016-2179) * A flaw was found in the Datagram TLS (DTLS) replay protection implementation in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server using OpenSSL to reject further packets sent from a DTLS client over an established DTLS connection. (CVE-2016-2181) * An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec() function. An attacker able to make an application using OpenSSL to process a large BIGNUM could cause the application to crash or, possibly, execute arbitrary code. (CVE-2016-2182) * A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher suites so they are not preferred over cipher suites using AES. For compatibility reasons, DES cipher suites remain enabled by default and included in the set of cipher suites identified by the HIGH cipher string. Future updates may move them to MEDIUM or not enable them by default. * An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets. (CVE-2016-6302) * Multiple integer overflow flaws were found in the way OpenSSL performed pointer arithmetic. A remote attacker could possibly use these flaws to cause a TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177) * An out of bounds read flaw was found in the way OpenSSL formatted Public Key Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly cause an application using OpenSSL to crash if it printed time stamp data from the attacker. (CVE-2016-2180) * Multiple out of bounds read flaws were found in the way OpenSSL handled certain TLS/SSL protocol handshake messages. A remote attacker could possibly use these flaws to crash a TLS/SSL server or client using OpenSSL. (CVE-2016-6306) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters of CVE-2016-2183. |
RHSA-2016:1943: kvm security update (Important)oval-com.redhat.rhsa-def-20161943 highRHSA-2016:1943 CVE-2016-3710 CVE-2016-5403
RHSA-2016:1943: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161943 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1943, CVE-2016-3710, CVE-2016-5403 |
| Description | KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc. Security Fix(es): * An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. (CVE-2016-3710) * Quick Emulator(QEMU) built with the virtio framework is vulnerable to an unbounded memory allocation issue. It was found that a malicious guest user could submit more requests than the virtqueue size permits. Processing a request allocates a VirtQueueElement results in unbounded memory allocation on the host controlled by the guest. (CVE-2016-5403) Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360 Marvel Team) for reporting CVE-2016-3710 and hongzhenhao (Marvel Team) for reporting CVE-2016-5403. |
RHSA-2016:1944: bind security update (Important)oval-com.redhat.rhsa-def-20161944 highRHSA-2016:1944 CVE-2016-2776
RHSA-2016:1944: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161944 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1944, CVE-2016-2776 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2016-2776) Red Hat would like to thank ISC for reporting this issue. |
RHSA-2016:1945: bind97 security update (Important)oval-com.redhat.rhsa-def-20161945 highRHSA-2016:1945 CVE-2016-2776
RHSA-2016:1945: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161945 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1945, CVE-2016-2776 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2016-2776) Red Hat would like to thank ISC for reporting this issue. |
RHSA-2016:1978: python-twisted-web security update (Important)oval-com.redhat.rhsa-def-20161978 highRHSA-2016:1978 CVE-2016-1000111
RHSA-2016:1978: python-twisted-web security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161978 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1978, CVE-2016-1000111 |
| Description | Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix(es): * It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000111) Note: After this update, python-twisted-web will no longer pass the value of the Proxy request header to scripts via the HTTP_PROXY environment variable. Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue. |
RHSA-2016:1985: thunderbird security update (Important)oval-com.redhat.rhsa-def-20161985 highRHSA-2016:1985 CVE-2016-5257
RHSA-2016:1985: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20161985 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:1985, CVE-2016-5257 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.4.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5257) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp and Carsten Book as the original reporters. |
RHSA-2016:1990: Red Hat Enterprise Linux 5 Six-Month Retirement Notice (Low)oval-com.redhat.rhsa-def-20161990 lowRHSA-2016:1990
RHSA-2016:1990: Red Hat Enterprise Linux 5 Six-Month Retirement Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20161990 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:1990 |
| Description | In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected Urgent priority bug fixes for RHEL 5.11 (the final RHEL 5 release). On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content. In addition, limited technical support will be available through Red Hat's Global Support Services as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (under "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical impact security fixes and selected Urgent priority bug fixes for RHEL 5.11. RHEL 5 ELS coverage will conclude on November 30, 2020. Note that the RHEL 5 ELS Add-On is available for the x86 (32- and 64-bit) architecture only. The RHEL 5 ELS Add-On is not available for the Itanium architecture. To enjoy even more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may, of course, use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ |
RHSA-2016:2006: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20162006 highRHSA-2016:2006 CVE-2016-4470 CVE-2016-5829
RHSA-2016:2006: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162006 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2006, CVE-2016-4470, CVE-2016-5829 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialized variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important) * A heap-based buffer overflow vulnerability was found in the Linux kernel's hiddev driver. This flaw could allow a local attacker to corrupt kernel memory, possible privilege escalation or crashing the system. (CVE-2016-5829, Moderate) The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.). Bug Fix(es): * Previously, when two NFS shares with different security settings were mounted, the I/O operations to the kerberos-authenticated mount caused the RPC_CRED_KEY_EXPIRE_SOON parameter to be set, but the parameter was not unset when performing the I/O operations on the sec=sys mount. Consequently, writes to both NFS shares had the same parameters, regardless of their security settings. This update fixes this problem by moving the NO_CRKEY_TIMEOUT parameter to the auth->au_flags field. As a result, NFS shares with different security settings are now handled as expected. (BZ#1366962) * In some circumstances, resetting a Fibre Channel over Ethernet (FCoE) interface could lead to a kernel panic, due to invalid information extracted from the FCoE header. This update adds santiy checking to the cpu number extracted from the FCoE header. This ensures that subsequent operations address a valid cpu, and eliminates the kernel panic. (BZ#1359036) * Prior to this update, the following problems occurred with the way GSF2 transitioned files and directories from the "unlinked" state to the "free" state: The numbers reported for the df and the du commands in some cases got out of sync, which caused blocks in the file system to appear missing. The blocks were not actually missing, but they were left in the "unlinked" state. In some circumstances, GFS2 referenced a cluster lock that was already deleted, which led to a kernel panic. If an object was deleted and its space reused as a different object, GFS2 sometimes deleted the existing one, which caused file system corruption. With this update, the transition from "unlinked" to "free" state has been fixed. As a result, none of these three problems occur anymore. (BZ#1359037) * Previously, the GFS2 file system in some cases became unresponsive due to lock dependency problems between inodes and the cluster lock. This occurred most frequently on nearly full file systems where files and directories were being deleted and recreated at the same block location at the same time. With this update, a set of patches has been applied to fix these lock dependencies. As a result, GFS2 no longer hangs in the described circumstances. (BZ#1359038) * When used with controllers that do not support DCMD- MR_DCMD_PD_LIST_QUERY, the megaraid_sas driver can go into infinite error reporting loop of error reporting messages. This could cause difficulties with finding other important log messages, or even it could cause the disk to overflow. This bug has been fixed by ignoring the DCMD MR_DCMD_PD_LIST_QUERY query for controllers which do not support it and sending the DCMD SUCCESS status to the AEN functions. As a result, the error messages no longer appear when there is a change in the status of one of the arrays. (BZ#1359039) |
RHSA-2016:2045: tomcat6 security and bug fix update (Important)oval-com.redhat.rhsa-def-20162045 highRHSA-2016:2045 CVE-2015-5174 CVE-2015-5345 CVE-2016-0706 CVE-2016-0714 CVE-2016-5388 CVE-2016-6325
RHSA-2016:2045: tomcat6 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162045 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2045, CVE-2015-5174, CVE-2015-5345, CVE-2016-0706, CVE-2016-0714, CVE-2016-5388, CVE-2016-6325 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory. (CVE-2015-5174) * It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345) * It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706) Red Hat would like to thank Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security. Bug Fix(es): * Due to a bug in the tomcat6 spec file, the catalina.out file's md5sum, size, and mtime attributes were compared to the file's attributes at installation time. Because these attributes change after the service is started, the "rpm -V" command previously failed. With this update, the attributes mentioned above are ignored in the RPM verification and the catalina.out file now passes the verification check. (BZ#1357123) |
RHSA-2016:2046: tomcat security update (Important)oval-com.redhat.rhsa-def-20162046 highRHSA-2016:2046 CVE-2014-7810 CVE-2015-5346 CVE-2016-5388 CVE-2016-5425 CVE-2016-6325
RHSA-2016:2046: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162046 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2046, CVE-2014-7810, CVE-2015-5346, CVE-2016-5388, CVE-2016-5425, CVE-2016-6325 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-5425) * It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325) * It was found that the expression language resolver evaluated expressions within a privileged code section. A malicious web application could use this flaw to bypass security manager protections. (CVE-2014-7810) * It was discovered that tomcat used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-5388) * A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests. (CVE-2015-5346) Red Hat would like to thank Dawid Golunski (http://legalhackers.com) for reporting CVE-2016-5425 and Scott Geary (VendHQ) for reporting CVE-2016-5388. The CVE-2016-6325 issue was discovered by Red Hat Product Security. |
RHSA-2016:2047: kernel security update (Important)oval-com.redhat.rhsa-def-20162047 highRHSA-2016:2047 CVE-2016-7039 CVE-2016-8666
RHSA-2016:2047: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162047 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2047, CVE-2016-7039, CVE-2016-8666 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path as an unlimited recursion could unfold in both VLAN and TEB modules leading to a stack corruption in the kernel. (CVE-2016-7039, Important) |
RHSA-2016:2079: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20162079 highRHSA-2016:2079 CVE-2016-10165 CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597
RHSA-2016:2079: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20162079 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2079, CVE-2016-10165, CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2016:2088: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20162088 highRHSA-2016:2088 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597
RHSA-2016:2088: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20162088 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2088, CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 111. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597) |
RHSA-2016:2089: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20162089 highRHSA-2016:2089 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597
RHSA-2016:2089: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20162089 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2089, CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 121. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597) |
RHSA-2016:2090: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20162090 highRHSA-2016:2090 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597
RHSA-2016:2090: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162090 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2090, CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 131. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-5542, CVE-2016-5554, CVE-2016-5556, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597) |
RHSA-2016:2093: bind security update (Important)oval-com.redhat.rhsa-def-20162093 highRHSA-2016:2093 CVE-2016-2848
RHSA-2016:2093: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162093 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2093, CVE-2016-2848 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. (CVE-2016-2848) |
RHSA-2016:2094: bind97 security update (Important)oval-com.redhat.rhsa-def-20162094 highRHSA-2016:2094 CVE-2016-2848
RHSA-2016:2094: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162094 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2094, CVE-2016-2848 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled packets with malformed options. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS packet. (CVE-2016-2848) |
RHSA-2016:2098: kernel security update (Important)oval-com.redhat.rhsa-def-20162098 highRHSA-2016:2098 CVE-2016-5195
RHSA-2016:2098: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162098 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2098, CVE-2016-5195 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. |
RHSA-2016:2105: kernel security update (Important)oval-com.redhat.rhsa-def-20162105 highRHSA-2016:2105 CVE-2016-5195
RHSA-2016:2105: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162105 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2105, CVE-2016-5195 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) Red Hat would like to thank Phil Oester for reporting this issue. |
RHSA-2016:2110: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20162110 highRHSA-2016:2110 CVE-2016-5195 CVE-2016-7039 CVE-2016-8666
RHSA-2016:2110: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162110 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2110, CVE-2016-5195, CVE-2016-7039, CVE-2016-8666 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path; As an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. |
RHSA-2016:2124: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20162124 highRHSA-2016:2124 CVE-2016-1583 CVE-2016-5195
RHSA-2016:2124: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162124 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2124, CVE-2016-1583, CVE-2016-5195 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. Bug Fix(es): * In some cases, a kernel crash or file system corruption occurred when running journal mode 'ordered'. The kernel crash was caused by a null pointer dereference due to a race condition between two journal functions. The file system corruption occurred due to a race condition between the do_get_write_access() function and buffer writeout. This update fixes both race conditions. As a result, neither the kernel crash, nor the file system corruption now occur. (BZ#1067708) * Prior to this update, some Global File System 2 (GFS2) files had incorrect time stamp values due to two problems with handling time stamps of such files. The first problem concerned the atime time stamp, which ended up with an arbitrary value ahead of the actual value, when a GFS2 file was accessed. The second problem was related to the mtime and ctime time stamp updates, which got lost when a GFS2 file was written to from one node and read from or written to from another node. With this update, a set of patches has been applied that fix these problems. As a result, the time stamps of GFS2 files are now handled correctly. (BZ#1374861) |
RHSA-2016:2141: bind security update (Important)oval-com.redhat.rhsa-def-20162141 highRHSA-2016:2141 CVE-2016-8864
RHSA-2016:2141: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162141 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2141, CVE-2016-8864 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. |
RHSA-2016:2142: bind97 security update (Important)oval-com.redhat.rhsa-def-20162142 highRHSA-2016:2142 CVE-2016-8864
RHSA-2016:2142: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162142 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2142, CVE-2016-8864 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. |
RHSA-2016:2573: glibc security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20162573 lowRHSA-2016:2573 CVE-2016-3075
RHSA-2016:2573: glibc security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20162573 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:2573, CVE-2016-3075 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * A stack overflow vulnerability was found in _nss_dns_getnetbyname_r. On systems with nsswitch configured to include "networks: dns" with a privileged or network-facing service that would attempt to resolve user-provided network names, an attacker could provide an excessively long network name, resulting in stack corruption and code execution. (CVE-2016-3075) This issue was discovered by Florian Weimer (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2574: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20162574 highRHSA-2016:2574 CVE-2013-4312 CVE-2015-8374 CVE-2015-8543 CVE-2015-8746 CVE-2015-8812 CVE-2015-8844 CVE-2015-8845 CVE-2015-8956 CVE-2016-2053 CVE-2016-2069 CVE-2016-2117 CVE-2016-2384 CVE-2016-2847 CVE-2016-3044 CVE-2016-3070 CVE-2016-3156 CVE-2016-3699 CVE-2016-3841 CVE-2016-4569 CVE-2016-4578 CVE-2016-4581 CVE-2016-4794 CVE-2016-5412 CVE-2016-5828 CVE-2016-5829 CVE-2016-6136 CVE-2016-6198 CVE-2016-6327 CVE-2016-6480 CVE-2016-7914 CVE-2016-7915 CVE-2016-9794 CVE-2017-13167 CVE-2018-16597
RHSA-2016:2574: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162574 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2574, CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8746, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2015-8956, CVE-2016-2053, CVE-2016-2069, CVE-2016-2117, CVE-2016-2384, CVE-2016-2847, CVE-2016-3044, CVE-2016-3070, CVE-2016-3156, CVE-2016-3699, CVE-2016-3841, CVE-2016-4569, CVE-2016-4578, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2016-7914, CVE-2016-7915, CVE-2016-9794, CVE-2017-13167, CVE-2018-16597 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) * Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Red Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2575: curl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162575 mediumRHSA-2016:2575 CVE-2016-5419 CVE-2016-5420 CVE-2016-7141
RHSA-2016:2575: curl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162575 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2575, CVE-2016-5419, CVE-2016-5420, CVE-2016-7141 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5419) * It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-5420) * It was found that the libcurl library using the NSS (Network Security Services) library as TLS/SSL backend incorrectly re-used client certificates for subsequent TLS connections in certain cases. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. (CVE-2016-7141) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2576: libguestfs and virt-p2v security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162576 mediumRHSA-2016:2576 CVE-2015-8869
RHSA-2016:2576: libguestfs and virt-p2v security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162576 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2576, CVE-2015-8869 |
| Description | The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images. Virt-p2v is a tool for conversion of a physical server to a virtual guest. The following packages have been upgraded to a newer upstream version: libguestfs (1.32.7), virt-p2v (1.32.7). (BZ#1218766) Security Fix(es): * An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869) Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2577: libvirt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162577 mediumRHSA-2016:2577 CVE-2015-5160 CVE-2015-5313 CVE-2016-5008
RHSA-2016:2577: libvirt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162577 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2577, CVE-2015-5160, CVE-2015-5313, CVE-2016-5008 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a newer upstream version: libvirt (2.0.0). (BZ#830971, BZ#1286679) Security Fix(es): * It was found that the libvirt daemon, when using RBD (RADOS Block Device), leaked private credentials to the process list. A local attacker could use this flaw to perform certain privileged operations within the cluster. (CVE-2015-5160) * A path-traversal flaw was found in the way the libvirt daemon handled filesystem names for storage volumes. A libvirt user with privileges to create storage volumes and without privileges to create and modify domains could possibly use this flaw to escalate their privileges. (CVE-2015-5313) * It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authentication. (CVE-2016-5008) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2578: pacemaker security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162578 mediumRHSA-2016:2578 CVE-2016-7797
RHSA-2016:2578: pacemaker security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162578 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2578, CVE-2016-7797 |
| Description | The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. The following packages have been upgraded to a newer upstream version: pacemaker (1.1.15). (BZ#1304771) Security Fix(es): * It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unauthenticated connection. A remote attacker could use this flaw to cause a denial of service. (CVE-2016-7797) Red Hat would like to thank Alain Moulle (ATOS/BULL) for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2579: libreoffice security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162579 mediumRHSA-2016:2579 CVE-2016-0794 CVE-2016-0795
RHSA-2016:2579: libreoffice security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162579 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2579, CVE-2016-0794, CVE-2016-0795 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. The following packages have been upgraded to a newer upstream version: libreoffice (5.0.6.2). (BZ#1290148) Security Fix(es): * Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2016-0794, CVE-2016-0795) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2580: poppler security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20162580 mediumRHSA-2016:2580 CVE-2015-8868
RHSA-2016:2580: poppler security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2580, CVE-2015-8868 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * A heap-buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash or, potentially, execute arbitrary code when opened. (CVE-2015-8868) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2581: NetworkManager security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20162581 lowRHSA-2016:2581 CVE-2016-0764
RHSA-2016:2581: NetworkManager security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20162581 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:2581, CVE-2016-0764 |
| Description | NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The following packages have been upgraded to a newer upstream version: NetworkManager (1.4.0), NetworkManager-libreswan (1.2.4), network-manager-applet (1.4.0), libnl3 (3.2.28). (BZ#1264552, BZ#1296058, BZ#1032717, BZ#1271581) Security Fix(es): * A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. (CVE-2016-0764) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2582: nettle security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20162582 mediumRHSA-2016:2582 CVE-2015-8803 CVE-2015-8804 CVE-2015-8805 CVE-2016-6489
RHSA-2016:2582: nettle security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162582 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2582, CVE-2015-8803, CVE-2015-8804, CVE-2015-8805, CVE-2016-6489 |
| Description | Nettle is a cryptographic library that is designed to fit easily in almost any context: In cryptographic toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like lsh or GnuPG, or even in kernel space. Security Fix(es): * Multiple flaws were found in the way nettle implemented elliptic curve scalar multiplication. These flaws could potentially introduce cryptographic weaknesses into nettle's functionality. (CVE-2015-8803, CVE-2015-8804, CVE-2015-8805) * It was found that nettle's RSA and DSA decryption code was vulnerable to cache-related side channel attacks. An attacker could use this flaw to recover the private key from a co-located virtual-machine instance. (CVE-2016-6489) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2583: ntp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20162583 mediumRHSA-2016:2583 CVE-2015-5194 CVE-2015-5195 CVE-2015-5196 CVE-2015-5219 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7852 CVE-2015-7974 CVE-2015-7977 CVE-2015-7978 CVE-2015-7979 CVE-2015-8158
RHSA-2016:2583: ntp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162583 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2583, CVE-2015-5194, CVE-2015-5195, CVE-2015-5196, CVE-2015-5219, CVE-2015-7691, CVE-2015-7692, CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7852, CVE-2015-7974, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8158 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntp_crypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker could use a specially crafted NTP packet to crash ntpd. (CVE-2015-7691, CVE-2015-7692, CVE-2015-7702) * A memory leak flaw was found in ntpd's CRYPTO_ASSOC. If ntpd was configured to use autokey authentication, an attacker could send packets to ntpd that would, after several days of ongoing attack, cause it to run out of memory. (CVE-2015-7701) * An off-by-one flaw, leading to a buffer overflow, was found in cookedprint functionality of ntpq. A specially crafted NTP packet could potentially cause ntpq to crash. (CVE-2015-7852) * A NULL pointer dereference flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could potentially use this flaw to crash ntpd. (CVE-2015-7977) * A stack-based buffer overflow flaw was found in the way ntpd processed 'ntpdc reslist' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash ntpd. (CVE-2015-7978) * It was found that when NTP was configured in broadcast mode, a remote attacker could broadcast packets with bad authentication to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server, causing them to become out of sync over a longer period of time. (CVE-2015-7979) * It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands. (CVE-2015-5194) * It was found that ntpd would exit with a segmentation fault when a statistics type that was not enabled during compilation (e.g. timingstats) was referenced by the statistics or filegen configuration command. (CVE-2015-5195) * It was found that NTP's :config command could be used to set the pidfile and driftfile paths without any restrictions. A remote attacker could use this flaw to overwrite a file on the file system with a file containing the pid of the ntpd process (immediately) or the current estimated drift of the system clock (in hourly intervals). (CVE-2015-5196, CVE-2015-7703) * It was discovered that the sntp utility could become unresponsive due to being caught in an infinite loop when processing a crafted NTP packet. (CVE-2015-5219) * A flaw was found in the way NTP verified trusted keys during symmetric key authentication. An authenticated client (A) could use this flaw to modify a packet sent between a server (B) and a client (C) using a key that is different from the one known to the client (A). (CVE-2015-7974) * A flaw was found in the way the ntpq client processed certain incoming packets in a loop in the getresponse() function. A remote attacker could potentially use this flaw to crash an ntpq client instance. (CVE-2015-8158) The CVE-2015-5219 and CVE-2015-7703 issues were discovered by Miroslav Lichvár (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2584: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20162584 highRHSA-2016:2584 CVE-2013-4312 CVE-2015-8374 CVE-2015-8543 CVE-2015-8746 CVE-2015-8812 CVE-2015-8844 CVE-2015-8845 CVE-2015-8956 CVE-2016-2053 CVE-2016-2069 CVE-2016-2117 CVE-2016-2384 CVE-2016-2847 CVE-2016-3070 CVE-2016-3156 CVE-2016-3699 CVE-2016-3841 CVE-2016-4569 CVE-2016-4578 CVE-2016-4581 CVE-2016-4794 CVE-2016-5829 CVE-2016-6136 CVE-2016-6198 CVE-2016-6327 CVE-2016-6480 CVE-2017-13167
RHSA-2016:2584: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162584 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2584, CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8746, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2015-8956, CVE-2016-2053, CVE-2016-2069, CVE-2016-2117, CVE-2016-2384, CVE-2016-2847, CVE-2016-3070, CVE-2016-3156, CVE-2016-3699, CVE-2016-3841, CVE-2016-4569, CVE-2016-4578, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2017-13167 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important) * Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578) Red Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2585: qemu-kvm security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162585 mediumRHSA-2016:2585 CVE-2016-1981 CVE-2016-3712
RHSA-2016:2585: qemu-kvm security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162585 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2585, CVE-2016-1981, CVE-2016-3712 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance. (CVE-2016-3712) * An infinite loop flaw was found in the way QEMU's e1000 NIC emulation implementation processed data using transmit or receive descriptors under certain conditions. A privileged user inside a guest could use this flaw to crash the QEMU instance. (CVE-2016-1981) Red Hat would like to thank Zuozhi Fzz (Alibaba Inc.) for reporting CVE-2016-3712. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2586: python security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20162586 lowRHSA-2016:2586 CVE-2016-5636
RHSA-2016:2586: python security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20162586 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:2586, CVE-2016-5636 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2587: wget security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20162587 mediumRHSA-2016:2587 CVE-2016-4971
RHSA-2016:2587: wget security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162587 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2587, CVE-2016-4971 |
| Description | The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es): * It was found that wget used a file name provided by the server for the downloaded file when following an HTTP redirect to a FTP server resource. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. (CVE-2016-4971) Red Hat would like to thank GNU wget project for reporting this issue. Upstream acknowledges Dawid Golunski as the original reporter. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2588: openssh security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162588 mediumRHSA-2016:2588 CVE-2015-8325
RHSA-2016:2588: openssh security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162588 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2588, CVE-2015-8325 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. (CVE-2015-8325) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2589: gimp security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162589 mediumRHSA-2016:2589 CVE-2016-4994
RHSA-2016:2589: gimp security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162589 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2589, CVE-2016-4994 |
| Description | The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. The following packages have been upgraded to a newer upstream version: gimp (2.8.16), gimp-help (2.8.2). (BZ#1298226, BZ#1370595) Security Fix(es): * Multiple use-after-free vulnerabilities were found in GIMP in the channel and layer properties parsing process when loading XCF files. An attacker could create a specially crafted XCF file which could cause GIMP to crash. (CVE-2016-4994) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2590: dhcp security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162590 mediumRHSA-2016:2590 CVE-2016-2774
RHSA-2016:2590: dhcp security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162590 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2590, CVE-2016-2774 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A resource-consumption flaw was discovered in the DHCP server. dhcpd did not restrict the number of open connections to OMAPI and failover ports. A remote attacker able to establish TCP connections to one of these ports could use this flaw to cause dhcpd to exit unexpectedly, stop responding requests, or exhaust system sockets (denial of service). (CVE-2016-2774) Red Hat would like to thank ISC for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2591: krb5 security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20162591 lowRHSA-2016:2591 CVE-2016-3119 CVE-2016-3120
RHSA-2016:2591: krb5 security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20162591 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:2591, CVE-2016-3119, CVE-2016-3120 |
| Description | Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). The following packages have been upgraded to a newer upstream version: krb5 (1.14.1). (BZ#1292153) Security Fix(es): * A NULL pointer dereference flaw was found in MIT Kerberos kadmind service. An authenticated attacker with permission to modify a principal entry could use this flaw to cause kadmind to dereference a null pointer and crash by supplying an empty DB argument to the modify_principal command, if kadmind was configured to use the LDAP KDB module. (CVE-2016-3119) * A NULL pointer dereference flaw was found in MIT Kerberos krb5kdc service. An authenticated attacker could use this flaw to cause krb5kdc to dereference a null pointer and crash by making an S4U2Self request, if the restrict_anonymous_to_tgt option was set to true. (CVE-2016-3120) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2592: subscription-manager security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162592 mediumRHSA-2016:2592 CVE-2016-4455
RHSA-2016:2592: subscription-manager security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162592 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2592, CVE-2016-4455 |
| Description | The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic (RHN) to Red Hat Subscription Management (RHSM). The python-rhsm packages provide a library for communicating with the representational state transfer (REST) interface of a Red Hat Unified Entitlement Platform. The Subscription Management tools use this interface to manage system entitlements, certificates, and access to content. The following packages have been upgraded to a newer upstream version: subscription-manager (1.17.15), python-rhsm (1.17.9), subscription-manager-migration-data (2.0.31). (BZ#1328553, BZ#1328555, BZ#1328559) Security Fix(es): * It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack. (CVE-2016-4455) Red Hat would like to thank Robert Scheck for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2593: sudo security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20162593 lowRHSA-2016:2593 CVE-2016-7091
RHSA-2016:2593: sudo security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20162593 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:2593, CVE-2016-7091 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo. (CVE-2016-7091) Note: With this update, INPUTRC was removed from the env_keep list in /etc/sudoers to avoid having sudo preserve the value of this variable when invoking privileged commands. Red Hat would like to thank Grisha Levit for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2594: 389-ds-base security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162594 mediumRHSA-2016:2594 CVE-2016-4992 CVE-2016-5405 CVE-2016-5416
RHSA-2016:2594: 389-ds-base security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162594 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2594, CVE-2016-4992, CVE-2016-5405, CVE-2016-5416 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. The following packages have been upgraded to a newer upstream version: 389-ds-base (1.3.5.10). (BZ#1270020) Security Fix(es): * It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information. (CVE-2016-5416) * An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not. (CVE-2016-4992) * It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries. (CVE-2016-5405) The CVE-2016-5416 issue was discovered by Viktor Ashirov (Red Hat); the CVE-2016-4992 issue was discovered by Petr Spacek (Red Hat) and Martin Basti (Red Hat); and the CVE-2016-5405 issue was discovered by William Brown (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2595: mariadb security and bug fix update (Important)oval-com.redhat.rhsa-def-20162595 highRHSA-2016:2595 CVE-2016-3492 CVE-2016-5612 CVE-2016-5616 CVE-2016-5624 CVE-2016-5626 CVE-2016-5629 CVE-2016-6662 CVE-2016-6663 CVE-2016-8283
RHSA-2016:2595: mariadb security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162595 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2595, CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-6662, CVE-2016-6663, CVE-2016-8283 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a newer upstream version: mariadb (5.5.52). (BZ#1304516, BZ#1377974) Security Fix(es): * It was discovered that the MariaDB logging functionality allowed writing to MariaDB configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MariaDB performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2016-3492, CVE-2016-5612, CVE-2016-5616, CVE-2016-5624, CVE-2016-5626, CVE-2016-5629, CVE-2016-8283) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2596: pcs security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162596 mediumRHSA-2016:2596 CVE-2016-0720 CVE-2016-0721
RHSA-2016:2596: pcs security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162596 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2596, CVE-2016-0720, CVE-2016-0721 |
| Description | The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a newer upstream version: pcs (0.9.152). (BZ#1299847) Security Fix(es): * A Cross-Site Request Forgery (CSRF) flaw was found in the pcsd web UI. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid pcsd session, would allow the attacker to trigger requests on behalf of the user, for example removing resources or restarting/removing nodes. (CVE-2016-0720) * It was found that pcsd did not invalidate cookies on the server side when a user logged out. This could potentially allow an attacker to perform session fixation attacks on pcsd. (CVE-2016-0721) These issues were discovered by Martin Prpic (Red Hat Product Security). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2597: firewalld security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162597 mediumRHSA-2016:2597 CVE-2016-5410
RHSA-2016:2597: firewalld security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162597 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2597, CVE-2016-5410 |
| Description | firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface. The following packages have been upgraded to a newer upstream version: firewalld (0.4.3.2). (BZ#1302802) Security Fix(es): * A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings. (CVE-2016-5410) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2598: php security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20162598 mediumRHSA-2016:2598 CVE-2016-5399 CVE-2016-5766 CVE-2016-5767 CVE-2016-5768
RHSA-2016:2598: php security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162598 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2598, CVE-2016-5399, CVE-2016-5766, CVE-2016-5767, CVE-2016-5768 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * A flaw was found in the way certain error conditions were handled by bzread() function in PHP. An attacker could use this flaw to upload a specially crafted bz2 archive which, when parsed via the vulnerable function, could cause the application to crash or execute arbitrary code with the permissions of the user running the PHP application. (CVE-2016-5399) * An integer overflow flaw, leading to a heap-based buffer overflow was found in the imagecreatefromgd2() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted GD2 image. (CVE-2016-5766) * An integer overflow flaw, leading to a heap-based buffer overflow was found in the gdImagePaletteToTrueColor() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application or execute arbitrary code with the privileges of the user running that PHP application using gd via a specially crafted image buffer. (CVE-2016-5767) * A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash. (CVE-2016-5768) Red Hat would like to thank Hans Jerry Illikainen for reporting CVE-2016-5399. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2599: tomcat security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162599 mediumRHSA-2016:2599 CVE-2014-0230 CVE-2015-5174 CVE-2015-5345 CVE-2015-5351 CVE-2016-0706 CVE-2016-0714 CVE-2016-0763 CVE-2016-3092
RHSA-2016:2599: tomcat security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162599 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2599, CVE-2014-0230, CVE-2015-5174, CVE-2015-5345, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763, CVE-2016-3092 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a newer upstream version: tomcat (7.0.69). (BZ#1287928) Security Fix(es): * A CSRF flaw was found in Tomcat's the index pages for the Manager and Host Manager applications. These applications included a valid CSRF token when issuing a redirect as a result of an unauthenticated request to the root of the web application. This token could then be used by an attacker to perform a CSRF attack. (CVE-2015-5351) * It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session. (CVE-2016-0714) * A security manager bypass flaw was found in Tomcat that could allow remote, authenticated users to access arbitrary application data, potentially resulting in a denial of service. (CVE-2016-0763) * A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092) * A directory traversal flaw was found in Tomcat's RequestUtil.java. A remote, authenticated user could use this flaw to bypass intended SecurityManager restrictions and list a parent directory via a '/..' in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call. (CVE-2015-5174) * It was found that Tomcat could reveal the presence of a directory even when that directory was protected by a security constraint. A user could make a request to a directory via a URL not ending with a slash and, depending on whether Tomcat redirected that request, could confirm whether that directory existed. (CVE-2015-5345) * It was found that Tomcat allowed the StatusManagerServlet to be loaded by a web application when a security manager was configured. This allowed a web application to list all deployed web applications and expose sensitive information such as session IDs. (CVE-2016-0706) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2600: squid security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162600 mediumRHSA-2016:2600 CVE-2016-2569 CVE-2016-2570 CVE-2016-2571 CVE-2016-2572 CVE-2016-3948
RHSA-2016:2600: squid security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162600 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2600, CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, CVE-2016-3948 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a newer upstream version: squid (3.5.20). (BZ#1273942, BZ#1349775) Security Fix(es): * Incorrect boundary checks were found in the way squid handled headers in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response. (CVE-2016-2569, CVE-2016-2570) * It was found that squid did not properly handle errors when failing to parse an HTTP response, possibly leading to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response. (CVE-2016-2571, CVE-2016-2572) * An incorrect boundary check was found in the way squid handled the Vary header in HTTP responses, which could lead to an assertion failure. A malicious HTTP server could use this flaw to crash squid using a specially crafted HTTP response. (CVE-2016-3948) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2601: fontconfig security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20162601 mediumRHSA-2016:2601 CVE-2016-5384
RHSA-2016:2601: fontconfig security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162601 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2601, CVE-2016-5384 |
| Description | Fontconfig is designed to locate fonts within the system and select them according to requirements specified by applications. Security Fix(es): * It was found that cache files were insufficiently validated in fontconfig. A local attacker could create a specially crafted cache file to trigger arbitrary free() calls, which in turn could lead to arbitrary code execution. (CVE-2016-5384) Red Hat would like to thank Tobias Stoeckmann for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2602: mod_nss security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20162602 lowRHSA-2016:2602 CVE-2016-3099
RHSA-2016:2602: mod_nss security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20162602 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:2602, CVE-2016-3099 |
| Description | The mod_nss module provides strong cryptography for the Apache HTTP Server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, using the Network Security Services (NSS) security library. The following packages have been upgraded to a newer upstream version: mod_nss (1.0.14). (BZ#1299063) Security Fix(es): * A flaw was found in the way mod_nss parsed certain OpenSSL-style cipher strings. As a result, mod_nss could potentially use ciphers that were not intended to be enabled. (CVE-2016-3099) This issue was discovered by Rob Crittenden (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2603: libreswan security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20162603 mediumRHSA-2016:2603 CVE-2016-5361
RHSA-2016:2603: libreswan security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162603 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2603, CVE-2016-5361 |
| Description | Libreswan is an implementation of IPsec & IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). Security Fix(es): * A traffic amplification flaw was found in the Internet Key Exchange version 1 (IKEv1) protocol. A remote attacker could use a libreswan server with IKEv1 enabled in a network traffic amplification denial of service attack against other hosts on the network by sending UDP packets with a spoofed source address to that server. (CVE-2016-5361) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2604: resteasy-base security and bug fix update (Important)oval-com.redhat.rhsa-def-20162604 highRHSA-2016:2604 CVE-2016-7050
RHSA-2016:2604: resteasy-base security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162604 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2604, CVE-2016-7050 |
| Description | RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. Security Fix(es): * It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-7050) Red Hat would like to thank Mikhail Egorov (Odin) for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2605: util-linux security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20162605 lowRHSA-2016:2605 CVE-2016-5011
RHSA-2016:2605: util-linux security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20162605 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:2605, CVE-2016-5011 |
| Description | The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix(es): * It was found that util-linux's libblkid library did not properly handle Extended Boot Record (EBR) partitions when reading MS-DOS partition tables. An attacker with physical USB access to a protected machine could insert a storage device with a specially crafted partition table that could, for example, trigger an infinite loop in systemd-udevd, resulting in a denial of service on that machine. (CVE-2016-5011) Red Hat would like to thank Michael Gruhn for reporting this issue. Upstream acknowledges Christian Moch as the original reporter. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2606: postgresql security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20162606 mediumRHSA-2016:2606 CVE-2016-5423 CVE-2016-5424
RHSA-2016:2606: postgresql security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162606 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2606, CVE-2016-5423, CVE-2016-5424 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a newer upstream version: postgresql (9.2.18). Security Fix(es): * A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code. (CVE-2016-5423) * A flaw was found in the way PostgreSQL client programs handled database and role names containing newlines, carriage returns, double quotes, or backslashes. By crafting such an object name, roles with the CREATEDB or CREATEROLE option could escalate their privileges to superuser when a superuser next executes maintenance with a vulnerable client program. (CVE-2016-5424) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Heikki Linnakangas as the original reporter of CVE-2016-5423; and Nathan Bossart as the original reporter of CVE-2016-5424. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2607: powerpc-utils-python security update (Moderate)oval-com.redhat.rhsa-def-20162607 mediumRHSA-2016:2607 CVE-2014-8165
RHSA-2016:2607: powerpc-utils-python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162607 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2607, CVE-2014-8165 |
| Description | The powerpc-utils-python packages provide Python-based utilities for maintaining and servicing PowerPC systems. Security Fix(es): * It was found that the amsvis command of the powerpc-utils-python package did not verify unpickled data before processing it. This could allow an attacker who can connect to an amsvis server process (or cause an amsvis client process to connect to them) to execute arbitrary code as the user running the amsvis process. (CVE-2014-8165) This issue was discovered by Dhiru Kholia of Red Hat Product Security. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section. |
RHSA-2016:2610: systemd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20162610 mediumRHSA-2016:2610 CVE-2016-7795
RHSA-2016:2610: systemd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162610 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2610, CVE-2016-7795 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * A flaw was found in the way systemd handled empty notification messages. A local attacker could use this flaw to make systemd freeze its execution, preventing further management of system services, system shutdown, or zombie process collection via systemd. (CVE-2016-7795) Bug Fix(es): * Previously, the udev device manager automatically enabled all memory banks on IBM z System installations. As a consequence, hot plug memory was enabled automatically, which was incorrect. With this update, system architecture checks have been added to the udev rules to address the problem. As a result, hot plug memory is no longer automatically enabled. (BZ#1381123) |
RHSA-2016:2614: pacemaker security and bug fix update (Important)oval-com.redhat.rhsa-def-20162614 highRHSA-2016:2614 CVE-2016-7035
RHSA-2016:2614: pacemaker security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162614 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2614, CVE-2016-7035 |
| Description | The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. Security Fix(es): * An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. (CVE-2016-7035) This issue was discovered by Jan "poki" Pokorny (Red Hat) and Alain Moulle (ATOS/BULL). Bug Fix(es): * The version of Pacemaker in Red Hat Enterprise Linux 7.3 incorporated an increase in the version number of the remote node protocol. Consequently, cluster nodes running Pacemaker in Red Hat Enterprise Linux 7.3 and remote nodes running earlier versions of Red Hat Enterprise Linux were not able to communicate with each other unless special precautions were taken. This update preserves the rolling upgrade capability. (BZ#1389023) |
RHSA-2016:2615: bind security update (Important)oval-com.redhat.rhsa-def-20162615 highRHSA-2016:2615 CVE-2016-8864
RHSA-2016:2615: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162615 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2615, CVE-2016-8864 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-8864) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the original reporters. |
RHSA-2016:2658: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20162658 highRHSA-2016:2658 CVE-2016-10165 CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597
RHSA-2016:2658: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162658 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2658, CVE-2016-10165, CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively. |
RHSA-2016:2674: libgcrypt security update (Moderate)oval-com.redhat.rhsa-def-20162674 mediumRHSA-2016:2674 CVE-2016-6313
RHSA-2016:2674: libgcrypt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162674 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2674, CVE-2016-6313 |
| Description | The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es): * A design flaw was found in the libgcrypt PRNG (Pseudo-Random Number Generator). An attacker able to obtain the first 580 bytes of the PRNG output could predict the following 20 bytes. (CVE-2016-6313) Red Hat would like to thank Felix Dörre and Vladimir Klebanov for reporting this issue. |
RHSA-2016:2675: pacemaker security update (Important)oval-com.redhat.rhsa-def-20162675 highRHSA-2016:2675 CVE-2016-7035
RHSA-2016:2675: pacemaker security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162675 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2675, CVE-2016-7035 |
| Description | The Pacemaker cluster resource manager is a collection of technologies working together to provide data integrity and the ability to maintain application availability in the event of a failure. Security Fix(es): * An authorization flaw was found in Pacemaker, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. (CVE-2016-7035) This issue was discovered by Jan "poki" Pokorny (Red Hat) and Alain Moulle (ATOS/BULL). |
RHSA-2016:2702: policycoreutils security update (Important)oval-com.redhat.rhsa-def-20162702 highRHSA-2016:2702 CVE-2016-7545
RHSA-2016:2702: policycoreutils security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162702 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2702, CVE-2016-7545 |
| Description | The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es): * It was found that the sandbox tool provided in policycoreutils was vulnerable to a TIOCSTI ioctl attack. A specially crafted program executed via the sandbox command could use this flaw to execute arbitrary commands in the context of the parent shell, escaping the sandbox. (CVE-2016-7545) |
RHSA-2016:2765: 389-ds-base security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20162765 mediumRHSA-2016:2765 CVE-2016-4992 CVE-2016-5405 CVE-2016-5416
RHSA-2016:2765: 389-ds-base security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162765 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2765, CVE-2016-4992, CVE-2016-5405, CVE-2016-5416 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI (Access Control Instructions) could be read by an anonymous user. This could lead to leakage of sensitive information. (CVE-2016-5416) * An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not. (CVE-2016-4992) * It was found that 389 Directory Server was vulnerable to a remote password disclosure via timing attack. A remote attacker could possibly use this flaw to retrieve directory server password after many tries. (CVE-2016-5405) The CVE-2016-5416 issue was discovered by Viktor Ashirov (Red Hat); the CVE-2016-4992 issue was discovered by Petr Spacek (Red Hat) and Martin Basti (Red Hat); and the CVE-2016-5405 issue was discovered by William Brown (Red Hat). Bug Fix(es): * Previously, a bug in the changelog iterator buffer caused it to point to an incorrect position when reloading the buffer. This caused replication to skip parts of the changelog, and consequently some changes were not replicated. This bug has been fixed, and replication data loss due to an incorrectly reloaded changelog buffer no longer occurs. (BZ#1354331) * Previously, if internal modifications were generated on a consumer (for example by the Account Policy plug-in) and additional changes to the same attributes were received from replication, a bug caused Directory Server to accumulate state information on the consumer. The bug has been fixed by making sure that replace operations are only applied if they are newer than existing attribute deletion change sequence numbers (CSNs), and state information no longer accumulates in this situation. (BZ#1379599) Enhancement(s): * In a multi-master replication environment where multiple masters receive updates at the same time, it was previously possible for a single master to obtain exclusive access to a replica and hold it for a very long time due to problems such as a slow network connection. During this time, other masters were blocked from accessing the same replica, which considerably slowed down the replication process. This update adds a new configuration attribute, "nsds5ReplicaReleaseTimeout", which can be used to specify a timeout in seconds. After the specified timeout period passes, the master releases the replica, allowing other masters to access it and send their updates. (BZ#1358390) |
RHSA-2016:2766: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20162766 highRHSA-2016:2766 CVE-2016-1583 CVE-2016-2143
RHSA-2016:2766: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162766 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2766, CVE-2016-1583, CVE-2016-2143 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was found that stacking a file system over procfs in the Linux kernel could lead to a kernel stack overflow due to deep nesting, as demonstrated by mounting ecryptfs over procfs and creating a recursion by mapping /proc/environ. An unprivileged, local user could potentially use this flaw to escalate their privileges on the system. (CVE-2016-1583, Important) * It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit of 8PB, the function that duplicates the address space will try to copy memory areas outside of the address space limit for the child process. (CVE-2016-2143, Moderate) Bug Fix(es): * Use of a multi-threaded workload with high memory mappings sometiems caused a kernel panic, due to a race condition between the context switch and the pagetable upgrade. This update fixes the switch_mm() by using the complete asce parameter instead of the asce_bits parameter. As a result, the kernel no longer panics in the described scenario. (BZ#1377472) * When iptables created the Transmission Control Protocol (TCP) reset packet, a kernel crash could occur due to uninitialized pointer to the TCP header within the Socket Buffer (SKB). This update fixes the transport header pointer in TCP reset for both IPv4 and IPv6, and the kernel no longer crashes in the described situation.(BZ#1372266) * Previously, when the Enhanced Error Handling (EEH) mechanism did not block the PCI configuration space access and an error was detected, a kernel panic occurred. This update fixes EEH to fix this problem. As a result, the kernel no longer panics in the described scenario. (BZ#1379596) * When the lockd service failed to start up completely, the notifier blocks were in some cases registered on a notification chain multiple times, which caused the occurrence of a circular list on the notification chain. Consequently, a soft lock-up or a kernel oops occurred. With this update, the notifier blocks are unregistered if lockd fails to start up completely, and the soft lock-ups or the kernel oopses no longer occur under the described circumstances. (BZ#1375637) * When the Fibre Channel over Ethernet (FCoE) was configured, the FCoE MaxFrameSize parameter was incorrectly restricted to 1452. With this update, the NETIF_F_ALL_FCOE symbol is no longer ignored, which fixes this bug. MaxFrameSize is now restricted to 2112, which is the correct value. (BZ#1381592) * When the fnic driver was installed on Cisco UCS Blade Server, the discs were under certain circumstances put into the offline state with the following error message: "Medium access timeout failure. Offlining disk!". This update fixes fnic to set the Small Computer System Interface (SCSI) status as DID_ABORT after a successful abort operation. As a result, the discs are no longer put into the offlined state in the described situation. (BZ#1382620) |
RHSA-2016:2779: nss and nss-util security update (Moderate)oval-com.redhat.rhsa-def-20162779 mediumRHSA-2016:2779 CVE-2016-2834 CVE-2016-5285 CVE-2016-8635
RHSA-2016:2779: nss and nss-util security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162779 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2779, CVE-2016-2834, CVE-2016-5285, CVE-2016-8635 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.21.3), nss-util (3.21.3). Security Fix(es): * Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-2834) * A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. (CVE-2016-5285) * It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. (CVE-2016-8635) Red Hat would like to thank the Mozilla project for reporting CVE-2016-2834. The CVE-2016-8635 issue was discovered by Hubert Kario (Red Hat). Upstream acknowledges Tyson Smith and Jed Davis as the original reporter of CVE-2016-2834. |
RHSA-2016:2780: firefox security update (Critical)oval-com.redhat.rhsa-def-20162780 highRHSA-2016:2780 CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297 CVE-2016-9064 CVE-2016-9066
RHSA-2016:2780: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20162780 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2780, CVE-2016-5290, CVE-2016-5291, CVE-2016-5296, CVE-2016-5297, CVE-2016-9064, CVE-2016-9066 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290) * A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update. (CVE-2016-9064) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Abhishek Arya, André Bargull, Samuel Groß, Yuyang Zhou, Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters. |
RHSA-2016:2809: ipsilon security update (Important)oval-com.redhat.rhsa-def-20162809 highRHSA-2016:2809 CVE-2016-8638
RHSA-2016:2809: ipsilon security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162809 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2809, CVE-2016-8638 |
| Description | The ipsilon packages provide the Ipsilon identity provider service for federated single sign-on (SSO). Ipsilon links authentication providers and applications or utilities to allow for SSO. It includes a server and utilities to configure Apache-based service providers. Security Fix(es): * A vulnerability was found in ipsilon in the SAML2 provider's handling of sessions. An attacker able to hit the logout URL could determine what service providers other users are logged in to and terminate their sessions. (CVE-2016-8638) This issue was discovered by Patrick Uiterwijk (Red Hat) and Howard Johnson. |
RHSA-2016:2819: memcached security update (Important)oval-com.redhat.rhsa-def-20162819 highRHSA-2016:2819 CVE-2016-8704 CVE-2016-8705 CVE-2016-8706
RHSA-2016:2819: memcached security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162819 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2819, CVE-2016-8704, CVE-2016-8705, CVE-2016-8706 |
| Description | memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix(es): * Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8704, CVE-2016-8705) * An integer overflow flaw, leading to a heap-based buffer overflow, was found in memcached's parsing of SASL authentication messages. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8706) |
RHSA-2016:2820: memcached security update (Important)oval-com.redhat.rhsa-def-20162820 highRHSA-2016:2820 CVE-2016-8704 CVE-2016-8705
RHSA-2016:2820: memcached security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162820 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2820, CVE-2016-8704, CVE-2016-8705 |
| Description | memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix(es): * Two integer overflow flaws, leading to heap-based buffer overflows, were found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code. (CVE-2016-8704, CVE-2016-8705) |
RHSA-2016:2824: expat security update (Moderate)oval-com.redhat.rhsa-def-20162824 mediumRHSA-2016:2824 CVE-2016-0718
RHSA-2016:2824: expat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162824 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2824, CVE-2016-0718 |
| Description | Expat is a C library for parsing XML documents. Security Fix(es): * An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-0718) Red Hat would like to thank Gustavo Grieco for reporting this issue. |
RHSA-2016:2825: thunderbird security update (Important)oval-com.redhat.rhsa-def-20162825 highRHSA-2016:2825 CVE-2016-5290
RHSA-2016:2825: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162825 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2825, CVE-2016-5290 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.0 Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-5290) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Olli Pettay, Christian Holler, Ehsan Akhgari, Jon Coppeard, Gary Kwong, Tooru Fujisawa, Philipp, and Randell Jesup as the original reporters. |
RHSA-2016:2843: firefox security update (Critical)oval-com.redhat.rhsa-def-20162843 highRHSA-2016:2843 CVE-2016-9079
RHSA-2016:2843: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20162843 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2843, CVE-2016-9079 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.5.1 ESR. Security Fix(es): * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. |
RHSA-2016:2850: thunderbird security update (Important)oval-com.redhat.rhsa-def-20162850 highRHSA-2016:2850 CVE-2016-9079
RHSA-2016:2850: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162850 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2850, CVE-2016-9079 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.5.1. Security Fix(es): * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9079) Red Hat would like to thank the Mozilla project for reporting this issue. |
RHSA-2016:2872: sudo security update (Moderate)oval-com.redhat.rhsa-def-20162872 mediumRHSA-2016:2872 CVE-2016-7032 CVE-2016-7076
RHSA-2016:2872: sudo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162872 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2872, CVE-2016-7032, CVE-2016-7076 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges. (CVE-2016-7032, CVE-2016-7076) These issues were discovered by Florian Weimer (Red Hat). |
RHSA-2016:2946: firefox security update (Critical)oval-com.redhat.rhsa-def-20162946 highRHSA-2016:2946 CVE-2016-9893 CVE-2016-9895 CVE-2016-9897 CVE-2016-9898 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9904 CVE-2016-9905
RHSA-2016:2946: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20162946 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2946, CVE-2016-9893, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.6.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Philipp, Wladimir Palant, Nils, Jann Horn, Aral, Andrew Krasichkov, insertscript, Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky as the original reporters. |
RHSA-2016:2962: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20162962 highRHSA-2016:2962 CVE-2016-7117
RHSA-2016:2962: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162962 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2962, CVE-2016-7117 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) Bug Fix(es): * Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in some cases rebooted during the graceful node failover test, because the host kept sending heartbeat packets independently of guests responding to them. This update fixes the bug by properly responding to all the heartbeat messages in the queue, even if they are pending. As a result, guest VMs no longer get rebooted under the described circumstances. (BZ#1391167) |
RHSA-2016:2963: xen security update (Important)oval-com.redhat.rhsa-def-20162963 highRHSA-2016:2963 CVE-2016-9637
RHSA-2016:2963: xen security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162963 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2963, CVE-2016-9637 |
| Description | Xen is a virtual machine monitor Security Fix(es): * An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host. (CVE-2016-9637) Red Hat would like to thank the Xen project for reporting this issue. |
RHSA-2016:2972: vim security update (Moderate)oval-com.redhat.rhsa-def-20162972 mediumRHSA-2016:2972 CVE-2016-1248
RHSA-2016:2972: vim security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20162972 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2016:2972, CVE-2016-1248 |
| Description | Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * A vulnerability was found in vim in how certain modeline options were treated. An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim. (CVE-2016-1248) |
RHSA-2016:2973: thunderbird security update (Important)oval-com.redhat.rhsa-def-20162973 highRHSA-2016:2973 CVE-2016-9893 CVE-2016-9895 CVE-2016-9899 CVE-2016-9900 CVE-2016-9901 CVE-2016-9902 CVE-2016-9905
RHSA-2016:2973: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162973 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2973, CVE-2016-9893, CVE-2016-9895, CVE-2016-9899, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9905 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.6.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9905) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Wladimir Palant, Philipp, Andrew Krasichkov, insertscript, Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky as the original reporters. |
RHSA-2016:2974: gstreamer-plugins-bad-free security update (Important)oval-com.redhat.rhsa-def-20162974 highRHSA-2016:2974 CVE-2016-9445 CVE-2016-9447
RHSA-2016:2974: gstreamer-plugins-bad-free security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162974 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2974, CVE-2016-9445, CVE-2016-9447 |
| Description | GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) * A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9447) Note: This updates removes the vulnerable Nintendo NSF plug-in. |
RHSA-2016:2975: gstreamer-plugins-good security update (Important)oval-com.redhat.rhsa-def-20162975 highRHSA-2016:2975 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808
RHSA-2016:2975: gstreamer-plugins-good security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20162975 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2016:2975, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807, CVE-2016-9808 |
| Description | GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808) * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807) Note: This updates removes the vulnerable FLC/FLI/FLX plug-in. |
RHSA-2016:2997: Red Hat Enterprise Linux 5 Three-Month Retirement Notice (Low)oval-com.redhat.rhsa-def-20162997 lowRHSA-2016:2997
RHSA-2016:2997: Red Hat Enterprise Linux 5 Three-Month Retirement Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20162997 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2016:2997 |
| Description | In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected Urgent priority bug fixes for RHEL 5.11 (the final RHEL 5 release). On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content. In addition, limited technical support will be available through Red Hat's Global Support Services as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (under "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical impact security fixes and selected Urgent priority bug fixes for RHEL 5.11. RHEL 5 ELS coverage will conclude on November 30, 2020. Note that the RHEL 5 ELS Add-On is available for the x86 (32- and 64-bit) architecture only. The RHEL 5 ELS Add-On is not available for the Itanium architecture. To enjoy even more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Instructions for migrating from RHEL 5 to RHEL7 are available at https://access.redhat.com/articles/1211223. Red Hat also offers a Pre-upgrade Assistant tool to aid with the migration of RHEL 5 systems to RHEL 7. For more information about this tool, please see https://access.redhat.com/solutions/1468623. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ |
RHSA-2017:0001: ipa security update (Moderate)oval-com.redhat.rhsa-def-20170001 mediumRHSA-2017:0001 CVE-2016-7030 CVE-2016-9575
RHSA-2017:0001: ipa security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170001 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0001, CVE-2016-7030, CVE-2016-9575 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * It was discovered that the default IdM password policies that lock out accounts after a certain number of failed login attempts were also applied to host and service accounts. A remote unauthenticated user could use this flaw to cause a denial of service attack against kerberized services. (CVE-2016-7030) * It was found that IdM's certprofile-mod command did not properly check the user's permissions while modifying certificate profiles. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. (CVE-2016-9575) The CVE-2016-7030 issue was discovered by Petr Spacek (Red Hat) and the CVE-2016-9575 issue was discovered by Liam Campbell (Red Hat). |
RHSA-2017:0013: ghostscript security update (Moderate)oval-com.redhat.rhsa-def-20170013 mediumRHSA-2017:0013 CVE-2013-5653 CVE-2016-7977 CVE-2016-7978 CVE-2016-7979 CVE-2016-8602
RHSA-2017:0013: ghostscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170013 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0013, CVE-2013-5653, CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2016-8602 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .setdevice suffered a use-after-free vulnerability due to an incorrect reference count. A specially crafted postscript document could trigger code execution in the context of the gs process. (CVE-2016-7978) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602) |
RHSA-2017:0014: ghostscript security update (Moderate)oval-com.redhat.rhsa-def-20170014 mediumRHSA-2017:0014 CVE-2013-5653 CVE-2016-7977 CVE-2016-7979 CVE-2016-8602
RHSA-2017:0014: ghostscript security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170014 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0014, CVE-2013-5653, CVE-2016-7977, CVE-2016-7979, CVE-2016-8602 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was found that the ghostscript functions getenv, filenameforall and .libfile did not honor the -dSAFER option, usually used when processing untrusted documents, leading to information disclosure. A specially crafted postscript document could read environment variable, list directory and retrieve file content respectively, from the target. (CVE-2013-5653, CVE-2016-7977) * It was found that the ghostscript function .initialize_dsc_parser did not validate its parameter before using it, allowing a type confusion flaw. A specially crafted postscript document could cause a crash code execution in the context of the gs process. (CVE-2016-7979) * It was found that ghostscript did not sufficiently check the validity of parameters given to the .sethalftone5 function. A specially crafted postscript document could cause a crash, or execute arbitrary code in the context of the gs process. (CVE-2016-8602) |
RHSA-2017:0018: gstreamer-plugins-bad-free security update (Moderate)oval-com.redhat.rhsa-def-20170018 mediumRHSA-2017:0018 CVE-2016-9445 CVE-2016-9447 CVE-2016-9809
RHSA-2017:0018: gstreamer-plugins-bad-free security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170018 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0018, CVE-2016-9445, CVE-2016-9447, CVE-2016-9809 |
| Description | GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) * A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9447) * An out-of-bounds heap read flaw was found in GStreamer's H.264 parser. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9809) Note: This update removes the vulnerable Nintendo NSF plug-in. |
RHSA-2017:0019: gstreamer-plugins-good security update (Moderate)oval-com.redhat.rhsa-def-20170019 mediumRHSA-2017:0019 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808
RHSA-2017:0019: gstreamer-plugins-good security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170019 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0019, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807, CVE-2016-9808 |
| Description | GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808) * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807) Note: This update removes the vulnerable FLC/FLI/FLX plug-in. |
RHSA-2017:0020: gstreamer1-plugins-good security update (Moderate)oval-com.redhat.rhsa-def-20170020 mediumRHSA-2017:0020 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808
RHSA-2017:0020: gstreamer1-plugins-good security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170020 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0020, CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9807, CVE-2016-9808 |
| Description | GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808) * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807) Note: This update removes the vulnerable FLC/FLI/FLX plug-in. |
RHSA-2017:0021: gstreamer1-plugins-bad-free security update (Moderate)oval-com.redhat.rhsa-def-20170021 mediumRHSA-2017:0021 CVE-2016-9445 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813
RHSA-2017:0021: gstreamer1-plugins-bad-free security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170021 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0021, CVE-2016-9445, CVE-2016-9809, CVE-2016-9812, CVE-2016-9813 |
| Description | GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) * Multiple flaws were discovered in GStreamer's H.264 and MPEG-TS plug-ins. A remote attacker could use these flaws to cause an application using GStreamer to crash. (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813) |
RHSA-2017:0036: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20170036 highRHSA-2017:0036 CVE-2016-4998 CVE-2016-6828 CVE-2016-7117
RHSA-2017:0036: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170036 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0036, CVE-2016-4998, CVE-2016-6828, CVE-2016-7117 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998, Moderate) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) Bug Fix(es): * When parallel NFS returned a file layout, a kernel crash sometimes occurred. This update removes the call to the BUG_ON() function from a code path of a client that returns the file layout. As a result, the kernel no longer crashes in the described situation. (BZ#1385480) * When a guest virtual machine (VM) on Microsoft Hyper-V was set to crash on a Nonmaskable Interrupt (NMI) that was injected from the host, this VM became unresponsive and did not create the vmcore dump file. This update applies a set of patches to the Virtual Machine Bus kernel driver (hv_vmbus) that fix this bug. As a result, the VM now first creates and saves the vmcore dump file and then reboots. (BZ#1385482) * From Red Hat Enterprise Linux 6.6 to 6.8, the IPv6 routing cache occasionally showed incorrect values. This update fixes the DST_NOCOUNT mechanism, and the IPv6 routing cache now shows correct values. (BZ#1391974) * When using the ixgbe driver and the software Fibre Channel over Ethernet (FCoE) stack, suboptimal performance in some cases occurred on systems with a large number of CPUs. This update fixes the fc_exch_alloc() function to try all the available exchange managers in the list for an available exchange ID. This change avoids failing allocations, which previously led to the host busy status. (BZ#1392818) * When the vmwgfx kernel module loads, it overrides the boot resolution automatically. Consequently, users were not able to change the resolution by manual setting of the kernel's 'vga=' parameter in the /boot/grub/grub.conf file. This update adds the 'nomodeset' parameter, which can be set in the /boot/grub/grub.conf file. The 'nomodeset' parameter allows the users to prevent the vmwgfx driver from loading. As a result, the setting of the 'vga=' parameter works as expected, in case that vmwgfx does not load. (BZ#1392875) * When Red Hat Enterprise Linux 6.8 was booted on SMBIOS 3.0 based systems, Desktop Management Interface (DMI) information, which is referenced by several applications, such as NEC server's memory RAS utility, was missing entries in the sysfs virtual file system. This update fixes the underlying source code, and sysfs now shows the DMI information as expected. (BZ#1393464) * Previously, bonding mode active backup and the propagation of the media access control (MAC) address to a VLAN interface did not work in Red Hat Enterprise Linux 6.8, when the fail_over_mac bonding parameter was set to fail_over_mac=active. With this update, the underlying source code has been fixed so that the VLANs continue inheriting the MAC address of the active physical interface until the VLAN MAC address is explicitly set to any value. As a result, IPv6 EUI64 addresses for the VLAN can reflect any changes to the MAC address of the physical interface, and Duplicate Address Detection (DAD) behaves as expected. (BZ#1396479) |
RHSA-2017:0061: java-1.6.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20170061 highRHSA-2017:0061 CVE-2016-5542 CVE-2016-5554 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597
RHSA-2017:0061: java-1.6.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170061 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0061, CVE-2016-5542, CVE-2016-5554, CVE-2016-5573, CVE-2016-5582, CVE-2016-5597 |
| Description | The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix(es): * It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine's memory and completely bypass Java sandbox restrictions. (CVE-2016-5582) * It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP requests to the JDWP port of the debugged application. (CVE-2016-5573) * It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2016-5542) Note: After this update, MD2 hash algorithm and RSA keys with less than 1024 bits are no longer allowed to be used for Jar integrity verification by default. MD5 hash algorithm is expected to be disabled by default in the future updates. A newly introduced security property jdk.jar.disabledAlgorithms can be used to control the set of disabled algorithms. * A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2016-5554) * A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication. (CVE-2016-5597) Note: After this update, Basic HTTP proxy authentication can no longer be used when tunneling HTTPS connection through an HTTP proxy. Newly introduced system properties jdk.http.auth.proxying.disabledSchemes and jdk.http.auth.tunneling.disabledSchemes can be used to control which authentication schemes can be requested by an HTTP proxy when proxying HTTP and HTTPS connections respectively. |
RHSA-2017:0062: bind security update (Important)oval-com.redhat.rhsa-def-20170062 highRHSA-2017:0062 CVE-2016-9131 CVE-2016-9147 CVE-2016-9444
RHSA-2017:0062: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170062 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0062, CVE-2016-9131, CVE-2016-9147, CVE-2016-9444 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9131) * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) * A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9444) Red Hat would like to thank ISC for reporting these issues. |
RHSA-2017:0063: bind security update (Important)oval-com.redhat.rhsa-def-20170063 highRHSA-2017:0063 CVE-2016-9147
RHSA-2017:0063: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170063 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0063, CVE-2016-9147 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) Red Hat would like to thank ISC for reporting this issue. |
RHSA-2017:0064: bind97 security update (Important)oval-com.redhat.rhsa-def-20170064 highRHSA-2017:0064 CVE-2016-9147
RHSA-2017:0064: bind97 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170064 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0064, CVE-2016-9147 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2016-9147) Red Hat would like to thank ISC for reporting this issue. |
RHSA-2017:0083: qemu-kvm security and bug fix update (Low)oval-com.redhat.rhsa-def-20170083 lowRHSA-2017:0083 CVE-2016-2857
RHSA-2017:0083: qemu-kvm security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20170083 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2017:0083, CVE-2016-2857 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm packages provide the user-space component for running virtual machines using KVM. Security Fix(es): * An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857) Red Hat would like to thank Ling Liu (Qihoo 360 Inc.) for reporting this issue. Bug Fix(es): * Previously, rebooting a guest virtual machine more than 128 times in a short period of time caused the guest to shut down instead of rebooting, because the virtqueue was not cleaned properly. This update ensures that the virtqueue is cleaned more reliably, which prevents the described problem from occurring. (BZ#1393484) |
RHSA-2017:0086: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20170086 highRHSA-2017:0086 CVE-2016-6828 CVE-2016-7117 CVE-2016-9555
RHSA-2017:0086: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170086 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0086, CVE-2016-6828, CVE-2016-7117, CVE-2016-9555 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2857831.
Security Fix(es):
* A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)
* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)
* A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate)
Bug Fix(es):
* Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved. (BZ#1390668)
* Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation. (BZ#1391611)
* Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation. (BZ#1392023)
* Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device. Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances. (BZ#1392024)
* Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot:
"Unknown Intel PCH (0xa149) detected."
"Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware."
The messages were shown because this PCH was not properly recognized. With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages. (BZ#1392033)
* Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario. (BZ#1393719)
|
RHSA-2017:0091: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20170091 highRHSA-2017:0091 CVE-2016-6828 CVE-2016-7117 CVE-2016-9555
RHSA-2017:0091: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170091 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0091, CVE-2016-6828, CVE-2016-7117, CVE-2016-9555 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important) * A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate) * A flaw was found in the Linux kernel's implementation of sctp protocol in which a remote attacker can trigger an out of bounds read with an offset of up to 64kB. This may panic the machine with a page-fault. (CVE-2016-9555, Moderate) Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-514.6.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1401863) * Previously, the device mapper (DM) subsystem was not notified that the real-time kernel changes the way preemption works with spinlocks. This caused a kernel panic when the dm-multipath kernel module was loaded because the interrupt request (IRQ) check was invalid on the real-time kernel. This check has been corrected enabling the system to boot correctly with the dm-multipath module enabled. (BZ#1400930) * Unlike the standard Linux kernel, the real-time kernel does not disable interrupts inside the Interrupt Service Routines driver. Because of this difference, a New API (NAPI) function for turning interrupt requests (IRQ) off was actually being called with IRQs enabled. Consequently, the NAPI poll list was being corrupted, causing improper networking card operation and potential kernel hangs. With this update, the NAPI function has been corrected to force modifications of the poll list to be protected allowing proper operation of the networking card drivers. (BZ#1402837) |
RHSA-2017:0175: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20170175 highRHSA-2017:0175 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2016-8328 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3262 CVE-2017-3272 CVE-2017-3289
RHSA-2017:0175: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20170175 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0175, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 121. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2016-8328, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3262, CVE-2017-3272, CVE-2017-3289) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. |
RHSA-2017:0176: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20170176 highRHSA-2017:0176 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5549 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289
RHSA-2017:0176: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20170176 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0176, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 131. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5549, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. |
RHSA-2017:0177: java-1.6.0-sun security update (Critical)oval-com.redhat.rhsa-def-20170177 highRHSA-2017:0177 CVE-2016-5546 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3259 CVE-2017-3261 CVE-2017-3272
RHSA-2017:0177: java-1.6.0-sun security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20170177 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0177, CVE-2016-5546, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 141. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2016-2183, CVE-2016-5546, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3259, CVE-2017-3261, CVE-2017-3272) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. |
RHSA-2017:0180: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20170180 highRHSA-2017:0180 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289
RHSA-2017:0180: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20170180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0180, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2017:0182: squid security update (Moderate)oval-com.redhat.rhsa-def-20170182 mediumRHSA-2017:0182 CVE-2016-10002
RHSA-2017:0182: squid security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170182 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0182, CVE-2016-10002 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002) |
RHSA-2017:0183: squid34 security update (Moderate)oval-com.redhat.rhsa-def-20170183 mediumRHSA-2017:0183 CVE-2016-10002
RHSA-2017:0183: squid34 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170183 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0183, CVE-2016-10002 |
| Description | The squid34 packages provide version 3.4 of Squid, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * It was found that squid did not properly remove connection specific headers when answering conditional requests using a cached request. A remote attacker could send a specially crafted request to an HTTP server via the squid proxy and steal private data from other connections. (CVE-2016-10002) |
RHSA-2017:0184: mysql security update (Important)oval-com.redhat.rhsa-def-20170184 highRHSA-2017:0184 CVE-2016-5616 CVE-2016-6662 CVE-2016-6663
RHSA-2017:0184: mysql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170184 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0184, CVE-2016-5616, CVE-2016-6662, CVE-2016-6663 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. Security Fix(es): * It was discovered that the MySQL logging functionality allowed writing to MySQL configuration files. An administrative database user, or a database user with FILE privileges, could possibly use this flaw to run arbitrary commands with root privileges on the system running the database server. (CVE-2016-6662) * A race condition was found in the way MySQL performed MyISAM engine table repair. A database user with shell access to the server running mysqld could use this flaw to change permissions of arbitrary files writable by the mysql system user. (CVE-2016-6663, CVE-2016-5616) |
RHSA-2017:0190: firefox security update (Critical)oval-com.redhat.rhsa-def-20170190 highRHSA-2017:0190 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5386 CVE-2017-5390 CVE-2017-5396
RHSA-2017:0190: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20170190 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0190, CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.7.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin Razmjou, Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Grégoire, and Jerri Rice as the original reporters. |
RHSA-2017:0225: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20170225 mediumRHSA-2017:0225 CVE-2015-8870 CVE-2016-5652 CVE-2016-9533 CVE-2016-9534 CVE-2016-9535 CVE-2016-9536 CVE-2016-9537 CVE-2016-9540
RHSA-2017:0225: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170225 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0225, CVE-2015-8870, CVE-2016-5652, CVE-2016-9533, CVE-2016-9534, CVE-2016-9535, CVE-2016-9536, CVE-2016-9537, CVE-2016-9540 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files. (CVE-2016-9533, CVE-2016-9534, CVE-2016-9535) * Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool. (CVE-2015-8870, CVE-2016-5652, CVE-2016-9540, CVE-2016-9537, CVE-2016-9536) |
RHSA-2017:0238: thunderbird security update (Important)oval-com.redhat.rhsa-def-20170238 highRHSA-2017:0238 CVE-2017-5373 CVE-2017-5375 CVE-2017-5376 CVE-2017-5378 CVE-2017-5380 CVE-2017-5383 CVE-2017-5390 CVE-2017-5396
RHSA-2017:0238: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170238 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0238, CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.7.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5390, CVE-2017-5396) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Jann Horn, Filipe Gomes, Nils, Armin Razmjou, Christian Holler, Gary Kwong, Andre Bargull, Jan de Mooij, Tom Schuster, Oriol, Rh0, Nicolas Gregoire, and Jerri Rice as the original reporters. |
RHSA-2017:0252: ntp security update (Moderate)oval-com.redhat.rhsa-def-20170252 mediumRHSA-2017:0252 CVE-2016-7426 CVE-2016-7429 CVE-2016-7433 CVE-2016-9310 CVE-2016-9311
RHSA-2017:0252: ntp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170252 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0252, CVE-2016-7426, CVE-2016-7429, CVE-2016-7433, CVE-2016-9310, CVE-2016-9311 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources. (CVE-2016-7426) * A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks. (CVE-2016-9310) * A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service. (CVE-2016-9311) * A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source. (CVE-2016-7429) * A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash. (CVE-2016-7433) |
RHSA-2017:0253: spice-server security update (Moderate)oval-com.redhat.rhsa-def-20170253 mediumRHSA-2017:0253 CVE-2016-9577 CVE-2016-9578
RHSA-2017:0253: spice-server security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170253 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0253, CVE-2016-9577, CVE-2016-9578 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es): * A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577) * A vulnerability was discovered in spice in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578) These issues were discovered by Frediano Ziglio (Red Hat). |
RHSA-2017:0254: spice security update (Moderate)oval-com.redhat.rhsa-def-20170254 mediumRHSA-2017:0254 CVE-2016-9577 CVE-2016-9578
RHSA-2017:0254: spice security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170254 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0254, CVE-2016-9577, CVE-2016-9578 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * A vulnerability was discovered in spice in the server's protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution. (CVE-2016-9577) * A vulnerability was discovered in spice in the server's protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash. (CVE-2016-9578) These issues were discovered by Frediano Ziglio (Red Hat). |
RHSA-2017:0269: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20170269 highRHSA-2017:0269 CVE-2016-5546 CVE-2016-5547 CVE-2016-5548 CVE-2016-5552 CVE-2017-3231 CVE-2017-3241 CVE-2017-3252 CVE-2017-3253 CVE-2017-3261 CVE-2017-3272 CVE-2017-3289
RHSA-2017:0269: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20170269 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0269, CVE-2016-5546, CVE-2016-5547, CVE-2016-5548, CVE-2016-5552, CVE-2017-3231, CVE-2017-3241, CVE-2017-3252, CVE-2017-3253, CVE-2017-3261, CVE-2017-3272, CVE-2017-3289 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-3241) This issue was addressed by introducing whitelists of classes that can be deserialized by RMI registry or DCG. These whitelists can be customized using the newly introduced sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter security properties. * Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-3272, CVE-2017-3289) * A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2016-5548) * It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools. (CVE-2016-5546) * It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory. (CVE-2017-3253) * It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory. (CVE-2016-5547) * It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN. (CVE-2017-3252) * It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL. (CVE-2016-5552) * Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-3261, CVE-2017-3231) * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) This update mitigates the CVE-2016-2183 issue by adding 3DES cipher suites to the list of legacy algorithms (defined using the jdk.tls.legacyAlgorithms security property) so they are only used if connecting TLS/SSL client and server do not share any other non-legacy cipher suite. |
RHSA-2017:0276: bind security update (Moderate)oval-com.redhat.rhsa-def-20170276 mediumRHSA-2017:0276 CVE-2017-3135
RHSA-2017:0276: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170276 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0276, CVE-2017-3135 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response. (CVE-2017-3135) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Ramesh Damodaran (Infoblox) and Aliaksandr Shubnik (Infoblox) as the original reporter. |
RHSA-2017:0286: openssl security update (Moderate)oval-com.redhat.rhsa-def-20170286 mediumRHSA-2017:0286 CVE-2016-8610 CVE-2017-3731
RHSA-2017:0286: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170286 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0286, CVE-2016-8610, CVE-2017-3731 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * An integer underflow leading to an out of bounds read flaw was found in OpenSSL. A remote attacker could possibly use this flaw to crash a 32-bit TLS/SSL server or client using OpenSSL if it used the RC4-MD5 cipher suite. (CVE-2017-3731) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) |
RHSA-2017:0293: kernel security update (Important)oval-com.redhat.rhsa-def-20170293 highRHSA-2017:0293 CVE-2017-6074
RHSA-2017:0293: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170293 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0293, CVE-2017-6074 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) |
RHSA-2017:0294: kernel security update (Important)oval-com.redhat.rhsa-def-20170294 highRHSA-2017:0294 CVE-2017-6074
RHSA-2017:0294: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170294 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0294, CVE-2017-6074 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) |
RHSA-2017:0295: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20170295 highRHSA-2017:0295 CVE-2017-6074
RHSA-2017:0295: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170295 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0295, CVE-2017-6074 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) |
RHSA-2017:0307: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170307 mediumRHSA-2017:0307 CVE-2016-6136 CVE-2016-9555
RHSA-2017:0307: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170307 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0307, CVE-2016-6136, CVE-2016-9555 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. (CVE-2016-6136, Moderate) * A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate) Bug Fix(es): * The qlnic driver previously attempted to fetch pending transmission descriptors before all writes were complete, which lead to firmware hangs. With this update, the qlcnic driver has been fixed to complete all writes before the hardware fetches any pending transmission descriptors. As a result, the firmware no longer hangs with the qlcnic driver. (BZ#1403143) * Previously, when a NFS share was mounted, the file-system (FS) cache was incorrectly enabled even when the "-o fsc" option was not used in the mount command. Consequently, the cachefilesd service stored files in the NFS share even when not instructed to by the user. With this update, NFS does not use the FS cache if not instructed by the "-o fsc" option. As a result, NFS no longer enables caching if the "-o fsc" option is not used. (BZ#1399172) * Previously, an NFS client and NFS server got into a NFS4 protocol loop involving a WRITE action and a NFS4ERR_EXPIRED response when the current_fileid counter got to the wraparound point by overflowing the value of 32 bits. This update fixes the NFS server to handle the current_fileid wraparound. As a result, the described NFS4 protocol loop no longer occurs. (BZ#1399174) * Previously, certain configurations of the Hewlett Packard Smart Array (HPSA) devices caused hardware to be set offline incorrectly when the HPSA driver was expected to wait for existing I/O operations to complete. Consequently, a kernel panic occurred. This update prevents the described problem. As a result, the kernel panic no longer occurs. (BZ#1399175) * Previously, memory corruption by copying data into the wrong memory locations sometimes occurred, because the __copy_tofrom_user() function was returning incorrect values. This update fixes the __copy_tofrom_user() function so that it no longer returns larger values than the number of bytes it was asked to copy. As a result, memory corruption no longer occurs in he described scenario. (BZ#1398185) * Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in some cases rebooted during the graceful node failover test, because the host kept sending heartbeat packets independently of guests responding to them. This update fixes the bug by properly responding to all the heartbeat messages in the queue, even if they are pending. As a result, guest VMs no longer get rebooted under the described circumstances. (BZ#1397739) * When the "punching hole" feature of the fallocate utility was used on an ext4 file system inode with extent depth of 1, the extent tree of the inode sometimes became corrupted. With this update, the underlying source code has been fixed, and extent tree corruption no longer occurs in the described situation. (BZ#1397808) |
RHSA-2017:0309: qemu-kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20170309 highRHSA-2017:0309 CVE-2016-2857 CVE-2017-2615
RHSA-2017:0309: qemu-kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170309 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0309, CVE-2016-2857, CVE-2017-2615 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the Qemu process resulting in DoS or potentially execute arbitrary code on the host with privileges of Qemu process on the host. (CVE-2017-2615) * An out-of-bounds read-access flaw was found in the QEMU emulator built with IP checksum routines. The flaw could occur when computing a TCP/UDP packet's checksum, because a QEMU function used the packet's payload length without checking against the data buffer's size. A user inside a guest could use this flaw to crash the QEMU process (denial of service). (CVE-2016-2857) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) Li Qiang (360.cn Inc.) for reporting CVE-2017-2615 and Ling Liu (Qihoo 360 Inc.) for reporting CVE-2016-2857. This update also fixes the following bug: * Previously, rebooting a guest virtual machine more than 128 times in a short period of time caused the guest to shut down instead of rebooting, because the virtqueue was not cleaned properly. This update ensures that the virtqueue is cleaned more reliably, which prevents the described problem from occurring. (BZ#1408389) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. |
RHSA-2017:0323: kernel security update (Important)oval-com.redhat.rhsa-def-20170323 highRHSA-2017:0323 CVE-2017-2634 CVE-2017-6074
RHSA-2017:0323: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170323 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0323, CVE-2017-2634, CVE-2017-6074 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074, Important) * It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system. (CVE-2017-2634, Moderate) Important: This update disables the DCCP kernel module at load time by using the kernel module blacklist method. The module is disabled in an attempt to reduce further exposure to additional issues. Please see Red Hat Bugzilla (BZ#1425177) for additional information. Red Hat would like to thank Andrey Konovalov (Google) for reporting CVE-2017-6074. The CVE-2017-2634 issue was discovered by Wade Mealing (Red Hat Product Security). |
RHSA-2017:0340: Red Hat Enterprise Linux 5 One-Month Retirement Notice (Low)oval-com.redhat.rhsa-def-20170340 lowRHSA-2017:0340
RHSA-2017:0340: Red Hat Enterprise Linux 5 One-Month Retirement Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20170340 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2017:0340 |
| Description | In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 will be retired on March 31, 2017, at the end of Production Phase 3. Until that date, customers will continue to receive Critical impact security patches and selected Urgent priority bug fixes for RHEL 5.11 (the final RHEL 5 release). On that date, active support included with your RHEL Premium or Standard subscription will conclude. This means that customers will continue to have access to all previously released content. In addition, limited technical support will be available through Red Hat's Global Support Services as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (under "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical impact security fixes and selected Urgent priority bug fixes for RHEL 5.11. RHEL 5 ELS coverage will conclude on November 30, 2020. To enjoy even more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Instructions for migrating from RHEL 5 to RHEL7 are available at https://access.redhat.com/articles/1211223. Red Hat also offers a Pre-upgrade Assistant tool to aid with the migration of RHEL 5 systems to RHEL 7. For more information about this tool, please see https://access.redhat.com/solutions/1468623. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ |
RHSA-2017:0352: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20170352 highRHSA-2017:0352 CVE-2017-2620
RHSA-2017:0352: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170352 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0352, CVE-2017-2620 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) |
RHSA-2017:0372: kernel-aarch64 security and bug fix update (Important)oval-com.redhat.rhsa-def-20170372 highRHSA-2017:0372 CVE-2016-5195 CVE-2016-7039 CVE-2016-8666
RHSA-2017:0372: kernel-aarch64 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170372 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0372, CVE-2016-5195, CVE-2016-7039, CVE-2016-8666 |
| Description | The kernel-aarch64 package contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. (CVE-2016-5195, Important) * Linux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. (CVE-2016-7039, Important) Red Hat would like to thank Phil Oester for reporting CVE-2016-5195. Bug Fix(es): * Previously, the operating system did not support the Mellanox ConnectX-4 PCIe Network Interface Controllers (NIC) in Ethernet mode. This update enables Ethernet support in the mlx5 driver. As a result, the Mellanox ConnectX-4 PCIe NICs now work in Ethernet mode as expected. (BZ#1413108) * On the Qualcomm Datacenter Technologies server platform with Qualcomm Datacenter Technologies Centriq 2400 CPU (QDF2400v1) memory accesses sometimes allocated Translation Lookaside Buffer (TLB) entries using an incorrect Address Space ID (ASID). This could consequently result in memory corruption and crashes under certain conditions. The underlying source code has been modified to handle the TTBRx_EL1[ASID] and TTBRx_EL1[BADDR] fields separately using a reserved ASID, and the described problem no longer occurs. (BZ#1421765) |
RHSA-2017:0386: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20170386 highRHSA-2017:0386 CVE-2016-8630 CVE-2016-8655 CVE-2016-9083 CVE-2016-9084
RHSA-2017:0386: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170386 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0386, CVE-2016-8630, CVE-2016-8655, CVE-2016-9083, CVE-2016-9084 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) * A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) * The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate) Red Hat would like to thank Philip Pettersson for reporting CVE-2016-8655. Additional Changes: Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/2940041. |
RHSA-2017:0387: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20170387 highRHSA-2017:0387 CVE-2016-8630 CVE-2016-8655 CVE-2016-9083 CVE-2016-9084
RHSA-2017:0387: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170387 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0387, CVE-2016-8630, CVE-2016-8655, CVE-2016-9083, CVE-2016-9084 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important) * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2016-8655, Important) * A flaw was discovered in the Linux kernel's implementation of VFIO. An attacker issuing an ioctl can create a situation where memory is corrupted and modify memory outside of the expected area. This may overwrite kernel memory and subvert kernel execution. (CVE-2016-9083, Important) * The use of a kzalloc with an integer multiplication allowed an integer overflow condition to be reached in vfio_pci_intrs.c. This combined with CVE-2016-9083 may allow an attacker to craft an attack and use unallocated memory, potentially crashing the machine. (CVE-2016-9084, Moderate) Red Hat would like to thank Philip Pettersson for reporting CVE-2016-8655. Bug Fix(es): * Previously, the asynchronous page fault woke code references spinlocks, which were actually sleeping locks in the RT kernel. Because of this, when the code was executed from the exception context, a bug warning appeared on the console. With this update, the regular wait queue and spinlock code in this area has been modified to use simple-wait-queue and raw-spinlocks. This code change enables the asynchronous page fault code to run in a non-preemptable state without bug warnings. (BZ#1418035) |
RHSA-2017:0388: ipa security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170388 mediumRHSA-2017:0388 CVE-2017-2590
RHSA-2017:0388: ipa security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170388 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0388, CVE-2017-2590 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * It was found that IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys. (CVE-2017-2590) This issue was discovered by Fraser Tweedale (Red Hat). Bug Fix(es): * Previously, during an Identity Management (IdM) replica installation that runs on domain level "1" or higher, Directory Server was not configured to use TLS encryption. As a consequence, installing a certificate authority (CA) on that replica failed. Directory Server is now configured to use TLS encryption during the replica installation and as a result, the CA installation works as expected. (BZ#1410760) * Previously, the Identity Management (IdM) public key infrastructure (PKI) component was configured to listen on the "::1" IPv6 localhost address. In environments have the the IPv6 protocol disabled, the replica installer was unable to retrieve the Directory Server certificate, and the installation failed. The default listening address of the PKI connector has been updated from the IP address to "localhost". As a result, the PKI connector now listens on the correct addresses in IPv4 and IPv6 environments. (BZ#1416481) * Previously, when installing a certificate authority (CA) on a replica, Identity Management (IdM) was unable to provide third-party CA certificates to the Certificate System CA installer. As a consequence, the installer was unable to connect to the remote master if the remote master used a third-party server certificate, and the installation failed. This updates applies a patch and as a result, installing a CA replica works as expected in the described situation. (BZ#1415158) * When installing a replica, the web server service entry is created on the Identity Management (IdM) master and replicated to all IdM servers. Previously, when installing a replica without a certificate authority (CA), in certain situations the service entry was not replicated to the new replica on time, and the installation failed. The replica installer has been updated and now waits until the web server service entry is replicated. As a result, the replica installation no longer fails in the described situation. (BZ#1416488) |
RHSA-2017:0396: qemu-kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20170396 highRHSA-2017:0396 CVE-2017-2615 CVE-2017-2620
RHSA-2017:0396: qemu-kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170396 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0396, CVE-2017-2615, CVE-2017-2620 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615. Bug Fix(es): * When using the virtio-blk driver on a guest virtual machine with no space on the virtual hard drive, the guest terminated unexpectedly with a "block I/O error in device" message and the qemu-kvm process exited with a segmentation fault. This update fixes how the system_reset QEMU signal is handled in the above scenario. As a result, if a guest crashes due to no space left on the device, qemu-kvm continues running and the guest can be reset as expected. (BZ#1420049) |
RHSA-2017:0454: kvm security update (Important)oval-com.redhat.rhsa-def-20170454 highRHSA-2017:0454 CVE-2017-2615 CVE-2017-2620
RHSA-2017:0454: kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170454 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0454, CVE-2017-2615, CVE-2017-2620 |
| Description | KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware. Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc. Security Fix(es): * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process resulting in DoS or potentially execute arbitrary code on the host with privileges of QEMU process on the host. (CVE-2017-2615) * Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU process OR potentially execute arbitrary code on host with privileges of the QEMU process. (CVE-2017-2620) Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn Inc.) for reporting CVE-2017-2615. |
RHSA-2017:0459: firefox security update (Critical)oval-com.redhat.rhsa-def-20170459 highRHSA-2017:0459 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410
RHSA-2017:0459: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20170459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0459, CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 45.8.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters. |
RHSA-2017:0461: firefox security update (Critical)oval-com.redhat.rhsa-def-20170461 highRHSA-2017:0461 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410
RHSA-2017:0461: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20170461 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0461, CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters. |
RHSA-2017:0498: thunderbird security update (Important)oval-com.redhat.rhsa-def-20170498 highRHSA-2017:0498 CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402 CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408 CVE-2017-5410
RHSA-2017:0498: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170498 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0498, CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 45.8.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner, Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters. |
RHSA-2017:0527: tomcat6 security update (Moderate)oval-com.redhat.rhsa-def-20170527 mediumRHSA-2017:0527 CVE-2016-6816 CVE-2016-8745
RHSA-2017:0527: tomcat6 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170527 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0527, CVE-2016-6816, CVE-2016-8745 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
|
RHSA-2017:0558: firefox security update (Critical)oval-com.redhat.rhsa-def-20170558 highRHSA-2017:0558 CVE-2017-5428
RHSA-2017:0558: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20170558 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0558, CVE-2017-5428 |
| Description | Mozilla Firefox is an open source web browser. Security Fix(es): * A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5428) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Chaitin Security Research Lab via Trend Micro's Zero Day Initiative as the original reporters. |
RHSA-2017:0559: openjpeg security update (Moderate)oval-com.redhat.rhsa-def-20170559 mediumRHSA-2017:0559 CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 CVE-2016-7163 CVE-2016-9675
RHSA-2017:0559: openjpeg security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170559 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0559, CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163, CVE-2016-9675 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution. (CVE-2016-9675) The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). |
RHSA-2017:0564: libguestfs security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170564 mediumRHSA-2017:0564 CVE-2015-8869
RHSA-2017:0564: libguestfs security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170564 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0564, CVE-2015-8869 |
| Description | The libguestfs packages contain a library, which is used for accessing and modifying virtual machine (VM) disk images. Security Fix(es): * An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869) Note: The libguestfs packages in this advisory were rebuilt with a fixed version of OCaml to address this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0565: ocaml security update (Moderate)oval-com.redhat.rhsa-def-20170565 mediumRHSA-2017:0565 CVE-2015-8869
RHSA-2017:0565: ocaml security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170565 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0565, CVE-2015-8869 |
| Description | OCaml is a high-level, strongly-typed, functional, and object-oriented programming language from the ML family of languages. The ocaml packages contain two batch compilers (a fast bytecode compiler and an optimizing native-code compiler), an interactive top level system, parsing tools (Lex, Yacc, Camlp4), a replay debugger, a documentation generator, and a comprehensive library. Security Fix(es): * An integer conversion flaw was found in the way OCaml's String handled its length. Certain operations on an excessively long String could trigger a buffer overflow or result in an information leak. (CVE-2015-8869) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0574: gnutls security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20170574 mediumRHSA-2017:0574 CVE-2016-8610 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337
RHSA-2017:0574: gnutls security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170574 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0574, CVE-2016-8610, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337 |
| Description | The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (2.12.23). (BZ#1321112, BZ#1326073, BZ#1415682, BZ#1326389) Security Fix(es): * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections form other clients. (CVE-2016-8610) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0621: qemu-kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170621 mediumRHSA-2017:0621 CVE-2016-3712
RHSA-2017:0621: qemu-kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170621 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0621, CVE-2016-3712 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An integer overflow flaw and an out-of-bounds read flaw were found in the way QEMU's VGA emulator set certain VGA registers while in VBE mode. A privileged guest user could use this flaw to crash the QEMU process instance. (CVE-2016-3712) Red Hat would like to thank Zuozhi Fzz (Alibaba Inc.) for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0630: tigervnc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170630 mediumRHSA-2017:0630 CVE-2016-10207 CVE-2017-5581
RHSA-2017:0630: tigervnc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170630 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0630, CVE-2016-10207, CVE-2017-5581 |
| Description | Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The tigervnc packages contain a client which allows users to connect to other desktops running a VNC server. Security Fix(es): * A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. (CVE-2016-10207) * A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. (CVE-2017-5581) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0631: wireshark security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170631 mediumRHSA-2017:0631 CVE-2013-4075 CVE-2015-3811 CVE-2015-3812 CVE-2015-3813
RHSA-2017:0631: wireshark security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170631 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0631, CVE-2013-4075, CVE-2015-3811, CVE-2015-3812, CVE-2015-3813 |
| Description | The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix(es): * Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2015-3811, CVE-2015-3812, CVE-2015-3813, CVE-2013-4075) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0641: openssh security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170641 mediumRHSA-2017:0641 CVE-2015-8325
RHSA-2017:0641: openssh security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170641 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0641, CVE-2015-8325 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * It was discovered that the OpenSSH sshd daemon fetched PAM environment settings before running the login program. In configurations with UseLogin=yes and the pam_env PAM module configured to read user environment settings, a local user could use this flaw to execute arbitrary code as root. (CVE-2015-8325) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0654: coreutils security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170654 mediumRHSA-2017:0654 CVE-2017-2616
RHSA-2017:0654: coreutils security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170654 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0654, CVE-2017-2616 |
| Description | The coreutils packages contain the GNU Core Utilities and represent a combination of the previously used GNU fileutils, sh-utils, and textutils packages. Security Fix(es): * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. (CVE-2017-2616) Red Hat would like to thank Tobias Stöckmann for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0662: samba security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170662 mediumRHSA-2017:0662 CVE-2016-2125 CVE-2016-2126
RHSA-2017:0662: samba security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170662 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0662, CVE-2016-2125, CVE-2016-2126 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0680: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170680 mediumRHSA-2017:0680 CVE-2014-9761 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779
RHSA-2017:0680: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170680 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0680, CVE-2014-9761, CVE-2015-8776, CVE-2015-8778, CVE-2015-8779 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. (CVE-2014-9761) * It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. (CVE-2015-8776) * An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution. (CVE-2015-8778) * A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code. (CVE-2015-8779) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0698: subscription-manager security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20170698 mediumRHSA-2017:0698 CVE-2016-4455
RHSA-2017:0698: subscription-manager security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170698 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0698, CVE-2016-4455 |
| Description | The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the Red Hat entitlement platform. The subscription-manager-migration-data package provides certificates for migrating a system from the legacy Red Hat Network Classic (RHN) to Red Hat Subscription Management (RHSM). The python-rhsm packages provide a library for communicating with the representational state transfer (REST) interface of a Red Hat Unified Entitlement Platform. The Subscription Management tools use this interface to manage system entitlements, certificates, and access to content. The following packages have been upgraded to a later upstream version: subscription-manager (1.18.10), python-rhsm (1.18.6), subscription-manager-migration-data (2.0.34). (BZ#1383475, BZ#1385446, BZ#1385382) Security Fix(es): * It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack. (CVE-2016-4455) Red Hat would like to thank Robert Scheck for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0725: bash security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170725 mediumRHSA-2017:0725 CVE-2016-0634 CVE-2016-7543 CVE-2016-9401
RHSA-2017:0725: bash security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170725 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0725, CVE-2016-0634, CVE-2016-7543, CVE-2016-9401 |
| Description | The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634) * An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543) * A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0744: samba4 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170744 mediumRHSA-2017:0744 CVE-2016-2125 CVE-2016-2126
RHSA-2017:0744: samba4 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170744 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0744, CVE-2016-2125, CVE-2016-2126 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0794: quagga security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170794 mediumRHSA-2017:0794 CVE-2013-2236 CVE-2016-1245 CVE-2016-2342 CVE-2016-4049 CVE-2017-5495
RHSA-2017:0794: quagga security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170794 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0794, CVE-2013-2236, CVE-2016-1245, CVE-2016-2342, CVE-2016-4049, CVE-2017-5495 |
| Description | The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix(es): * A stack-based buffer overflow flaw was found in the way Quagga handled IPv6 router advertisement messages. A remote attacker could use this flaw to crash the zebra daemon resulting in denial of service. (CVE-2016-1245) * A stack-based buffer overflow flaw was found in the way the Quagga BGP routing daemon (bgpd) handled Labeled-VPN SAFI routes data. A remote attacker could use this flaw to crash the bgpd daemon resulting in denial of service. (CVE-2016-2342) * A denial of service flaw was found in the Quagga BGP routing daemon (bgpd). Under certain circumstances, a remote attacker could send a crafted packet to crash the bgpd daemon resulting in denial of service. (CVE-2016-4049) * A denial of service flaw affecting various daemons in Quagga was found. A remote attacker could use this flaw to cause the various Quagga daemons, which expose their telnet interface, to crash. (CVE-2017-5495) * A stack-based buffer overflow flaw was found in the way the Quagga OSPFD daemon handled LSA (link-state advertisement) packets. A remote attacker could use this flaw to crash the ospfd daemon resulting in denial of service. (CVE-2013-2236) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0817: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20170817 mediumRHSA-2017:0817 CVE-2016-10088 CVE-2016-10142 CVE-2016-2069 CVE-2016-2384 CVE-2016-6480 CVE-2016-7042 CVE-2016-7097 CVE-2016-8399 CVE-2016-9576 CVE-2017-5551
RHSA-2017:0817: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170817 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0817, CVE-2016-10088, CVE-2016-10142, CVE-2016-2069, CVE-2016-2384, CVE-2016-6480, CVE-2016-7042, CVE-2016-7097, CVE-2016-8399, CVE-2016-9576, CVE-2017-5551 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate) * A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table). (CVE-2016-2069, Moderate) * A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate) * It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate) * It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097, Moderate) * A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate) * It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576, CVE-2016-10088, Moderate) * A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low) The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. |
RHSA-2017:0837: icoutils security update (Important)oval-com.redhat.rhsa-def-20170837 highRHSA-2017:0837 CVE-2017-5208 CVE-2017-5332 CVE-2017-5333 CVE-2017-6009 CVE-2017-6010 CVE-2017-6011
RHSA-2017:0837: icoutils security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170837 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0837, CVE-2017-5208, CVE-2017-5332, CVE-2017-5333, CVE-2017-6009, CVE-2017-6010, CVE-2017-6011 |
| Description | The icoutils are a set of programs for extracting and converting images in Microsoft Windows icon and cursor files. These files usually have the extension .ico or .cur, but they can also be embedded in executables or libraries. Security Fix(es): * Multiple vulnerabilities were found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution. (CVE-2017-5208, CVE-2017-5333, CVE-2017-6009) * A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in failure to allocate memory or an over-large memcpy operation, leading to a crash. (CVE-2017-5332) * Multiple vulnerabilities were found in icoutils, in the icotool program. An attacker could create a crafted ICO or CUR file that, when read by icotool, could result in memory corruption leading to a crash or potential code execution. (CVE-2017-6010, CVE-2017-6011) |
RHSA-2017:0838: openjpeg security update (Moderate)oval-com.redhat.rhsa-def-20170838 mediumRHSA-2017:0838 CVE-2016-5139 CVE-2016-5158 CVE-2016-5159 CVE-2016-7163 CVE-2016-9573 CVE-2016-9675
RHSA-2017:0838: openjpeg security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170838 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0838, CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163, CVE-2016-9573, CVE-2016-9675 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). |
RHSA-2017:0847: curl security update (Moderate)oval-com.redhat.rhsa-def-20170847 mediumRHSA-2017:0847 CVE-2017-2628
RHSA-2017:0847: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170847 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0847, CVE-2017-2628 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. (CVE-2017-2628) This issue was discovered by Paulo Andrade (Red Hat). |
RHSA-2017:0862: Red Hat Enterprise Linux 5 Retirement Notice (Low)oval-com.redhat.rhsa-def-20170862 lowRHSA-2017:0862
RHSA-2017:0862: Red Hat Enterprise Linux 5 Retirement Notice (Low)
| Rule ID | oval-com.redhat.rhsa-def-20170862 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2017:0862 |
| Description | In accordance with the Red Hat Enterprise Linux Errata Support Policy, support for Red Hat Enterprise Linux 5 was retired on March 31, 2017, at the end of Production Phase 3 and active support is no longer provided. As the product will now be in the Extended Life Phase, customers will continue to have access to all previously released content, and limited technical support will be available through Red Hat's Customer Experience and Engagement as described in the Knowledge Base article available at https://access.redhat.com/articles/64664 (search for "non-current minor release"). However, we recognize that some customers will wish to remain on Red Hat Enterprise Linux 5 even after the March 31, 2017 retirement date. To meet this customer requirement, Red Hat will offer customers the option to purchase the Extended Life Cycle Support (ELS) Add-On as an annually renewable subscription. This ELS Add-On provides customers with up to an additional three and a half (3.5) years of Critical Impact security fixes and selected Urgent Priority bug fixes for Red Hat Enterprise Linux 5.11. Red Hat Enterprise Linux 5 ELS coverage will conclude on November 30, 2020. UPDATE: Note that the Red Hat Enterprise Linux 5 ELS Add-On is available for the x86 (32- and 64-bit) and z Systems architectures only. The Red Hat Enterprise Linux 5 ELS Add-On is not available for the Itanium architecture. In addition, the Red Hat Enterprise Linux 5 ELS Add-On is only available for Server, and does not apply to layered products or Add-Ons. To enjoy even more comprehensive product support, we encourage customers to migrate from Red Hat Enterprise Linux 5 to a more recent version. As a benefit of the Red Hat subscription, customers may, of course, use their active subscriptions to entitle any system on any currently supported Red Hat Enterprise Linux release. Instructions for migrating from Red Hat Enterprise Linux 5 to Red Hat Enterprise Linux 7 are available at https://access.redhat.com/articles/1211223. Red Hat also has a Pre-upgrade Assistant tool to aid with the migration of Red Hat Enterprise Linux 5 systems to Red Hat Enterprise Linux 7. For more information about this tool, please see https://access.redhat.com/solutions/1468623. Details of the Red Hat Enterprise Linux life cycle can be found here: https://access.redhat.com/support/policy/updates/errata/ |
RHSA-2017:0892: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20170892 highRHSA-2017:0892 CVE-2016-7910 CVE-2017-2636
RHSA-2017:0892: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170892 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0892, CVE-2016-7910, CVE-2017-2636 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important) * A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate) Red Hat would like to thank Alexander Popov for reporting CVE-2017-2636. Bug Fix(es): * Previously, Chelsio firmware included an incorrectly-formatted firmware bin file. As a consequence, the firmware could not be flashed. This update provides a firmware bin file that is formatted correctly. As a result, Chelsio firmware can now be flashed successfully. (BZ#1433865) * When multiple simultaneous processes attempted to read from the /proc/stat file, spinlock overhead was generated on Non-Uniform Memory Access (NUMA) systems. Consequently, a large amount of CPU was consumed. With this update, the underlying source code has been fixed to avoid taking spinlock when the interrupt line does not exist. As a result, the spinlock overhead is now generated less often, and multiple simultaneous processes can now read /proc/stat without consuming a large amount of CPU. (BZ#1428106) |
RHSA-2017:0893: 389-ds-base security and bug fix update (Important)oval-com.redhat.rhsa-def-20170893 highRHSA-2017:0893 CVE-2017-2668
RHSA-2017:0893: 389-ds-base security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170893 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0893, CVE-2017-2668 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668) Red Hat would like to thank Joachim Jabs (F24) for reporting this issue. Bug Fix(es): * Previously, the "deref" plug-in failed to dereference attributes that use distinguished name (DN) syntax, such as "uniqueMember". With this patch, the "deref" plug-in can dereference such attributes and additionally "Name and Optional UID" syntax. As a result, the "deref" plug-in now supports any syntax. (BZ#1435365) |
RHSA-2017:0906: httpd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170906 mediumRHSA-2017:0906 CVE-2016-0736 CVE-2016-2161 CVE-2016-4975 CVE-2016-8743
RHSA-2017:0906: httpd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170906 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0906, CVE-2016-0736, CVE-2016-2161, CVE-2016-4975, CVE-2016-8743 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that the mod_session_crypto module of httpd did not use any mechanisms to verify integrity of the encrypted session data stored in the user's browser. A remote attacker could use this flaw to decrypt and modify session data using a padding oracle attack. (CVE-2016-0736) * It was discovered that the mod_auth_digest module of httpd did not properly check for memory allocation failures. A remote attacker could use this flaw to cause httpd child processes to repeatedly crash if the server used HTTP digest authentication. (CVE-2016-2161) * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue. Bug Fix(es): * When waking up child processes during a graceful restart, the httpd parent process could attempt to open more connections than necessary if a large number of child processes had been active prior to the restart. Consequently, a graceful restart could take a long time to complete. With this update, httpd has been fixed to limit the number of connections opened during a graceful restart to the number of active children, and the described problem no longer occurs. (BZ#1420002) * Previously, httpd running in a container returned the 500 HTTP status code (Internal Server Error) when a connection to a WebSocket server was closed. As a consequence, the httpd server failed to deliver the correct HTTP status and data to a client. With this update, httpd correctly handles all proxied requests to the WebSocket server, and the described problem no longer occurs. (BZ#1429947) * In a configuration using LDAP authentication with the mod_authnz_ldap module, the name set using the AuthLDAPBindDN directive was not correctly used to bind to the LDAP server for all queries. Consequently, authorization attempts failed. The LDAP modules have been fixed to ensure the configured name is correctly bound for LDAP queries, and authorization using LDAP no longer fails. (BZ#1420047) |
RHSA-2017:0907: util-linux security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170907 mediumRHSA-2017:0907 CVE-2017-2616
RHSA-2017:0907: util-linux security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170907 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0907, CVE-2017-2616 |
| Description | The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program. Security Fix(es): * A race condition was found in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions. (CVE-2017-2616) Red Hat would like to thank Tobias Stöckmann for reporting this issue. Bug Fix(es): * The "findmnt --target <path>" command prints all file systems where the mount point directory is <path>. Previously, when used in the chroot environment, "findmnt --target <path>" incorrectly displayed all mount points. The command has been fixed so that it now checks the mount point path and returns information only for the relevant mount point. (BZ#1414481) |
RHSA-2017:0914: libreoffice security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20170914 mediumRHSA-2017:0914 CVE-2017-3157
RHSA-2017:0914: libreoffice security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170914 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0914, CVE-2017-3157 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document. (CVE-2017-3157) Bug Fix(es): * Previously, an improper resource management caused the LibreOffice Calc spreadsheet application to terminate unexpectedly after closing a dialog window with accessibility support enabled. The resource management has been improved, and the described problem no longer occurs. (BZ#1425536) * Previously, when an incorrect password was entered for a password protected document, the document has been considered as valid and a fallback attempt to open it as plain text has been made. As a consequence, it could appear that the document succesfully loaded, while just the encrypted unreadable content was shown. A fix has been made to terminate import attempts after entering incorrect password, and now nothing is loaded when a wrong password is entered. (BZ#1426348) * Previously, an improper resource management caused the LibreOffice Calc spreadsheet application to terminate unexpectedly during exit, after the Text Import dialog for CSV (Comma-separated Value) files closed, when accessibility support was enabled. The resource management has been improved, and the described problem no longer occurs. (BZ#1425535) |
RHSA-2017:0920: 389-ds-base security and bug fix update (Important)oval-com.redhat.rhsa-def-20170920 highRHSA-2017:0920 CVE-2017-2668
RHSA-2017:0920: 389-ds-base security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170920 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0920, CVE-2017-2668 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. (CVE-2017-2668) Red Hat would like to thank Joachim Jabs (F24) for reporting this issue. Bug Fix(es): * Previously, when adding a filtered role definition that uses the "nsrole" virtual attribute in the filter, Directory Server terminated unexpectedly. A patch has been applied, and now the roles plug-in ignores all virtual attributes. As a result, an error message is logged when an invalid filter is used. Additionally, the role is deactivated and Directory Server no longer fails. (BZ#1429498) * In a replication topology, Directory Server incorrectly calculated the size of string format entries when a lot of entries were deleted. The calculated size of entries was smaller than the actual required size. Consequently, Directory Server allocated insufficient memory and terminated unexpectedly when the data was written to it. With this update, the size of string format entries is now calculated correctly in the described situation and Directory Server no longer terminates unexpectedly. (BZ#1429495) |
RHSA-2017:0931: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20170931 highRHSA-2017:0931 CVE-2016-8650 CVE-2016-9793 CVE-2017-2618 CVE-2017-2636
RHSA-2017:0931: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170931 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0931, CVE-2016-8650, CVE-2016-9793, CVE-2017-2618, CVE-2017-2636 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)
* A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650, Moderate)
* A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793, Moderate)
* A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618, Moderate)
Red Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was discovered by Paul Moore (Red Hat Engineering).
Bug Fix(es):
* Previously, a cgroups data structure was sometimes corrupted due to a race condition in the kernel-rt cgroups code. Consequently, several system tasks were blocked, and the operating system became unresponsive. This update adds a lock that prevents the race condition. As a result, the cgroups data structure no longer gets corrupted and the operating system no longer hangs under the described circumstances. (BZ#1420784)
* The kernel-rt packages have been upgraded to the 3.10.0-514.16.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1430749)
|
RHSA-2017:0933: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20170933 highRHSA-2017:0933 CVE-2016-8650 CVE-2016-9793 CVE-2017-2618 CVE-2017-2636
RHSA-2017:0933: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170933 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0933, CVE-2016-8650, CVE-2016-9793, CVE-2017-2618, CVE-2017-2636 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system.
These updated kernel packages include several security issues and numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2986951.
Security Fix(es):
* A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system. (CVE-2017-2636, Important)
* A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650, Moderate)
* A flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption. (CVE-2016-9793, Moderate)
* A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory. (CVE-2017-2618, Moderate)
Red Hat would like to thank Alexander Popov for reporting CVE-2017-2636 and Ralf Spenneberg for reporting CVE-2016-8650. The CVE-2017-2618 issue was discovered by Paul Moore (Red Hat Engineering).
|
RHSA-2017:0935: tomcat security update (Moderate)oval-com.redhat.rhsa-def-20170935 mediumRHSA-2017:0935 CVE-2016-6816 CVE-2016-8745
RHSA-2017:0935: tomcat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170935 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0935, CVE-2016-6816, CVE-2016-8745 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when request contains characters that are not permitted by the HTTP specification to appear not encoded, even though they were previously accepted. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded.
* A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
|
RHSA-2017:0979: libreoffice security update (Moderate)oval-com.redhat.rhsa-def-20170979 mediumRHSA-2017:0979 CVE-2017-3157
RHSA-2017:0979: libreoffice security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20170979 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:0979, CVE-2017-3157 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document. (CVE-2017-3157) |
RHSA-2017:0987: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20170987 highRHSA-2017:0987 CVE-2016-9603
RHSA-2017:0987: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20170987 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:0987, CVE-2016-9603 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-9603) |
RHSA-2017:1095: bind security update (Important)oval-com.redhat.rhsa-def-20171095 highRHSA-2017:1095 CVE-2017-3136 CVE-2017-3137
RHSA-2017:1095: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171095 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1095, CVE-2017-3136, CVE-2017-3137 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3137) * A denial of service flaw was found in the way BIND handled query requests when using DNS64 with "break-dnssec yes" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3136) Red Hat would like to thank ISC for reporting these issues. Upstream acknowledges Oleg Gorokhov (Yandex) as the original reporter of CVE-2017-3136. |
RHSA-2017:1100: nss and nss-util security update (Critical)oval-com.redhat.rhsa-def-20171100 highRHSA-2017:1100 CVE-2017-5461
RHSA-2017:1100: nss and nss-util security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20171100 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1100, CVE-2017-5461 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. The following packages have been upgraded to a newer upstream version: nss (3.28.4), nss-util (3.28.4). Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter. |
RHSA-2017:1101: nss security update (Critical)oval-com.redhat.rhsa-def-20171101 highRHSA-2017:1101 CVE-2017-5461
RHSA-2017:1101: nss security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20171101 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1101, CVE-2017-5461 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2017-5461) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ronald Crane as the original reporter. |
RHSA-2017:1104: firefox security update (Critical)oval-com.redhat.rhsa-def-20171104 highRHSA-2017:1104 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5459 CVE-2017-5460 CVE-2017-5464 CVE-2017-5465 CVE-2017-5469
RHSA-2017:1104: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20171104 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1104, CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Huzaifa Sidhpurwala, Nicolas Grégoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, and Petr Cerny as the original reporters. |
RHSA-2017:1105: bind security update (Important)oval-com.redhat.rhsa-def-20171105 highRHSA-2017:1105 CVE-2017-3136 CVE-2017-3137
RHSA-2017:1105: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171105 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1105, CVE-2017-3136, CVE-2017-3137 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3137) * A denial of service flaw was found in the way BIND handled query requests when using DNS64 with "break-dnssec yes" option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3136) Red Hat would like to thank ISC for reporting these issues. Upstream acknowledges Oleg Gorokhov (Yandex) as the original reporter of CVE-2017-3136. |
RHSA-2017:1106: firefox security update (Critical)oval-com.redhat.rhsa-def-20171106 highRHSA-2017:1106 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 CVE-2017-5429 CVE-2017-5430 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5455 CVE-2017-5456 CVE-2017-5459 CVE-2017-5460 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469
RHSA-2017:1106: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20171106 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1106, CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.1.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Grégoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters. |
RHSA-2017:1108: java-1.8.0-openjdk security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20171108 mediumRHSA-2017:1108 CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544
RHSA-2017:1108: java-1.8.0-openjdk security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171108 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1108, CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511) * It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526) * It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509) Note: This update adds support for the "jdk.ntlm.cache" system property which, when set to false, prevents caching of NTLM connections and authentications and hence prevents this issue. However, caching remains enabled by default. * It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2017-3539) Note: This updates extends the fix for CVE-2016-5542 released as part of the RHSA-2016:2079 erratum to no longer allow the MD5 hash algorithm during the Jar integrity verification by adding it to the jdk.jar.disabledAlgorithms security property. * Newline injection flaws were discovered in FTP and SMTP client implementations in the Networking component in OpenJDK. A remote attacker could possibly use these flaws to manipulate FTP or SMTP connections established by a Java application. (CVE-2017-3533, CVE-2017-3544) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Bug Fix(es): * When a method is called using the Java Debug Wire Protocol (JDWP) "invokeMethod" command in a target Java virtual machine, JDWP creates global references for every Object that is implied in the method invocation, as well as for the returned argument of the reference type. Previously, the global references created for such arguments were not collected (deallocated) by the garbage collector after "invokeMethod" finished. This consequently caused memory leaks, and because references to such objects were never released, the debugged application could be terminated with an Out of Memory error. This bug has been fixed, and the described problem no longer occurs. (BZ#1442162) |
RHSA-2017:1109: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20171109 mediumRHSA-2017:1109 CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544
RHSA-2017:1109: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171109 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1109, CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511) * It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526) * It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509) Note: This update adds support for the "jdk.ntlm.cache" system property which, when set to false, prevents caching of NTLM connections and authentications and hence prevents this issue. However, caching remains enabled by default. * It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2017-3539) Note: This updates extends the fix for CVE-2016-5542 released as part of the RHSA-2016:2079 erratum to no longer allow the MD5 hash algorithm during the Jar integrity verification by adding it to the jdk.jar.disabledAlgorithms security property. * Newline injection flaws were discovered in FTP and SMTP client implementations in the Networking component in OpenJDK. A remote attacker could possibly use these flaws to manipulate FTP or SMTP connections established by a Java application. (CVE-2017-3533, CVE-2017-3544) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2017:1117: java-1.8.0-oracle security update (Moderate)oval-com.redhat.rhsa-def-20171117 mediumRHSA-2017:1117 CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544
RHSA-2017:1117: java-1.8.0-oracle security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171117 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1117, CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 131. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544) |
RHSA-2017:1118: java-1.7.0-oracle security update (Moderate)oval-com.redhat.rhsa-def-20171118 mediumRHSA-2017:1118 CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544
RHSA-2017:1118: java-1.7.0-oracle security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171118 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1118, CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 141. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544) |
RHSA-2017:1119: java-1.6.0-sun security update (Moderate)oval-com.redhat.rhsa-def-20171119 mediumRHSA-2017:1119 CVE-2017-3509 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544
RHSA-2017:1119: java-1.6.0-sun security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171119 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1119, CVE-2017-3509, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 151. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3509, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544) |
RHSA-2017:1201: thunderbird security update (Important)oval-com.redhat.rhsa-def-20171201 highRHSA-2017:1201 CVE-2016-10195 CVE-2016-10196 CVE-2016-10197 CVE-2017-5429 CVE-2017-5432 CVE-2017-5433 CVE-2017-5434 CVE-2017-5435 CVE-2017-5436 CVE-2017-5438 CVE-2017-5439 CVE-2017-5440 CVE-2017-5441 CVE-2017-5442 CVE-2017-5443 CVE-2017-5444 CVE-2017-5445 CVE-2017-5446 CVE-2017-5447 CVE-2017-5449 CVE-2017-5451 CVE-2017-5454 CVE-2017-5459 CVE-2017-5460 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 CVE-2017-5469
RHSA-2017:1201: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171201 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1201, CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.1.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Grégoire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters. |
RHSA-2017:1202: bind security update (Important)oval-com.redhat.rhsa-def-20171202 highRHSA-2017:1202 CVE-2017-3139
RHSA-2017:1202: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171202 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1202, CVE-2017-3139 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3139) Note: This issue affected only the BIND versions as shipped with Red Hat Enterprise Linux 6. This issue did not affect any upstream versions of BIND. |
RHSA-2017:1204: java-1.7.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20171204 mediumRHSA-2017:1204 CVE-2017-3509 CVE-2017-3511 CVE-2017-3526 CVE-2017-3533 CVE-2017-3539 CVE-2017-3544
RHSA-2017:1204: java-1.7.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171204 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1204, CVE-2017-3509, CVE-2017-3511, CVE-2017-3526, CVE-2017-3533, CVE-2017-3539, CVE-2017-3544 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511) * It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526) * It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509) Note: This update adds support for the "jdk.ntlm.cache" system property which, when set to false, prevents caching of NTLM connections and authentications and hence prevents this issue. However, caching remains enabled by default. * It was discovered that the Security component of OpenJDK did not allow users to restrict the set of algorithms allowed for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm. (CVE-2017-3539) Note: This updates extends the fix for CVE-2016-5542 released as part of the RHSA-2016:2658 erratum to no longer allow the MD5 hash algorithm during the Jar integrity verification by adding it to the jdk.jar.disabledAlgorithms security property. * Newline injection flaws were discovered in FTP and SMTP client implementations in the Networking component in OpenJDK. A remote attacker could possibly use these flaws to manipulate FTP or SMTP connections established by a Java application. (CVE-2017-3533, CVE-2017-3544) |
RHSA-2017:1206: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20171206 highRHSA-2017:1206 CVE-2016-9603 CVE-2017-2633 CVE-2017-7718 CVE-2017-7980
RHSA-2017:1206: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1206, CVE-2016-9603, CVE-2017-2633, CVE-2017-7718, CVE-2017-7980 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2016-9603) * An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980) * An out-of-bounds memory access issue was found in QEMU's VNC display driver support. The vulnerability could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user/process inside a guest could use this flaw to crash the QEMU process, resulting in a denial of service. (CVE-2017-2633) * An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718) Red Hat would like to thank Jiangxin (PSIRT Huawei Inc.) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc.) for reporting CVE-2017-7718. |
RHSA-2017:1208: jasper security update (Important)oval-com.redhat.rhsa-def-20171208 highRHSA-2017:1208 CVE-2015-5203 CVE-2015-5221 CVE-2016-10248 CVE-2016-10249 CVE-2016-10251 CVE-2016-1577 CVE-2016-1867 CVE-2016-2089 CVE-2016-2116 CVE-2016-8654 CVE-2016-8690 CVE-2016-8691 CVE-2016-8692 CVE-2016-8693 CVE-2016-8883 CVE-2016-8884 CVE-2016-8885 CVE-2016-9262 CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 CVE-2016-9583 CVE-2016-9591 CVE-2016-9600
RHSA-2017:1208: jasper security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171208 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1208, CVE-2015-5203, CVE-2015-5221, CVE-2016-10248, CVE-2016-10249, CVE-2016-10251, CVE-2016-1577, CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8654, CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693, CVE-2016-8883, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9560, CVE-2016-9583, CVE-2016-9591, CVE-2016-9600 |
| Description | JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code. (CVE-2016-8654, CVE-2016-9560, CVE-2016-10249, CVE-2015-5203, CVE-2015-5221, CVE-2016-1577, CVE-2016-8690, CVE-2016-8693, CVE-2016-8884, CVE-2016-8885, CVE-2016-9262, CVE-2016-9591) Multiple flaws were found in the way JasPer decoded JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. (CVE-2016-1867, CVE-2016-2089, CVE-2016-2116, CVE-2016-8691, CVE-2016-8692, CVE-2016-8883, CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9583, CVE-2016-9600, CVE-2016-10248, CVE-2016-10251) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-8654, CVE-2016-9583, CVE-2016-9591, and CVE-2016-9600; Gustavo Grieco for reporting CVE-2015-5203; and Josselin Feist for reporting CVE-2015-5221. |
RHSA-2017:1230: ghostscript security update (Important)oval-com.redhat.rhsa-def-20171230 highRHSA-2017:1230 CVE-2017-8291
RHSA-2017:1230: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171230 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1230, CVE-2017-8291 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was found that ghostscript did not properly validate the parameters passed to the .rsdparams and .eqproc functions. During its execution, a specially crafted PostScript document could execute code in the context of the ghostscript process, bypassing the -dSAFER protection. (CVE-2017-8291) |
RHSA-2017:1262: rpcbind security update (Important)oval-com.redhat.rhsa-def-20171262 highRHSA-2017:1262 CVE-2017-8779
RHSA-2017:1262: rpcbind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171262 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1262, CVE-2017-8779 |
| Description | The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) |
RHSA-2017:1263: libtirpc security update (Important)oval-com.redhat.rhsa-def-20171263 highRHSA-2017:1263 CVE-2017-8779
RHSA-2017:1263: libtirpc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171263 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1263, CVE-2017-8779 |
| Description | The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) |
RHSA-2017:1264: kdelibs security update (Important)oval-com.redhat.rhsa-def-20171264 highRHSA-2017:1264 CVE-2017-8422
RHSA-2017:1264: kdelibs security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171264 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1264, CVE-2017-8422 |
| Description | The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix(es): * A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofing a callerID and leveraging a privileged helper application. (CVE-2017-8422) Red Hat would like to thank Sebastian Krahmer (SUSE) for reporting this issue. |
RHSA-2017:1265: samba security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20171265 mediumRHSA-2017:1265 CVE-2016-2125 CVE-2016-2126 CVE-2017-2619
RHSA-2017:1265: samba security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171265 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1265, CVE-2016-2125, CVE-2016-2126, CVE-2017-2619 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * It was found that Samba always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users. (CVE-2016-2125) * A flaw was found in the way Samba handled PAC (Privilege Attribute Certificate) checksums. A remote, authenticated attacker could use this flaw to crash the winbindd process. (CVE-2016-2126) * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories, in areas of the server file system not exported under the share definitions. (CVE-2017-2619) Red Hat would like to thank the Samba project for reporting CVE-2017-2619. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619. |
RHSA-2017:1267: rpcbind security update (Important)oval-com.redhat.rhsa-def-20171267 highRHSA-2017:1267 CVE-2017-8779
RHSA-2017:1267: rpcbind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171267 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1267, CVE-2017-8779 |
| Description | The rpcbind utility is a server that converts Remote Procedure Call (RPC) program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) |
RHSA-2017:1268: libtirpc security update (Important)oval-com.redhat.rhsa-def-20171268 highRHSA-2017:1268 CVE-2017-8779
RHSA-2017:1268: libtirpc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171268 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1268, CVE-2017-8779 |
| Description | The libtirpc packages contain SunLib's implementation of transport-independent remote procedure call (TI-RPC) documentation, which includes a library required by programs in the nfs-utils and rpcbind packages. Security Fix(es): * It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory leak can occur when parsing specially crafted XDR messages. An attacker sending thousands of messages to rpcbind could cause its memory usage to grow without bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779) |
RHSA-2017:1270: samba security update (Important)oval-com.redhat.rhsa-def-20171270 highRHSA-2017:1270 CVE-2017-7494
RHSA-2017:1270: samba security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1270, CVE-2017-7494 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter. |
RHSA-2017:1271: samba4 security update (Important)oval-com.redhat.rhsa-def-20171271 highRHSA-2017:1271 CVE-2017-7494
RHSA-2017:1271: samba4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171271 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1271, CVE-2017-7494 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter. |
RHSA-2017:1272: samba3x security update (Important)oval-com.redhat.rhsa-def-20171272 highRHSA-2017:1272 CVE-2017-7494
RHSA-2017:1272: samba3x security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171272 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1272, CVE-2017-7494 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root. (CVE-2017-7494) Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges steelo as the original reporter. |
RHSA-2017:1298: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20171298 highRHSA-2017:1298 CVE-2016-10208 CVE-2016-7910 CVE-2016-8646 CVE-2017-7308
RHSA-2017:1298: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171298 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1298, CVE-2016-10208, CVE-2016-7910, CVE-2016-8646, CVE-2017-7308 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important) * Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate) * A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate) * A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate) Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-514.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1440803) |
RHSA-2017:1308: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20171308 highRHSA-2017:1308 CVE-2016-10208 CVE-2016-7910 CVE-2016-8646 CVE-2017-5986 CVE-2017-7308
RHSA-2017:1308: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171308 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1308, CVE-2016-10208, CVE-2016-7910, CVE-2016-8646, CVE-2017-5986, CVE-2017-7308 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important) * Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate) * A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate) * A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate) * It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. (CVE-2017-5986, Moderate) Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646. Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section. |
RHSA-2017:1364: nss security and bug fix update (Important)oval-com.redhat.rhsa-def-20171364 highRHSA-2017:1364 CVE-2017-7502
RHSA-2017:1364: nss security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171364 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1364, CVE-2017-7502 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library. (CVE-2017-7502) Bug Fix(es): * The Network Security Services (NSS) code and Certificate Authority (CA) list have been updated to meet the recommendations as published with the latest Mozilla Firefox Extended Support Release (ESR). The updated CA list improves compatibility with the certificates that are used in the Internet Public Key Infrastructure (PKI). To avoid certificate validation refusals, Red Hat recommends installing the updated CA list on June 12, 2017. (BZ#1448488) |
RHSA-2017:1365: nss security and bug fix update (Important)oval-com.redhat.rhsa-def-20171365 highRHSA-2017:1365 CVE-2017-7502
RHSA-2017:1365: nss security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171365 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1365, CVE-2017-7502 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library. (CVE-2017-7502) Bug Fix(es): * The Network Security Services (NSS) code and Certificate Authority (CA) list have been updated to meet the recommendations as published with the latest Mozilla Firefox Extended Support Release (ESR). The updated CA list improves compatibility with the certificates that are used in the Internet Public Key Infrastructure (PKI). To avoid certificate validation refusals, Red Hat recommends installing the updated CA list on June 12, 2017. (BZ#1451421) |
RHSA-2017:1372: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20171372 mediumRHSA-2017:1372 CVE-2017-6214
RHSA-2017:1372: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171372 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1372, CVE-2017-6214 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely. (CVE-2017-6214, Moderate) Bug Fix(es): * When executing certain Hadoop jobs, a kernel panic occasionally occurred on multiple nodes of a cluster. This update fixes the kernel scheduler, and the kernel panic no longer occurs under the described circumstances. (BZ#1436241) * Previously, memory leak of the struct cred data structure and related data structures occasionally occurred. Consequently, system performance was suboptimal with the symptoms of high I/O operations wait and small amount of free memory. This update fixes the reference counter of the struct slab cache to no longer cause imbalance between the calls to the get_cred() function and the put_cred() function. As a result, the memory leak no longer occurs under the described circumstances. (BZ#1443234) * Previously, the be2net driver could not detect the link status properly on IBM Power Systems. Consequently, the link status was always reported as disconnected. With this update, be2net has been fixed, and the Network Interface Cards (NICs) now report the link status correctly. (BZ#1442979) * Previously, the RFF_ID and RFT_ID commands in the lpfc driver were issued in an incorrect order. Consequently, users were not able to access Logical Unit Numbers (LUNs). With this update, lpfc has been fixed to issue RFT_ID before RFF_ID, which is the correct order. As a result, users can now access LUNs as expected. (BZ#1439636) * Previously, the kdump mechanism was trying to get the lock by the vmalloc_sync_all() function during a kernel panic. Consequently, a deadlock occurred, and the crashkernel did not boot. This update fixes the vmalloc_sync_all() function to avoid synchronizing the vmalloc area on the crashing CPU. As a result, the crashkernel parameter now boots as expected, and the kernel dump is collected successfully under the described circumstances. (BZ#1443499) |
RHSA-2017:1381: sudo security update (Important)oval-com.redhat.rhsa-def-20171381 highRHSA-2017:1381 CVE-2017-1000367
RHSA-2017:1381: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171381 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1381, CVE-2017-1000367 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2017-1000367) Red Hat would like to thank Qualys Security for reporting this issue. |
RHSA-2017:1382: sudo security update (Important)oval-com.redhat.rhsa-def-20171382 highRHSA-2017:1382 CVE-2017-1000367
RHSA-2017:1382: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171382 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1382, CVE-2017-1000367 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2017-1000367) Red Hat would like to thank Qualys Security for reporting this issue. |
RHSA-2017:1430: qemu-kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20171430 highRHSA-2017:1430 CVE-2017-7718 CVE-2017-7980
RHSA-2017:1430: qemu-kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171430 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1430, CVE-2017-7718, CVE-2017-7980 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * An out-of-bounds r/w access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data via various bitblt functions. A privileged user inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. (CVE-2017-7980) * An out-of-bounds access issue was found in QEMU's Cirrus CLGD 54xx VGA Emulator support. The vulnerability could occur while copying VGA data using bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user inside a guest could use this flaw to crash the QEMU process, resulting in denial of service. (CVE-2017-7718) Red Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360 Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for reporting CVE-2017-7718. Bug Fix(es): * Previously, guest virtual machines in some cases became unresponsive when the "pty" back end of a serial device performed an irregular I/O communication. This update improves the handling of serial I/O on guests, which prevents the described problem from occurring. (BZ#1452332) |
RHSA-2017:1440: firefox security update (Critical)oval-com.redhat.rhsa-def-20171440 highRHSA-2017:1440 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778
RHSA-2017:1440: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20171440 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1440, CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.2.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F. Alonso (revskills) as the original reporters. |
RHSA-2017:1479: glibc security update (Important)oval-com.redhat.rhsa-def-20171479 highRHSA-2017:1479 CVE-2017-1000366
RHSA-2017:1479: glibc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171479 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1479, CVE-2017-1000366 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue. |
RHSA-2017:1480: glibc security update (Important)oval-com.redhat.rhsa-def-20171480 highRHSA-2017:1480 CVE-2017-1000366
RHSA-2017:1480: glibc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171480 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1480, CVE-2017-1000366 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue. |
RHSA-2017:1481: glibc security update (Important)oval-com.redhat.rhsa-def-20171481 highRHSA-2017:1481 CVE-2017-1000366
RHSA-2017:1481: glibc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171481 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1481, CVE-2017-1000366 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is glibc-side mitigation which blocks processing of LD_LIBRARY_PATH for programs running in secure-execution mode and reduces the number of allocations performed by the processing of LD_AUDIT, LD_PRELOAD, and LD_HWCAP_MASK, making successful exploitation of this issue more difficult. (CVE-2017-1000366) Red Hat would like to thank Qualys Research Labs for reporting this issue. |
RHSA-2017:1482: kernel security update (Important)oval-com.redhat.rhsa-def-20171482 highRHSA-2017:1482 CVE-2017-1000364 CVE-2017-1000379
RHSA-2017:1482: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171482 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1482, CVE-2017-1000364, CVE-2017-1000379 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue. |
RHSA-2017:1484: kernel security update (Important)oval-com.redhat.rhsa-def-20171484 highRHSA-2017:1484 CVE-2017-1000364 CVE-2017-1000379
RHSA-2017:1484: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171484 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1484, CVE-2017-1000364, CVE-2017-1000379 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue. |
RHSA-2017:1486: kernel security update (Important)oval-com.redhat.rhsa-def-20171486 highRHSA-2017:1486 CVE-2017-1000364 CVE-2017-1000379
RHSA-2017:1486: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171486 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1486, CVE-2017-1000364, CVE-2017-1000379 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue. |
RHSA-2017:1561: thunderbird security update (Important)oval-com.redhat.rhsa-def-20171561 highRHSA-2017:1561 CVE-2017-5470 CVE-2017-5472 CVE-2017-7749 CVE-2017-7750 CVE-2017-7751 CVE-2017-7752 CVE-2017-7754 CVE-2017-7756 CVE-2017-7757 CVE-2017-7758 CVE-2017-7764 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778
RHSA-2017:1561: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171561 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1561, CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.2.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7752, CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Nils, Nicolas Trippar (Zimperium zLabs), Tyson Smith, Mats Palmgren, Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous, Ronald Crane, Samuel Erb, Holger Fuhrmannek, Abhishek Arya, and F. Alonso (revskills) as the original reporters. |
RHSA-2017:1574: sudo security update (Moderate)oval-com.redhat.rhsa-def-20171574 mediumRHSA-2017:1574 CVE-2017-1000368
RHSA-2017:1574: sudo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171574 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1574, CVE-2017-1000368 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. (CVE-2017-1000368) |
RHSA-2017:1576: mercurial security update (Important)oval-com.redhat.rhsa-def-20171576 highRHSA-2017:1576 CVE-2017-9462
RHSA-2017:1576: mercurial security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171576 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1576, CVE-2017-9462 |
| Description | Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix(es): * A flaw was found in the way "hg serve --stdio" command in Mercurial handled command-line options. A remote, authenticated attacker could use this flaw to execute arbitrary code on the Mercurial server by using specially crafted command-line options. (CVE-2017-9462) |
RHSA-2017:1581: freeradius security update (Important)oval-com.redhat.rhsa-def-20171581 highRHSA-2017:1581 CVE-2017-9148
RHSA-2017:1581: freeradius security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171581 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1581, CVE-2017-9148 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * An authentication bypass flaw was found in the way the EAP module in FreeRADIUS handled TLS session resumption. A remote unauthenticated attacker could potentially use this flaw to bypass the inner authentication check in FreeRADIUS by resuming an older unauthenticated TLS session. (CVE-2017-9148) |
RHSA-2017:1615: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20171615 highRHSA-2017:1615 CVE-2017-2583 CVE-2017-6214 CVE-2017-7477 CVE-2017-7645 CVE-2017-7895
RHSA-2017:1615: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171615 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1615, CVE-2017-2583, CVE-2017-6214, CVE-2017-7477, CVE-2017-7645, CVE-2017-7895 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important) * The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. (CVE-2017-2583, Moderate) * A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate) Red Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583. Bug Fix(es): * Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs. (BZ#1445184) * If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times. Consequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved. (BZ#1450851) * The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected. (BZ#1446246) * When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation. (BZ#1450855) * When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation. (BZ#1452044) * When creating or destroying a VM with Virtual Function I/O (VFIO) devices with "Hugepages" feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation. (BZ#1450856) |
RHSA-2017:1616: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20171616 highRHSA-2017:1616 CVE-2017-1000364 CVE-2017-1000379 CVE-2017-2583 CVE-2017-6214 CVE-2017-7477 CVE-2017-7645 CVE-2017-7895
RHSA-2017:1616: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171616 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1616, CVE-2017-1000364, CVE-2017-1000379, CVE-2017-2583, CVE-2017-6214, CVE-2017-7477, CVE-2017-7645, CVE-2017-7895 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap (or different memory region) and stack memory regions were adjacent to each other, an attacker could use this flaw to jump over the stack guard gap, cause controlled memory corruption on process stack or the adjacent memory region, and thus increase their privileges on the system. This is a kernel-side mitigation which increases the stack guard gap size from one page to 1 MiB to make successful exploitation of this issue more difficult. (CVE-2017-1000364, Important) * A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature are both used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important) * The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service. (CVE-2017-7645, Important) * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) * Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest. (CVE-2017-2583, Moderate) * A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate) Red Hat would like to thank Qualys Research Labs for reporting CVE-2017-1000364; Ari Kauppi for reporting CVE-2017-7895; and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-514.25.2 source tree, which provides a number of bug fixes over the previous version. (BZ#1452742) * Previously, a local lock acquisition around the ip_send_unicast_reply() function was incorrectly terminated. Consequently, a list corruption occurred that led to a kernel panic. This update adds locking functions around calls to ip_send_unicast_reply(). As a result, neither list corruption nor kernel panic occur under the described circumstances. (BZ#1455239) |
RHSA-2017:1679: bind security and bug fix update (Important)oval-com.redhat.rhsa-def-20171679 highRHSA-2017:1679 CVE-2017-3142 CVE-2017-3143
RHSA-2017:1679: bind security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171679 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1679, CVE-2017-3142, CVE-2017-3143 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1458234) |
RHSA-2017:1680: bind security and bug fix update (Important)oval-com.redhat.rhsa-def-20171680 highRHSA-2017:1680 CVE-2017-3142 CVE-2017-3143
RHSA-2017:1680: bind security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171680 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1680, CVE-2017-3142, CVE-2017-3143 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. (CVE-2017-3143) * A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142) Red Hat would like to thank Internet Systems Consortium for reporting these issues. Upstream acknowledges Clement Berthaux (Synacktiv) as the original reporter of these issues. Bug Fix(es): * ICANN is planning to perform a Root Zone DNSSEC Key Signing Key (KSK) rollover during October 2017. Maintaining an up-to-date KSK, by adding the new root zone KSK, is essential for ensuring that validating DNS resolvers continue to function following the rollover. (BZ#1459649) |
RHSA-2017:1681: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20171681 highRHSA-2017:1681 CVE-2017-9524
RHSA-2017:1681: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171681 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1681, CVE-2017-9524 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick Emulator (QEMU) built with Network Block Device (NBD) Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server (denial of service). (CVE-2017-9524) |
RHSA-2017:1721: httpd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20171721 mediumRHSA-2017:1721 CVE-2016-8743
RHSA-2017:1721: httpd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171721 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1721, CVE-2016-8743 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that the HTTP parser in httpd incorrectly allowed certain characters not permitted by the HTTP protocol specification to appear unencoded in HTTP request headers. If httpd was used in conjunction with a proxy or backend server that interpreted those characters differently, a remote attacker could possibly use this flaw to inject data into HTTP responses, resulting in proxy cache poisoning. (CVE-2016-8743) Note: The fix for the CVE-2016-8743 issue causes httpd to return "400 Bad Request" error to HTTP clients which do not strictly follow HTTP protocol specification. A newly introduced configuration directive "HttpProtocolOptions Unsafe" can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue. Note: Administrators of Red Hat Satellite 5 and Red Hat Satellite Proxy 5 systems should consult Red Hat Knowledgebase article 3013361 linked to in the Reference section before installing this update. Bug Fix(es): * Previously, httpd was unable to correctly check a boundary of an array, and in rare cases it attempted to access an element of an array that was out of bounds. Consequently, httpd terminated unexpectedly with a segmentation fault at proxy_util.c. With this update, bounds checking has been fixed, and httpd no longer crashes. (BZ#1463354) |
RHSA-2017:1723: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20171723 highRHSA-2017:1723 CVE-2017-7895
RHSA-2017:1723: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171723 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1723, CVE-2017-7895 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Red Hat would like to thank Ari Kauppi for reporting this issue. Bug Fix(es): * If several file operations were started after a mounted NFS share had got idle and its Transmission Control Protocol (TCP) connection had therefore been terminated, these operations could cause multiple TCP SYN packets coming from the NFS client instead of one. With this update, the reconnection logic has been fixed, and only one TCP SYN packet is now sent in the described situation. (BZ#1450850) * When the ixgbe driver was loaded for a backplane-connected network card, a kernel panic could occur, because the ops.setup_fc function pointer was used before the initialization. With this update, ops.setup_fc is initialized earlier. As a result, ixgbe no longer panics on load. (BZ#1457347) * When setting an Access Control List (ACL) with 190 and more Access Control Entries (ACEs) on a NFSv4 directory, a kernel crash could previously occur. This update fixes the nfs4_getfacl() function, and the kernel no longer crashes under the described circumstances. (BZ#1449096) * When upgrading to kernel with the fix for stack guard flaw, a crash could occur in Java Virtual Machine (JVM) environments, which attempted to implement their own stack guard page. With this update, the underlying source code has been fixed to consider the PROT_NONE mapping as a part of the stack, and the crash in JVM no longer occurs under the described circumstances. (BZ#1466667) * When a program receives IPv6 packets using the raw socket, the ioctl(FIONREAD) and ioctl(SIOCINQ) functions can incorrectly return zero waiting bytes. This update fixes the ip6_input_finish() function to check the raw payload size properly. As a result, the ioctl() function now returns bytes waiting in the raw socket correctly. (BZ#1450870) * Previously, listing a directory on a non-standard XFS filesystem (with non-default multi-fsb directory blocks) could lead to a soft lock up due to array index overrun in the xfs_dir2_leaf_readbuf() function. This update fixes xfs_dir2_leaf_readbuf(), and the soft lock up no longer occurs under the described circumstances. (BZ#1445179) * Previously, aborts from the array after the Storage Area Network (SAN) fabric back-pressure led to premature reuse of still valid sequence with the same OX_ID. Consequently, an error message and data corruption could occur. This update fixes the libfc driver to isolate the timed out OX_IDs, thus fixing this bug. (BZ#1455550) * Previously, a kernel panic occurred when the mcelog daemon executed a huge page memory offline. This update fixes the HugeTLB feature of the Linux kernel to check for the Page Table Entry (PTE) NULL pointer in the page_check_address() function. As a result, the kernel panic no longer occurs under the described circumstances. (BZ#1444351) |
RHSA-2017:1759: freeradius security update (Important)oval-com.redhat.rhsa-def-20171759 highRHSA-2017:1759 CVE-2017-10978 CVE-2017-10979 CVE-2017-10980 CVE-2017-10981 CVE-2017-10982 CVE-2017-10983
RHSA-2017:1759: freeradius security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171759 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1759, CVE-2017-10978, CVE-2017-10979, CVE-2017-10980, CVE-2017-10981, CVE-2017-10982, CVE-2017-10983 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10979) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * Multiple memory leak flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to cause the FreeRADIUS server to consume an increasing amount of memory resources over time, possibly leading to a crash due to memory exhaustion, by sending specially crafted DHCP packets. (CVE-2017-10980, CVE-2017-10981) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10982, CVE-2017-10983) Red Hat would like to thank the FreeRADIUS project for reporting these issues. Upstream acknowledges Guido Vranken as the original reporter of these issues. |
RHSA-2017:1789: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20171789 highRHSA-2017:1789 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10115 CVE-2017-10116 CVE-2017-10135 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243
RHSA-2017:1789: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20171789 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1789, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102) * Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067) * It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116) * It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. (CVE-2017-10078) * It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198) * A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115) * A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135) * It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109) * Multiple flaws were found in the Hotspot and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193) * It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2017:1790: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20171790 highRHSA-2017:1790 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10078 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10111 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243
RHSA-2017:1790: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20171790 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1790, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 141. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10078, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10111, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243) |
RHSA-2017:1791: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20171791 highRHSA-2017:1791 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10086 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10114 CVE-2017-10115 CVE-2017-10116 CVE-2017-10118 CVE-2017-10135 CVE-2017-10176 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243
RHSA-2017:1791: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20171791 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1791, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 151. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10086, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10114, CVE-2017-10115, CVE-2017-10116, CVE-2017-10118, CVE-2017-10135, CVE-2017-10176, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243) |
RHSA-2017:1792: java-1.6.0-sun security update (Critical)oval-com.redhat.rhsa-def-20171792 highRHSA-2017:1792 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10105 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10135 CVE-2017-10193 CVE-2017-10198 CVE-2017-10243
RHSA-2017:1792: java-1.6.0-sun security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20171792 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1792, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 161. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page, listed in the References section. (CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10193, CVE-2017-10198, CVE-2017-10243) |
RHSA-2017:1793: graphite2 security update (Important)oval-com.redhat.rhsa-def-20171793 highRHSA-2017:1793 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778
RHSA-2017:1793: graphite2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171793 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1793, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778 |
| Description | Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems. Graphite can be used to create "smart fonts" capable of displaying writing systems with various complex behaviors. With respect to the Text Encoding Model, Graphite handles the "Rendering" aspect of writing system implementation. The following packages have been upgraded to a newer upstream version: graphite2 (1.3.10). Security Fix(es): * Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Holger Fuhrmannek and Tyson Smith as the original reporters of these issues. |
RHSA-2017:1809: tomcat security update (Important)oval-com.redhat.rhsa-def-20171809 highRHSA-2017:1809 CVE-2017-5648 CVE-2017-5664
RHSA-2017:1809: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171809 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1809, CVE-2017-5648, CVE-2017-5664 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * A vulnerability was discovered in Tomcat. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648) |
RHSA-2017:1842: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20171842 highRHSA-2017:1842 CVE-2014-7970 CVE-2014-7975 CVE-2015-8839 CVE-2015-8970 CVE-2016-10088 CVE-2016-10147 CVE-2016-10200 CVE-2016-10741 CVE-2016-6213 CVE-2016-7042 CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 CVE-2016-9588 CVE-2016-9604 CVE-2016-9685 CVE-2016-9806 CVE-2017-1000253 CVE-2017-1000379 CVE-2017-2584 CVE-2017-2596 CVE-2017-2647 CVE-2017-2671 CVE-2017-5551 CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7495 CVE-2017-7616 CVE-2017-7889 CVE-2017-8797 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
RHSA-2017:1842: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20171842 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:1842, CVE-2014-7970, CVE-2014-7975, CVE-2015-8839, CVE-2015-8970, CVE-2016-10088, CVE-2016-10147, CVE-2016-10200, CVE-2016-10741, CVE-2016-6213, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9604, CVE-2016-9685, CVE-2016-9806, CVE-2017-1000253, CVE-2017-1000379, CVE-2017-2584, CVE-2017-2596, CVE-2017-2647, CVE-2017-2671, CVE-2017-5551, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7495, CVE-2017-7616, CVE-2017-7889, CVE-2017-8797, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) * A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) * It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and Low impact security issues: * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685 Documentation for these issues is available from the Release Notes document linked from the References section. Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat). Additional Changes: For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1852: openldap security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20171852 mediumRHSA-2017:1852 CVE-2017-9287
RHSA-2017:1852: openldap security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171852 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1852, CVE-2017-9287 |
| Description | OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. The following packages have been upgraded to a later upstream version: openldap (2.4.44). (BZ#1386365) Security Fix(es): * A double-free flaw was found in the way OpenLDAP's slapd server using the MDB backend handled LDAP searches. A remote attacker with access to search the directory could potentially use this flaw to crash slapd by issuing a specially crafted LDAP search query. (CVE-2017-9287) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1854: pidgin security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20171854 mediumRHSA-2017:1854 CVE-2014-3694 CVE-2014-3695 CVE-2014-3696 CVE-2014-3698 CVE-2017-2640
RHSA-2017:1854: pidgin security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171854 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1854, CVE-2014-3694, CVE-2014-3695, CVE-2014-3696, CVE-2014-3698, CVE-2017-2640 |
| Description | Pidgin is an instant messaging program which can log in to multiple accounts on multiple instant messaging networks simultaneously. The following packages have been upgraded to a later upstream version: pidgin (2.10.11). (BZ#1369526) Security Fix(es): * A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to crash Pidgin by sending a specially crafted emoticon. (CVE-2014-3695) * A denial of service flaw was found in the way Pidgin parsed Groupwise server messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to cause Pidgin to consume an excessive amount of memory, possibly leading to a crash, by sending a specially crafted message. (CVE-2014-3696) * An information disclosure flaw was discovered in the way Pidgin parsed XMPP messages. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to disclose a portion of memory belonging to the Pidgin process by sending a specially crafted XMPP message. (CVE-2014-3698) * An out-of-bounds write flaw was found in the way Pidgin processed XML content. A malicious remote server could potentially use this flaw to crash Pidgin or execute arbitrary code in the context of the pidgin process. (CVE-2017-2640) * It was found that Pidgin's SSL/TLS plug-ins had a flaw in the certificate validation functionality. An attacker could use this flaw to create a fake certificate, that Pidgin would trust, which could be used to conduct man-in-the-middle attacks against Pidgin. (CVE-2014-3694) Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Yves Younan (Cisco Talos) and Richard Johnson (Cisco Talos) as the original reporters of CVE-2014-3695 and CVE-2014-3696; Thijs Alkemade and Paul Aurich as the original reporters of CVE-2014-3698; and Jacob Appelbaum and Moxie Marlinspike as the original reporters of CVE-2014-3694. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1856: qemu-kvm security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20171856 mediumRHSA-2017:1856 CVE-2016-4020 CVE-2017-2633 CVE-2017-5898
RHSA-2017:1856: qemu-kvm security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171856 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1856, CVE-2016-4020, CVE-2017-2633, CVE-2017-5898 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * An out-of-bounds memory access issue was found in Quick Emulator (QEMU) in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-2633) * An integer overflow flaw was found in Quick Emulator (QEMU) in the CCID Card device support. The flaw could occur while passing messages via command/response packets to and from the host. A privileged user inside a guest could use this flaw to crash the QEMU process. (CVE-2017-5898) * An information exposure flaw was found in Quick Emulator (QEMU) in Task Priority Register (TPR) optimizations for 32-bit Windows guests. The flaw could occur while accessing TPR. A privileged user inside a guest could use this issue to read portions of the host memory. (CVE-2016-4020) Red Hat would like to thank Li Qiang (360.cn Inc.) for reporting CVE-2017-5898 and Donghai Zdh (Alibaba Inc.) for reporting CVE-2016-4020. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1859: golang security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20171859 mediumRHSA-2017:1859 CVE-2017-1000098 CVE-2017-8932
RHSA-2017:1859: golang security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171859 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1859, CVE-2017-1000098, CVE-2017-8932 |
| Description | The golang packages provide the Go programming language compiler. The following packages have been upgraded to a later upstream version: golang (1.8.3). (BZ#1414500) Security Fix(es): * A carry propagation flaw was found in the implementation of the P-256 elliptic curve in golang. An attacker could possibly use this flaw to extract private keys when static ECDH was used. (CVE-2017-8932) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1860: libtasn1 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20171860 mediumRHSA-2017:1860 CVE-2015-2806 CVE-2015-3622
RHSA-2017:1860: libtasn1 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171860 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1860, CVE-2015-2806, CVE-2015-3622 |
| Description | Libtasn1 is a library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions. The following packages have been upgraded to a later upstream version: libtasn1 (4.10). (BZ#1360639) Security Fix(es): * A heap-based buffer overflow flaw was found in the way the libtasn1 library decoded certain DER-encoded inputs. A specially crafted DER-encoded input could cause an application using libtasn1 to perform an invalid read, causing the application to crash. (CVE-2015-3622) * A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library. (CVE-2015-2806) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1865: X.org X11 libraries security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20171865 mediumRHSA-2017:1865 CVE-2016-10164 CVE-2017-2625 CVE-2017-2626
RHSA-2017:1865: X.org X11 libraries security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171865 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1865, CVE-2016-10164, CVE-2017-2625, CVE-2017-2626 |
| Description | The X11 (Xorg) libraries provide library routines that are used within all X Window applications. The following packages have been upgraded to a later upstream version: libX11 (1.6.5), libXaw (1.0.13), libXdmcp (1.1.2), libXfixes (5.0.3), libXfont (1.5.2), libXi (1.7.9), libXpm (3.5.12), libXrandr (1.5.1), libXrender (0.9.10), libXt (1.1.5), libXtst (1.2.3), libXv (1.0.11), libXvMC (1.0.10), libXxf86vm (1.1.4), libdrm (2.4.74), libepoxy (1.3.1), libevdev (1.5.6), libfontenc (1.1.3), libvdpau (1.1.1), libwacom (0.24), libxcb (1.12), libxkbfile (1.0.9), mesa (17.0.1), mesa-private-llvm (3.9.1), xcb-proto (1.12), xkeyboard-config (2.20), xorg-x11-proto-devel (7.7). (BZ#1401667, BZ#1401668, BZ#1401669, BZ#1401670, BZ#1401671, BZ#1401672, BZ#1401673, BZ#1401675, BZ#1401676, BZ#1401677, BZ#1401678, BZ#1401679, BZ#1401680, BZ#1401681, BZ#1401682, BZ#1401683, BZ#1401685, BZ#1401690, BZ#1401752, BZ#1401753, BZ#1401754, BZ#1402560, BZ#1410477, BZ#1411390, BZ#1411392, BZ#1411393, BZ#1411452, BZ#1420224) Security Fix(es): * An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file. (CVE-2016-10164) * It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. (CVE-2017-2625) * It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. (CVE-2017-2626) Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting CVE-2017-2625 and CVE-2017-2626. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1868: python security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20171868 mediumRHSA-2017:1868 CVE-2014-9365
RHSA-2017:1868: python security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171868 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1868, CVE-2014-9365 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * The Python standard library HTTP client modules (such as httplib or urllib) did not perform verification of TLS/SSL certificates when connecting to HTTPS servers. A man-in-the-middle attacker could use this flaw to hijack connections and eavesdrop or modify transferred data. (CVE-2014-9365) Note: The Python standard library was updated to enable certificate verification by default. Refer to the Knowledgebase article 2039753 linked to in the References section for further details about this change. (BZ#1219110) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1871: tcpdump security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20171871 mediumRHSA-2017:1871 CVE-2015-0261 CVE-2015-2153 CVE-2015-2154 CVE-2015-2155 CVE-2016-7922 CVE-2016-7923 CVE-2016-7924 CVE-2016-7925 CVE-2016-7926 CVE-2016-7927 CVE-2016-7928 CVE-2016-7929 CVE-2016-7930 CVE-2016-7931 CVE-2016-7932 CVE-2016-7933 CVE-2016-7934 CVE-2016-7935 CVE-2016-7936 CVE-2016-7937 CVE-2016-7938 CVE-2016-7939 CVE-2016-7940 CVE-2016-7973 CVE-2016-7974 CVE-2016-7975 CVE-2016-7983 CVE-2016-7984 CVE-2016-7985 CVE-2016-7986 CVE-2016-7992 CVE-2016-7993 CVE-2016-8574 CVE-2016-8575 CVE-2017-5202 CVE-2017-5203 CVE-2017-5204 CVE-2017-5205 CVE-2017-5341 CVE-2017-5342 CVE-2017-5482 CVE-2017-5483 CVE-2017-5484 CVE-2017-5485 CVE-2017-5486
RHSA-2017:1871: tcpdump security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171871 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1871, CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486 |
| Description | The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump (4.9.0). (BZ#1422473) Security Fix(es): * Multiple out of bounds read and integer overflow vulnerabilities were found in tcpdump affecting the decoding of various protocols. An attacker could create a crafted pcap file or send specially crafted packets to the network segment where tcpdump is running in live capture mode (without -w) which could cause it to display incorrect data, crash or enter an infinite loop. (CVE-2015-0261, CVE-2015-2153, CVE-2015-2154, CVE-2015-2155, CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, CVE-2017-5486) Red Hat would like to thank the Tcpdump project for reporting CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925, CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929, CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933, CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937, CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973, CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984, CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993, CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203, CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342, CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485, and CVE-2017-5486. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1916: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20171916 mediumRHSA-2017:1916 CVE-2014-9761 CVE-2015-8776 CVE-2015-8777 CVE-2015-8778 CVE-2015-8779
RHSA-2017:1916: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171916 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1916, CVE-2014-9761, CVE-2015-8776, CVE-2015-8777, CVE-2015-8778, CVE-2015-8779 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. (CVE-2014-9761) * It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. (CVE-2015-8776) * An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution. (CVE-2015-8778) * A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code. (CVE-2015-8779) * It was found that the dynamic loader did not sanitize the LD_POINTER_GUARD environment variable. An attacker could use this flaw to bypass the pointer guarding protection on set-user-ID or set-group-ID programs to execute arbitrary code with the permissions of the user running the application. (CVE-2015-8777) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1931: bash security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20171931 mediumRHSA-2017:1931 CVE-2016-0634 CVE-2016-7543 CVE-2016-9401
RHSA-2017:1931: bash security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171931 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1931, CVE-2016-0634, CVE-2016-7543, CVE-2016-9401 |
| Description | The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * An arbitrary command injection flaw was found in the way bash processed the hostname value. A malicious DHCP server could use this flaw to execute arbitrary commands on the DHCP client machines running bash under specific circumstances. (CVE-2016-0634) * An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances. (CVE-2016-7543) * A denial of service flaw was found in the way bash handled popd commands. A poorly written shell script could cause bash to crash resulting in a local denial of service limited to a specific bash session. (CVE-2016-9401) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1950: samba security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20171950 lowRHSA-2017:1950 CVE-2017-9461
RHSA-2017:1950: samba security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20171950 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2017:1950, CVE-2017-9461 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.6.2). (BZ#1391954) Security Fix(es): * A flaw was found in the way Samba handled dangling symlinks. An authenticated malicious Samba client could use this flaw to cause the smbd daemon to enter an infinite loop and use an excessive amount of CPU and memory. (CVE-2017-9461) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1975: libreoffice security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20171975 mediumRHSA-2017:1975 CVE-2017-7870
RHSA-2017:1975: libreoffice security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171975 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1975, CVE-2017-7870 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * An out-of-bounds write flaw was found in the way Libreoffice rendered certain documents containing Polygon images. By tricking a user into opening a specially crafted LibreOffice file, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2017-7870) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:1983: postgresql security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20171983 mediumRHSA-2017:1983 CVE-2017-7484 CVE-2017-7486
RHSA-2017:1983: postgresql security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20171983 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:1983, CVE-2017-7484, CVE-2017-7486 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.21). (BZ#1449706) Security Fix(es): * It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access. (CVE-2017-7484) * It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database. (CVE-2017-7486) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Robert Haas as the original reporter of CVE-2017-7484; and Andrew Wheelwright as the original reporter of CVE-2017-7486. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2000: tigervnc and fltk security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20172000 mediumRHSA-2017:2000 CVE-2016-10207 CVE-2017-5581 CVE-2017-7392 CVE-2017-7393 CVE-2017-7394 CVE-2017-7395 CVE-2017-7396
RHSA-2017:2000: tigervnc and fltk security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172000 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2000, CVE-2016-10207, CVE-2017-5581, CVE-2017-7392, CVE-2017-7393, CVE-2017-7394, CVE-2017-7395, CVE-2017-7396 |
| Description | Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients which allows users to connect to other desktops running a VNC server. FLTK (pronounced "fulltick") is a cross-platform C++ GUI toolkit. It provides modern GUI functionality without the bloat, and supports 3D graphics via OpenGL and its built-in GLUT emulation. The following packages have been upgraded to a later upstream version: tigervnc (1.8.0), fltk (1.3.4). (BZ#1388620, BZ#1413598) Security Fix(es): * A denial of service flaw was found in the TigerVNC's Xvnc server. A remote unauthenticated attacker could use this flaw to make Xvnc crash by terminating the TLS handshake process early. (CVE-2016-10207) * A double free flaw was found in the way TigerVNC handled ClientFence messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientFence messages, resulting in denial of service. (CVE-2017-7393) * A missing input sanitization flaw was found in the way TigerVNC handled credentials. A remote unauthenticated attacker could use this flaw to make Xvnc crash by sending specially crafted usernames, resulting in denial of service. (CVE-2017-7394) * An integer overflow flaw was found in the way TigerVNC handled ClientCutText messages. A remote, authenticated attacker could use this flaw to make Xvnc crash by sending specially crafted ClientCutText messages, resulting in denial of service. (CVE-2017-7395) * A buffer overflow flaw, leading to memory corruption, was found in TigerVNC viewer. A remote malicious VNC server could use this flaw to crash the client vncviewer process resulting in denial of service. (CVE-2017-5581) * A memory leak flaw was found in the way TigerVNC handled termination of VeNCrypt connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7392) * A memory leak flaw was found in the way TigerVNC handled client connections. A remote unauthenticated attacker could repeatedly send connection requests to the Xvnc server, causing it to consume large amounts of memory resources over time, and ultimately leading to a denial of service due to memory exhaustion. (CVE-2017-7396) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2004: git security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20172004 mediumRHSA-2017:2004 CVE-2014-9938 CVE-2017-8386
RHSA-2017:2004: git security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172004 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2004, CVE-2014-9938, CVE-2017-8386 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * It was found that the git-prompt.sh script shipped with git failed to correctly handle branch names containing special characters. A specially crafted git repository could use this flaw to execute arbitrary commands if a user working with the repository configured their shell to include repository information in the prompt. (CVE-2014-9938) * A flaw was found in the way git-shell handled command-line options for the restricted set of git-shell commands. A remote, authenticated attacker could use this flaw to bypass git-shell restrictions, to view and manipulate files, by abusing the instance of the less command launched using crafted command-line options. (CVE-2017-8386) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2016: curl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20172016 mediumRHSA-2017:2016 CVE-2016-7167
RHSA-2017:2016: curl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2016, CVE-2016-7167 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions. (CVE-2016-7167) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2029: openssh security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20172029 mediumRHSA-2017:2029 CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 CVE-2016-6210 CVE-2016-6515
RHSA-2017:2029: openssh security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172029 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2029, CVE-2016-10009, CVE-2016-10011, CVE-2016-10012, CVE-2016-10708, CVE-2016-6210, CVE-2016-6515 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh (7.4p1). (BZ#1341754) Security Fix(es): * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) * It was found that OpenSSH did not limit password lengths for password authentication. A remote unauthenticated attacker could use this flaw to temporarily trigger high CPU consumption in sshd by sending long passwords. (CVE-2016-6515) * It was found that ssh-agent could load PKCS#11 modules from arbitrary paths. An attacker having control of the forwarded agent-socket on the server, and the ability to write to the filesystem of the client host, could use this flaw to execute arbitrary code with the privileges of the user running ssh-agent. (CVE-2016-10009) * It was found that the host private key material could possibly leak to the privilege-separated child processes via re-allocated memory. An attacker able to compromise the privilege-separated process could therefore obtain the leaked key information. (CVE-2016-10011) * It was found that the boundary checks in the code implementing support for pre-authentication compression could have been optimized out by certain compilers. An attacker able to compromise the privilege-separated process could possibly use this flaw for further attacks against the privileged monitor process. (CVE-2016-10012) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2060: GStreamer security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20172060 mediumRHSA-2017:2060 CVE-2016-10198 CVE-2016-10199 CVE-2016-9446 CVE-2016-9810 CVE-2016-9811 CVE-2017-5837 CVE-2017-5838 CVE-2017-5839 CVE-2017-5840 CVE-2017-5841 CVE-2017-5842 CVE-2017-5843 CVE-2017-5844 CVE-2017-5845 CVE-2017-5848
RHSA-2017:2060: GStreamer security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172060 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2060, CVE-2016-10198, CVE-2016-10199, CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848 |
| Description | GStreamer is a streaming media framework based on graphs of filters which operate on media data. The following packages have been upgraded to a later upstream version: clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26). Security Fix(es): * Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2077: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20172077 highRHSA-2017:2077 CVE-2014-7970 CVE-2014-7975 CVE-2015-8839 CVE-2015-8970 CVE-2016-10088 CVE-2016-10147 CVE-2016-10200 CVE-2016-10741 CVE-2016-6213 CVE-2016-7042 CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 CVE-2016-9588 CVE-2016-9604 CVE-2016-9685 CVE-2016-9806 CVE-2017-2584 CVE-2017-2596 CVE-2017-2647 CVE-2017-2671 CVE-2017-5551 CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7495 CVE-2017-7616 CVE-2017-7889 CVE-2017-8797 CVE-2017-8890 CVE-2017-9074 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2017-9242
RHSA-2017:2077: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172077 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2077, CVE-2014-7970, CVE-2014-7975, CVE-2015-8839, CVE-2015-8970, CVE-2016-10088, CVE-2016-10147, CVE-2016-10200, CVE-2016-10741, CVE-2016-6213, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9604, CVE-2016-9685, CVE-2016-9806, CVE-2017-2584, CVE-2017-2596, CVE-2017-2647, CVE-2017-2671, CVE-2017-5551, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7495, CVE-2017-7616, CVE-2017-7889, CVE-2017-8797, CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2017-9242 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important) * A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important) * It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and Low impact security issues: * CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685 Documentation for these issues is available from the Release Notes document linked from the References section. Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat). Additional Changes: For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2128: gdm and gnome-session security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20172128 mediumRHSA-2017:2128 CVE-2015-7496
RHSA-2017:2128: gdm and gnome-session security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172128 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2128, CVE-2015-7496 |
| Description | The GNOME Display Manager (GDM) provides the graphical login screen shown shortly after boot up, log out, and when user-switching. The following packages have been upgraded to a later upstream version: gdm (3.22.3), gnome-session (3.22.3). (BZ#1386862, BZ#1386957) Security Fix(es): * It was found that gdm could crash due to a signal handler dispatched to an invalid conversation. An attacker could crash gdm by holding the escape key when the screen is locked, possibly bypassing the locked screen. (CVE-2015-7496) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2180: ghostscript security and bug fix update (Low)oval-com.redhat.rhsa-def-20172180 lowRHSA-2017:2180 CVE-2017-7207
RHSA-2017:2180: ghostscript security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20172180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2017:2180, CVE-2017-7207 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * A NULL pointer dereference flaw was found in ghostscript's mem_get_bits_rectangle function. A specially crafted postscript document could cause a crash in the context of the gs process. (CVE-2017-7207) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2192: mariadb security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20172192 mediumRHSA-2017:2192 CVE-2016-5483 CVE-2016-5617 CVE-2016-6664 CVE-2017-3238 CVE-2017-3243 CVE-2017-3244 CVE-2017-3258 CVE-2017-3265 CVE-2017-3291 CVE-2017-3302 CVE-2017-3308 CVE-2017-3309 CVE-2017-3312 CVE-2017-3313 CVE-2017-3317 CVE-2017-3318 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 CVE-2017-3600 CVE-2017-3651
RHSA-2017:2192: mariadb security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172192 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2192, CVE-2016-5483, CVE-2016-5617, CVE-2016-6664, CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3265, CVE-2017-3291, CVE-2017-3302, CVE-2017-3308, CVE-2017-3309, CVE-2017-3312, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464, CVE-2017-3600, CVE-2017-3651 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.56). (BZ#1458933) Security Fix(es): * It was discovered that the mysql and mysqldump tools did not correctly handle database and table names containing newline characters. A database user with privileges to create databases or tables could cause the mysql command to execute arbitrary shell or SQL commands while restoring database backup created using the mysqldump tool. (CVE-2016-5483, CVE-2017-3600) * A flaw was found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root. (CVE-2016-5617, CVE-2016-6664) * Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3265) * It was discovered that the mysqld_safe script honored the ledir option value set in a MySQL configuration file. A user able to modify one of the MySQL configuration files could use this flaw to escalate their privileges to root. (CVE-2017-3291) * Multiple flaws were found in the way the mysqld_safe script handled creation of error log file. The mysql operating system user could use these flaws to escalate their privileges to root. (CVE-2017-3312) * A flaw was found in the way MySQL client library (libmysqlclient) handled prepared statements when server connection was lost. A malicious server or a man-in-the-middle attacker could possibly use this flaw to crash an application using libmysqlclient. (CVE-2017-3302) * This update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. (CVE-2017-3238, CVE-2017-3243, CVE-2017-3244, CVE-2017-3258, CVE-2017-3308, CVE-2017-3309, CVE-2017-3313, CVE-2017-3317, CVE-2017-3318, CVE-2017-3453, CVE-2017-3456, CVE-2017-3464) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2247: tomcat security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20172247 lowRHSA-2017:2247 CVE-2016-0762 CVE-2016-5018 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797
RHSA-2017:2247: tomcat security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20172247 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2017:2247, CVE-2016-0762, CVE-2016-5018, CVE-2016-6794, CVE-2016-6796, CVE-2016-6797 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The following packages have been upgraded to a later upstream version: tomcat (7.0.76). (BZ#1414895) Security Fix(es): * The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762) * It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018) * It was discovered that when a SecurityManager was configured, Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794) * It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796) * It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2258: gtk-vnc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20172258 mediumRHSA-2017:2258 CVE-2017-5884 CVE-2017-5885
RHSA-2017:2258: gtk-vnc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172258 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2258, CVE-2017-5884, CVE-2017-5885 |
| Description | The gtk-vnc packages provide a VNC viewer widget for GTK. The gtk-vnc widget is built by using co-routines, which allows the widget to be completely asynchronous while remaining single-threaded. The following packages have been upgraded to a later upstream version: gtk-vnc (0.7.0). (BZ#1416783) Security Fix(es): * It was found that gtk-vnc lacked proper bounds checking while processing messages using RRE, hextile, or copyrect encodings. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5884) * An integer overflow flaw was found in gtk-vnc. A remote malicious VNC server could use this flaw to crash VNC viewers which are based on the gtk-vnc library. (CVE-2017-5885) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2285: authconfig security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20172285 mediumRHSA-2017:2285 CVE-2017-7488
RHSA-2017:2285: authconfig security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172285 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2285, CVE-2017-7488 |
| Description | The authconfig packages contain a command-line utility and a GUI application that can configure a workstation to be a client for certain network user information, authentication schemes, and other user information and authentication-related options. Security Fix(es): * A flaw was found where authconfig could configure sssd in a way that treats existing and non-existing logins differently, leaking information on existence of a user. An attacker with physical or network access to the machine could enumerate users via a timing attack. (CVE-2017-7488) This issue was discovered by Tomas Mraz (Red Hat) and Thorsten Scherf (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2292: gnutls security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20172292 mediumRHSA-2017:2292 CVE-2016-7444 CVE-2017-5334 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 CVE-2017-7507 CVE-2017-7869
RHSA-2017:2292: gnutls security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172292 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2292, CVE-2016-7444, CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7507, CVE-2017-7869 |
| Description | The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.26). (BZ#1378373) Security Fix(es): * A double-free flaw was found in the way GnuTLS parsed certain X.509 certificates with Proxy Certificate Information extension. An attacker could create a specially-crafted certificate which, when processed by an application compiled against GnuTLS, could cause that application to crash. (CVE-2017-5334) * Multiple flaws were found in the way gnutls processed OpenPGP certificates. An attacker could create specially crafted OpenPGP certificates which, when parsed by gnutls, would cause it to crash. (CVE-2017-5335, CVE-2017-5336, CVE-2017-5337, CVE-2017-7869) * A null pointer dereference flaw was found in the way GnuTLS processed ClientHello messages with status_request extension. A remote attacker could use this flaw to cause an application compiled with GnuTLS to crash. (CVE-2017-7507) * A flaw was found in the way GnuTLS validated certificates using OCSP responses. This could falsely report a certificate as valid under certain circumstances. (CVE-2016-7444) The CVE-2017-7507 issue was discovered by Hubert Kario (Red Hat QE BaseOS Security team). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2299: NetworkManager and libnl3 security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20172299 mediumRHSA-2017:2299 CVE-2017-0553
RHSA-2017:2299: NetworkManager and libnl3 security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172299 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2299, CVE-2017-0553 |
| Description | NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The libnl3 packages contain a convenience library that simplifies using the Linux kernel's Netlink sockets interface for network manipulation. The following packages have been upgraded to a later upstream version: NetworkManager (1.8.0), network-manager-applet (1.8.0). (BZ#1413312, BZ#1414103, BZ#1441621) Security Fix(es) in the libnl3 component: * An integer overflow leading to a heap-buffer overflow was found in the libnl library. An attacker could use this flaw to cause an application compiled with libnl to crash or possibly execute arbitrary code in the context of the user running such an application. (CVE-2017-0553) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section. |
RHSA-2017:2335: pki-core security update (Moderate)oval-com.redhat.rhsa-def-20172335 mediumRHSA-2017:2335 CVE-2017-7537
RHSA-2017:2335: pki-core security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172335 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2335, CVE-2017-7537 |
| Description | Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem. Security Fix(es): * It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. (CVE-2017-7537) This issue was discovered by Christina Fu (Red Hat). |
RHSA-2017:2388: evince security update (Important)oval-com.redhat.rhsa-def-20172388 highRHSA-2017:2388 CVE-2017-1000083
RHSA-2017:2388: evince security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172388 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2388, CVE-2017-1000083 |
| Description | The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es): * It was found that evince did not properly sanitize the command line which is run to untar Comic Book Tar (CBT) files, thereby allowing command injection. A specially crafted CBT file, when opened by evince or evince-thumbnailer, could execute arbitrary commands in the context of the evince program. (CVE-2017-1000083) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. |
RHSA-2017:2389: freeradius security update (Important)oval-com.redhat.rhsa-def-20172389 highRHSA-2017:2389 CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987
RHSA-2017:2389: freeradius security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172389 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2389, CVE-2017-10978, CVE-2017-10983, CVE-2017-10984, CVE-2017-10985, CVE-2017-10986, CVE-2017-10987 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10984) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10983) * A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet. (CVE-2017-10985) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10986, CVE-2017-10987) Red Hat would like to thank the FreeRADIUS project for reporting these issues. Upstream acknowledges Guido Vranken as the original reporter of these issues. |
RHSA-2017:2412: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20172412 highRHSA-2017:2412 CVE-2017-7895
RHSA-2017:2412: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172412 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2412, CVE-2017-7895 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important) Red Hat would like to thank Ari Kauppi for reporting this issue. Bug Fix(es): * When upgrading to kernel with the fix for stack guard flaw, a crash could occur in Java Virtual Machine (JVM) environments, which attempted to implement their own stack guard page. With this update, the underlying source code has been fixed to consider the PROT_NONE mapping as a part of the stack, and the crash in JVM no longer occurs under the described circumstances. (BZ#1467938) |
RHSA-2017:2423: log4j security update (Important)oval-com.redhat.rhsa-def-20172423 highRHSA-2017:2423 CVE-2017-5645 CVE-2019-17571
RHSA-2017:2423: log4j security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172423 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2423, CVE-2017-5645, CVE-2019-17571 |
| Description | Log4j is a tool to help the programmer output log statements to a variety of output targets. Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) |
RHSA-2017:2424: java-1.7.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20172424 highRHSA-2017:2424 CVE-2017-10053 CVE-2017-10067 CVE-2017-10074 CVE-2017-10081 CVE-2017-10087 CVE-2017-10089 CVE-2017-10090 CVE-2017-10096 CVE-2017-10101 CVE-2017-10102 CVE-2017-10107 CVE-2017-10108 CVE-2017-10109 CVE-2017-10110 CVE-2017-10115 CVE-2017-10116 CVE-2017-10135 CVE-2017-10243
RHSA-2017:2424: java-1.7.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20172424 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2424, CVE-2017-10053, CVE-2017-10067, CVE-2017-10074, CVE-2017-10081, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090, CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110, CVE-2017-10115, CVE-2017-10116, CVE-2017-10135, CVE-2017-10243 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102) * Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067) * It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116) * It was discovered that the wsdlimport tool in the JAX-WS component of OpenJDK did not use secure XML parser settings when parsing WSDL XML documents. A specially crafted WSDL document could cause wsdlimport to use an excessive amount of CPU and memory, open connections to other hosts, or leak information. (CVE-2017-10243) * A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115) * A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135) * It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109) * A flaw was found in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2017-10081) * It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053) |
RHSA-2017:2445: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20172445 mediumRHSA-2017:2445 CVE-2017-10664
RHSA-2017:2445: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172445 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2445, CVE-2017-10664 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick Emulator (QEMU) built with the Network Block Device (NBD) Server support is vulnerable to a crash via a SIGPIPE signal. The crash can occur if a client aborts a connection due to any failure during negotiation or read operation. A remote user/process could use this flaw to crash the qemu-nbd server resulting in a DoS. (CVE-2017-10664) |
RHSA-2017:2456: firefox security update (Critical)oval-com.redhat.rhsa-def-20172456 highRHSA-2017:2456 CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809
RHSA-2017:2456: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20172456 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2456, CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807, CVE-2017-7809 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Frederik Braun, Looben Yang, Nils, SkyLined, Oliver Wagner, Fraser Tweedale, Mathias Karlsson, Jose María Acuña, and Rhys Enniks as the original reporters. |
RHSA-2017:2459: libsoup security update (Important)oval-com.redhat.rhsa-def-20172459 highRHSA-2017:2459 CVE-2017-2885
RHSA-2017:2459: libsoup security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172459 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2459, CVE-2017-2885 |
| Description | The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality. (CVE-2017-2885) Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting this issue. |
RHSA-2017:2471: spice security update (Important)oval-com.redhat.rhsa-def-20172471 highRHSA-2017:2471 CVE-2017-7506
RHSA-2017:2471: spice security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172471 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2471, CVE-2017-7506 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * A vulnerability was discovered in spice server's protocol handling. An authenticated attacker could send specially crafted messages to the spice server, causing out-of-bounds memory accesses, leading to parts of server memory being leaked or a crash. (CVE-2017-7506) This issue was discovered by Frediano Ziglio (Red Hat). |
RHSA-2017:2473: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20172473 highRHSA-2017:2473 CVE-2017-7533
RHSA-2017:2473: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172473 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2473, CVE-2017-7533 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data. (CVE-2017-7533, Important) Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting this issue. Bug Fix(es): * Previously, direct I/O read operations going past EOF returned an invalid error number, instead of reading 0 bytes and returning success, if these operations were in same XFS block with EOF. Consequently, creating multiple VMs from a Red Hat Enterprise Linux 7.4 template caused all the VMs to become unresponsive in the 'Image Locked' state. This update fixes the direct I/O feature of the file system, and VMs created from a Red Hat Enterprise Linux 7.4 template now work as expected. (BZ#1475669) |
RHSA-2017:2478: httpd security update (Important)oval-com.redhat.rhsa-def-20172478 highRHSA-2017:2478 CVE-2017-3167 CVE-2017-3169 CVE-2017-7679 CVE-2017-9788
RHSA-2017:2478: httpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172478 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2478, CVE-2017-3167, CVE-2017-3169, CVE-2017-7679, CVE-2017-9788 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) |
RHSA-2017:2479: httpd security update (Important)oval-com.redhat.rhsa-def-20172479 highRHSA-2017:2479 CVE-2017-3167 CVE-2017-3169 CVE-2017-7668 CVE-2017-7679 CVE-2017-9788
RHSA-2017:2479: httpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172479 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2479, CVE-2017-3167, CVE-2017-3169, CVE-2017-7668, CVE-2017-7679, CVE-2017-9788 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server. (CVE-2017-9788) * It was discovered that the use of httpd's ap_get_basic_auth_pw() API function outside of the authentication phase could lead to authentication bypass. A remote attacker could possibly use this flaw to bypass required authentication if the API was used incorrectly by one of the modules used by httpd. (CVE-2017-3167) * A NULL pointer dereference flaw was found in the httpd's mod_ssl module. A remote attacker could use this flaw to cause an httpd child process to crash if another module used by httpd called a certain API function during the processing of an HTTPS request. (CVE-2017-3169) * A buffer over-read flaw was found in the httpd's ap_find_token() function. A remote attacker could use this flaw to cause httpd child process to crash via a specially crafted HTTP request. (CVE-2017-7668) * A buffer over-read flaw was found in the httpd's mod_mime module. A user permitted to modify httpd's MIME configuration could use this flaw to cause httpd child process to crash. (CVE-2017-7679) |
RHSA-2017:2480: subversion security update (Important)oval-com.redhat.rhsa-def-20172480 highRHSA-2017:2480 CVE-2017-9800
RHSA-2017:2480: subversion security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172480 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2480, CVE-2017-9800 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * A shell command injection flaw related to the handling of "svn+ssh" URLs has been discovered in Subversion. An attacker could use this flaw to execute shell commands with the privileges of the user running the Subversion client, for example when performing a "checkout" or "update" action on a malicious repository, or a legitimate repository containing a malicious commit. (CVE-2017-9800) Red Hat would like to thank the Subversion Team for reporting this issue. |
RHSA-2017:2484: git security update (Important)oval-com.redhat.rhsa-def-20172484 highRHSA-2017:2484 CVE-2017-1000117
RHSA-2017:2484: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172484 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2484, CVE-2017-1000117 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) |
RHSA-2017:2485: git security update (Important)oval-com.redhat.rhsa-def-20172485 highRHSA-2017:2485 CVE-2017-1000117
RHSA-2017:2485: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172485 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2485, CVE-2017-1000117 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000117) |
RHSA-2017:2486: groovy security update (Important)oval-com.redhat.rhsa-def-20172486 highRHSA-2017:2486 CVE-2015-3253 CVE-2016-6814
RHSA-2017:2486: groovy security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172486 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2486, CVE-2015-3253, CVE-2016-6814 |
| Description | Groovy is an agile and dynamic language for the Java Virtual Machine, built upon Java with features inspired by languages like Python, Ruby, and Smalltalk. It seamlessly integrates with all existing Java objects and libraries and compiles straight to Java bytecode so you can use it anywhere you can use Java. Security Fix(es): * It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability. (CVE-2016-6814) |
RHSA-2017:2489: mercurial security update (Important)oval-com.redhat.rhsa-def-20172489 highRHSA-2017:2489 CVE-2017-1000115 CVE-2017-1000116
RHSA-2017:2489: mercurial security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172489 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2489, CVE-2017-1000115, CVE-2017-1000116 |
| Description | Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix(es): * A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. (CVE-2017-1000115) * A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit. (CVE-2017-1000116) Red Hat would like to thank the Mercurial Security Team for reporting CVE-2017-1000115 and the Subversion Team for reporting CVE-2017-1000116. |
RHSA-2017:2492: xmlsec1 security update (Moderate)oval-com.redhat.rhsa-def-20172492 mediumRHSA-2017:2492 CVE-2017-1000061
RHSA-2017:2492: xmlsec1 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172492 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2492, CVE-2017-1000061 |
| Description | XML Security Library is a C library based on LibXML2 and OpenSSL. The library was created with a goal to support major XML security standards "XML Digital Signature" and "XML Encryption". Security Fix(es): * It was discovered xmlsec1's use of libxml2 inadvertently enabled external entity expansion (XXE) along with validation. An attacker could craft an XML file that would cause xmlsec1 to try and read local files or HTTP/FTP URLs, leading to information disclosure or denial of service. (CVE-2017-1000061) |
RHSA-2017:2534: thunderbird security update (Important)oval-com.redhat.rhsa-def-20172534 highRHSA-2017:2534 CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809
RHSA-2017:2534: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172534 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2534, CVE-2017-7753, CVE-2017-7779, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7791, CVE-2017-7792, CVE-2017-7800, CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7807, CVE-2017-7809 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.3.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7779, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Looben Yang, Nils, SkyLined, Oliver Wagner, Fraser Tweedale, Mathias Karlsson, Jose María Acuña, and Rhys Enniks as the original reporters. |
RHSA-2017:2550: poppler security update (Moderate)oval-com.redhat.rhsa-def-20172550 mediumRHSA-2017:2550 CVE-2017-9776
RHSA-2017:2550: poppler security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172550 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2550, CVE-2017-9776 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) |
RHSA-2017:2551: poppler security update (Moderate)oval-com.redhat.rhsa-def-20172551 mediumRHSA-2017:2551 CVE-2017-9775 CVE-2017-9776
RHSA-2017:2551: poppler security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172551 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2551, CVE-2017-9775, CVE-2017-9776 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) * An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) |
RHSA-2017:2563: openssh security update (Moderate)oval-com.redhat.rhsa-def-20172563 mediumRHSA-2017:2563 CVE-2016-6210
RHSA-2017:2563: openssh security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172563 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2563, CVE-2016-6210 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) |
RHSA-2017:2569: 389-ds-base security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20172569 mediumRHSA-2017:2569 CVE-2017-7551
RHSA-2017:2569: 389-ds-base security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172569 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2569, CVE-2017-7551 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * A flaw was found in the way 389-ds-base handled authentication attempts against locked accounts. A remote attacker could potentially use this flaw to continue password brute-forcing attacks against LDAP accounts, thereby bypassing the protection offered by the directory server's password lockout policy. (CVE-2017-7551) Bug Fix(es): * In a multi-replication environments, if operations in one back end triggered updates in another back end, the Replica Update Vector (RUV) of the back end was incorrect and replication failed. This fix enables Directory Server to handle Change Sequence Number (CSN) pending lists across multiple back ends. As a result, replication works correctly. (BZ#1476161) * Due to a low default entry cache size value, the Directory Server database had to resolve many deadlocks during resource-intensive tasks. In certain situations, this could result in a "DB PANIC" error and the server no longer responded to requests. After the server was restarted, Directory Server started with a delay to recover the database. However, this recovery could fail, and the database could corrupt. This patch increases the default entry cache size in the nsslapd-cachememsize parameter to 200 MB. As a result, out-of-lock situations or "DB PANIC" errors no longer occur in the mentioned scenario. (BZ#1476162) * Previously, if replication was enabled and a changelog file existed, performing a backup on this master server failed. This update sets the internal options for correctly copying a file. As a result, creating a backup now succeeds in the mentioned scenario. (BZ#1479755) * In certain situations, if the server was previously abruptly shut down, the /etc/dirsrv/<instance_name>/dse.ldif configuration file became corrupted. As a consequence, Directory Server failed to start. With this patch, the server now calls the fsync() function before shutting down to force the file system to write any changes to the disk. As a result, the configuration no longer becomes corrupted, regardless how the server gets stopped. (BZ#1479757) |
RHSA-2017:2585: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20172585 highRHSA-2017:2585 CVE-2017-7533
RHSA-2017:2585: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172585 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2585, CVE-2017-7533 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533, Important) Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting this issue. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-693.2.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1473393) (BZ#1473393) |
RHSA-2017:2679: kernel security update (Important)oval-com.redhat.rhsa-def-20172679 highRHSA-2017:2679 CVE-2017-1000251
RHSA-2017:2679: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172679 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2679, CVE-2017-1000251 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue. |
RHSA-2017:2681: kernel security update (Important)oval-com.redhat.rhsa-def-20172681 highRHSA-2017:2681 CVE-2017-1000251
RHSA-2017:2681: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172681 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2681, CVE-2017-1000251 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue. |
RHSA-2017:2685: bluez security update (Moderate)oval-com.redhat.rhsa-def-20172685 mediumRHSA-2017:2685 CVE-2017-1000250
RHSA-2017:2685: bluez security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172685 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2685, CVE-2017-1000250 |
| Description | The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * An information-disclosure flaw was found in the bluetoothd implementation of the Service Discovery Protocol (SDP). A specially crafted Bluetooth device could, without prior pairing or user interaction, retrieve portions of the bluetoothd process memory, including potentially sensitive information such as Bluetooth encryption keys. (CVE-2017-1000250) Red Hat would like to thank Armis Labs for reporting this issue. |
RHSA-2017:2704: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20172704 highRHSA-2017:2704 CVE-2017-1000251
RHSA-2017:2704: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172704 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2704, CVE-2017-1000251 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64[le]), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execution cannot be fully ruled out, although we believe it is unlikely. On systems without the stack protection feature (ppc64[le]; the Bluetooth modules are not built on s390x), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to remotely execute arbitrary code on the system with ring 0 (kernel) privileges. (CVE-2017-1000251, Important) Red Hat would like to thank Armis Labs for reporting this issue. |
RHSA-2017:2728: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20172728 mediumRHSA-2017:2728 CVE-2017-7546 CVE-2017-7547
RHSA-2017:2728: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172728 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2728, CVE-2017-7546, CVE-2017-7547 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.23). (BZ#1484639, BZ#1484647) Security Fix(es): * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. (CVE-2017-7546) * An authorization flaw was found in the way PostgreSQL handled access to the pg_user_mappings view on foreign servers. A remote, authenticated attacker could potentially use this flaw to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so. (CVE-2017-7547) Red Hat would like to thank the PostgreSQL project for reporting these issues. Upstream acknowledges Ben de Graaff, Jelte Fennema, and Jeroen van der Ham as the original reporters of CVE-2017-7546; and Jeff Janes as the original reporter of CVE-2017-7547. |
RHSA-2017:2771: emacs security update (Important)oval-com.redhat.rhsa-def-20172771 highRHSA-2017:2771 CVE-2017-14482
RHSA-2017:2771: emacs security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172771 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2771, CVE-2017-14482 |
| Description | GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news. Security Fix(es): * A command injection flaw within the Emacs "enriched mode" handling has been discovered. By tricking an unsuspecting user into opening a specially crafted file using Emacs, a remote attacker could exploit this flaw to execute arbitrary commands with the privileges of the Emacs user. (CVE-2017-14482) |
RHSA-2017:2788: augeas security update (Important)oval-com.redhat.rhsa-def-20172788 highRHSA-2017:2788 CVE-2017-7555
RHSA-2017:2788: augeas security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172788 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2788, CVE-2017-7555 |
| Description | Augeas is a configuration editing tool. It parses configuration files in their native formats and transforms them into a tree. Configuration changes are made by manipulating this tree and saving it back into native config files. Security Fix(es): * A vulnerability was discovered in augeas affecting the handling of escaped strings. An attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. (CVE-2017-7555) This issue was discovered by Han Han (Red Hat). |
RHSA-2017:2789: samba security update (Moderate)oval-com.redhat.rhsa-def-20172789 mediumRHSA-2017:2789 CVE-2017-12150 CVE-2017-12163 CVE-2017-2619
RHSA-2017:2789: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172789 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2789, CVE-2017-12150, CVE-2017-12163, CVE-2017-2619 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619) * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) Red Hat would like to thank the Samba project for reporting CVE-2017-2619 and CVE-2017-12150 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Jann Horn (Google) as the original reporter of CVE-2017-2619; and Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150. |
RHSA-2017:2790: samba security update (Moderate)oval-com.redhat.rhsa-def-20172790 mediumRHSA-2017:2790 CVE-2017-12150 CVE-2017-12151 CVE-2017-12163
RHSA-2017:2790: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172790 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2790, CVE-2017-12150, CVE-2017-12151, CVE-2017-12163 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. (CVE-2017-12151) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) Red Hat would like to thank the Samba project for reporting CVE-2017-12150 and CVE-2017-12151 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150 and CVE-2017-12151. |
RHSA-2017:2791: samba4 security update (Moderate)oval-com.redhat.rhsa-def-20172791 mediumRHSA-2017:2791 CVE-2017-12150 CVE-2017-12163
RHSA-2017:2791: samba4 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172791 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2791, CVE-2017-12150, CVE-2017-12163 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150) * An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163) Red Hat would like to thank the Samba project for reporting CVE-2017-12150 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163. Upstream acknowledges Stefan Metzmacher (SerNet) as the original reporter of CVE-2017-12150. |
RHSA-2017:2795: kernel security update (Important)oval-com.redhat.rhsa-def-20172795 highRHSA-2017:2795 CVE-2017-1000253
RHSA-2017:2795: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172795 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2795, CVE-2017-1000253 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system. (CVE-2017-1000253, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue. |
RHSA-2017:2801: kernel security update (Important)oval-com.redhat.rhsa-def-20172801 highRHSA-2017:2801 CVE-2017-1000253
RHSA-2017:2801: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172801 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2801, CVE-2017-1000253 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable (PIE), the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory corruption. An unprivileged local user with access to SUID (or otherwise privileged) PIE binary could use this flaw to escalate their privileges on the system. (CVE-2017-1000253, Important) Red Hat would like to thank Qualys Research Labs for reporting this issue. |
RHSA-2017:2831: firefox security update (Critical)oval-com.redhat.rhsa-def-20172831 highRHSA-2017:2831 CVE-2017-7793 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824
RHSA-2017:2831: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20172831 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2831, CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.4.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils, Omair, Andre Weissflog, François Marier, and Jun Kokatsu as the original reporters. |
RHSA-2017:2832: nss security update (Important)oval-com.redhat.rhsa-def-20172832 highRHSA-2017:2832 CVE-2017-7805
RHSA-2017:2832: nss security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172832 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2832, CVE-2017-7805 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, potentially, execute arbitrary code with the permission of the user running the application. (CVE-2017-7805) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Martin Thomson as the original reporter. |
RHSA-2017:2836: dnsmasq security update (Critical)oval-com.redhat.rhsa-def-20172836 highRHSA-2017:2836 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496
RHSA-2017:2836: dnsmasq security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20172836 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2836, CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) * A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492) * A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493) * An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494) * A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495) * An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues. |
RHSA-2017:2838: dnsmasq security update (Critical)oval-com.redhat.rhsa-def-20172838 highRHSA-2017:2838 CVE-2017-14491
RHSA-2017:2838: dnsmasq security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20172838 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2838, CVE-2017-14491 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue. |
RHSA-2017:2840: dnsmasq security update (Critical)oval-com.redhat.rhsa-def-20172840 highRHSA-2017:2840 CVE-2017-14491
RHSA-2017:2840: dnsmasq security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20172840 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2840, CVE-2017-14491 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491) Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue. |
RHSA-2017:2860: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20172860 mediumRHSA-2017:2860 CVE-2017-7546
RHSA-2017:2860: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172860 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2860, CVE-2017-7546 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * It was found that authenticating to a PostgreSQL database account with an empty password was possible despite libpq's refusal to send an empty password. A remote attacker could potentially use this flaw to gain access to database accounts with empty passwords. (CVE-2017-7546) Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Ben de Graaff, Jelte Fennema, and Jeroen van der Ham as the original reporters. |
RHSA-2017:2863: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20172863 mediumRHSA-2017:2863 CVE-2017-7541
RHSA-2017:2863: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172863 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2863, CVE-2017-7541 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate) Bug Fix(es): * Previously, removal of a rport during ISCSI target scanning could cause a kernel panic. This was happening because addition of STARGET_REMOVE to the rport state introduced a race condition to the SCSI code. This update adds the STARGET_CREATED_REMOVE state as a possible state of the rport and appropriate handling of that state, thus fixing the bug. As a result, the kernel panic no longer occurs under the described circumstances. (BZ#1472127) * Previously, GFS2 contained multiple bugs where the wrong inode was assigned to GFS2 cluster-wide locks (glocks), or the assigned inode was cleared incorrectly. Consequently, kernel panic could occur when using GFS2. With this update, GFS2 has been fixed, and the kernel no longer panics due to those bugs. (BZ#1479397) * Previously, VMs with memory larger than 64GB running on Hyper-V with Windows Server hosts reported potential memory size of 4TB and more, but could not use more than 64GB. This was happening because the Memory Type Range Register (MTRR) for memory above 64GB was omitted. With this update, the /proc/mtrr file has been fixed to show correct base/size if they are more than 44 bit wide. As a result, the whole size of memory is now available as expected under the described circumstances. (BZ#1482855) |
RHSA-2017:2882: httpd security update (Moderate)oval-com.redhat.rhsa-def-20172882 mediumRHSA-2017:2882 CVE-2017-9798
RHSA-2017:2882: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172882 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2882, CVE-2017-9798 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) Red Hat would like to thank Hanno Böck for reporting this issue. |
RHSA-2017:2885: thunderbird security update (Important)oval-com.redhat.rhsa-def-20172885 highRHSA-2017:2885 CVE-2017-7793 CVE-2017-7810 CVE-2017-7814 CVE-2017-7818 CVE-2017-7819 CVE-2017-7823 CVE-2017-7824
RHSA-2017:2885: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172885 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2885, CVE-2017-7793, CVE-2017-7810, CVE-2017-7814, CVE-2017-7818, CVE-2017-7819, CVE-2017-7823, CVE-2017-7824 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.4.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, Sebastian Hengst, Abhishek Arya, Nils, Omair, Andre Weissflog, François Marier, and Jun Kokatsu as the original reporters. |
RHSA-2017:2907: wpa_supplicant security update (Important)oval-com.redhat.rhsa-def-20172907 highRHSA-2017:2907 CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13082 CVE-2017-13086 CVE-2017-13087 CVE-2017-13088
RHSA-2017:2907: wpa_supplicant security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172907 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2907, CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088 |
| Description | The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es): * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13082, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. |
RHSA-2017:2911: wpa_supplicant security update (Important)oval-com.redhat.rhsa-def-20172911 highRHSA-2017:2911 CVE-2017-13077 CVE-2017-13078 CVE-2017-13080 CVE-2017-13087
RHSA-2017:2911: wpa_supplicant security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172911 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2911, CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087 |
| Description | The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es): * A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit these attacks to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by manipulating cryptographic handshakes used by the WPA2 protocol. (CVE-2017-13077, CVE-2017-13078, CVE-2017-13080, CVE-2017-13087) Red Hat would like to thank CERT for reporting these issues. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter of these issues. |
RHSA-2017:2930: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20172930 highRHSA-2017:2930 CVE-2016-8399 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-11176 CVE-2017-14106 CVE-2017-7184 CVE-2017-7541 CVE-2017-7542 CVE-2017-7558
RHSA-2017:2930: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172930 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2930, CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. (CVE-2017-7184, Important)
* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important)
* An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important)
* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)
* Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate)
* An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)
* A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. (CVE-2017-7558, Moderate)
* The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact. (CVE-2017-11176, Moderate)
* A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)
Red Hat would like to thank Chaitin Security Research Lab for reporting CVE-2017-7184; Willem de Bruijn for reporting CVE-2017-1000111; and Andrey Konovalov for reporting CVE-2017-1000112. The CVE-2017-7558 issue was discovered by Stefano Brivio (Red Hat).
Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/node/3212921.
|
RHSA-2017:2931: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20172931 highRHSA-2017:2931 CVE-2016-8399 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-11176 CVE-2017-14106 CVE-2017-7184 CVE-2017-7541 CVE-2017-7542 CVE-2017-7558
RHSA-2017:2931: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20172931 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2931, CVE-2016-8399, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-11176, CVE-2017-14106, CVE-2017-7184, CVE-2017-7541, CVE-2017-7542, CVE-2017-7558 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. (CVE-2017-7184, Important)
* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important)
* An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important)
* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)
* Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate)
* An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)
* A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. (CVE-2017-7558, Moderate)
* The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact. (CVE-2017-11176, Moderate)
* A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)
Red Hat would like to thank Chaitin Security Research Lab for reporting CVE-2017-7184; Willem de Bruijn for reporting CVE-2017-1000111; and Andrey Konovalov for reporting CVE-2017-1000112. The CVE-2017-7558 issue was discovered by Stefano Brivio (Red Hat).
Bug Fix(es):
* The kernel-rt packages have been upgraded to the 3.10.0-693.5.2 source tree, which provides number of bug fixes over the previous version. (BZ#1489084)
|
RHSA-2017:2972: httpd security update (Moderate)oval-com.redhat.rhsa-def-20172972 mediumRHSA-2017:2972 CVE-2017-12171 CVE-2017-9798
RHSA-2017:2972: httpd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20172972 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:2972, CVE-2017-12171, CVE-2017-9798 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * A use-after-free flaw was found in the way httpd handled invalid and previously unregistered HTTP methods specified in the Limit directive used in an .htaccess file. A remote attacker could possibly use this flaw to disclose portions of the server memory, or cause httpd child process to crash. (CVE-2017-9798) * A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd, causing comments in the "Allow" and "Deny" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource. (CVE-2017-12171) Red Hat would like to thank Hanno Böck for reporting CVE-2017-9798 and KAWAHARA Masashi for reporting CVE-2017-12171. |
RHSA-2017:2998: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20172998 highRHSA-2017:2998 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388
RHSA-2017:2998: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20172998 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2998, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10285, CVE-2017-10346) * It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients. (CVE-2017-10388) * It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store. (CVE-2017-10356) * A flaw was found in the Smart Card IO component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2017-10274) * It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server. (CVE-2017-10355) * It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request. (CVE-2017-10295) * It was discovered that multiple classes in the JAXP, Serialization, Libraries, and JAX-WS components of OpenJDK did not limit the amount of memory allocated when creating object instances from the serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized. (CVE-2017-10349, CVE-2017-10357, CVE-2017-10347, CVE-2017-10281, CVE-2017-10345, CVE-2017-10348, CVE-2017-10350) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2017:2999: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20172999 highRHSA-2017:2999 CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10309 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388
RHSA-2017:2999: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20172999 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:2999, CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 151. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) |
RHSA-2017:3046: java-1.7.0-oracle security update (Important)oval-com.redhat.rhsa-def-20173046 highRHSA-2017:3046 CVE-2016-10165 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388
RHSA-2017:3046: java-1.7.0-oracle security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173046 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3046, CVE-2016-10165, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 161. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 7. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change. |
RHSA-2017:3047: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20173047 highRHSA-2017:3047 CVE-2016-9840 CVE-2016-9841 CVE-2016-9842 CVE-2016-9843 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10293 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388
RHSA-2017:3047: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173047 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3047, CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 171. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388) Note: Starting with this update, Java web browser plugin and Java Web Start application are no longer included with Oracle Java SE 6. Refer to the Releases Notes and the Oracle Java SE Support Roadmap pages linked to in the References section for further information about this change. |
RHSA-2017:3071: ntp security update (Moderate)oval-com.redhat.rhsa-def-20173071 mediumRHSA-2017:3071 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464
RHSA-2017:3071: ntp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173071 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3071, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * Two vulnerabilities were discovered in the NTP server's parsing of configuration directives. A remote, authenticated attacker could cause ntpd to crash by sending a crafted message. (CVE-2017-6463, CVE-2017-6464) * A vulnerability was found in NTP, in the parsing of packets from the /dev/datum device. A malicious device could send crafted messages, causing ntpd to crash. (CVE-2017-6462) Red Hat would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues. |
RHSA-2017:3075: wget security update (Important)oval-com.redhat.rhsa-def-20173075 highRHSA-2017:3075 CVE-2017-13089 CVE-2017-13090
RHSA-2017:3075: wget security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173075 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3075, CVE-2017-13089, CVE-2017-13090 |
| Description | The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es): * A stack-based and a heap-based buffer overflow flaws were found in wget when processing chunked encoded HTTP responses. By tricking an unsuspecting user into connecting to a malicious HTTP server, an attacker could exploit these flaws to potentially execute arbitrary code. (CVE-2017-13089, CVE-2017-13090) Red Hat would like to thank the GNU Wget project for reporting these issues. |
RHSA-2017:3080: tomcat6 security update (Important)oval-com.redhat.rhsa-def-20173080 highRHSA-2017:3080 CVE-2017-12615 CVE-2017-12617 CVE-2017-5647 CVE-2017-5664
RHSA-2017:3080: tomcat6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173080 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3080, CVE-2017-12615, CVE-2017-12617, CVE-2017-5647, CVE-2017-5664 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * A vulnerability was discovered in the error page mechanism in Tomcat's DefaultServlet implementation. A crafted HTTP request could cause undesired side effects, possibly including the removal or replacement of the custom error page. (CVE-2017-5664) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) |
RHSA-2017:3081: tomcat security update (Important)oval-com.redhat.rhsa-def-20173081 highRHSA-2017:3081 CVE-2017-12615 CVE-2017-12617 CVE-2017-5647 CVE-2017-7674
RHSA-2017:3081: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173081 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3081, CVE-2017-12615, CVE-2017-12617, CVE-2017-5647, CVE-2017-7674 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5647) * Two vulnerabilities were discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution. (CVE-2017-12615, CVE-2017-12617) * A vulnerability was discovered in Tomcat where the CORS Filter did not send a "Vary: Origin" HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches. (CVE-2017-7674) |
RHSA-2017:3111: liblouis security update (Moderate)oval-com.redhat.rhsa-def-20173111 mediumRHSA-2017:3111 CVE-2014-8184 CVE-2017-13738 CVE-2017-13740 CVE-2017-13741 CVE-2017-13742 CVE-2017-13743 CVE-2017-13744
RHSA-2017:3111: liblouis security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173111 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3111, CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744 |
| Description | Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Security Fix(es): * Multiple flaws were found in the processing of translation tables in liblouis. An attacker could crash or potentially execute arbitrary code using malicious translation tables. (CVE-2014-8184, CVE-2017-13738, CVE-2017-13740, CVE-2017-13741, CVE-2017-13742, CVE-2017-13743, CVE-2017-13744) The CVE-2014-8184 issue was discovered by Raphael Sanchez Prudencio (Red Hat). |
RHSA-2017:3200: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20173200 highRHSA-2017:3200 CVE-2017-1000111 CVE-2017-1000112 CVE-2017-14106
RHSA-2017:3200: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173200 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3200, CVE-2017-1000111, CVE-2017-1000112, CVE-2017-14106 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important) * An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important) * A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate) Red Hat would like to thank Willem de Bruijn for reporting CVE-2017-1000111 and Andrey Konovalov for reporting CVE-2017-1000112. Bug Fix(es): * When the operating system was booted with Red Hat Enterprise Virtualization, and the eh_deadline sysfs parameter was set to 10s, the Storage Area Network (SAN) issues caused eh_deadline to trigger with no handler. Consequently, a kernel panic occurred. This update fixes the lpfc driver, thus preventing the kernel panic under described circumstances. (BZ#1487220) * When an NFS server returned the NFS4ERR_BAD_SEQID error to an OPEN request, the open-owner was removed from the state_owners rbtree. Consequently, NFS4 client infinite loop that required a reboot to recover occurred. This update changes NFS4ERR_BAD_SEQID handling to leave the open-owner in the state_owners rbtree by updating the create_time parameter so that it looks like a new open-owner. As a result, an NFS4 client is now able to recover without falling into the infinite recovery loop after receiving NFS4ERR_BAD_SEQID. (BZ#1491123) * If an NFS client attempted to mount NFSv3 shares from an NFS server exported directly to the client's IP address, and this NFS client had already mounted other shares that originated from the same server but were exported to the subnetwork which this client was part of, the auth.unix.ip cache expiration was not handled correctly. Consequently, the client received the 'stale file handle' errors when trying to mount the share. This update fixes handling of the cache expiration, and the NFSv3 shares now mount as expected without producing the 'stale file handle' errors. (BZ#1497976) * When running a script that raised the tx ring count to its maximum value supported by the Solarflare Network Interface Controller (NIC) driver, the EF10 family NICs allowed the settings exceeding the hardware's capability. Consequently, the Solarflare hardware became unusable with Red Hat Entepripse Linux 6. This update fixes the sfc driver, so that the tx ring can have maximum 2048 entries for all EF10 NICs. As a result, the Solarflare hardware no longer becomes unusable with Red Hat Entepripse Linux 6 due to this bug. (BZ#1498019) |
RHSA-2017:3221: php security update (Moderate)oval-com.redhat.rhsa-def-20173221 mediumRHSA-2017:3221 CVE-2016-10167 CVE-2016-10168
RHSA-2017:3221: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173221 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3221, CVE-2016-10167, CVE-2016-10168 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * A null pointer dereference flaw was found in libgd. An attacker could use a specially-crafted .gd2 file to cause an application linked with libgd to crash, leading to denial of service. (CVE-2016-10167) * An integer overflow flaw, leading to a heap-based buffer overflow was found in the way libgd read some specially-crafted gd2 files. A remote attacker could use this flaw to crash an application compiled with libgd or in certain cases execute arbitrary code with the privileges of the user running that application. (CVE-2016-10168) |
RHSA-2017:3247: firefox security update (Critical)oval-com.redhat.rhsa-def-20173247 highRHSA-2017:3247 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830
RHSA-2017:3247: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20173247 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3247, CVE-2017-7826, CVE-2017-7828, CVE-2017-7830 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, Ryan VanderMeulen, Nils, and Jun Kokatsu as the original reporters. |
RHSA-2017:3260: samba security update (Important)oval-com.redhat.rhsa-def-20173260 highRHSA-2017:3260 CVE-2017-14746 CVE-2017-15275
RHSA-2017:3260: samba security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173260 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3260, CVE-2017-14746, CVE-2017-15275 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server. (CVE-2017-15275) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the Samba Team) as the original reporter of CVE-2017-15275. |
RHSA-2017:3263: curl security update (Moderate)oval-com.redhat.rhsa-def-20173263 mediumRHSA-2017:3263 CVE-2017-1000257
RHSA-2017:3263: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173263 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3263, CVE-2017-1000257 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application. (CVE-2017-1000257) Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter and the OSS-Fuzz project as the original reporters. |
RHSA-2017:3269: procmail security update (Important)oval-com.redhat.rhsa-def-20173269 highRHSA-2017:3269 CVE-2017-16844
RHSA-2017:3269: procmail security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173269 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3269, CVE-2017-16844 |
| Description | The procmail packages contain a mail processing tool that can be used to create mail servers, mailing lists, sort incoming mail into separate folders or files, preprocess mail, start any program upon mail arrival, or automatically forward selected incoming mail. Security Fix(es): * A heap-based buffer overflow flaw was found in procmail's formail utility. A remote attacker could send a specially crafted email that, when processed by formail, could cause formail to crash or, possibly, execute arbitrary code as the user running formail. (CVE-2017-16844) |
RHSA-2017:3270: apr security update (Important)oval-com.redhat.rhsa-def-20173270 highRHSA-2017:3270 CVE-2017-12613
RHSA-2017:3270: apr security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3270, CVE-2017-12613 |
| Description | The Apache Portable Runtime (APR) is a portability library used by the Apache HTTP Server and other projects. It provides a free library of C data structures and routines. Security Fix(es): * An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak. (CVE-2017-12613) |
RHSA-2017:3278: samba4 security update (Important)oval-com.redhat.rhsa-def-20173278 highRHSA-2017:3278 CVE-2017-14746 CVE-2017-15275
RHSA-2017:3278: samba4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173278 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3278, CVE-2017-14746, CVE-2017-15275 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code. (CVE-2017-14746) * A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-crafted requests to the samba server. (CVE-2017-15275) Red Hat would like to thank the Samba project for reporting these issues. Upstream acknowledges Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam) as the original reporter of CVE-2017-14746; and Volker Lendecke (SerNet and the Samba Team) as the original reporter of CVE-2017-15275. |
RHSA-2017:3315: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20173315 mediumRHSA-2017:3315 CVE-2017-1000380
RHSA-2017:3315: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173315 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3315, CVE-2017-1000380 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/3253081 Security Fix(es): * It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users. (CVE-2017-1000380, Moderate) Red Hat would like to thank Alexander Potapenko (Google) for reporting this issue. |
RHSA-2017:3322: kernel-rt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20173322 mediumRHSA-2017:3322 CVE-2017-1000380
RHSA-2017:3322: kernel-rt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173322 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3322, CVE-2017-1000380 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users. (CVE-2017-1000380, Moderate) Red Hat would like to thank Alexander Potapenko (Google) for reporting this issue. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-693.11.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1500035) * Previously, the hfi1 driver called the preempt_disable() function to prevent migration on standard Red Hat Enterprise Linux and on Red Hat Enterprise Linux for Real Time. On Red Hat Enterprise Linux for Real Time with the realtime kernel (kernel-rt), calling preempt_disable() triggered a kernel panic. With this update, the kernel-rt code has been modified to use a realtime-specific function call to the preempt_disable_nort() function, which expands to the correct calls based on the kernel that is running. As a result, the hfi1 driver now works correctly on both Red Hat Enterprise Linux kernel and Red Hat Enterprise Linux for Real Time kernel-rt. (BZ#1507053) * Previously, the hfi1 driver called the preempt_disable() function to prevent migration on standard Red Hat Enterprise Linux and on Red Hat Enterprise Linux for Real Time. On Red Hat Enterprise Linux for Real Time with the realtime kernel (kernel-rt), calling preempt_disable() triggered a kernel panic. With this update, the kernel-rt code has been modified to use a realtime-specific function call to the preempt_disable_nort() function, which expands to the correct calls based on the kernel that is running. As a result, the hfi1 driver now works correctly on both Red Hat Enterprise Linux kernel and Red Hat Enterprise Linux for Real Time kernel-rt. (BZ#1507054) * In the realtime kernel, if the rt_mutex locking mechanism was taken in the interrupt context, the normal priority inheritance protocol incorrectly identified a deadlock, and a kernel panic occurred. This update reverts the patch that added rt_mutex in the interrupt context, and the kernel no longer panics due to this behavior. (BZ#1511382) Enhancement(s): * The current realtime throttling mechanism prevents the starvation of non-realtime tasks by CPU-intensive realtime tasks. When a realtime run queue is throttled, it allows non-realtime tasks to run. If there are not non-realtime tasks, the CPU goes idle. To safely maximize CPU usage by decreasing the CPU idle time, the RT_RUNTIME_GREED scheduler feature has been implemented. When enabled, this feature checks if non-realtime tasks are starving before throttling the realtime task. The RT_RUNTIME_GREED scheduler option guarantees some run time on all CPUs for the non-realtime tasks, while keeping the realtime tasks running as much as possible. (BZ#1505158) |
RHSA-2017:3368: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20173368 mediumRHSA-2017:3368 CVE-2017-14167 CVE-2017-15289
RHSA-2017:3368: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173368 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3368, CVE-2017-14167, CVE-2017-15289 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. Security Fix(es): * Quick Emulator (QEMU), compiled with the PC System Emulator with multiboot feature support, is vulnerable to an OOB r/w memory access issue. The issue could occur due to an integer overflow while loading a kernel image during a guest boot. A user or process could use this flaw to potentially achieve arbitrary code execution on a host. (CVE-2017-14167) * Quick emulator (QEMU), compiled with the Cirrus CLGD 54xx VGA Emulator support, is vulnerable to an OOB write access issue. The issue could occur while writing to VGA memory via mode4and5 write functions. A privileged user inside guest could use this flaw to crash the QEMU process resulting in Denial of Serivce (DoS). (CVE-2017-15289) Red Hat would like to thank Thomas Garnier (Google.com) for reporting CVE-2017-14167 and Guoxiang Niu (Huawei.com) for reporting CVE-2017-15289. |
RHSA-2017:3372: thunderbird security update (Important)oval-com.redhat.rhsa-def-20173372 highRHSA-2017:3372 CVE-2017-7826 CVE-2017-7828 CVE-2017-7830
RHSA-2017:3372: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173372 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3372, CVE-2017-7826, CVE-2017-7828, CVE-2017-7830 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7826, CVE-2017-7828, CVE-2017-7830) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, David Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer, Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary, Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, Ryan VanderMeulen, Nils, and Jun Kokatsu as the original reporters. |
RHSA-2017:3379: sssd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20173379 mediumRHSA-2017:3379 CVE-2017-12173
RHSA-2017:3379: sssd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173379 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3379, CVE-2017-12173 |
| Description | The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * It was found that sssd's sysdb_search_user_by_upn_res() function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it. (CVE-2017-12173) This issue was discovered by Sumit Bose (Red Hat). Bug Fix(es): * Previously, SSSD's krb5 provider did not respect changed UIDs in ID views overriding the default view. Consequently, Kerberos credential caches were created with the incorrect, original UID, and processes of the user were not able to find the changed UID. With this update, SSSD's krb5 provider is made aware of the proper ID view name and respects the ID override data. As a result, the Kerberos credential cache is now created with the expected UID, and the processes can find it. (BZ#1508972) * Previously, the list of cache request domains was sometimes freed in the middle of a cache request operation due to the refresh domains request, as they both were using the same list. As a consequence, a segmentation fault sometimes occurred in SSSD. With this update, SSSD uses a copy of the cache request domains' list for each cache request. As a result, SSSD no longer crashes in this case. (BZ#1509177) * Previously, the calls provided by SSSD to send data to the Privilege Attribute Certificate (PAC) responder did not use a mutex or any other means to serialize access to the PAC responder from a single process. When multithreaded applications overran the PAC responder with multiple parallel requests, some threads did not receive a proper reply. Consequently, such threads only resumed work after waiting 5 minutes for a response. This update configures mutex to serialize access to the PAC responder socket for multithreaded applications. As a result, all threads now get a proper and timely reply. (BZ#1506682) |
RHSA-2017:3382: firefox security update (Important)oval-com.redhat.rhsa-def-20173382 highRHSA-2017:3382 CVE-2017-7843
RHSA-2017:3382: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173382 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3382, CVE-2017-7843 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.5.1 ESR. Security Fix(es): * A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter. |
RHSA-2017:3384: liblouis security update (Moderate)oval-com.redhat.rhsa-def-20173384 mediumRHSA-2017:3384 CVE-2017-15101
RHSA-2017:3384: liblouis security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173384 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3384, CVE-2017-15101 |
| Description | Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Security Fix(es): * A missing fix for one stack-based buffer overflow in findTable() for CVE-2014-8184 was discovered. An attacker could cause denial of service or potentially allow arbitrary code execution. (CVE-2017-15101) Red Hat would like to thank Samuel Thibault for reporting this issue. |
RHSA-2017:3392: java-1.7.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20173392 highRHSA-2017:3392 CVE-2017-10193 CVE-2017-10198 CVE-2017-10274 CVE-2017-10281 CVE-2017-10285 CVE-2017-10295 CVE-2017-10345 CVE-2017-10346 CVE-2017-10347 CVE-2017-10348 CVE-2017-10349 CVE-2017-10350 CVE-2017-10355 CVE-2017-10356 CVE-2017-10357 CVE-2017-10388
RHSA-2017:3392: java-1.7.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20173392 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2017:3392, CVE-2017-10193, CVE-2017-10198, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10295, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10388 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * Multiple flaws were discovered in the RMI and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10285, CVE-2017-10346) * It was discovered that the Kerberos client implementation in the Libraries component of OpenJDK used the sname field from the plain text part rather than encrypted part of the KDC reply message. A man-in-the-middle attacker could possibly use this flaw to impersonate Kerberos services to Java applications acting as Kerberos clients. (CVE-2017-10388) * It was discovered that the Security component of OpenJDK generated weak password-based encryption keys used to protect private keys stored in key stores. This made it easier to perform password guessing attacks to decrypt stored keys if an attacker could gain access to a key store. (CVE-2017-10356) * Multiple flaws were found in the Smart Card IO and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10274, CVE-2017-10193) * It was found that the FtpClient implementation in the Networking component of OpenJDK did not set connect and read timeouts by default. A malicious FTP server or a man-in-the-middle attacker could use this flaw to block execution of a Java application connecting to an FTP server. (CVE-2017-10355) * It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additional headers into the request. (CVE-2017-10295) * It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198) * It was discovered that multiple classes in the JAXP, Serialization, Libraries, and JAX-WS components of OpenJDK did not limit the amount of memory allocated when creating object instances from the serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized. (CVE-2017-10349, CVE-2017-10357, CVE-2017-10347, CVE-2017-10281, CVE-2017-10345, CVE-2017-10348, CVE-2017-10350) Bug Fix(es): * Previously, OpenJDK could not handle situations when the kernel blocked on a read even when polling the socket indicated that a read is possible. As a consequence, OpenJDK could hang indefinitely. With this update, OpenJDK polls with a timeout and performs a non-blocking read on success, and it no longer hangs in these situations. (BZ#1508357) |
RHSA-2017:3402: postgresql security update (Moderate)oval-com.redhat.rhsa-def-20173402 mediumRHSA-2017:3402 CVE-2017-12172 CVE-2017-15097
RHSA-2017:3402: postgresql security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20173402 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2017:3402, CVE-2017-12172, CVE-2017-15097 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * Privilege escalation flaws were found in the initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine. (CVE-2017-12172, CVE-2017-15097) Note: This patch drops the script privileges from root to the postgres user. Therefore, this update works properly only if the postgres user has write access to the postgres' home directory, such as the one in the default configuration (/var/lib/pgsql). Red Hat would like to thank the PostgreSQL project for reporting CVE-2017-12172. The CVE-2017-15097 issue was discovered by Pedro Barbosa (Red Hat) and the PostgreSQL project. Upstream acknowledges Antoine Scemama (Brainloop) as the original reporter of these issues. |
RHSA-2018:0014: linux-firmware security update (Important)oval-com.redhat.rhsa-def-20180014 highRHSA-2018:0014
RHSA-2018:0014: linux-firmware security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180014 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0014 |
| Description | The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715) Note: This is the microcode counterpart of the CVE-2017-5715 kernel mitigation. Red Hat would like to thank Google Project Zero for reporting this issue. |
RHSA-2018:0016: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20180016 highRHSA-2018:0016 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754
RHSA-2018:0016: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0016, CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for x86-64 architecture are provided. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important) Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues. |
RHSA-2018:0061: thunderbird security update (Important)oval-com.redhat.rhsa-def-20180061 highRHSA-2018:0061 CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848
RHSA-2018:0061: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180061 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0061, CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.5.2. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, CVE-2017-7829) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges cure53 and Sabri Haddouche as the original reporters. |
RHSA-2018:0094: linux-firmware security update (Important)oval-com.redhat.rhsa-def-20180094 highRHSA-2018:0094
RHSA-2018:0094: linux-firmware security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180094 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0094 |
| Description | The linux-firmware packages contain all of the firmware files that are required by various devices to operate. This update supersedes microcode provided by Red Hat with the CVE-2017-5715 (“Spectre”) CPU branch injection vulnerability mitigation. (Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience.) Further testing has uncovered problems with the microcode provided along with the “Spectre” mitigation that could lead to system instabilities. As a result, Red Hat is providing an microcode update that reverts to the last known good microcode version dated before 03 January 2018. Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates. IMPORTANT: Customers using Intel Skylake-, Broadwell-, and Haswell-based platforms must obtain and install updated microcode from their hardware vendor immediately. The "Spectre" mitigation requires both an updated kernel from Red Hat and updated microcode from your hardware vendor. |
RHSA-2018:0095: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20180095 highRHSA-2018:0095 CVE-2018-2579 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678
RHSA-2018:0095: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180095 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0095, CVE-2018-2579, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * Multiple flaws were found in the Hotspot and AWT components of OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2018-2582, CVE-2018-2641) * It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633) * The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634) * It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637) * It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588) * It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599) * It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602) * It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603) * It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618) * It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629) * It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially-crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) * It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579) Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2018:0099: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20180099 highRHSA-2018:0099 CVE-2018-2579 CVE-2018-2581 CVE-2018-2582 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2627 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2638 CVE-2018-2639 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2783
RHSA-2018:0099: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20180099 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0099, CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678, CVE-2018-2783 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 161. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2582, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2627, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2638, CVE-2018-2639, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) |
RHSA-2018:0100: java-1.7.0-oracle security update (Important)oval-com.redhat.rhsa-def-20180100 highRHSA-2018:0100 CVE-2018-2579 CVE-2018-2581 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678 CVE-2018-2783
RHSA-2018:0100: java-1.7.0-oracle security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180100 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0100, CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678, CVE-2018-2783 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 171. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2581, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) |
RHSA-2018:0101: bind security update (Important)oval-com.redhat.rhsa-def-20180101 highRHSA-2018:0101 CVE-2017-3145
RHSA-2018:0101: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180101 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0101, CVE-2017-3145 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter. |
RHSA-2018:0102: bind security update (Important)oval-com.redhat.rhsa-def-20180102 highRHSA-2018:0102 CVE-2017-3145
RHSA-2018:0102: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180102 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0102, CVE-2017-3145 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * A use-after-free flaw leading to denial of service was found in the way BIND internally handled cleanup operations on upstream recursion fetch contexts. A remote attacker could potentially use this flaw to make named, acting as a DNSSEC validating resolver, exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3145) Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Jayachandran Palanisamy (Cygate AB) as the original reporter. |
RHSA-2018:0115: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20180115 highRHSA-2018:0115 CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2637 CVE-2018-2641 CVE-2018-2657 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678
RHSA-2018:0115: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180115 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0115, CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 181. Security Fix(es): * This update fixes multiple vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Java SE Critical Patch Update Advisory page listed in the References section. (CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2637, CVE-2018-2641, CVE-2018-2657, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) |
RHSA-2018:0122: firefox security update (Critical)oval-com.redhat.rhsa-def-20180122 highRHSA-2018:0122 CVE-2018-5089 CVE-2018-5091 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117
RHSA-2018:0122: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20180122 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0122, CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.6.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117) * To mitigate timing-based side-channel attacks similar to "Spectre" and "Meltdown", the resolution of performance.now() has been reduced from 5μs to 20μs. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos Álvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Looben Yang, Anonymous, Nils, and Xisigr as the original reporters. |
RHSA-2018:0151: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20180151 highRHSA-2018:0151 CVE-2015-8539 CVE-2017-12192 CVE-2017-12193 CVE-2017-15649 CVE-2017-5753 CVE-2017-7472
RHSA-2018:0151: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180151 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0151, CVE-2015-8539, CVE-2017-12192, CVE-2017-12193, CVE-2017-15649, CVE-2017-5753, CVE-2017-7472 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update initial mitigations for IBM Power (PowerPC) and IBM zSeries (S390) architectures are provided. * Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important) * Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important) * Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors. (CVE-2017-5754, Important) Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. This update also fixes the following security issues and bugs: Space precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/articles/3327131. |
RHSA-2018:0152: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20180152 highRHSA-2018:0152 CVE-2015-8539 CVE-2017-12192 CVE-2017-12193 CVE-2017-15649 CVE-2017-7472
RHSA-2018:0152: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180152 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0152, CVE-2015-8539, CVE-2017-12192, CVE-2017-12193, CVE-2017-15649, CVE-2017-7472 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A flaw was found in the Linux kernel's key management system where it was possible for an attacker to escalate privileges or crash the machine. If a user key gets negatively instantiated, an error code is cached in the payload area. A negatively instantiated key may be then be positively instantiated by updating it with valid data. However, the ->update key type method must be aware that the error code may be there. (CVE-2015-8539, Important) * It was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug. (CVE-2017-15649, Important) * A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS. (CVE-2017-7472, Moderate) Red Hat would like to thank Dmitry Vyukov of Google engineering for reporting CVE-2015-8539. Bug Fix(es): * The kernel-rt packages have been upgraded to 3.10.0-693.15.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1519506) |
RHSA-2018:0158: dhcp security update (Moderate)oval-com.redhat.rhsa-def-20180158 mediumRHSA-2018:0158 CVE-2017-3144
RHSA-2018:0158: dhcp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180158 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0158, CVE-2017-3144 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality. (CVE-2017-3144) |
RHSA-2018:0163: 389-ds-base security and bug fix update (Important)oval-com.redhat.rhsa-def-20180163 highRHSA-2018:0163 CVE-2017-15134
RHSA-2018:0163: 389-ds-base security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0163, CVE-2017-15134 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * A stack buffer overflow flaw was found in the way 389-ds-base handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. (CVE-2017-15134) Bug Fix(es): * Previously, when a connection received a high operation rate, Directory Server stopped to poll the connection in certain situations. As a consequence, new requests on the connection were not detected and processed. With this update, Directory Server correctly decides whether a connection has to be polled. As a result, connections with a high request rate no longer remain unprocessed. (BZ#1523505) * Previously, if Directory Server was stopped during an operation which created additional changes in the memory changelog, the Replication Update Vector (RUV) in the changelog was higher than the RUV in the database. As a consequence, Directory Server recreated the changelog when the server started. With this update, the server now writes the highest RUV to the changelog only if there is the highest Change Sequence Number (CSN) present in it. As a result, the database and the changelog RUV are consistent and the server does not need recreating the changelog at start up. (BZ#1523507) * Due to a bug, using a large number of Class of Service (CoS) templates in Directory Server increased the virtual attribute processing time. This update improves the structure of the CoS storage. As a result, using a large number of CoS templates no longer increases the virtual attribute processing time. (BZ#1526928) |
RHSA-2018:0169: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20180169 highRHSA-2018:0169 CVE-2017-11176 CVE-2017-7542 CVE-2017-9074
RHSA-2018:0169: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180169 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0169, CVE-2017-11176, CVE-2017-7542, CVE-2017-9074 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate) * The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074, Moderate) * A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system. (CVE-2017-11176, Moderate) Bug Fix(es): * Previously, the default timeout and retry settings in the VMBus driver were insufficient in some cases, for example when a Hyper-V host was under a significant load. Consequently, in Windows Server 2016, Hyper-V Server 2016, and Windows Azure Platform, when running a Red Hat Enterprise Linux Guest on the Hyper-V hypervisor, the guest failed to boot or booted with certain Hyper-V devices missing. This update alters the timeout and retry settings in VMBus, and Red Hat Enterprise Linux guests now boot as expected under the described conditions. (BZ#1506145) * Previously, an incorrect external declaration in the be2iscsi driver caused a kernel panic when using the systool utility. With this update, the external declaration in be2iscsi has been fixed, and the kernel no longer panics when using systool. (BZ#1507512) * Under high usage of the NFSD file system and memory pressure, if many tasks in the Linux kernel attempted to obtain the global spinlock to clean the Duplicate Reply Cache (DRC), these tasks stayed in an active wait in the nfsd_reply_cache_shrink() function for up to 99% of time. Consequently, a high load average occurred. This update fixes the bug by separating the DRC in several parts, each with an independent spinlock. As a result, the load and CPU utilization is no longer excessive under the described circumstances. (BZ#1509876) * When attempting to attach multiple SCSI devices simultaneously, Red Hat Enterprise Linux 6.9 on IBM z Systems sometimes became unresponsive. This update fixes the zfcp device driver, and attaching multiple SCSI devices simultaneously now works as expected in the described scenario. (BZ#1512425) * On IBM z Systems, the tiqdio_call_inq_handlers() function in the Linux kernel incorrectly cleared the device state change indicator (DSCI) for the af_iucv devices using the HiperSockets transport with multiple input queues. Consequently, queue stalls on such devices occasionally occurred. With this update, tiqdio_call_inq_handlers() has been fixed to clear the DSCI only once, prior to scanning the queues. As a result, queue stalls for af_iucv devices using the HiperSockets transport no longer occur under the described circumstances. (BZ#1513314) * Previously, small data chunks caused the Stream Control Transmission Protocol (SCTP) to account the receiver_window (rwnd) values incorrectly when recovering from a "zero-window situation". As a consequence, window updates were not sent to the peer, and an artificial growth of rwnd could lead to packet drops. This update properly accounts such small data chunks and ignores the rwnd pressure values when reopening a window. As a result, window updates are now sent, and the announced rwnd reflects better the real state of the receive buffer. (BZ#1514443) |
RHSA-2018:0223: nautilus security update (Moderate)oval-com.redhat.rhsa-def-20180223 mediumRHSA-2018:0223 CVE-2017-14604
RHSA-2018:0223: nautilus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180223 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0223, CVE-2017-14604 |
| Description | Nautilus is the file manager and graphical shell for the GNOME desktop. Security Fix(es): * An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An attacker could use this flaw to trick a user into opening a .desktop file disguised as a document, such as a PDF, and execute arbitrary commands. (CVE-2017-14604) Note: This update will change the behavior of Nautilus. Nautilus will now prompt the user for confirmation when executing an untrusted .desktop file for the first time, and then add it to the trusted file list. Desktop files stored in the system directory, as specified by the XDG_DATA_DIRS environment variable, are always considered trusted and executed without prompt. |
RHSA-2018:0260: systemd security update (Moderate)oval-com.redhat.rhsa-def-20180260 mediumRHSA-2018:0260 CVE-2018-1049
RHSA-2018:0260: systemd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180260 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0260, CVE-2018-1049 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * A race condition was found in systemd. This could result in automount requests not being serviced and processes using them could hang, causing denial of service. (CVE-2018-1049) |
RHSA-2018:0262: thunderbird security update (Important)oval-com.redhat.rhsa-def-20180262 highRHSA-2018:0262 CVE-2018-5089 CVE-2018-5095 CVE-2018-5096 CVE-2018-5097 CVE-2018-5098 CVE-2018-5099 CVE-2018-5102 CVE-2018-5103 CVE-2018-5104 CVE-2018-5117
RHSA-2018:0262: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180262 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0262, CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.6.0. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2018-5089, CVE-2018-5095, CVE-2018-5096, CVE-2018-5097, CVE-2018-5098, CVE-2018-5099, CVE-2018-5102, CVE-2018-5103, CVE-2018-5104, CVE-2018-5117) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Jason Kratzer, Marcia Knous, Nathan Froyd, Oriol Brufau, Ronald Crane, Randell Jesup, Tyson Smith, Cobos Álvarez, Ryan VanderMeulen, Sebastian Hengst, Karl Tomlinson, Xidorn Quan, Ludovic Hirlimann, Jason Orendorff, Anonymous, Nils, and Xisigr as the original reporters. |
RHSA-2018:0292: kernel security update (Important)oval-com.redhat.rhsa-def-20180292 highRHSA-2018:0292 CVE-2017-5753 CVE-2017-5754
RHSA-2018:0292: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180292 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0292, CVE-2017-5753, CVE-2017-5754 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact. In this update mitigations for IBM zSeries (S390), x86, and x86-64 architectures are provided. * Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important, S390, x86, and x86-64) * Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important, S390) * Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important, x86-64) Red Hat would like to thank Google Project Zero for reporting these issues. |
RHSA-2018:0349: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20180349 highRHSA-2018:0349 CVE-2018-2579 CVE-2018-2588 CVE-2018-2599 CVE-2018-2602 CVE-2018-2603 CVE-2018-2618 CVE-2018-2629 CVE-2018-2633 CVE-2018-2634 CVE-2018-2637 CVE-2018-2641 CVE-2018-2663 CVE-2018-2677 CVE-2018-2678
RHSA-2018:0349: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180349 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0349, CVE-2018-2579, CVE-2018-2588, CVE-2018-2599, CVE-2018-2602, CVE-2018-2603, CVE-2018-2618, CVE-2018-2629, CVE-2018-2633, CVE-2018-2634, CVE-2018-2637, CVE-2018-2641, CVE-2018-2663, CVE-2018-2677, CVE-2018-2678 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * A flaw was found in the AWT component of OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions. (CVE-2018-2641) * It was discovered that the LDAPCertStore class in the JNDI component of OpenJDK failed to securely handle LDAP referrals. An attacker could possibly use this flaw to make it fetch attacker controlled certificate data. (CVE-2018-2633) * The JGSS component of OpenJDK ignores the value of the javax.security.auth.useSubjectCredsOnly property when using HTTP/SPNEGO authentication and always uses global credentials. It was discovered that this could cause global credentials to be unexpectedly used by an untrusted Java application. (CVE-2018-2634) * It was discovered that the JMX component of OpenJDK failed to properly set the deserialization filter for the SingleEntryRegistry in certain cases. A remote attacker could possibly use this flaw to bypass intended deserialization restrictions. (CVE-2018-2637) * It was discovered that the LDAP component of OpenJDK failed to properly encode special characters in user names when adding them to an LDAP search query. A remote attacker could possibly use this flaw to manipulate LDAP queries performed by the LdapLoginModule class. (CVE-2018-2588) * It was discovered that the DNS client implementation in the JNDI component of OpenJDK did not use random source ports when sending out DNS queries. This could make it easier for a remote attacker to spoof responses to those queries. (CVE-2018-2599) * It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file. (CVE-2018-2602) * It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER encoded input. (CVE-2018-2603) * It was discovered that the key agreement implementations in the JCE component of OpenJDK did not guarantee sufficient strength of used keys to adequately protect generated shared secret. This could make it easier to break data encryption by attacking key agreement rather than the encryption using the negotiated secret. (CVE-2018-2618) * It was discovered that the JGSS component of OpenJDK failed to properly handle GSS context in the native GSS library wrapper in certain cases. A remote attacker could possibly make a Java application using JGSS to use a previously freed context. (CVE-2018-2629) * It was discovered that multiple classes in the Libraries, AWT, and JNDI components of OpenJDK did not sufficiently validate input when creating object instances from the serialized form. A specially-crafted input could cause a Java application to create objects with an inconsistent state or use an excessive amount of memory when deserialized. (CVE-2018-2663, CVE-2018-2677, CVE-2018-2678) * It was discovered that multiple encryption key classes in the Libraries component of OpenJDK did not properly synchronize access to their internal data. This could possibly cause a multi-threaded Java application to apply weak encryption to data because of the use of a key that was zeroed out. (CVE-2018-2579) |
RHSA-2018:0350: gcab security update (Important)oval-com.redhat.rhsa-def-20180350 highRHSA-2018:0350 CVE-2018-5345
RHSA-2018:0350: gcab security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180350 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0350, CVE-2018-5345 |
| Description | The gcab package contains a utility for managing the Cabinet archives. It can list, extract, and create Microsoft cabinet (.cab) files. Security Fix(es): * gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution (CVE-2018-5345) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0377: quagga security update (Important)oval-com.redhat.rhsa-def-20180377 highRHSA-2018:0377 CVE-2018-5379
RHSA-2018:0377: quagga security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180377 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0377, CVE-2018-5379 |
| Description | The quagga packages contain Quagga, the free network-routing software suite that manages TCP/IP based protocols. Quagga supports the BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng protocols, and is intended to be used as a Route Server and Route Reflector. Security Fix(es): * quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to crash or potentially execute arbitrary code (CVE-2018-5379) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Quagga project for reporting this issue. |
RHSA-2018:0378: ruby security update (Important)oval-com.redhat.rhsa-def-20180378 highRHSA-2018:0378 CVE-2017-0898 CVE-2017-0899 CVE-2017-0900 CVE-2017-0901 CVE-2017-0902 CVE-2017-0903 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17790
RHSA-2018:0378: ruby security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180378 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0378, CVE-2017-0898, CVE-2017-0899, CVE-2017-0900, CVE-2017-0901, CVE-2017-0902, CVE-2017-0903, CVE-2017-10784, CVE-2017-14033, CVE-2017-14064, CVE-2017-17405, CVE-2017-17790 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * It was discovered that the Net::FTP module did not properly process filenames in combination with certain operations. A remote attacker could exploit this flaw to execute arbitrary commands by setting up a malicious FTP server and tricking a user or Ruby application into downloading files with specially crafted names using the Net::FTP module. (CVE-2017-17405) * A buffer underflow was found in ruby's sprintf function. An attacker, with ability to control its format string parameter, could send a specially crafted string that would disclose heap memory or crash the interpreter. (CVE-2017-0898) * It was found that rubygems did not sanitize gem names during installation of a given gem. A specially crafted gem could use this flaw to install files outside of the regular directory. (CVE-2017-0901) * A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a _rubygems._tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain. (CVE-2017-0902) * A vulnerability was found where the rubygems module was vulnerable to an unsafe YAML deserialization when inspecting a gem. Applications inspecting gem files without installing them can be tricked to execute arbitrary code in the context of the ruby interpreter. (CVE-2017-0903) * It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences. (CVE-2017-10784) * It was found that the decode method of the OpenSSL::ASN1 module was vulnerable to buffer underrun. An attacker could pass a specially crafted string to the application in order to crash the ruby interpreter, causing a denial of service. (CVE-2017-14033) * A vulnerability was found where rubygems did not properly sanitize gems' specification text. A specially crafted gem could interact with the terminal via the use of escape sequences. (CVE-2017-0899) * It was found that rubygems could use an excessive amount of CPU while parsing a sufficiently long gem summary. A specially crafted gem from a gem repository could freeze gem commands attempting to parse its summary. (CVE-2017-0900) * A buffer overflow vulnerability was found in the JSON extension of ruby. An attacker with the ability to pass a specially crafted JSON input to the extension could use this flaw to expose the interpreter's heap memory. (CVE-2017-14064) * The "lazy_initialize" function in lib/resolv.rb did not properly process certain filenames. A remote attacker could possibly exploit this flaw to inject and execute arbitrary commands. (CVE-2017-17790) |
RHSA-2018:0395: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20180395 highRHSA-2018:0395 CVE-2017-12188 CVE-2017-7518
RHSA-2018:0395: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180395 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0395, CVE-2017-12188, CVE-2017-7518 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/3368501. Security Fix(es): * Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important) * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0406: php security update (Moderate)oval-com.redhat.rhsa-def-20180406 mediumRHSA-2018:0406 CVE-2017-7890
RHSA-2018:0406: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180406 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0406, CVE-2017-7890 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: Buffer over-read from unitialized data in gdImageCreateFromGifCtx function (CVE-2017-7890) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0412: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20180412 highRHSA-2018:0412 CVE-2017-12188 CVE-2017-18270 CVE-2017-7518
RHSA-2018:0412: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180412 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0412, CVE-2017-12188, CVE-2017-18270, CVE-2017-7518 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important) * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate) Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-693.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1537671) |
RHSA-2018:0414: 389-ds-base security and bug fix update (Important)oval-com.redhat.rhsa-def-20180414 highRHSA-2018:0414 CVE-2017-15135 CVE-2018-1054
RHSA-2018:0414: 389-ds-base security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180414 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0414, CVE-2017-15135, CVE-2018-1054 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054) * 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (CVE-2017-15135) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2017-15135 issue was discovered by Martin Poole (Red Hat). Bug Fix(es): * Previously, if an administrator configured an index for an attribute with a specific matching rule in the "nsMatchingRule" parameter, Directory Server did not use the retrieved indexer. As a consequence, Directory Server did not index the values of this attribute with the specified matching rules, and searches with extended filters were unindexed. With this update, Directory Server uses the retrieved indexer that processes the specified matching rule. As a result, searches using extended filters with a specified matching rule are now indexed. (BZ#1536343) |
RHSA-2018:0418: libreoffice security update (Moderate)oval-com.redhat.rhsa-def-20180418 mediumRHSA-2018:0418 CVE-2018-6871
RHSA-2018:0418: libreoffice security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180418 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0418, CVE-2018-6871 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0469: dhcp security update (Important)oval-com.redhat.rhsa-def-20180469 highRHSA-2018:0469 CVE-2018-5732 CVE-2018-5733
RHSA-2018:0469: dhcp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180469 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0469, CVE-2018-5732, CVE-2018-5733 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server (CVE-2018-5732) * dhcp: Reference count overflow in dhcpd allows denial of service (CVE-2018-5733) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank ISC for reporting these issues. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of these issues. |
RHSA-2018:0483: dhcp security update (Important)oval-com.redhat.rhsa-def-20180483 highRHSA-2018:0483 CVE-2018-5732 CVE-2018-5733
RHSA-2018:0483: dhcp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180483 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0483, CVE-2018-5732, CVE-2018-5733 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server (CVE-2018-5732) * dhcp: Reference count overflow in dhcpd allows denial of service (CVE-2018-5733) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank ISC for reporting these issues. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of these issues. |
RHSA-2018:0504: mailman security update (Moderate)oval-com.redhat.rhsa-def-20180504 mediumRHSA-2018:0504 CVE-2018-5950
RHSA-2018:0504: mailman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180504 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0504, CVE-2018-5950 |
| Description | Mailman is a program used to help manage e-mail discussion lists. Security Fix(es): * mailman: Cross-site scripting (XSS) vulnerability in web UI (CVE-2018-5950) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0505: mailman security update (Moderate)oval-com.redhat.rhsa-def-20180505 mediumRHSA-2018:0505 CVE-2018-5950
RHSA-2018:0505: mailman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180505 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0505, CVE-2018-5950 |
| Description | Mailman is a program used to help manage e-mail discussion lists. Security Fix(es): * mailman: Cross-site scripting (XSS) vulnerability in web UI (CVE-2018-5950) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0512: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20180512 highRHSA-2018:0512 CVE-2017-5753
RHSA-2018:0512: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0512, CVE-2017-5753 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: cpu: speculative execution branch target injection (s390-only) (CVE-2017-5715, Important) * hw: cpu: speculative execution bounds-check bypass (s390 and powerpc) (CVE-2017-5753, Important) * hw: cpu: speculative execution permission faults handling (powerpc-only) (CVE-2017-5754) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes: * If a fibre channel (FC) switch was powered down and then powered on again, the SCSI device driver stopped permanently the SCSI device's request queue. Consequently, the FC port login failed, leaving the port state as "Bypassed" instead of "Online", and users had to reboot the operating system. This update fixes the driver to avoid the permanent stop of the request queue. As a result, SCSI device now continues working as expected after power cycling the FC switch. (BZ#1519857) * Previously, on final close or unlink of a file, the find_get_pages() function in the memory management sometimes found no pages even if there were some pages left to save. Consequently, a kernel crash occurred when attempting to enter the unlink() function. This update fixes the find_get_pages() function in the memory management code to not return 0 too early. As a result, the kernel no longer crashes due to this behavior.(BZ#1527811) * Using IPsec connections under a heavy load could previously lead to a network performance degradation, especially when using the aesni-intel module. This update fixes the issue by making the cryptd queue length configurable so that it can be increased to prevent an overflow and packet drop. As a result, using IPsec under a heavy load no longer reduces network performance. (BZ#1527802) * Previously, a deadlock in the bnx2fc driver caused all adapters to block and the SCSI error handler to become unresponsive. As a result, data transferring through the adapter was sometimes blocked. This update fixes bnx2fc, and data transferring through the adapter is no longer blocked due to this behavior. (BZ#1523783) * If an NFSv3 client mounted a subdirectory of an exported file system, a directory entry to the mount hosting the export was incorrectly held even after clearing the cache. Consequently, attempts to unmount the subdirectory with the umount command failed with the EBUSY error. With this update, the underlying source code has been fixed, and the unmount operation now succeeds as expected in the described situation. (BZ#1535938) Users of kernel are advised to upgrade to these updated packages, which fix these bugs. The system must be rebooted for this update to take effect. |
RHSA-2018:0515: 389-ds-base security update (Important)oval-com.redhat.rhsa-def-20180515 highRHSA-2018:0515 CVE-2017-15135 CVE-2018-1054
RHSA-2018:0515: 389-ds-base security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180515 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0515, CVE-2017-15135, CVE-2018-1054 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c (CVE-2018-1054) * 389-ds-base: Authentication bypass due to lack of size check in slapi_ct_memcmp function in ch_malloc.c (CVE-2017-15135) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2017-15135 issue was discovered by Martin Poole (Red Hat). |
RHSA-2018:0516: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20180516 mediumRHSA-2018:0516 CVE-2017-15289
RHSA-2018:0516: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180516 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0516, CVE-2017-15289 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * Qemu: cirrus: OOB access issue in mode4and5 write functions (CVE-2017-15289) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0517: libreoffice security update (Moderate)oval-com.redhat.rhsa-def-20180517 mediumRHSA-2018:0517 CVE-2018-6871
RHSA-2018:0517: libreoffice security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180517 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0517, CVE-2018-6871 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0526: firefox security update (Critical)oval-com.redhat.rhsa-def-20180526 highRHSA-2018:0526 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145
RHSA-2018:0526: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20180526 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0526, CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125) * Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) (CVE-2018-5127) * Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) (CVE-2018-5129) * Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07) (CVE-2018-5130) * Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07) (CVE-2018-5131) * Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07) (CVE-2018-5144) * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0527: firefox security update (Critical)oval-com.redhat.rhsa-def-20180527 highRHSA-2018:0527 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5130 CVE-2018-5131 CVE-2018-5144 CVE-2018-5145
RHSA-2018:0527: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20180527 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0527, CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5130, CVE-2018-5131, CVE-2018-5144, CVE-2018-5145 |
| Description | Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125) * Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) (CVE-2018-5127) * Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) (CVE-2018-5129) * Mozilla: Mismatched RTP payload type can trigger memory corruption (MFSA 2018-07) (CVE-2018-5130) * Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07) (CVE-2018-5131) * Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07) (CVE-2018-5144) * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0549: firefox security update (Critical)oval-com.redhat.rhsa-def-20180549 highRHSA-2018:0549 CVE-2018-5146
RHSA-2018:0549: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20180549 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0549, CVE-2018-5146 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.2 ESR. Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:0592: slf4j security update (Important)oval-com.redhat.rhsa-def-20180592 highRHSA-2018:0592 CVE-2018-8088
RHSA-2018:0592: slf4j security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180592 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0592, CVE-2018-8088 |
| Description | The Simple Logging Facade for Java or (SLF4J) is a simple facade for various logging APIs allowing the end-user to plug in the desired implementation at deployment time. SLF4J also allows for a gradual migration path away from Jakarta Commons Logging (JCL). Security Fix(es): * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Chris McCown for reporting this issue. |
RHSA-2018:0647: thunderbird security update (Important)oval-com.redhat.rhsa-def-20180647 highRHSA-2018:0647 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146
RHSA-2018:0647: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180647 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0647, CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5144, CVE-2018-5145, CVE-2018-5146 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125) * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145) * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) * Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) (CVE-2018-5127) * Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) (CVE-2018-5129) * Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07) (CVE-2018-5144) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Olli Pettay, Christian Holler, Nils Ohlmeier, Randell Jesup, Tyson Smith, Ralph Giles, Philipp, Jet Villegas, Richard Zhu via Trend Micro's Zero Day Initiative, Nils, James Grant, and Root Object as the original reporters. |
RHSA-2018:0648: thunderbird security update (Important)oval-com.redhat.rhsa-def-20180648 highRHSA-2018:0648 CVE-2018-5125 CVE-2018-5127 CVE-2018-5129 CVE-2018-5144 CVE-2018-5145 CVE-2018-5146
RHSA-2018:0648: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180648 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0648, CVE-2018-5125, CVE-2018-5127, CVE-2018-5129, CVE-2018-5144, CVE-2018-5145, CVE-2018-5146 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5125) * Mozilla: Memory safety bugs fixed in Firefox ESR 52.7 (MFSA 2018-07) (CVE-2018-5145) * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) * Mozilla: Buffer overflow manipulating SVG animatedPathSegList (MFSA 2018-07) (CVE-2018-5127) * Mozilla: Out-of-bounds write with malformed IPC messages (MFSA 2018-07) (CVE-2018-5129) * Mozilla: Integer overflow during Unicode conversion (MFSA 2018-07) (CVE-2018-5144) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Bob Clary, Olli Pettay, Christian Holler, Nils Ohlmeier, Randell Jesup, Tyson Smith, Ralph Giles, Philipp, Jet Villegas, Richard Zhu via Trend Micro's Zero Day Initiative, Nils, James Grant, and Root Object as the original reporters. |
RHSA-2018:0649: libvorbis security update (Important)oval-com.redhat.rhsa-def-20180649 highRHSA-2018:0649 CVE-2018-5146
RHSA-2018:0649: libvorbis security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180649 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0649, CVE-2018-5146 |
| Description | The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Richard Zhu via Trend Micro's Zero Day Initiative as the original reporter. |
RHSA-2018:0666: krb5 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20180666 mediumRHSA-2018:0666 CVE-2017-11368 CVE-2017-7562
RHSA-2018:0666: krb5 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180666 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0666, CVE-2017-11368, CVE-2017-7562 |
| Description | Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: Authentication bypass by improper validation of certificate EKU and SAN (CVE-2017-7562) * krb5: Invalid S4U2Self or S4U2Proxy request causes assertion failure (CVE-2017-11368) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:0676: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20180676 highRHSA-2018:0676 CVE-2016-3672 CVE-2016-7913 CVE-2016-8633 CVE-2017-1000252 CVE-2017-1000407 CVE-2017-1000410 CVE-2017-12154 CVE-2017-12190 CVE-2017-13166 CVE-2017-13305 CVE-2017-14140 CVE-2017-15116 CVE-2017-15121 CVE-2017-15126 CVE-2017-15127 CVE-2017-15129 CVE-2017-15265 CVE-2017-15274 CVE-2017-17448 CVE-2017-17449 CVE-2017-17558 CVE-2017-18017 CVE-2017-18203 CVE-2017-7294 CVE-2017-8824 CVE-2017-9725 CVE-2018-1000004 CVE-2018-5750 CVE-2018-6927
RHSA-2018:0676: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20180676 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:0676, CVE-2016-3672, CVE-2016-7913, CVE-2016-8633, CVE-2017-1000252, CVE-2017-1000407, CVE-2017-1000410, CVE-2017-12154, CVE-2017-12190, CVE-2017-13166, CVE-2017-13305, CVE-2017-14140, CVE-2017-15116, CVE-2017-15121, CVE-2017-15126, CVE-2017-15127, CVE-2017-15129, CVE-2017-15265, CVE-2017-15274, CVE-2017-17448, CVE-2017-17449, CVE-2017-17558, CVE-2017-18017, CVE-2017-18203, CVE-2017-7294, CVE-2017-8824, CVE-2017-9725, CVE-2018-1000004, CVE-2018-5750, CVE-2018-6927 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important) * Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate) * kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate) * kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate) * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate) * kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate) * kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate) * kernel: Incorrect handling in arch/x86/include/asm/mmu_context.h:init_new_context function allowing use-after-free (CVE-2017-17053, Moderate) * kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate) * kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate) * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate) * kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate) * Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate) * kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate) * kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate) * kernel: unlimiting the stack disables ASLR (CVE-2016-3672, Low) * kernel: Missing permission check in move_pages system call (CVE-2017-14140, Low) * kernel: Null pointer dereference in rngapi_reset function (CVE-2017-15116, Low) * kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c (CVE-2017-15127, Low) * kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact (CVE-2018-6927, Low) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Schönherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat). Additional Changes: See the Red Hat Enterprise Linux 7.5 Release Notes linked from References. |
RHSA-2018:0805: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20180805 mediumRHSA-2018:0805 CVE-2014-9402 CVE-2015-5180 CVE-2017-12132 CVE-2017-15670 CVE-2017-15804 CVE-2018-1000001
RHSA-2018:0805: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180805 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0805, CVE-2014-9402, CVE-2015-5180, CVE-2017-12132, CVE-2017-15670, CVE-2017-15804, CVE-2018-1000001 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: realpath() buffer underflow when getcwd() returns relative path allows privilege escalation (CVE-2018-1000001) * glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670) * glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804) * glibc: denial of service in getnetbyname function (CVE-2014-9402) * glibc: DNS resolver NULL pointer dereference with crafted record type (CVE-2015-5180) * glibc: Fragmentation attacks possible when EDNS0 is enabled (CVE-2017-12132) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank halfdog for reporting CVE-2018-1000001. The CVE-2015-5180 issue was discovered by Florian Weimer (Red Hat Product Security). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:0816: qemu-kvm security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20180816 lowRHSA-2018:0816 CVE-2017-13672 CVE-2017-13711 CVE-2017-15124 CVE-2017-15268 CVE-2018-5683
RHSA-2018:0816: qemu-kvm security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20180816 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:0816, CVE-2017-13672, CVE-2017-13711, CVE-2017-15124, CVE-2017-15268, CVE-2018-5683 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * Qemu: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Slirp: use-after-free when sending response (CVE-2017-13711) * Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124) * Qemu: I/O: potential memory exhaustion via websock connection to VNC (CVE-2017-15268) * Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank David Buchanan for reporting CVE-2017-13672; Wjjzhang (Tencent.com) for reporting CVE-2017-13711; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. The CVE-2017-15124 issue was discovered by Daniel Berrange (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:0842: xdg-user-dirs security and bug fix update (Low)oval-com.redhat.rhsa-def-20180842 lowRHSA-2018:0842 CVE-2017-15131
RHSA-2018:0842: xdg-user-dirs security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20180842 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:0842, CVE-2017-15131 |
| Description | xdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories. Security Fix(es): * xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:0849: gcc security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20180849 lowRHSA-2018:0849 CVE-2017-11671
RHSA-2018:0849: gcc security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20180849 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:0849, CVE-2017-11671 |
| Description | The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * gcc: GCC generates incorrect code for RDRAND/RDSEED intrinsics (CVE-2017-11671) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:0855: ntp security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20180855 mediumRHSA-2018:0855 CVE-2017-6462 CVE-2017-6463 CVE-2017-6464
RHSA-2018:0855: ntp security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180855 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0855, CVE-2017-6462, CVE-2017-6463, CVE-2017-6464 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * ntp: Authenticated DoS via Malicious Config Option (CVE-2017-6463) * ntp: Denial of Service via Malformed Config (CVE-2017-6464) * ntp: Buffer Overflow in DPTS Clock (CVE-2017-6462) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the NTP project for reporting these issues. Upstream acknowledges Cure53 as the original reporter of these issues. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:0878: golang security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20180878 mediumRHSA-2018:0878 CVE-2017-15041 CVE-2017-15042 CVE-2018-6574
RHSA-2018:0878: golang security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180878 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0878, CVE-2017-15041, CVE-2017-15042, CVE-2018-6574 |
| Description | The golang packages provide the Go programming language compiler. The following packages have been upgraded to a later upstream version: golang (1.9.4). (BZ#1479095, BZ#1499827) Security Fix(es): * golang: arbitrary code execution during "go get" or "go get -d" (CVE-2017-15041) * golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting (CVE-2017-15042) * golang: arbitrary code execution during "go get" via C compiler options (CVE-2018-6574) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:0913: policycoreutils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20180913 lowRHSA-2018:0913 CVE-2018-1063
RHSA-2018:0913: policycoreutils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20180913 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:0913, CVE-2018-1063 |
| Description | The policycoreutils packages contain the core policy utilities required to manage a SELinux environment. Security Fix(es): * policycoreutils: Relabelling of symbolic links in /tmp and /var/tmp change the context of their target instead (CVE-2018-1063) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Renaud Métrich (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:0980: openssh security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20180980 lowRHSA-2018:0980 CVE-2017-15906
RHSA-2018:0980: openssh security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20180980 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:0980, CVE-2017-15906 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: Improper write operations in readonly mode allow for zero-length file creation (CVE-2017-15906) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:0998: openssl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20180998 mediumRHSA-2018:0998 CVE-2017-3736 CVE-2017-3737 CVE-2017-3738
RHSA-2018:0998: openssl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20180998 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:0998, CVE-2017-3736, CVE-2017-3737, CVE-2017-3738 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736) * openssl: Read/write after SSL object in error state (CVE-2017-3737) * openssl: rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:1055: libvncserver security update (Moderate)oval-com.redhat.rhsa-def-20181055 mediumRHSA-2018:1055 CVE-2018-7225
RHSA-2018:1055: libvncserver security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181055 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1055, CVE-2018-7225 |
| Description | LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c (CVE-2018-7225) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1058: libvorbis security update (Important)oval-com.redhat.rhsa-def-20181058 highRHSA-2018:1058 CVE-2018-5146
RHSA-2018:1058: libvorbis security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181058 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1058, CVE-2018-5146 |
| Description | The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix(es): * Mozilla: Vorbis audio processing out of bounds write (MFSA 2018-08) (CVE-2018-5146) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla Project for reporting this issue. Upstream acknowledges Richard Zhu via Trend Micro's Zero Day Initiative as the original reporter. |
RHSA-2018:1060: pcs security update (Important)oval-com.redhat.rhsa-def-20181060 highRHSA-2018:1060 CVE-2018-1000119 CVE-2018-1079 CVE-2018-1086
RHSA-2018:1060: pcs security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181060 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1060, CVE-2018-1000119, CVE-2018-1079, CVE-2018-1086 |
| Description | The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079) * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086) * rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1079 issue was discovered by Ondrej Mular (Red Hat) and the CVE-2018-1086 issue was discovered by Cedric Buissart (Red Hat). |
RHSA-2018:1062: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20181062 highRHSA-2018:1062 CVE-2016-3672 CVE-2016-7913 CVE-2016-8633 CVE-2017-1000252 CVE-2017-1000407 CVE-2017-1000410 CVE-2017-12154 CVE-2017-12190 CVE-2017-13166 CVE-2017-13305 CVE-2017-14140 CVE-2017-15116 CVE-2017-15121 CVE-2017-15126 CVE-2017-15127 CVE-2017-15129 CVE-2017-15265 CVE-2017-15274 CVE-2017-17448 CVE-2017-17449 CVE-2017-17558 CVE-2017-18017 CVE-2017-18203 CVE-2017-18270 CVE-2017-5715 CVE-2017-5754 CVE-2017-7294 CVE-2017-8824 CVE-2017-9725 CVE-2018-1000004 CVE-2018-1066 CVE-2018-5750 CVE-2018-6927
RHSA-2018:1062: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181062 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1062, CVE-2016-3672, CVE-2016-7913, CVE-2016-8633, CVE-2017-1000252, CVE-2017-1000407, CVE-2017-1000410, CVE-2017-12154, CVE-2017-12190, CVE-2017-13166, CVE-2017-13305, CVE-2017-14140, CVE-2017-15116, CVE-2017-15121, CVE-2017-15126, CVE-2017-15127, CVE-2017-15129, CVE-2017-15265, CVE-2017-15274, CVE-2017-17448, CVE-2017-17449, CVE-2017-17558, CVE-2017-18017, CVE-2017-18203, CVE-2017-18270, CVE-2017-5715, CVE-2017-5754, CVE-2017-7294, CVE-2017-8824, CVE-2017-9725, CVE-2018-1000004, CVE-2018-1066, CVE-2018-5750, CVE-2018-6927 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power) * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important) * Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate) * kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate) * kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate) * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate) * kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate) * kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate) * kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate) * kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate) * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate) * kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate) * Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate) * kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate) * kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate) * kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low) Red Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Google Project Zero for reporting CVE-2017-5754; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Schönherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat). For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section. |
RHSA-2018:1098: firefox security update (Important)oval-com.redhat.rhsa-def-20181098 highRHSA-2018:1098 CVE-2018-5148
RHSA-2018:1098: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181098 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1098, CVE-2018-5148 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix(es): * firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1099: firefox security update (Important)oval-com.redhat.rhsa-def-20181099 highRHSA-2018:1099 CVE-2018-5148
RHSA-2018:1099: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181099 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1099, CVE-2018-5148 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Security Fix(es): * firefox: Use-after-free in compositor potentially allows code execution (CVE-2018-5148) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1124: python-paramiko security update (Critical)oval-com.redhat.rhsa-def-20181124 highRHSA-2018:1124 CVE-2018-7750
RHSA-2018:1124: python-paramiko security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181124 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1124, CVE-2018-7750 |
| Description | The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es): * python-paramiko: Authentication bypass in transport.py (CVE-2018-7750) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1169: corosync security update (Important)oval-com.redhat.rhsa-def-20181169 highRHSA-2018:1169 CVE-2018-1084
RHSA-2018:1169: corosync security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181169 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1169, CVE-2018-1084 |
| Description | The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es): * corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Citrix Security Response Team for reporting this issue. |
RHSA-2018:1188: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20181188 highRHSA-2018:1188 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1188: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181188 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1188, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2018:1191: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20181191 highRHSA-2018:1191 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1191: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181191 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1191, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. |
RHSA-2018:1196: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20181196 highRHSA-2018:1196 CVE-2017-5715
RHSA-2018:1196: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181196 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1196, CVE-2017-5715 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important, x86 and x86-64) Red Hat would like to thank Google Project Zero for reporting this issue. Bug Fix(es): * The Return Trampolines (Retpolines) mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. With this update, the support for Retpolines has been implemented into the Red Hat Enterprise Linux kernel. (BZ#1535650) |
RHSA-2018:1199: patch security update (Important)oval-com.redhat.rhsa-def-20181199 highRHSA-2018:1199 CVE-2018-1000156
RHSA-2018:1199: patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181199 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1199, CVE-2018-1000156 |
| Description | The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1200: patch security update (Important)oval-com.redhat.rhsa-def-20181200 highRHSA-2018:1200 CVE-2018-1000156
RHSA-2018:1200: patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181200 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1200, CVE-2018-1000156 |
| Description | The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. Security Fix(es): * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1201: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20181201 highRHSA-2018:1201 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1201: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181201 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1201, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 181. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1202: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20181202 highRHSA-2018:1202 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2811 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1202: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181202 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1202, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2811, CVE-2018-2814, CVE-2018-2815 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 171. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install) (CVE-2018-2811) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1203: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20181203 highRHSA-2018:1203 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2797 CVE-2018-2798 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1203: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181203 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1203, CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2797, CVE-2018-2798, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 191. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1204: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20181204 highRHSA-2018:1204 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2811 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1204: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181204 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1204, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2811, CVE-2018-2814, CVE-2018-2815 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 171. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install) (CVE-2018-2811) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1205: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20181205 highRHSA-2018:1205 CVE-2018-2783 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2797 CVE-2018-2798 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1205: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181205 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1205, CVE-2018-2783, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2797, CVE-2018-2798, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 191. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security) (CVE-2018-2783) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1206: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20181206 highRHSA-2018:1206 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1206: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1206, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 181. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1223: librelp security update (Critical)oval-com.redhat.rhsa-def-20181223 highRHSA-2018:1223 CVE-2018-1000140
RHSA-2018:1223: librelp security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181223 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1223, CVE-2018-1000140 |
| Description | Librelp is an easy-to-use library for the Reliable Event Logging Protocol (RELP) protocol. RELP is a general-purpose, extensible logging protocol. Security Fix(es): * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin Backhouse (lgtm.com / Semmle) as the original reporters. |
RHSA-2018:1224: PackageKit security update (Moderate)oval-com.redhat.rhsa-def-20181224 mediumRHSA-2018:1224 CVE-2018-1106
RHSA-2018:1224: PackageKit security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181224 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1224, CVE-2018-1106 |
| Description | PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API. Security Fix(es): * PackageKit: authentication bypass allows to install signed packages without administrator privileges (CVE-2018-1106) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Matthias Gerstner (SUSE) for reporting this issue. |
RHSA-2018:1225: librelp security update (Critical)oval-com.redhat.rhsa-def-20181225 highRHSA-2018:1225 CVE-2018-1000140
RHSA-2018:1225: librelp security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181225 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1225, CVE-2018-1000140 |
| Description | Librelp is an easy-to-use library for the Reliable Event Logging Protocol (RELP) protocol. RELP is a general-purpose, extensible logging protocol. Security Fix(es): * librelp: Stack-based buffer overflow in relpTcpChkPeerName function in src/tcp.c (CVE-2018-1000140) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Rainer Gerhards (rsyslog) for reporting this issue. Upstream acknowledges Bas van Schaik (lgtm.com / Semmle) and Kevin Backhouse (lgtm.com / Semmle) as the original reporters. |
RHSA-2018:1270: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20181270 highRHSA-2018:1270 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1270: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1270, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1278: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20181278 highRHSA-2018:1278 CVE-2018-2790 CVE-2018-2794 CVE-2018-2795 CVE-2018-2796 CVE-2018-2797 CVE-2018-2798 CVE-2018-2799 CVE-2018-2800 CVE-2018-2814 CVE-2018-2815
RHSA-2018:1278: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181278 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1278, CVE-2018-2790, CVE-2018-2794, CVE-2018-2795, CVE-2018-2796, CVE-2018-2797, CVE-2018-2798, CVE-2018-2799, CVE-2018-2800, CVE-2018-2814, CVE-2018-2815 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: incorrect handling of Reference clones can lead to sandbox bypass (Hotspot, 8192025) (CVE-2018-2814) * OpenJDK: unrestricted deserialization of data from JCEKS key stores (Security, 8189997) (CVE-2018-2794) * OpenJDK: insufficient consistency checks in deserialization of multiple classes (Security, 8189977) (CVE-2018-2795) * OpenJDK: unbounded memory allocation during deserialization in PriorityBlockingQueue (Concurrency, 8189981) (CVE-2018-2796) * OpenJDK: unbounded memory allocation during deserialization in TabularDataSupport (JMX, 8189985) (CVE-2018-2797) * OpenJDK: unbounded memory allocation during deserialization in Container (AWT, 8189989) (CVE-2018-2798) * OpenJDK: unbounded memory allocation during deserialization in NamedNodeMapImpl (JAXP, 8189993) (CVE-2018-2799) * OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833) (CVE-2018-2800) * OpenJDK: unbounded memory allocation during deserialization in StubIORImpl (Serialization, 8192757) (CVE-2018-2815) * OpenJDK: incorrect merging of sections in the JAR manifest (Security, 8189969) (CVE-2018-2790) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1318: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20181318 highRHSA-2018:1318 CVE-2017-16939 CVE-2018-1000199 CVE-2018-1068 CVE-2018-1087 CVE-2018-1091 CVE-2018-8897
RHSA-2018:1318: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181318 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1318, CVE-2017-16939, CVE-2018-1000199, CVE-2018-1068, CVE-2018-1087, CVE-2018-1091, CVE-2018-8897 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) * kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3431641 |
RHSA-2018:1319: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20181319 highRHSA-2018:1319 CVE-2017-1000410 CVE-2017-13166 CVE-2017-18017 CVE-2017-5715 CVE-2017-5754 CVE-2017-7645 CVE-2017-8824 CVE-2018-8897
RHSA-2018:1319: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181319 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1319, CVE-2017-1000410, CVE-2017-13166, CVE-2017-18017, CVE-2017-5715, CVE-2017-5754, CVE-2017-7645, CVE-2017-8824, CVE-2018-8897 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: cpu: speculative execution permission faults handling (CVE-2017-5754, x86 32-bit) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017) * kernel: Stack information leak in the EFS element (CVE-2017-1000410) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Google Project Zero for reporting CVE-2017-5754; Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897; Mohamed Ghannam for reporting CVE-2017-8824; and Armis Labs for reporting CVE-2017-1000410. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article: https://access.redhat.com/articles/3431591 |
RHSA-2018:1353: kernel security update (Moderate)oval-com.redhat.rhsa-def-20181353 mediumRHSA-2018:1353 CVE-2018-8897
RHSA-2018:1353: kernel security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181353 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1353, CVE-2018-8897 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: error in exception handling leads to DoS (CVE-2018-8897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting this issue. |
RHSA-2018:1355: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20181355 highRHSA-2018:1355 CVE-2017-16939 CVE-2018-1000199 CVE-2018-1068 CVE-2018-1087 CVE-2018-8897
RHSA-2018:1355: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181355 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1355, CVE-2017-16939, CVE-2018-1000199, CVE-2018-1068, CVE-2018-1087, CVE-2018-8897 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087) * Kernel: error in exception handling leads to DoS (CVE-2018-8897) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Andy Lutomirski for reporting CVE-2018-1087 and CVE-2018-1000199 and Nick Peterson (Everdox Tech LLC) and Andy Lutomirski for reporting CVE-2018-8897. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-862.2.3 source tree, which provides a number of bug fixes over the previous version. (BZ#1549768) |
RHSA-2018:1364: 389-ds-base security update (Important)oval-com.redhat.rhsa-def-20181364 highRHSA-2018:1364 CVE-2018-1089
RHSA-2018:1364: 389-ds-base security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181364 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1364, CVE-2018-1089 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: ns-slapd crash via large filter value in ldapsearch (CVE-2018-1089) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Greg Kubok for reporting this issue. |
RHSA-2018:1380: 389-ds-base security and bug fix update (Important)oval-com.redhat.rhsa-def-20181380 highRHSA-2018:1380 CVE-2018-1089
RHSA-2018:1380: 389-ds-base security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181380 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1380, CVE-2018-1089 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: ns-slapd crash via large filter value in ldapsearch (CVE-2018-1089) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Greg Kubok for reporting this issue. Bug Fix(es): * Indexing tasks in Directory Server contain the nsTaskStatus attribute to monitor whether the task is completed and the database is ready to receive updates. Before this update, the server set the value that indexing had completed before the database was ready to receive updates. Applications which monitor nsTaskStatus could start sending updates as soon as indexing completed, but before the database was ready. As a consequence, the server rejected updates with an UNWILLING_TO_PERFORM error. The problem has been fixed. As a result, the nsTaskStatus attribute now shows that indexing is completed after the database is ready to receive updates. (BZ#1553605) * Previously, Directory Server did not remember when the first operation, bind, or a connection was started. As a consequence, the server applied in certain situations anonymous resource limits to an authenticated client. With this update, Directory Server properly marks authenticated client connections. As a result, it applies the correct resource limits, and authenticated clients no longer get randomly restricted by anonymous resource limits. (BZ#1554720) * When debug replication logging is enabled, Directory Server incorrectly logged an error that updating the replica update vector (RUV) failed when in fact the update succeeded. The problem has been fixed, and the server no longer logs an error if updating the RUV succeeds. (BZ#1559464) * This update adds the -W option to the ds-replcheck utility. With this option, ds-replcheck asks for the password, similar to OpenLDAP utilities. As a result, the password is not stored in the shell's history file when the -W option is used. (BZ#1559760) * If an administrator moves a group in Directory Server from one subtree to another, the memberOf plug-in deletes the memberOf attribute with the old value and adds a new memberOf attribute with the new group's distinguished name (DN) in affected user entries. Previously, if the old subtree was not within the scope of the memberOf plug-in, deleting the old memberOf attribute failed because the values did not exist. As a consequence, the plug-in did not add the new memberOf value, and the user entry contained an incorrect memberOf value. With this update, the plug-in now checks the return code when deleting the old value. If the return code is "no such value", the plug-in only adds the new memberOf value. As a result, the memberOf attribute information is correct. (BZ#1559764) * In a Directory Server replication topology, updates are managed by using Change Sequence Numbers (CSN) based on time stamps. New CSNs must be higher than the highest CSN present in the relative update vector (RUV). In case the server generates a new CSN in the same second as the most recent CSN, the sequence number is increased to ensure that it is higher. However, if the most recent CSN and the new CSN were identical, the sequence number was not increased. In this situation, the new CSN was, except the replica ID, identical to the most recent one. As a consequence, a new update in the directory appeared in certain situations older than the most recent update. With this update, Directory Server increases the CSN if the sequence number is lower or equal to the most recent one. As a result, new updates are no longer considered older than the most recent data. (BZ#1563079) |
RHSA-2018:1396: libvirt security and bug fix update (Low)oval-com.redhat.rhsa-def-20181396 lowRHSA-2018:1396 CVE-2018-1064 CVE-2018-5748
RHSA-2018:1396: libvirt security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20181396 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:1396, CVE-2018-1064, CVE-2018-5748 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1064 issue was discovered by Daniel P. Berrangé (Red Hat) and the CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat). Bug Fix(es): * Previously, the check for a non-unique device boot order did not properly handle updates of existing devices when a new device was attached to a guest. Consequently, updating any device with a specified boot order failed. With this update, the duplicity check detects correctly handles updates and ignores the original device, which avoids reporting false conflicts. As a result, updating a device with a boot order succeeds. (BZ#1557922) * In Red Hat Enterprise Linux 7.5, guests with SCSI passthrough enabled failed to boot because of changes in kernel CGroup detection. With this update, libvirt fetches dependencies and adds them to the device CGroup. As a result, and the affected guests now start as expected. (BZ#1564996) * The VMX parser in libvirt did not parse more than four network interfaces. As a consequence, the esx driver did not expose more than four network interface cards (NICs) for guests running ESXi. With this update, the VMX parser parses all the available NICs in .vmx files. As a result, libvirt reports all the NICs of guests running ESXi. (BZ#1566524) * Previously, user aliases for PTY devices that were longer than 32 characters were not supported. Consequently, if a domain included a PTY device with a user alias longer than 32 characters, the domain would not start. With this update, a static buffer was replaced with a dynamic buffer. As a result, the domain starts even if the length of the user alias for a PTY device is longer than 32 characters. (BZ#1566525) |
RHSA-2018:1414: firefox security update (Critical)oval-com.redhat.rhsa-def-20181414 highRHSA-2018:1414 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183
RHSA-2018:1414: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181414 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1414, CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, CVE-2018-5183 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150) * Mozilla: Backport critical security fixes in Skia (CVE-2018-5183) * Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154) * Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155) * Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files (CVE-2018-5157) * Mozilla: Malicious PDF can inject JavaScript into PDF Viewer (CVE-2018-5158) * Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159) * Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168) * Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Randell Jesup, Tyson Smith, Alex Gaynor, Ronald Crane, Julian Hector, Kannan Vijayan, Jason Kratzer, Mozilla Developers, Nils, Wladimir Palant, Ivan Fratric, and Root Object as the original reporters. |
RHSA-2018:1415: firefox security update (Critical)oval-com.redhat.rhsa-def-20181415 highRHSA-2018:1415 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5157 CVE-2018-5158 CVE-2018-5159 CVE-2018-5168 CVE-2018-5178 CVE-2018-5183
RHSA-2018:1415: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181415 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1415, CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5157, CVE-2018-5158, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, CVE-2018-5183 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150) * Mozilla: Backport critical security fixes in Skia (CVE-2018-5183) * Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154) * Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155) * Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files (CVE-2018-5157) * Mozilla: Malicious PDF can inject JavaScript into PDF Viewer (CVE-2018-5158) * Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159) * Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168) * Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christoph Diehl, Randell Jesup, Tyson Smith, Alex Gaynor, Ronald Crane, Julian Hector, Kannan Vijayan, Jason Kratzer, Mozilla Developers, Nils, Wladimir Palant, Ivan Fratric, and Root Object as the original reporters. |
RHSA-2018:1416: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20181416 mediumRHSA-2018:1416 CVE-2018-7858
RHSA-2018:1416: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181416 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1416, CVE-2018-7858 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ross Lagerwall (Citrix.com) for reporting this issue. |
RHSA-2018:1453: dhcp security update (Critical)oval-com.redhat.rhsa-def-20181453 highRHSA-2018:1453 CVE-2018-1111
RHSA-2018:1453: dhcp security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181453 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1453, CVE-2018-1111 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. |
RHSA-2018:1454: dhcp security update (Critical)oval-com.redhat.rhsa-def-20181454 highRHSA-2018:1454 CVE-2018-1111
RHSA-2018:1454: dhcp security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20181454 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1454, CVE-2018-1111 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111) Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue. |
RHSA-2018:1629: kernel security update (Important)oval-com.redhat.rhsa-def-20181629 highRHSA-2018:1629 CVE-2018-3639
RHSA-2018:1629: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181629 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1629, CVE-2018-3639 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact. In this update mitigations for x86-64 architecture are provided. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1630: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20181630 highRHSA-2018:1630 CVE-2018-3639
RHSA-2018:1630: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181630 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1630, CVE-2018-3639 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1632: libvirt security update (Important)oval-com.redhat.rhsa-def-20181632 highRHSA-2018:1632 CVE-2018-3639
RHSA-2018:1632: libvirt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181632 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1632, CVE-2018-3639 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1633: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20181633 highRHSA-2018:1633 CVE-2018-3639
RHSA-2018:1633: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181633 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1633, CVE-2018-3639 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1647: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20181647 highRHSA-2018:1647 CVE-2018-3639
RHSA-2018:1647: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181647 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1647, CVE-2018-3639 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1648: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20181648 highRHSA-2018:1648 CVE-2018-3639
RHSA-2018:1648: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181648 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1648, CVE-2018-3639 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1649: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20181649 highRHSA-2018:1649 CVE-2018-3639
RHSA-2018:1649: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181649 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1649, CVE-2018-3639 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1650: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20181650 highRHSA-2018:1650 CVE-2018-3639
RHSA-2018:1650: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181650 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1650, CVE-2018-3639 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the OpenJDK side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1651: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20181651 highRHSA-2018:1651 CVE-2018-3639
RHSA-2018:1651: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181651 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1651, CVE-2018-3639 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software side of the mitigation for this hardware issue. To be fully functional, up-to-date CPU microcode applied on the system is required. Please refer to References section for further information about this issue, CPU microcode requirements and the potential performance impact. In this update mitigations for x86 (both 32 and 64 bit) architecture are provided. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. Bug Fix(es): * Previously, an erroneous code in the x86 kexec system call path caused a memory corruption. As a consequence, the system became unresponsive with the following kernel stack trace: 'WARNING: CPU: 13 PID: 36409 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0 list_del corruption. prev->next should be ffffdd03fddeeca0, but was (null)' This update ensures that the code does not corrupt memory. As a result, the operating system no longer hangs. (BZ#1573176) |
RHSA-2018:1660: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20181660 highRHSA-2018:1660 CVE-2018-3639
RHSA-2018:1660: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181660 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1660, CVE-2018-3639 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1669: libvirt security update (Important)oval-com.redhat.rhsa-def-20181669 highRHSA-2018:1669 CVE-2018-3639
RHSA-2018:1669: libvirt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181669 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1669, CVE-2018-3639 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:1700: procps-ng security update (Important)oval-com.redhat.rhsa-def-20181700 highRHSA-2018:1700 CVE-2018-1124 CVE-2018-1126
RHSA-2018:1700: procps-ng security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181700 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1700, CVE-2018-1124, CVE-2018-1126 |
| Description | The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es): * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues. |
RHSA-2018:1725: thunderbird security update (Important)oval-com.redhat.rhsa-def-20181725 highRHSA-2018:1725 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185
RHSA-2018:1725: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181725 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1725, CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5161, CVE-2018-5162, CVE-2018-5168, CVE-2018-5170, CVE-2018-5178, CVE-2018-5183, CVE-2018-5184, CVE-2018-5185 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150) * Mozilla: Backport critical security fixes in Skia (CVE-2018-5183) * Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154) * Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155) * Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159) * Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184) * Mozilla: Hang via malformed headers (CVE-2018-5161) * Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162) * Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168) * Mozilla: Filename spoofing for external attachments (CVE-2018-5170) * Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178) * Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, and CVE-2018-5183. Upstream acknowledges Christoph Diehl, Randell Jesup, Tyson Smith, Alex Gaynor, Ronald Crane, Julian Hector, Kannan Vijayan, Jason Kratzer, Mozilla Developers, Nils, Ivan Fratric, Wladimir Palant, and Root Object as the original reporters. |
RHSA-2018:1726: thunderbird security update (Important)oval-com.redhat.rhsa-def-20181726 highRHSA-2018:1726 CVE-2018-5150 CVE-2018-5154 CVE-2018-5155 CVE-2018-5159 CVE-2018-5161 CVE-2018-5162 CVE-2018-5168 CVE-2018-5170 CVE-2018-5178 CVE-2018-5183 CVE-2018-5184 CVE-2018-5185
RHSA-2018:1726: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181726 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1726, CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5161, CVE-2018-5162, CVE-2018-5168, CVE-2018-5170, CVE-2018-5178, CVE-2018-5183, CVE-2018-5184, CVE-2018-5185 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 (CVE-2018-5150) * Mozilla: Backport critical security fixes in Skia (CVE-2018-5183) * Mozilla: Use-after-free with SVG animations and clip paths (CVE-2018-5154) * Mozilla: Use-after-free with SVG animations and text paths (CVE-2018-5155) * Mozilla: Integer overflow and out-of-bounds write in Skia (CVE-2018-5159) * Mozilla: Full plaintext recovery in S/MIME via chosen-ciphertext attack (CVE-2018-5184) * Mozilla: Hang via malformed headers (CVE-2018-5161) * Mozilla: Encrypted mail leaks plaintext through src attribute (CVE-2018-5162) * Mozilla: Lightweight themes can be installed without user interaction (CVE-2018-5168) * Mozilla: Filename spoofing for external attachments (CVE-2018-5170) * Mozilla: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension (CVE-2018-5178) * Mozilla: Leaking plaintext through HTML forms (CVE-2018-5185) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting CVE-2018-5150, CVE-2018-5154, CVE-2018-5155, CVE-2018-5159, CVE-2018-5168, CVE-2018-5178, and CVE-2018-5183. Upstream acknowledges Christoph Diehl, Randell Jesup, Tyson Smith, Alex Gaynor, Ronald Crane, Julian Hector, Kannan Vijayan, Jason Kratzer, Mozilla Developers, Nils, Ivan Fratric, Wladimir Palant, and Root Object as the original reporters. |
RHSA-2018:1777: procps security update (Important)oval-com.redhat.rhsa-def-20181777 highRHSA-2018:1777 CVE-2018-1124 CVE-2018-1126
RHSA-2018:1777: procps security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181777 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1777, CVE-2018-1124, CVE-2018-1126 |
| Description | The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix(es): * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues. |
RHSA-2018:1779: xmlrpc3 security update (Important)oval-com.redhat.rhsa-def-20181779 highRHSA-2018:1779 CVE-2016-5003
RHSA-2018:1779: xmlrpc3 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181779 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1779, CVE-2016-5003 |
| Description | Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Security Fix(es): * xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag (CVE-2016-5003) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1780: xmlrpc security update (Important)oval-com.redhat.rhsa-def-20181780 highRHSA-2018:1780 CVE-2016-5003
RHSA-2018:1780: xmlrpc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181780 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1780, CVE-2016-5003 |
| Description | Apache XML-RPC is a Java implementation of XML-RPC, a popular protocol that uses XML over HTTP to implement remote procedure calls. Security Fix(es): * xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag (CVE-2016-5003) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1836: plexus-archiver security update (Important)oval-com.redhat.rhsa-def-20181836 highRHSA-2018:1836 CVE-2018-1002200
RHSA-2018:1836: plexus-archiver security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181836 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1836, CVE-2018-1002200 |
| Description | The Plexus project provides a full software stack for creating and executing software projects. Based on the Plexus container, the applications can utilise component-oriented programming to build modular, reusable components that can easily be assembled and reused. The plexus-archiver component provides functions to create and extract archives. Security Fix(es): * plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file (CVE-2018-1002200) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Danny Grander (Snyk) for reporting this issue. |
RHSA-2018:1852: kernel security update (Moderate)oval-com.redhat.rhsa-def-20181852 mediumRHSA-2018:1852 CVE-2018-3665
RHSA-2018:1852: kernel security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181852 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1852, CVE-2018-3665 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue. |
RHSA-2018:1854: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20181854 highRHSA-2018:1854 CVE-2012-6701 CVE-2015-8830 CVE-2016-8650 CVE-2017-12190 CVE-2017-15121 CVE-2017-18203 CVE-2017-2671 CVE-2017-6001 CVE-2017-7308 CVE-2017-7616 CVE-2017-7889 CVE-2017-8890 CVE-2017-9075 CVE-2017-9076 CVE-2017-9077 CVE-2018-1130 CVE-2018-3639 CVE-2018-5803
RHSA-2018:1854: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181854 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1854, CVE-2012-6701, CVE-2015-8830, CVE-2016-8650, CVE-2017-12190, CVE-2017-15121, CVE-2017-18203, CVE-2017-2671, CVE-2017-6001, CVE-2017-7308, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, CVE-2018-1130, CVE-2018-3639, CVE-2018-5803 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC) * kernel: net/packet: overflow in check for priv area size (CVE-2017-7308) * kernel: AIO interface didn't use rw_verify_area() for checking mandatory locking on files and size of access (CVE-2012-6701) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Null pointer dereference via keyctl (CVE-2016-8650) * kernel: ping socket / AF_LLC connect() sin_family race (CVE-2017-2671) * kernel: Race condition between multiple sys_perf_event_open() calls (CVE-2017-6001) * kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c (CVE-2017-7616) * kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism (CVE-2017-7889) * kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c (CVE-2017-8890) * kernel: net: sctp_v6_create_accept_sk function mishandles inheritance (CVE-2017-9075) * kernel: net: IPv6 DCCP implementation mishandles inheritance (CVE-2017-9076) * kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance (CVE-2017-9077) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190) * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121) * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203) * kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service (CVE-2018-5803) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Vitaly Mayatskih for reporting CVE-2017-12190; and Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. |
RHSA-2018:1860: samba security and bug fix update (Low)oval-com.redhat.rhsa-def-20181860 lowRHSA-2018:1860 CVE-2018-1050
RHSA-2018:1860: samba security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20181860 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:1860, CVE-2018-1050 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Null pointer indirection in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. |
RHSA-2018:1877: sssd and ding-libs security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20181877 mediumRHSA-2018:1877 CVE-2017-12173
RHSA-2018:1877: sssd and ding-libs security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181877 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1877, CVE-2017-12173 |
| Description | The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The ding-libs packages contain a set of libraries used by the System Security Services Daemon (SSSD) as well as other projects, and provide functions to manipulate file system path names (libpath_utils), a hash table to manage storage and access time properties (libdhash), a data type to collect data in a hierarchical structure (libcollection), a dynamically growing, reference-counted array (libref_array), and a library to process configuration files in initialization format (INI) into a library collection data structure (libini_config). Security Fix(es): * sssd: unsanitized input when searching in local cache database (CVE-2017-12173) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Sumit Bose (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. |
RHSA-2018:1879: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20181879 mediumRHSA-2018:1879 CVE-2017-15670 CVE-2017-15804
RHSA-2018:1879: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181879 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1879, CVE-2017-15670, CVE-2017-15804 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Buffer overflow in glob with GLOB_TILDE (CVE-2017-15670) * glibc: Buffer overflow during unescaping of user names with the ~ operator (CVE-2017-15804) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. |
RHSA-2018:1883: samba4 security and bug fix update (Low)oval-com.redhat.rhsa-def-20181883 lowRHSA-2018:1883 CVE-2018-1050
RHSA-2018:1883: samba4 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20181883 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:1883, CVE-2018-1050 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) or Common Internet File System (CIFS) protocol, which allows PC-compatible machines to share files, printers, and other information. Security Fix(es): * samba: Null pointer indirection in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. |
RHSA-2018:1927: pcs security update (Moderate)oval-com.redhat.rhsa-def-20181927 mediumRHSA-2018:1927 CVE-2018-1086
RHSA-2018:1927: pcs security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181927 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1927, CVE-2018-1086 |
| Description | The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Cedric Buissart (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. |
RHSA-2018:1929: libvirt security update (Low)oval-com.redhat.rhsa-def-20181929 lowRHSA-2018:1929 CVE-2018-1064 CVE-2018-5748
RHSA-2018:1929: libvirt security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20181929 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:1929, CVE-2018-1064, CVE-2018-5748 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: Resource exhaustion via qemuMonitorIORead() method (CVE-2018-5748) * libvirt: Incomplete fix for CVE-2018-5748 triggered by QEMU guest agent (CVE-2018-1064) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-5748 issue was discovered by Daniel P. Berrange (Red Hat) and Peter Krempa (Red Hat), and the CVE-2018-1064 issue was discovered by Daniel P. Berrange (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. |
RHSA-2018:1932: zsh security update (Moderate)oval-com.redhat.rhsa-def-20181932 mediumRHSA-2018:1932 CVE-2014-10072 CVE-2017-18206 CVE-2018-1083 CVE-2018-1100
RHSA-2018:1932: zsh security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181932 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1932, CVE-2014-10072, CVE-2017-18206, CVE-2018-1083, CVE-2018-1100 |
| Description | The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072) * zsh: buffer overrun in symlinks (CVE-2017-18206) * zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution (CVE-2018-1100) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1083 and CVE-2018-1100 issues were discovered by Richard Maciel Costa (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. |
RHSA-2018:1944: kernel-rt security update (Moderate)oval-com.redhat.rhsa-def-20181944 mediumRHSA-2018:1944 CVE-2018-3665
RHSA-2018:1944: kernel-rt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181944 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1944, CVE-2018-3665 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue. |
RHSA-2018:1957: git security update (Important)oval-com.redhat.rhsa-def-20181957 highRHSA-2018:1957 CVE-2018-11235
RHSA-2018:1957: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181957 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1957, CVE-2018-11235 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: arbitrary code execution when recursively cloning a malicious repository (CVE-2018-11235) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:1965: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20181965 highRHSA-2018:1965 CVE-2017-11600 CVE-2018-3639
RHSA-2018:1965: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181965 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1965, CVE-2017-11600, CVE-2018-3639 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, PowerPC, x86 AMD) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3485871 |
RHSA-2018:1979: pki-core security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20181979 mediumRHSA-2018:1979 CVE-2018-1080
RHSA-2018:1979: pki-core security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20181979 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:1979, CVE-2018-1080 |
| Description | The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * pki-core: Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access (CVE-2018-1080) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Fraser Tweedale (Red Hat). Bug Fix(es): * Previously, when ECC keys were enrolled, Certificate Management over CMS (CMC) authentication failed with a "TokenException: Unable to insert certificate into temporary database" error. As a consequence, the enrollment failed. This update fixes the problem. As a result, the mentioned bug no longer occurs. (BZ#1550581) * Previously, Certificate System used the same enrollment profiles for issuing RSA and ECC certificates. As a consequence, the key usage extension in issued certificates did not meet the Common Criteria standard. This update adds ECC-specific enrollment profiles where the key usage extension for TLS server and client certificates are different as described in RFC 6960. Additionally, the update changes existing profiles to issue only RSA certificates. As a result, the key usage extension in ECC certificates now meets the Common Criteria standard. (BZ#1554726) * The Certificate System server rejects saving invalid access control lists (ACL). As a consequence, when saving an ACL with an empty expression, the server rejected the update and the pkiconsole utility displayed an StringIndexOutOfBoundsException error. With this update, the utility rejects empty ACL expressions. As a result, invalid ACLs cannot be saved and the error is no longer displayed. (BZ#1557883) * Previously, due to a bug in the Certificate System installation procedure, installing a Key Recovery Authority (KRA) with ECC keys failed. To fix the problem, the installation process has been updated to handle both RSA and ECC subsystems automatically. As a result, installing subsystems with ECC keys no longer fail. (BZ#1581134) * Previously, during verification, Certificate System encoded the ECC public key incorrectly in CMC Certificate Request Message Format (CRMF) requests. As a consequence, requesting an ECC certificate with Certificate Management over CMS (CMC) in CRMF failed. The problem has been fixed, and as a result, CMC CRMF requests using ECC keys work as expected. (BZ#1585945) Enhancement(s): * The pkispawn man page has been updated and now describes the --skip-configuration and --skip-installation parameters. (BZ#1551067) * With this update, Certificate System adds the Subject Alternative Name (SAN) extension by default to server certificates and sets it to the Common Name (CN) of the certificate. (BZ#1581135) * With this enhancement, users can create Certificate Request Message Format (CRMF) requests without the key archival option when using the CRMFPopClient utility. This feature increases flexibility because a Key Recovery Authority (KRA) certificate is no longer required. Previously, if the user did not pass the "-b transport_certificate_file" option to CRMFPopClient, the utility automatically used the KRA transport certificate stored in the transport.txt file. With this update, if "-b transport_certificate_file" is not specified, Certificate System creates a request without using key archival. (BZ#1588945) |
RHSA-2018:1997: libvirt security and bug fix update (Important)oval-com.redhat.rhsa-def-20181997 highRHSA-2018:1997 CVE-2018-3639
RHSA-2018:1997: libvirt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20181997 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:1997, CVE-2018-3639 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the libvirt side of the CVE-2018-3639 mitigation that includes support for guests running on hosts with AMD processors. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. Bug Fix(es): * Previously, the virtlogd service logged redundant AVC denial errors when a guest virtual machine was started. With this update, the virtlogd service no longer attempts to send shutdown inhibition calls to systemd, which prevents the described errors from occurring. (BZ#1573268) * Prior to this update, guest virtual machine actions that use a python library in some cases failed and "Hash operation not allowed during iteration" error messages were logged. Several redundant thread access checks have been removed, and the problem no longer occurs. (BZ#1581364) * The "virsh capabilities" command previously displayed an inaccurate number of 4 KiB memory pages on systems with very large amounts of memory. This update optimizes the memory diagnostic mechanism to ensure memory page numbers are displayed correctly on such systems. (BZ#1582418) |
RHSA-2018:2001: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20182001 highRHSA-2018:2001 CVE-2018-3639
RHSA-2018:2001: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182001 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2001, CVE-2018-3639 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation that includes support for guests running on hosts with AMD processors. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue. |
RHSA-2018:2003: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20182003 highRHSA-2018:2003 CVE-2017-11600 CVE-2018-3639
RHSA-2018:2003: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2003, CVE-2017-11600, CVE-2018-3639 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-862.6.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1576058) |
RHSA-2018:2112: firefox security update (Critical)oval-com.redhat.rhsa-def-20182112 highRHSA-2018:2112 CVE-2017-7762 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-5156 CVE-2018-5188 CVE-2018-6126
RHSA-2018:2112: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182112 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2112, CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Media recorder segmentation fault when track type is changed during capture (CVE-2018-5156) * Skia: Heap buffer overflow rasterizing paths in SVG (CVE-2018-6126) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) * Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) * Mozilla: address bar username and password spoofing in reader mode (CVE-2017-7762) * Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) * Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Marcia Knous, Ronald Crane, Nils, F. Alonso (revskills), David Black, and OSS-Fuzz as the original reporters. |
RHSA-2018:2113: firefox security update (Critical)oval-com.redhat.rhsa-def-20182113 highRHSA-2018:2113 CVE-2017-7762 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-5156 CVE-2018-5188 CVE-2018-6126
RHSA-2018:2113: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182113 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2113, CVE-2017-7762, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-5156, CVE-2018-5188, CVE-2018-6126 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.1.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Media recorder segmentation fault when track type is changed during capture (CVE-2018-5156) * Skia: Heap buffer overflow rasterizing paths in SVG (CVE-2018-6126) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) * Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) * Mozilla: address bar username and password spoofing in reader mode (CVE-2017-7762) * Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) * Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Marcia Knous, Ronald Crane, Nils, F. Alonso (revskills), David Black, and OSS-Fuzz as the original reporters. |
RHSA-2018:2123: python security update (Moderate)oval-com.redhat.rhsa-def-20182123 mediumRHSA-2018:2123 CVE-2016-2183
RHSA-2018:2123: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182123 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2123, CVE-2016-2183 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * A flaw was found in the way the DES/3DES cipher was used as part of the TLS/SSL protocol. A man-in-the-middle attacker could use this flaw to recover some plaintext data by capturing large amounts of encrypted traffic between TLS/SSL server and client if the communication used a DES/3DES based ciphersuite. (CVE-2016-2183) Note: This update modifies the Python ssl module to disable 3DES cipher suites by default. Red Hat would like to thank OpenVPN for reporting this issue. Upstream acknowledges Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as the original reporters. |
RHSA-2018:2162: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20182162 highRHSA-2018:2162 CVE-2017-13672 CVE-2018-3639 CVE-2018-5683 CVE-2018-7858
RHSA-2018:2162: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182162 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2162, CVE-2017-13672, CVE-2018-3639, CVE-2018-5683, CVE-2018-7858 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) Note: This is the qemu-kvm side of the CVE-2018-3639 mitigation. * QEMU: cirrus: OOB access when updating VGA display (CVE-2018-7858) * QEMU: vga: OOB read access during display update (CVE-2017-13672) * Qemu: Out-of-bounds read in vga_draw_text routine (CVE-2018-5683) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Ross Lagerwall (Citrix.com) for reporting CVE-2018-7858; David Buchanan for reporting CVE-2017-13672; and Jiang Xin and Lin ZheCheng for reporting CVE-2018-5683. |
RHSA-2018:2164: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20182164 highRHSA-2018:2164 CVE-2018-10675 CVE-2018-10872 CVE-2018-3639 CVE-2018-3665
RHSA-2018:2164: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2164, CVE-2018-10675, CVE-2018-10872, CVE-2018-3639, CVE-2018-3665 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639 and Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665. Bug Fix(es): * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ#1574592) |
RHSA-2018:2172: kernel security update (Important)oval-com.redhat.rhsa-def-20182172 highRHSA-2018:2172 CVE-2017-14106 CVE-2018-3639
RHSA-2018:2172: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182172 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2172, CVE-2017-14106, CVE-2018-3639 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639) * kernel: A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639. |
RHSA-2018:2180: gnupg2 security update (Important)oval-com.redhat.rhsa-def-20182180 highRHSA-2018:2180 CVE-2018-12020
RHSA-2018:2180: gnupg2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2180, CVE-2018-12020 |
| Description | The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es): * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2181: gnupg2 security update (Important)oval-com.redhat.rhsa-def-20182181 highRHSA-2018:2181 CVE-2018-12020
RHSA-2018:2181: gnupg2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182181 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2181, CVE-2018-12020 |
| Description | The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. Security Fix(es): * gnupg2: Improper sanitization of filenames allows for the display of fake status messages and the bypass of signature verification (CVE-2018-12020) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2240: openslp security update (Important)oval-com.redhat.rhsa-def-20182240 highRHSA-2018:2240 CVE-2017-17833
RHSA-2018:2240: openslp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182240 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2240, CVE-2017-17833 |
| Description | OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Security Fix(es): * openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2241: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20182241 mediumRHSA-2018:2241 CVE-2018-2952
RHSA-2018:2241: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182241 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2241, CVE-2018-2952 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2242: java-1.8.0-openjdk security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20182242 mediumRHSA-2018:2242 CVE-2018-2952
RHSA-2018:2242: java-1.8.0-openjdk security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182242 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2242, CVE-2018-2952 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Note: If the web browser plug-in provided by the icedtea-web package was installed, the issues exposed via Java applets could have been exploited without user interaction if a user visited a malicious website. Bug Fix(es): * This update applies changes from OpenJDK upstream version 8u172, which provides a number of bug fixes over the previous version, 8u171. (BZ#1588364) * OpenJDK was recently updated to support reading the system certificate authority database (cacerts) directly. As an unintended consequence, this removed the ability to read certificates from the user-provided jssecacerts file. With this update, that ability is restored by reading from that file first, if available. (BZ#1593737) |
RHSA-2018:2251: thunderbird security update (Important)oval-com.redhat.rhsa-def-20182251 highRHSA-2018:2251 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 CVE-2018-5188
RHSA-2018:2251: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182251 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2251, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-5188 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) * Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) * thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails (CVE-2018-12372) * thunderbird: S/MIME plaintext can be leaked through HTML reply/forward (CVE-2018-12373) * Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) * Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366) * thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field (CVE-2018-12374) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Marcia Knous, Ronald Crane, Nils, F. Alonso (revskills), David Black, and OSS-Fuzz as the original reporters. |
RHSA-2018:2252: thunderbird security update (Important)oval-com.redhat.rhsa-def-20182252 highRHSA-2018:2252 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374 CVE-2018-5188
RHSA-2018:2252: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182252 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2252, CVE-2018-12359, CVE-2018-12360, CVE-2018-12362, CVE-2018-12363, CVE-2018-12364, CVE-2018-12365, CVE-2018-12366, CVE-2018-12372, CVE-2018-12373, CVE-2018-12374, CVE-2018-5188 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 52.9.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 61, Firefox ESR 60.1, and Firefox ESR 52.9 (CVE-2018-5188) * Mozilla: Buffer overflow using computed size of canvas element (CVE-2018-12359) * Mozilla: Use-after-free using focus() (CVE-2018-12360) * Mozilla: Integer overflow in SSSE3 scaler (CVE-2018-12362) * Mozilla: Use-after-free when appending DOM nodes (CVE-2018-12363) * Mozilla: CSRF attacks through 307 redirects and NPAPI plugins (CVE-2018-12364) * thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails (CVE-2018-12372) * thunderbird: S/MIME plaintext can be leaked through HTML reply/forward (CVE-2018-12373) * Mozilla: Compromised IPC child process can list local filenames (CVE-2018-12365) * Mozilla: Invalid data handling during QCMS transformations (CVE-2018-12366) * thunderbird: Using form to exfiltrate encrypted mail part by pressing enter in form field (CVE-2018-12374) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Christoph Diehl, Christian Holler, Jason Kratzer, David Major, Jon Coppeard, Nicolas B. Pierron, Marcia Knous, Ronald Crane, Nils, F. Alonso (revskills), David Black, and OSS-Fuzz as the original reporters. |
RHSA-2018:2253: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20182253 highRHSA-2018:2253 CVE-2018-2940 CVE-2018-2941 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973
RHSA-2018:2253: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182253 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2253, CVE-2018-2940, CVE-2018-2941, CVE-2018-2952, CVE-2018-2964, CVE-2018-2973 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 181. Security Fix(es): * Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX) (CVE-2018-2941) * Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment) (CVE-2018-2964) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2254: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20182254 highRHSA-2018:2254 CVE-2018-2940 CVE-2018-2941 CVE-2018-2952 CVE-2018-2973
RHSA-2018:2254: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182254 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2254, CVE-2018-2940, CVE-2018-2941, CVE-2018-2952, CVE-2018-2973 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 191. Security Fix(es): * Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX) (CVE-2018-2941) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2255: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20182255 highRHSA-2018:2255 CVE-2018-2940 CVE-2018-2941 CVE-2018-2952 CVE-2018-2973
RHSA-2018:2255: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182255 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2255, CVE-2018-2940, CVE-2018-2941, CVE-2018-2952, CVE-2018-2973 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 191. Security Fix(es): * Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX) (CVE-2018-2941) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2256: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20182256 highRHSA-2018:2256 CVE-2018-2940 CVE-2018-2941 CVE-2018-2952 CVE-2018-2964 CVE-2018-2973
RHSA-2018:2256: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182256 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2256, CVE-2018-2940, CVE-2018-2941, CVE-2018-2952, CVE-2018-2964, CVE-2018-2973 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 181. Security Fix(es): * Oracle JDK: unspecified vulnerability fixed in 7u191, 8u181, and 10.0.2 (JavaFX) (CVE-2018-2941) * Oracle JDK: unspecified vulnerability fixed in 8u181 and 10.0.2 (Deployment) (CVE-2018-2964) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2283: java-1.7.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20182283 mediumRHSA-2018:2283 CVE-2018-2952
RHSA-2018:2283: java-1.7.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182283 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2283, CVE-2018-2952 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2284: yum-utils security update (Important)oval-com.redhat.rhsa-def-20182284 highRHSA-2018:2284 CVE-2018-10897
RHSA-2018:2284: yum-utils security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182284 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2284, CVE-2018-10897 |
| Description | The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es): * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue. |
RHSA-2018:2285: yum-utils security update (Important)oval-com.redhat.rhsa-def-20182285 highRHSA-2018:2285 CVE-2018-10897
RHSA-2018:2285: yum-utils security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182285 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2285, CVE-2018-10897 |
| Description | The yum-utils packages provide a collection of utilities and examples for the yum package manager to make yum easier and more powerful to use. Security Fix(es): * yum-utils: reposync: improper path validation may lead to directory traversal (CVE-2018-10897) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jay Grizzard (Clover Network) and Aaron Levy (Clover Network) for reporting this issue. |
RHSA-2018:2286: java-1.7.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20182286 mediumRHSA-2018:2286 CVE-2018-2952
RHSA-2018:2286: java-1.7.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182286 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2286, CVE-2018-2952 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2308: openslp security update (Important)oval-com.redhat.rhsa-def-20182308 highRHSA-2018:2308 CVE-2017-17833
RHSA-2018:2308: openslp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182308 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2308, CVE-2017-17833 |
| Description | OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Security Fix(es): * openslp: Heap memory corruption in slpd/slpd_process.c allows denial of service or potentially code execution (CVE-2017-17833) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2384: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20182384 highRHSA-2018:2384 CVE-2017-13215 CVE-2018-10675 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-5390 CVE-2018-7566
RHSA-2018:2384: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182384 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2384, CVE-2017-13215, CVE-2018-10675, CVE-2018-3620, CVE-2018-3646, CVE-2018-3693, CVE-2018-5390, CVE-2018-7566 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3527791 |
RHSA-2018:2390: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20182390 highRHSA-2018:2390 CVE-2017-0861 CVE-2017-15265 CVE-2018-1000004 CVE-2018-10901 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-5390 CVE-2018-7566
RHSA-2018:2390: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182390 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2390, CVE-2017-0861, CVE-2017-15265, CVE-2018-1000004, CVE-2018-10901, CVE-2018-3620, CVE-2018-3646, CVE-2018-3693, CVE-2018-5390, CVE-2018-7566 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es): * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819) |
RHSA-2018:2395: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20182395 highRHSA-2018:2395 CVE-2017-13215 CVE-2018-10675 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-5390 CVE-2018-7566
RHSA-2018:2395: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182395 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2395, CVE-2017-13215, CVE-2018-10675, CVE-2018-3620, CVE-2018-3646, CVE-2018-3693, CVE-2018-5390, CVE-2018-7566 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-862.10.2 source tree, which provides a number of bug fixes over the previous version. (BZ#1594915) |
RHSA-2018:2439: mariadb security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20182439 mediumRHSA-2018:2439 CVE-2017-10268 CVE-2017-10378 CVE-2017-10379 CVE-2017-10384 CVE-2017-3636 CVE-2017-3641 CVE-2017-3651 CVE-2017-3653 CVE-2018-2562 CVE-2018-2622 CVE-2018-2640 CVE-2018-2665 CVE-2018-2668 CVE-2018-2755 CVE-2018-2761 CVE-2018-2767 CVE-2018-2771 CVE-2018-2781 CVE-2018-2813 CVE-2018-2817 CVE-2018-2819 CVE-2018-3133 CVE-2019-2455
RHSA-2018:2439: mariadb security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182439 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2439, CVE-2017-10268, CVE-2017-10378, CVE-2017-10379, CVE-2017-10384, CVE-2017-3636, CVE-2017-3641, CVE-2017-3651, CVE-2017-3653, CVE-2018-2562, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668, CVE-2018-2755, CVE-2018-2761, CVE-2018-2767, CVE-2018-2771, CVE-2018-2781, CVE-2018-2813, CVE-2018-2817, CVE-2018-2819, CVE-2018-3133, CVE-2019-2455 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.60). (BZ#1584668, BZ#1584671, BZ#1584674, BZ#1601085) Security Fix(es): * mysql: Client programs unspecified vulnerability (CPU Jul 2017) (CVE-2017-3636) * mysql: Server: DML unspecified vulnerability (CPU Jul 2017) (CVE-2017-3641) * mysql: Client mysqldump unspecified vulnerability (CPU Jul 2017) (CVE-2017-3651) * mysql: Server: Replication unspecified vulnerability (CPU Oct 2017) (CVE-2017-10268) * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2017) (CVE-2017-10378) * mysql: Client programs unspecified vulnerability (CPU Oct 2017) (CVE-2017-10379) * mysql: Server: DDL unspecified vulnerability (CPU Oct 2017) (CVE-2017-10384) * mysql: Server: Partition unspecified vulnerability (CPU Jan 2018) (CVE-2018-2562) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2018) (CVE-2018-2622) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2640) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2665) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2018) (CVE-2018-2668) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2018) (CVE-2018-2755) * mysql: Client programs unspecified vulnerability (CPU Apr 2018) (CVE-2018-2761) * mysql: Server: Locking unspecified vulnerability (CPU Apr 2018) (CVE-2018-2771) * mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2018) (CVE-2018-2781) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2813) * mysql: Server: DDL unspecified vulnerability (CPU Apr 2018) (CVE-2018-2817) * mysql: InnoDB unspecified vulnerability (CPU Apr 2018) (CVE-2018-2819) * mysql: Server: DDL unspecified vulnerability (CPU Jul 2017) (CVE-2017-3653) * mysql: use of SSL/TLS not enforced in libmysqld (Return of BACKRONYM) (CVE-2018-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, the mysqladmin tool waited for an inadequate length of time if the socket it listened on did not respond in a specific way. Consequently, when the socket was used while the MariaDB server was starting, the mariadb service became unresponsive for a long time. With this update, the mysqladmin timeout has been shortened to 2 seconds. As a result, the mariadb service either starts or fails but no longer hangs in the described situation. (BZ#1584023) |
RHSA-2018:2462: qemu-kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20182462 highRHSA-2018:2462 CVE-2018-11806 CVE-2018-7550
RHSA-2018:2462: qemu-kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182462 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2462, CVE-2018-11806, CVE-2018-7550 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: i386: multiboot OOB access while loading kernel image (CVE-2018-7550) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jskz - Zero Day Initiative (trendmicro.com) for reporting CVE-2018-11806 and Cyrille Chatras (Orange.com) and CERT-CC (Orange.com) for reporting CVE-2018-7550. Bug Fix(es): * Previously, live migrating a Windows guest in some cases caused the guest to become unresponsive. This update ensures that Real-time Clock (RTC) interrupts are not missed, which prevents the problem from occurring. (BZ#1596302) |
RHSA-2018:2526: mutt security update (Important)oval-com.redhat.rhsa-def-20182526 highRHSA-2018:2526 CVE-2018-14354 CVE-2018-14357 CVE-2018-14362
RHSA-2018:2526: mutt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182526 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2526, CVE-2018-14354, CVE-2018-14357, CVE-2018-14362 |
| Description | Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): * mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354) * mutt: Remote Code Execution via backquote characters (CVE-2018-14357) * mutt: POP body caching path traversal vulnerability (CVE-2018-14362) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2557: postgresql security update (Important)oval-com.redhat.rhsa-def-20182557 highRHSA-2018:2557 CVE-2018-10915
RHSA-2018:2557: postgresql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182557 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2557, CVE-2018-10915 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.2.24). (BZ#1612667) Security Fix(es): * postgresql: Certain host connection parameters defeat client-side security defenses (CVE-2018-10915) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andrew Krasichkov as the original reporter. |
RHSA-2018:2570: bind security update (Important)oval-com.redhat.rhsa-def-20182570 highRHSA-2018:2570 CVE-2018-5740
RHSA-2018:2570: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182570 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2570, CVE-2018-5740 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) as the original reporter. |
RHSA-2018:2571: bind security update (Important)oval-com.redhat.rhsa-def-20182571 highRHSA-2018:2571 CVE-2018-5740
RHSA-2018:2571: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182571 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2571, CVE-2018-5740 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: processing of certain records when "deny-answer-aliases" is in use may trigger an assert leading to a denial of service (CVE-2018-5740) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges Tony Finch (University of Cambridge) as the original reporter. |
RHSA-2018:2602: kernel security update (Important)oval-com.redhat.rhsa-def-20182602 highRHSA-2018:2602 CVE-2018-3620 CVE-2018-3646
RHSA-2018:2602: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182602 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2602, CVE-2018-3620, CVE-2018-3646 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting these issues. |
RHSA-2018:2692: firefox security update (Critical)oval-com.redhat.rhsa-def-20182692 highRHSA-2018:2692 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-18499
RHSA-2018:2692: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182692 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2692, CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-18499 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, Nils, Zhanjia Song, and Holger Fuhrmannek as the original reporters. |
RHSA-2018:2693: firefox security update (Critical)oval-com.redhat.rhsa-def-20182693 highRHSA-2018:2693 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-18499
RHSA-2018:2693: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182693 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2693, CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-18499 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, Nils, Zhanjia Song, and Holger Fuhrmannek as the original reporters. |
RHSA-2018:2731: spice and spice-gtk security update (Important)oval-com.redhat.rhsa-def-20182731 highRHSA-2018:2731 CVE-2018-10873
RHSA-2018:2731: spice and spice-gtk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182731 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2731, CVE-2018-10873 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Security Fix(es): * spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Frediano Ziglio (Red Hat). |
RHSA-2018:2732: spice-gtk and spice-server security update (Important)oval-com.redhat.rhsa-def-20182732 highRHSA-2018:2732 CVE-2018-10873
RHSA-2018:2732: spice-gtk and spice-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182732 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2732, CVE-2018-10873 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Security Fix(es): * spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Frediano Ziglio (Red Hat). |
RHSA-2018:2737: mod_perl security update (Important)oval-com.redhat.rhsa-def-20182737 highRHSA-2018:2737 CVE-2011-2767
RHSA-2018:2737: mod_perl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182737 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2737, CVE-2011-2767 |
| Description | Mod_perl incorporates a Perl interpreter into the Apache web server, such that the Apache HTTP server can directly execute Perl code. Security Fix(es): * mod_perl: arbitrary Perl code execution in the context of the user account via a user-owned .htaccess (CVE-2011-2767) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2748: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20182748 highRHSA-2018:2748 CVE-2018-14634
RHSA-2018:2748: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182748 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2748, CVE-2018-14634 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting this issue. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3588731 |
RHSA-2018:2757: 389-ds-base security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20182757 mediumRHSA-2018:2757 CVE-2018-10850 CVE-2018-10935 CVE-2018-14624 CVE-2018-14638
RHSA-2018:2757: 389-ds-base security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182757 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2757, CVE-2018-10850, CVE-2018-10935, CVE-2018-14624, CVE-2018-14638 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: race condition on reference counter leads to DoS using persistent search (CVE-2018-10850) * 389-ds-base: ldapsearch with server side sort allows users to cause a crash (CVE-2018-10935) * 389-ds-base: Server crash through modify command with large DN (CVE-2018-14624) * 389-ds-base: Crash in delete_passwdPolicy when persistent search connections are terminated unexpectedly (CVE-2018-14638) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-10850 issue was discovered by Thierry Bordaz (Red Hat) and the CVE-2018-14638 issue was discovered by Viktor Ashirov (Red Hat). Bug Fix(es): * Previously, the nucn-stans framework was enabled by default in Directory Server, but the framework is not stable. As a consequence, deadlocks and file descriptor leaks could occur. This update changes the default value of the nsslapd-enable-nunc-stans parameter to "off". As a result, Directory Server is now stable. (BZ#1614836) * When a search evaluates the "shadowAccount" entry, Directory Server adds the shadow attributes to the entry. If the fine-grained password policy is enabled, the "shadowAccount" entry can contain its own "pwdpolicysubentry" policy attribute. Previously, to retrieve this attribute, the server started an internal search for each "shadowAccount" entry, which was unnecessary because the entry was already known to the server. With this update, Directory Server only starts internal searches if the entry is not known. As a result, the performance of searches, such as response time and throughput, is improved. (BZ#1615924) |
RHSA-2018:2762: qemu-kvm-ma security update (Important)oval-com.redhat.rhsa-def-20182762 highRHSA-2018:2762 CVE-2018-11806
RHSA-2018:2762: qemu-kvm-ma security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182762 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2762, CVE-2018-11806 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jskz - Zero Day Initiative (trendmicro.com) for reporting this issue. |
RHSA-2018:2763: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20182763 highRHSA-2018:2763 CVE-2018-14634
RHSA-2018:2763: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182763 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2763, CVE-2018-14634 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting this issue. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-862.14.3 source tree, which provides a number of bug fixes over the previous version. (BZ#1616429) * Previously, preemption was enabled too early after a context switch. If a task was migrated to another CPU after a context switch, a mismatch between CPU and runqueue during load balancing sometimes occurred. Consequently, a runnable task on an idle CPU failed to run, and the operating system became unresponsive. This update disables preemption in the schedule_tail() function. As a result, CPU migration during post-schedule processing no longer occurs, which prevents the above mismatch. The operating system no longer hangs due to this bug. (BZ#1617941) |
RHSA-2018:2766: flatpak security update (Moderate)oval-com.redhat.rhsa-def-20182766 mediumRHSA-2018:2766 CVE-2018-6560
RHSA-2018:2766: flatpak security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182766 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2766, CVE-2018-6560 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape in D-Bus filtering by a crafted authentication handshake (CVE-2018-6560) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2768: nss security update (Moderate)oval-com.redhat.rhsa-def-20182768 mediumRHSA-2018:2768 CVE-2018-12384
RHSA-2018:2768: nss security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182768 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2768, CVE-2018-12384 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. |
RHSA-2018:2834: firefox security update (Moderate)oval-com.redhat.rhsa-def-20182834 mediumRHSA-2018:2834 CVE-2018-12383 CVE-2018-12385
RHSA-2018:2834: firefox security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182834 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2834, CVE-2018-12383, CVE-2018-12385 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix(es): * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Philipp and Jurgen Gaeremyn as the original reporters. |
RHSA-2018:2835: firefox security update (Moderate)oval-com.redhat.rhsa-def-20182835 mediumRHSA-2018:2835 CVE-2018-12383 CVE-2018-12385
RHSA-2018:2835: firefox security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182835 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2835, CVE-2018-12383, CVE-2018-12385 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.1 ESR. Security Fix(es): * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Philipp and Jurgen Gaeremyn as the original reporters. |
RHSA-2018:2846: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20182846 highRHSA-2018:2846 CVE-2018-14634 CVE-2018-5391
RHSA-2018:2846: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182846 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2846, CVE-2018-14634, CVE-2018-5391 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391 and Qualys Research Labs for reporting CVE-2018-14634. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3635371 |
RHSA-2018:2881: firefox security update (Critical)oval-com.redhat.rhsa-def-20182881 highRHSA-2018:2881 CVE-2018-12386 CVE-2018-12387
RHSA-2018:2881: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182881 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2881, CVE-2018-12386, CVE-2018-12387 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Security Fix(es): * Mozilla: type confusion in JavaScript (CVE-2018-12386) * Mozilla: stack out-of-bounds read in Array.prototype.push (CVE-2018-12387) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. The upstream acknowledges Niklas Baumstark, Samuel Groß, and Bruno Keith as the original reporters, via Beyond Security's SecuriTeam Secure Disclosure program. |
RHSA-2018:2884: firefox security update (Critical)oval-com.redhat.rhsa-def-20182884 highRHSA-2018:2884 CVE-2018-12386 CVE-2018-12387
RHSA-2018:2884: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182884 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2884, CVE-2018-12386, CVE-2018-12387 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.2.2 ESR. Security Fix(es): * Mozilla: type confusion in JavaScript (CVE-2018-12386) * Mozilla: stack out-of-bounds read in Array.prototype.push (CVE-2018-12387) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. The upstream acknowledges Niklas Baumstark, Samuel Groß, and Bruno Keith as the original reporters, via Beyond Security's SecuriTeam Secure Disclosure program. |
RHSA-2018:2892: glusterfs security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20182892 mediumRHSA-2018:2892 CVE-2018-10911
RHSA-2018:2892: glusterfs security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182892 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2892, CVE-2018-10911 |
| Description | GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. The glusterfs packages have been upgraded to upstream version 3.12.2, which provides a number of bug fixes over the previous version. (BZ#1594203) Security Fix(es): * glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue. |
RHSA-2018:2898: nss security update (Moderate)oval-com.redhat.rhsa-def-20182898 mediumRHSA-2018:2898 CVE-2018-12384
RHSA-2018:2898: nss security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20182898 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:2898, CVE-2018-12384 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting this issue. |
RHSA-2018:2916: spamassassin security update (Important)oval-com.redhat.rhsa-def-20182916 highRHSA-2018:2916 CVE-2017-15705 CVE-2018-11781
RHSA-2018:2916: spamassassin security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182916 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2916, CVE-2017-15705, CVE-2018-11781 |
| Description | The SpamAssassin tool provides a way to reduce unsolicited commercial email (spam) from incoming email. Security Fix(es): * spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service (CVE-2017-15705) * spamassassin: Local user code injection in the meta rule syntax (CVE-2018-11781) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2918: ghostscript security update (Important)oval-com.redhat.rhsa-def-20182918 highRHSA-2018:2918 CVE-2018-10194 CVE-2018-15910 CVE-2018-16509 CVE-2018-16542
RHSA-2018:2918: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182918 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2918, CVE-2018-10194, CVE-2018-15910, CVE-2018-16509, CVE-2018-16542 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509) * ghostscript: LockDistillerParams type confusion (699656) (CVE-2018-15910) * ghostscript: .definemodifiedfont memory corruption if /typecheck is handled (699668) (CVE-2018-16542) * ghostscript: Stack-based out-of-bounds write in pdf_set_text_matrix function in gdevpdts.c (CVE-2018-10194) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2018-16509, CVE-2018-15910, and CVE-2018-16542. |
RHSA-2018:2921: tomcat security update (Important)oval-com.redhat.rhsa-def-20182921 highRHSA-2018:2921 CVE-2018-1336
RHSA-2018:2921: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20182921 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2921, CVE-2018-1336 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: A bug in the UTF-8 decoder can lead to DoS (CVE-2018-1336) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2942: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20182942 highRHSA-2018:2942 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214
RHSA-2018:2942: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182942 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2942, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:2943: java-1.8.0-openjdk security update (Critical)oval-com.redhat.rhsa-def-20182943 highRHSA-2018:2943 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3214
RHSA-2018:2943: java-1.8.0-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20182943 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:2943, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3214 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in singed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3000: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20183000 highRHSA-2018:3000 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214
RHSA-2018:3000: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183000 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3000, CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 201. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3001: java-1.7.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20183001 highRHSA-2018:3001 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214
RHSA-2018:3001: java-1.7.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183001 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3001, CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214 |
| Description | Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 7 to version 7 Update 201. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3002: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20183002 highRHSA-2018:3002 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3209 CVE-2018-3211 CVE-2018-3214
RHSA-2018:3002: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183002 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3002, CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3209, CVE-2018-3211, CVE-2018-3214 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 191. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * Oracle JDK: unspecified vulnerability fixed in 8u191 (JavaFX) (CVE-2018-3209) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * Oracle JDK: unspecified vulnerability fixed in 8u191 and 11.0.1 (Serviceability) (CVE-2018-3211) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3003: java-1.8.0-oracle security update (Critical)oval-com.redhat.rhsa-def-20183003 highRHSA-2018:3003 CVE-2018-13785 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183 CVE-2018-3209 CVE-2018-3211 CVE-2018-3214
RHSA-2018:3003: java-1.8.0-oracle security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3003, CVE-2018-13785, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183, CVE-2018-3209, CVE-2018-3211, CVE-2018-3214 |
| Description | Oracle Java SE version 8 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 8 to version 8 Update 191. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * Oracle JDK: unspecified vulnerability fixed in 8u191 (JavaFX) (CVE-2018-3209) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * Oracle JDK: unspecified vulnerability fixed in 8u191 and 11.0.1 (Serviceability) (CVE-2018-3211) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3005: firefox security and bug fix update (Critical)oval-com.redhat.rhsa-def-20183005 highRHSA-2018:3005 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397
RHSA-2018:3005: firefox security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183005 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3005, CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395) * Mozilla: WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396) * Mozilla: WebExtension local file permission check bypass (CVE-2018-12397) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, Bogdan Tara, Nils, r, Rob Wu, Andrew Swan, and Daniel Veditz as the original reporters. Bug Fix(es): * Previously, passwords saved in the Firefox browser and encrypted by a master password were erased when Firefox was exited. This update ensures that NSS files used to decrypt stored login data are handled correctly. As a result, the affected passwords are no longer lost after restarting Firefox. (BZ#1638082) |
RHSA-2018:3006: firefox security update (Critical)oval-com.redhat.rhsa-def-20183006 highRHSA-2018:3006 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393 CVE-2018-12395 CVE-2018-12396 CVE-2018-12397
RHSA-2018:3006: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183006 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3006, CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393, CVE-2018-12395, CVE-2018-12396, CVE-2018-12397 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: WebExtension bypass of domain restrictions through header rewriting (CVE-2018-12395) * Mozilla: WebExtension content scripts can execute in disallowed contexts (CVE-2018-12396) * Mozilla: WebExtension local file permission check bypass (CVE-2018-12397) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, Bogdan Tara, Nils, r, Rob Wu, Andrew Swan, and Daniel Veditz as the original reporters. |
RHSA-2018:3007: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20183007 highRHSA-2018:3007 CVE-2018-13785 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3180 CVE-2018-3214
RHSA-2018:3007: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183007 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3007, CVE-2018-13785, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3180, CVE-2018-3214 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 211. Security Fix(es): * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3008: java-1.6.0-sun security update (Important)oval-com.redhat.rhsa-def-20183008 highRHSA-2018:3008 CVE-2018-13785 CVE-2018-2940 CVE-2018-2952 CVE-2018-2973 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3180 CVE-2018-3214
RHSA-2018:3008: java-1.6.0-sun security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183008 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3008, CVE-2018-13785, CVE-2018-2940, CVE-2018-2952, CVE-2018-2973, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3180, CVE-2018-3214 |
| Description | Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update upgrades Oracle Java SE 6 to version 6 Update 211. Security Fix(es): * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries) (CVE-2018-2940) * OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547) (CVE-2018-2952) * Oracle JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE) (CVE-2018-2973) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) * libpng: Integer overflow and resultant divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service (CVE-2018-13785) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3032: binutils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20183032 lowRHSA-2018:3032 CVE-2018-10372 CVE-2018-10373 CVE-2018-10534 CVE-2018-10535 CVE-2018-13033 CVE-2018-7208 CVE-2018-7568 CVE-2018-7569 CVE-2018-7642 CVE-2018-7643 CVE-2018-8945
RHSA-2018:3032: binutils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183032 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3032, CVE-2018-10372, CVE-2018-10373, CVE-2018-10534, CVE-2018-10535, CVE-2018-13033, CVE-2018-7208, CVE-2018-7568, CVE-2018-7569, CVE-2018-7642, CVE-2018-7643, CVE-2018-8945 |
| Description | The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: Improper bounds check in coffgen.c:coff_pointerize_aux() allows for denial of service when parsing a crafted COFF file (CVE-2018-7208) * binutils: integer overflow via an ELF file with corrupt dwarf1 debug information in libbfd library (CVE-2018-7568) * binutils: integer underflow or overflow via an ELF file with a corrupt DWARF FORM block in libbfd library (CVE-2018-7569) * binutils: NULL pointer dereference in swap_std_reloc_in function in aoutx.h resulting in crash (CVE-2018-7642) * binutils: Integer overflow in the display_debug_ranges function resulting in crash (CVE-2018-7643) * binutils: Crash in elf.c:bfd_section_from_shdr() with crafted executable (CVE-2018-8945) * binutils: Heap-base buffer over-read in dwarf.c:process_cu_tu_index() allows for denial of service via crafted file (CVE-2018-10372) * binutils: NULL pointer dereference in dwarf2.c:concat_filename() allows for denial of service via crafted file (CVE-2018-10373) * binutils: out of bounds memory write in peXXigen.c files (CVE-2018-10534) * binutils: NULL pointer dereference in elf.c (CVE-2018-10535) * binutils: Uncontrolled Resource Consumption in execution of nm (CVE-2018-13033) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3041: python security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20183041 mediumRHSA-2018:3041 CVE-2018-1060 CVE-2018-1061
RHSA-2018:3041: python security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183041 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3041, CVE-2018-1060, CVE-2018-1061 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (CVE-2018-1061) * python: DOS via regular expression catastrophic backtracking in apop() method in pop3lib (CVE-2018-1060) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Python security response team for reporting these issues. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3050: gnutls security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183050 mediumRHSA-2018:3050 CVE-2018-10844 CVE-2018-10845 CVE-2018-10846
RHSA-2018:3050: gnutls security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183050 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3050, CVE-2018-10844, CVE-2018-10845, CVE-2018-10846 |
| Description | The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.3.29). (BZ#1561481) Security Fix(es): * gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (CVE-2018-10844) * gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (CVE-2018-10845) * gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (CVE-2018-10846) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3052: wget security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20183052 mediumRHSA-2018:3052 CVE-2018-0494
RHSA-2018:3052: wget security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183052 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3052, CVE-2018-0494 |
| Description | The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es): * wget: Cookie injection allows malicious website to write arbitrary cookie entries into cookie jar (CVE-2018-0494) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3054: libreoffice security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20183054 mediumRHSA-2018:3054 CVE-2018-10119 CVE-2018-10120 CVE-2018-10583
RHSA-2018:3054: libreoffice security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183054 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3054, CVE-2018-10119, CVE-2018-10120, CVE-2018-10583 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Use-after-free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document (CVE-2018-10119) * libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document (CVE-2018-10120) * libreoffice: Information disclosure via SMB connection embedded in malicious file (CVE-2018-10583) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3056: samba security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183056 mediumRHSA-2018:3056 CVE-2018-1050 CVE-2018-10858 CVE-2018-1139
RHSA-2018:3056: samba security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183056 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3056, CVE-2018-1050, CVE-2018-10858, CVE-2018-1139 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.8.3). (BZ#1558560) Security Fix(es): * samba: Weak authentication protocol regression (CVE-2018-1139) * samba: Insufficient input validation in libsmbclient (CVE-2018-10858) * samba: NULL pointer dereference in printer server process (CVE-2018-1050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Samba project for reporting CVE-2018-1050. The CVE-2018-1139 issue was discovered by Vivek Das (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3059: X.org X11 security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20183059 lowRHSA-2018:3059 CVE-2015-9262
RHSA-2018:3059: X.org X11 security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183059 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3059, CVE-2015-9262 |
| Description | X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * libxcursor: 1-byte heap-based overflow in _XcursorThemeInherits function in library.c (CVE-2015-9262) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3062: qemu-kvm-ma security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20183062 lowRHSA-2018:3062 CVE-2017-15124
RHSA-2018:3062: qemu-kvm-ma security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183062 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3062, CVE-2017-15124 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. The following packages have been upgraded to a later upstream version: qemu-kvm-ma (2.12.0). (BZ#1562219) Security Fix(es): * Qemu: memory exhaustion through framebuffer update request message in VNC server (CVE-2017-15124) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Daniel Berrange (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3065: libkdcraw security update (Moderate)oval-com.redhat.rhsa-def-20183065 mediumRHSA-2018:3065 CVE-2018-5800 CVE-2018-5801 CVE-2018-5802 CVE-2018-5805 CVE-2018-5806
RHSA-2018:3065: libkdcraw security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183065 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3065, CVE-2018-5800, CVE-2018-5801, CVE-2018-5802, CVE-2018-5805, CVE-2018-5806 |
| Description | Libkdcraw is a C++ interface around the LibRaw library used to decode the RAW picture files. Security Fix(es): * LibRaw: Stack-based buffer overflow in quicktake_100_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5805) * LibRaw: Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp (CVE-2018-5800) * LibRaw: NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp (CVE-2018-5801) * LibRaw: Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp (CVE-2018-5802) * LibRaw: NULL pointer dereference in leaf_hdr_load_raw() function in internal/dcraw_common.cpp (CVE-2018-5806) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3071: krb5 security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20183071 lowRHSA-2018:3071 CVE-2018-5729 CVE-2018-5730
RHSA-2018:3071: krb5 security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183071 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3071, CVE-2018-5729, CVE-2018-5730 |
| Description | Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: null dereference in kadmind or DN container check bypass by supplying special crafted data (CVE-2018-5729) * krb5: DN container check bypass by supplying special crafted data (CVE-2018-5730) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3073: zsh security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20183073 mediumRHSA-2018:3073 CVE-2014-10071 CVE-2014-10072 CVE-2017-18205 CVE-2017-18206 CVE-2018-1071 CVE-2018-1083 CVE-2018-1100 CVE-2018-7549
RHSA-2018:3073: zsh security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183073 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3073, CVE-2014-10071, CVE-2014-10072, CVE-2017-18205, CVE-2017-18206, CVE-2018-1071, CVE-2018-1083, CVE-2018-1100, CVE-2018-7549 |
| Description | The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: Stack-based buffer overflow in gen_matches_files() at compctl.c (CVE-2018-1083) * zsh: buffer overflow for very long fds in >& fd syntax (CVE-2014-10071) * zsh: buffer overflow when scanning very long directory paths for symbolic links (CVE-2014-10072) * zsh: NULL dereference in cd in sh compatibility mode under given circumstances (CVE-2017-18205) * zsh: buffer overrun in symlinks (CVE-2017-18206) * zsh: Stack-based buffer overflow in exec.c:hashcmd() (CVE-2018-1071) * zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution (CVE-2018-1100) * zsh: crash on copying empty hash table (CVE-2018-7549) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. The CVE-2018-1083, CVE-2018-1071, and CVE-2018-1100 issues were discovered by Richard Maciel Costa (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3083: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20183083 highRHSA-2018:3083 CVE-2015-8830 CVE-2016-4913 CVE-2017-0861 CVE-2017-10661 CVE-2017-17805 CVE-2017-18208 CVE-2017-18232 CVE-2017-18344 CVE-2017-18360 CVE-2018-1000026 CVE-2018-10322 CVE-2018-10878 CVE-2018-10879 CVE-2018-10881 CVE-2018-10883 CVE-2018-10902 CVE-2018-1092 CVE-2018-1094 CVE-2018-10940 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-13405 CVE-2018-18690 CVE-2018-5344 CVE-2018-5391 CVE-2018-5803 CVE-2018-5848 CVE-2018-7740 CVE-2018-7757 CVE-2018-8781
RHSA-2018:3083: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183083 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3083, CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2017-18360, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-18690, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740, CVE-2018-7757, CVE-2018-8781 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805) * kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) * kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) * kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026) * kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) * kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) * kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) * kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118) * kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740) * kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757) * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322) * kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879) * kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881) * kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883) * kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094. |
RHSA-2018:3090: ovmf security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183090 mediumRHSA-2018:3090 CVE-2018-0739
RHSA-2018:3090: ovmf security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183090 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3090, CVE-2018-0739 |
| Description | OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: ovmf (20180508). (BZ#1559542) Security Fix(es): * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3092: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183092 mediumRHSA-2018:3092 CVE-2017-16997 CVE-2018-11236 CVE-2018-11237 CVE-2018-6485
RHSA-2018:3092: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183092 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3092, CVE-2017-16997, CVE-2018-11236, CVE-2018-11237, CVE-2018-6485 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Incorrect handling of RPATH in elf/dl-load.c can be used to execute code loaded from arbitrary libraries (CVE-2017-16997) * glibc: Integer overflow in posix_memalign in memalign functions (CVE-2018-6485) * glibc: Integer overflow in stdlib/canonicalize.c on 32-bit architectures leading to stack-based buffer overflow (CVE-2018-11236) * glibc: Buffer overflow in __mempcpy_avx512_no_vzeroupper (CVE-2018-11237) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3096: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20183096 highRHSA-2018:3096 CVE-2015-8830 CVE-2016-4913 CVE-2017-0861 CVE-2017-10661 CVE-2017-17805 CVE-2017-18208 CVE-2017-18232 CVE-2017-18344 CVE-2017-18360 CVE-2018-1000026 CVE-2018-10322 CVE-2018-10878 CVE-2018-10879 CVE-2018-10881 CVE-2018-10883 CVE-2018-10902 CVE-2018-1092 CVE-2018-1094 CVE-2018-10940 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-13405 CVE-2018-18690 CVE-2018-5344 CVE-2018-5391 CVE-2018-5803 CVE-2018-5848 CVE-2018-7740 CVE-2018-7757 CVE-2018-8781
RHSA-2018:3096: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183096 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3096, CVE-2015-8830, CVE-2016-4913, CVE-2017-0861, CVE-2017-10661, CVE-2017-17805, CVE-2017-18208, CVE-2017-18232, CVE-2017-18344, CVE-2017-18360, CVE-2018-1000026, CVE-2018-10322, CVE-2018-10878, CVE-2018-10879, CVE-2018-10881, CVE-2018-10883, CVE-2018-10902, CVE-2018-1092, CVE-2018-1094, CVE-2018-10940, CVE-2018-1118, CVE-2018-1120, CVE-2018-1130, CVE-2018-13405, CVE-2018-18690, CVE-2018-5344, CVE-2018-5391, CVE-2018-5803, CVE-2018-5848, CVE-2018-7740, CVE-2018-7757, CVE-2018-8781 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391) * kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344) * kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781) * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) * kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) * kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805) * kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208) * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120) * kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130) * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344) * kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803) * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848) * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878) * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026) * kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913) * kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232) * kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092) * kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094) * kernel: vhost: Information disclosure in vhost.c:vhost_new_msg() (CVE-2018-1118) * kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740) * kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757) * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322) * kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879) * kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881) * kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883) * kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094. |
RHSA-2018:3107: wpa_supplicant security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20183107 mediumRHSA-2018:3107 CVE-2018-14526
RHSA-2018:3107: wpa_supplicant security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183107 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3107, CVE-2018-14526 |
| Description | The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es): * wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3113: libvirt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183113 mediumRHSA-2018:3113 CVE-2018-6764
RHSA-2018:3113: libvirt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183113 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3113, CVE-2018-6764 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The following packages have been upgraded to a later upstream version: libvirt (4.5.0). (BZ#1563169) Security Fix(es): * libvirt: guest could inject executable code via libnss_dns.so loaded by libvirt_lxc before init (CVE-2018-6764) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3127: 389-ds-base security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183127 mediumRHSA-2018:3127 CVE-2018-14648
RHSA-2018:3127: 389-ds-base security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183127 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3127, CVE-2018-14648 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base (1.3.8.4). (BZ#1560653) Security Fix(es): * 389-ds-base: Mishandled search requests in servers/slapd/search.c:do_search() allows for denial of service (CVE-2018-14648) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3140: GNOME security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183140 mediumRHSA-2018:3140 CVE-2015-9381 CVE-2015-9382 CVE-2017-18267 CVE-2017-2862 CVE-2018-10733 CVE-2018-10767 CVE-2018-10768 CVE-2018-11712 CVE-2018-11713 CVE-2018-12910 CVE-2018-13988 CVE-2018-14036 CVE-2018-4121 CVE-2018-4200 CVE-2018-4204
RHSA-2018:3140: GNOME security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183140 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3140, CVE-2015-9381, CVE-2015-9382, CVE-2017-18267, CVE-2017-2862, CVE-2018-10733, CVE-2018-10767, CVE-2018-10768, CVE-2018-11712, CVE-2018-11713, CVE-2018-12910, CVE-2018-13988, CVE-2018-14036, CVE-2018-4121, CVE-2018-4200, CVE-2018-4204 |
| Description | GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es): * libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames (CVE-2018-12910) * poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service (CVE-2017-18267) * libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c (CVE-2018-10733) * libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c (CVE-2018-10767) * poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF (CVE-2018-10768) * poppler: out of bounds read in pdfunite (CVE-2018-13988) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank chenyuan (NESA Lab) for reporting CVE-2018-10733 and CVE-2018-10767 and Hosein Askari for reporting CVE-2018-13988. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3157: curl and nss-pem security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20183157 mediumRHSA-2018:3157 CVE-2018-1000007 CVE-2018-1000120 CVE-2018-1000121 CVE-2018-1000122 CVE-2018-1000301
RHSA-2018:3157: curl and nss-pem security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183157 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3157, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. The nss-pem package provides the PEM file reader for Network Security Services (NSS) implemented as a PKCS#11 module. Security Fix(es): * curl: HTTP authentication leak in redirects (CVE-2018-1000007) * curl: FTP path trickery leads to NIL byte out of bounds write (CVE-2018-1000120) * curl: RTSP RTP buffer over-read (CVE-2018-1000122) * curl: Out-of-bounds heap read when missing RTSP headers allows information leak of denial of service (CVE-2018-1000301) * curl: LDAP NULL pointer dereference (CVE-2018-1000121) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Curl project for reporting these issues. Upstream acknowledges Craig de Stigter as the original reporter of CVE-2018-1000007; Duy Phan Thanh as the original reporter of CVE-2018-1000120; Max Dymond as the original reporter of CVE-2018-1000122; the OSS-fuzz project as the original reporter of CVE-2018-1000301; and Dario Weisser as the original reporter of CVE-2018-1000121. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3158: sssd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20183158 lowRHSA-2018:3158 CVE-2018-10852
RHSA-2018:3158: sssd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183158 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3158, CVE-2018-10852 |
| Description | The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The following packages have been upgraded to a later upstream version: sssd (1.16.2). (BZ#1558498) Security Fix(es): * sssd: information leak from the sssd-sudo responder (CVE-2018-10852) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Jakub Hrozek (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3221: openssl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183221 mediumRHSA-2018:3221 CVE-2017-3735 CVE-2018-0495 CVE-2018-0732 CVE-2018-0737 CVE-2018-0739
RHSA-2018:3221: openssl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183221 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3221, CVE-2017-3735, CVE-2018-0495, CVE-2018-0732, CVE-2018-0737, CVE-2018-0739 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: ROHNP - Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732) * openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service (CVE-2018-0739) * openssl: Malformed X.509 IPAdressFamily could cause OOB read (CVE-2017-3735) * openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys (CVE-2018-0737) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3229: zziplib security update (Low)oval-com.redhat.rhsa-def-20183229 lowRHSA-2018:3229 CVE-2018-7725 CVE-2018-7726 CVE-2018-7727
RHSA-2018:3229: zziplib security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183229 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3229, CVE-2018-7725, CVE-2018-7726, CVE-2018-7727 |
| Description | The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: out of bound read in mmapped.c:zzip_disk_fread() causes crash (CVE-2018-7725) * zziplib: Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted zip file (CVE-2018-7726) * zziplib: Memory leak in memdisk.c:zzip_mem_disk_new() can lead to denial of service via crafted zip (CVE-2018-7727) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3242: glusterfs security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183242 mediumRHSA-2018:3242 CVE-2018-10911
RHSA-2018:3242: glusterfs security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183242 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3242, CVE-2018-10911 |
| Description | GlusterFS is a key building block of Red Hat Gluster Storage. It is based on a stackable user-space design and can deliver exceptional performance for diverse workloads. GlusterFS aggregates various storage servers over network interconnections into one large, parallel network file system. The following packages have been upgraded to a later upstream version: glusterfs (3.12.2). (BZ#1579734) Security Fix(es): * glusterfs: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory (CVE-2018-10911) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3246: libcdio security update (Low)oval-com.redhat.rhsa-def-20183246 lowRHSA-2018:3246 CVE-2017-18198 CVE-2017-18199 CVE-2017-18201
RHSA-2018:3246: libcdio security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183246 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3246, CVE-2017-18198, CVE-2017-18199, CVE-2017-18201 |
| Description | The libcdio library provides an interface for CD-ROM access. It can be used by applications that need OS-independent and device-independent access to CD-ROM devices. Security Fix(es): * libcdio: Heap-based buffer over-read in print_iso9660_recurse function in iso-info.c (CVE-2017-18198) * libcdio: NULL pointer dereference in realloc_symlink in rock.c (CVE-2017-18199) * libcdio: Double free in get_cdtext_generic() in lib/driver/_cdio_generic.c (CVE-2017-18201) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3249: setup security and bug fix update (Low)oval-com.redhat.rhsa-def-20183249 lowRHSA-2018:3249 CVE-2018-1113
RHSA-2018:3249: setup security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183249 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3249, CVE-2018-1113 |
| Description | The setup package contains a set of important default system configuration and setup files. Examples include /etc/passwd, /etc/group, and /etc/profile. Other examples are the default lists of reserved user IDs, reserved ports, reserved protocols, allowed shells, allowed secure terminals. Security Fix(es): * setup: nologin listed in /etc/shells violates security expectations (CVE-2018-1113) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3253: jasper security update (Low)oval-com.redhat.rhsa-def-20183253 lowRHSA-2018:3253 CVE-2016-9396 CVE-2017-1000050
RHSA-2018:3253: jasper security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183253 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3253, CVE-2016-9396, CVE-2017-1000050 |
| Description | JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): * jasper: reachable assertion in JPC_NOMINALGAIN() (CVE-2016-9396) * jasper: NULL pointer exception in jp2_encode() (CVE-2017-1000050) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3324: fuse security update (Moderate)oval-com.redhat.rhsa-def-20183324 mediumRHSA-2018:3324 CVE-2018-10906
RHSA-2018:3324: fuse security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183324 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3324, CVE-2018-10906 |
| Description | The fuse packages contain the File System in Userspace (FUSE) tools to mount a FUSE file system. With FUSE, it is possible to implement a fully functional file system in a user-space program. Security Fix(es): * fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3327: libmspack security update (Low)oval-com.redhat.rhsa-def-20183327 lowRHSA-2018:3327 CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682
RHSA-2018:3327: libmspack security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183327 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3327, CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682 |
| Description | The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es): * libmspack: off-by-one error in the CHM PMGI/PMGL chunk number validity checks (CVE-2018-14679) * libmspack: off-by-one error in the CHM chunk number validity checks (CVE-2018-14680) * libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c (CVE-2018-14681) * libmspack: off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3335: xerces-c security update (Moderate)oval-com.redhat.rhsa-def-20183335 mediumRHSA-2018:3335 CVE-2016-4463
RHSA-2018:3335: xerces-c security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183335 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3335, CVE-2016-4463 |
| Description | Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es): * xerces-c: Stack overflow when parsing deeply nested DTD (CVE-2016-4463) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section. |
RHSA-2018:3347: python-paramiko security update (Critical)oval-com.redhat.rhsa-def-20183347 highRHSA-2018:3347 CVE-2018-1000805
RHSA-2018:3347: python-paramiko security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183347 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3347, CVE-2018-1000805 |
| Description | The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es): * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3350: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20183350 highRHSA-2018:3350 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214
RHSA-2018:3350: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183350 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3350, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3403: thunderbird security update (Important)oval-com.redhat.rhsa-def-20183403 highRHSA-2018:3403 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-18499
RHSA-2018:3403: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183403 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3403, CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385, CVE-2018-18499 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379) * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383) Note: All of the above issues cannot be exploited in Thunderbird by a specially crafted HTML mail, as JavaScript is disabled for mail messages and cannot be enabled. They could be exploited another way in Thunderbird, for example, when viewing the remote content of an RSS feed. For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, Nils, Zhanjia Song, Holger Fuhrmannek, Philipp, and Jurgen Gaeremyn as the original reporters. |
RHSA-2018:3406: python-paramiko security update (Critical)oval-com.redhat.rhsa-def-20183406 highRHSA-2018:3406 CVE-2018-1000805
RHSA-2018:3406: python-paramiko security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183406 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3406, CVE-2018-1000805 |
| Description | The python-paramiko package provides a Python module that implements the SSH2 protocol for encrypted and authenticated connections to remote machines. Unlike SSL, the SSH2 protocol does not require hierarchical certificates signed by a powerful central authority. The protocol also includes the ability to open arbitrary channels to remote services across an encrypted tunnel. Security Fix(es): * python-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3408: git security update (Important)oval-com.redhat.rhsa-def-20183408 highRHSA-2018:3408 CVE-2018-17456
RHSA-2018:3408: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183408 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3408, CVE-2018-17456 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3409: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20183409 highRHSA-2018:3409 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3169 CVE-2018-3180 CVE-2018-3214
RHSA-2018:3409: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183409 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3409, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3169, CVE-2018-3180, CVE-2018-3214 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) * OpenJDK: Infinite loop in RIFF format reader (Sound, 8205361) (CVE-2018-3214) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3410: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20183410 highRHSA-2018:3410 CVE-2018-14665
RHSA-2018:3410: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183410 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3410, CVE-2018-14665 |
| Description | X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Narendra Shinde for reporting this issue. |
RHSA-2018:3458: thunderbird security update (Important)oval-com.redhat.rhsa-def-20183458 highRHSA-2018:3458 CVE-2017-16541 CVE-2018-12376 CVE-2018-12377 CVE-2018-12378 CVE-2018-12379 CVE-2018-12383 CVE-2018-12385 CVE-2018-18499
RHSA-2018:3458: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183458 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3458, CVE-2017-16541, CVE-2018-12376, CVE-2018-12377, CVE-2018-12378, CVE-2018-12379, CVE-2018-12383, CVE-2018-12385, CVE-2018-18499 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.2.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2 (CVE-2018-12376) * Mozilla: Use-after-free in driver timers (CVE-2018-12377) * Mozilla: Use-after-free in IndexedDB (CVE-2018-12378) * Mozilla: Proxy bypass using automount and autofs (CVE-2017-16541) * Mozilla: Out-of-bounds write with malicious MAR file (CVE-2018-12379) * Mozilla: Crash in TransportSecurityInfo due to cached data (CVE-2018-12385) * Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords (CVE-2018-12383) Note: All of the above issues cannot be exploited in Thunderbird by a specially crafted HTML mail, as JavaScript is disabled for mail messages and cannot be enabled. They could be exploited another way in Thunderbird, for example, when viewing the remote content of an RSS feed. For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Alex Gaynor, Boris Zbarsky, Christoph Diehl, Christian Holler, Jason Kratzer, Jed Davis, Tyson Smith, Bogdan Tara, Karl Tomlinson, Mats Palmgren, Nika Layzell, Ted Campbell, Nils, Zhanjia Song, Holger Fuhrmannek, Philipp, and Jurgen Gaeremyn as the original reporters. |
RHSA-2018:3521: java-11-openjdk security update (Critical)oval-com.redhat.rhsa-def-20183521 highRHSA-2018:3521 CVE-2018-3136 CVE-2018-3139 CVE-2018-3149 CVE-2018-3150 CVE-2018-3169 CVE-2018-3180 CVE-2018-3183
RHSA-2018:3521: java-11-openjdk security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183521 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3521, CVE-2018-3136, CVE-2018-3139, CVE-2018-3149, CVE-2018-3150, CVE-2018-3169, CVE-2018-3180, CVE-2018-3183 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper field access checks (Hotspot, 8199226) (CVE-2018-3169) * OpenJDK: Unrestricted access to scripting engine (Scripting, 8202936) (CVE-2018-3183) * OpenJDK: Incomplete enforcement of the trustURLCodebase restriction (JNDI, 8199177) (CVE-2018-3149) * OpenJDK: Incorrect handling of unsigned attributes in signed Jar manifests (Security, 8194534) (CVE-2018-3136) * OpenJDK: Leak of sensitive header data via HTTP redirect (Networking, 8196902) (CVE-2018-3139) * OpenJDK: Multi-Release attribute read from outside of the main manifest attributes (Utility, 8199171) (CVE-2018-3150) * OpenJDK: Missing endpoint identification algorithm check during TLS session resumption (JSSE, 8202613) (CVE-2018-3180) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3522: spice-server security update (Important)oval-com.redhat.rhsa-def-20183522 highRHSA-2018:3522 CVE-2017-7506
RHSA-2018:3522: spice-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183522 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3522, CVE-2017-7506 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es): * spice: Possible buffer overflow via invalid monitor configurations (CVE-2017-7506) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Frediano Ziglio (Red Hat). |
RHSA-2018:3531: thunderbird security update (Important)oval-com.redhat.rhsa-def-20183531 highRHSA-2018:3531 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393
RHSA-2018:3531: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183531 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3531, CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.3.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, Bogdan Tara, Nils, r, and Daniel Veditz as the original reporters. |
RHSA-2018:3532: thunderbird security update (Important)oval-com.redhat.rhsa-def-20183532 highRHSA-2018:3532 CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 CVE-2018-12393
RHSA-2018:3532: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183532 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3532, CVE-2018-12389, CVE-2018-12390, CVE-2018-12392, CVE-2018-12393 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.3.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390) * Mozilla: Crash with nested event loops (CVE-2018-12392) * Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393) * Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, Bogdan Tara, Nils, r, and Daniel Veditz as the original reporters. |
RHSA-2018:3650: ghostscript security update (Important)oval-com.redhat.rhsa-def-20183650 highRHSA-2018:3650 CVE-2018-15908 CVE-2018-15909 CVE-2018-16511 CVE-2018-16539
RHSA-2018:3650: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183650 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3650, CVE-2018-15908, CVE-2018-15909, CVE-2018-16511, CVE-2018-16539 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: .tempfile file permission issues (699657) (CVE-2018-15908) * ghostscript: shading_param incomplete type checking (699660) (CVE-2018-15909) * ghostscript: missing type check in type checker (699659) (CVE-2018-16511) * ghostscript: incorrect access checking in temp file handling to disclose contents of files (699658) (CVE-2018-16539) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2018-15908. |
RHSA-2018:3651: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20183651 mediumRHSA-2018:3651 CVE-2018-14633 CVE-2018-14646
RHSA-2018:3651: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183651 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3651, CVE-2018-14633, CVE-2018-14646 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633) * kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service (CVE-2018-14646) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Vincent Pelletier for reporting CVE-2018-14633 and Christian Brauner for reporting CVE-2018-14646. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3714371 |
RHSA-2018:3663: sos-collector security update (Moderate)oval-com.redhat.rhsa-def-20183663 mediumRHSA-2018:3663 CVE-2018-14650
RHSA-2018:3663: sos-collector security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183663 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3663, CVE-2018-14650 |
| Description | sos-collector is a utility that gathers sosreports from multi-node environments. sos-collector facilitates data collection for support cases and it can be run from either a node or from an administrator's local workstation that has network access to the environment. The following packages have been upgraded to a later upstream version: sos-collector (1.5). (BZ#1644776) Security Fix(es): * sos-collector: incorrect permissions set on newly created files (CVE-2018-14650) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Riccardo Schirone (Red Hat Product Security). |
RHSA-2018:3665: NetworkManager security update (Important)oval-com.redhat.rhsa-def-20183665 highRHSA-2018:3665 CVE-2018-15688
RHSA-2018:3665: NetworkManager security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183665 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3665, CVE-2018-15688 |
| Description | NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Security Fix(es): * systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ubuntu Security Team for reporting this issue. Upstream acknowledges Felix Wilhelm (Google) as the original reporter. |
RHSA-2018:3666: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20183666 mediumRHSA-2018:3666 CVE-2018-14633 CVE-2018-14646
RHSA-2018:3666: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20183666 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2018:3666, CVE-2018-14633, CVE-2018-14646 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: stack-based buffer overflow in chap_server_compute_md5() in iscsi target (CVE-2018-14633) * kernel: NULL pointer dereference in af_netlink.c:__netlink_ns_capable() allows for denial of service (CVE-2018-14646) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Vincent Pelletier for reporting CVE-2018-14633 and Christian Brauner for reporting CVE-2018-14646. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-957.1.2 source tree, which provides a number of bug fixes over the previous version. (BZ#1632386) |
RHSA-2018:3738: ruby security update (Important)oval-com.redhat.rhsa-def-20183738 highRHSA-2018:3738 CVE-2018-16395
RHSA-2018:3738: ruby security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183738 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3738, CVE-2018-16395 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * ruby: OpenSSL::X509::Name equality check does not work correctly (CVE-2018-16395) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2018:3760: ghostscript security update (Important)oval-com.redhat.rhsa-def-20183760 highRHSA-2018:3760 CVE-2018-16509
RHSA-2018:3760: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183760 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3760, CVE-2018-16509 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. (CVE-2018-16509) Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting this issue. |
RHSA-2018:3761: ghostscript security and bug fix update (Important)oval-com.redhat.rhsa-def-20183761 highRHSA-2018:3761 CVE-2018-16863
RHSA-2018:3761: ghostscript security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183761 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3761, CVE-2018-16863 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: incomplete fix for CVE-2018-16509 (CVE-2018-16863) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, the flushpage operator has been removed as part of a major clean-up of a non-standard operator. However, flushpage has been found to be used in a few specific use cases. With this update, it has been re-added to support those use cases. (BZ#1654290) |
RHSA-2018:3822: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20183822 highRHSA-2018:3822 CVE-2017-11176 CVE-2017-15265 CVE-2017-8824
RHSA-2018:3822: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183822 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3822, CVE-2017-11176, CVE-2017-15265, CVE-2017-8824 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824) * kernel: Use-after-free in sys_mq_notify() (CVE-2017-11176) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Mohamed Ghannam for reporting CVE-2017-8824. Bug Fix(es): * Previously, on certain Intel 64 systems, the microcode contained a new model-specific register (MSR) that was not present in the older microcode running on CPUs that had not been updated yet. As a consequence, the system crashed due to a general protection fault on a CPU running the older microcode. This update fixes the bug by having the kernel use MSR access routines that handle the general protection fault. As a result, the system no longer crashes in the described scenario. (BZ#1651481) |
RHSA-2018:3831: firefox security update (Critical)oval-com.redhat.rhsa-def-20183831 highRHSA-2018:3831 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498
RHSA-2018:3831: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183831 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3831, CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters. |
RHSA-2018:3833: firefox security update (Critical)oval-com.redhat.rhsa-def-20183833 highRHSA-2018:3833 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498
RHSA-2018:3833: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20183833 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3833, CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * Mozilla: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters. |
RHSA-2018:3834: ghostscript security and bug fix update (Important)oval-com.redhat.rhsa-def-20183834 highRHSA-2018:3834 CVE-2018-15911 CVE-2018-16541 CVE-2018-16802 CVE-2018-17183 CVE-2018-17961 CVE-2018-18073 CVE-2018-18284 CVE-2018-19134 CVE-2018-19409
RHSA-2018:3834: ghostscript security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20183834 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2018:3834, CVE-2018-15911, CVE-2018-16541, CVE-2018-16802, CVE-2018-17183, CVE-2018-17961, CVE-2018-18073, CVE-2018-18284, CVE-2018-19134, CVE-2018-19409 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: Incorrect free logic in pagedevice replacement (699664) (CVE-2018-16541) * ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802) * ghostscript: User-writable error exception table (CVE-2018-17183) * ghostscript: Saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) (CVE-2018-17961) * ghostscript: Saved execution stacks can leak operator arrays (CVE-2018-18073) * ghostscript: 1Policy operator allows a sandbox protection bypass (CVE-2018-18284) * ghostscript: Type confusion in setpattern (700141) (CVE-2018-19134) * ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c (CVE-2018-19409) * ghostscript: Uninitialized memory access in the aesdecode operator (699665) (CVE-2018-15911) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2018-16541. Bug Fix(es): * It has been found that ghostscript-9.07-31.el7_6.1 introduced regression during the handling of shading objects, causing a "Dropping incorrect smooth shading object" warning. With this update, the regression has been fixed and the described problem no longer occurs. (BZ#1657822) |
RHSA-2018:3854: ntp security update (Low)oval-com.redhat.rhsa-def-20183854 lowRHSA-2018:3854 CVE-2018-12327
RHSA-2018:3854: ntp security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20183854 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2018:3854, CVE-2018-12327 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0022: keepalived security update (Important)oval-com.redhat.rhsa-def-20190022 highRHSA-2019:0022 CVE-2018-19115
RHSA-2019:0022: keepalived security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190022 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0022, CVE-2018-19115 |
| Description | The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover. Security Fix(es): * keepalived: Heap-based buffer overflow when parsing HTTP status codes allows for denial of service or possibly arbitrary code execution (CVE-2018-19115) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0049: systemd security update (Important)oval-com.redhat.rhsa-def-20190049 highRHSA-2019:0049 CVE-2018-15688 CVE-2018-16864 CVE-2018-16865
RHSA-2019:0049: systemd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190049 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0049, CVE-2018-15688, CVE-2018-16864, CVE-2018-16865 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling (CVE-2018-15688) * systemd: stack overflow when calling syslog from a command with long cmdline (CVE-2018-16864) * systemd: stack overflow when receiving many journald entries (CVE-2018-16865) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ubuntu Security Team for reporting CVE-2018-15688 and Qualys Research Labs for reporting CVE-2018-16864 and CVE-2018-16865. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of CVE-2018-15688. |
RHSA-2019:0059: libvncserver security update (Important)oval-com.redhat.rhsa-def-20190059 highRHSA-2019:0059 CVE-2018-15127
RHSA-2019:0059: libvncserver security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190059 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0059, CVE-2018-15127 |
| Description | LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: Heap out-of-bounds write in rfbserver.c in rfbProcessFileTransferReadBuffer() allows for potential code execution (CVE-2018-15127) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0109: perl security update (Important)oval-com.redhat.rhsa-def-20190109 highRHSA-2019:0109 CVE-2018-18311
RHSA-2019:0109: perl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190109 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0109, CVE-2018-18311 |
| Description | Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter. |
RHSA-2019:0159: thunderbird security update (Important)oval-com.redhat.rhsa-def-20190159 highRHSA-2019:0159 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498
RHSA-2019:0159: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190159 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0159, CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters. |
RHSA-2019:0160: thunderbird security update (Important)oval-com.redhat.rhsa-def-20190160 highRHSA-2019:0160 CVE-2018-12405 CVE-2018-17466 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494 CVE-2018-18498
RHSA-2019:0160: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190160 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0160, CVE-2018-12405, CVE-2018-17466, CVE-2018-18492, CVE-2018-18493, CVE-2018-18494, CVE-2018-18498 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4 (CVE-2018-12405) * chromium-browser, firefox: Memory corruption in Angle (CVE-2018-17466) * Mozilla: Use-after-free with select element (CVE-2018-18492) * Mozilla: Buffer overflow in accelerated 2D canvas with Skia (CVE-2018-18493) * Mozilla: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs (CVE-2018-18494) * Mozilla: Integer overflow when calculating buffer sizes for images (CVE-2018-18498) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Diego Calleja, Andrew McCreight, Jon Coppeard, Natalia Csoregi, Nicolas B. Pierron, Tyson Smith, Nils, Atte Kettunen, James Lee of Kryptos Logic, and r as the original reporters. |
RHSA-2019:0163: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20190163 highRHSA-2019:0163 CVE-2018-18397 CVE-2018-18559
RHSA-2019:0163: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0163, CVE-2018-18397, CVE-2018-18559 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: userfaultfd bypasses tmpfs file permissions (CVE-2018-18397) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): These updated kernel packages include also numerous bug fixes and enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3827321 |
RHSA-2019:0188: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20190188 highRHSA-2019:0188 CVE-2018-18559
RHSA-2019:0188: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190188 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0188, CVE-2018-18559 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The kernel-rt packages have been upgraded to the 3.10.0-957.5.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1653822) * Under certain circumstances, the following warning message, which indicated a SCHED_DEADLINE bandwidth tracking mechanism error, occurred: WARNING: CPU: 8 PID: 19536 at kernel/sched/deadline.c:64 dequeue_task_dl+0x121/0x140 This update fixes the sched_setscheduler() core kernel function, and backports multiple upstream patches to the SCHED_DEADLINE scheduler. As a result, the SCHED_DEADLINE bandwidth tracking mechanism is prevented from error conditions, and the warning message no longer occurs. (BZ#1655439) |
RHSA-2019:0194: bind security update (Moderate)oval-com.redhat.rhsa-def-20190194 mediumRHSA-2019:0194 CVE-2018-5742
RHSA-2019:0194: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190194 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0194, CVE-2018-5742 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Crash from assertion error when debug log level is 10 and log entries meet buffer boundary (CVE-2018-5742) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0201: systemd security update (Low)oval-com.redhat.rhsa-def-20190201 lowRHSA-2019:0201 CVE-2019-3815
RHSA-2019:0201: systemd security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20190201 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:0201, CVE-2019-3815 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864 (CVE-2019-3815) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0218: firefox security update (Critical)oval-com.redhat.rhsa-def-20190218 highRHSA-2019:0218 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505
RHSA-2019:0218: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20190218 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0218, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. |
RHSA-2019:0219: firefox security update (Critical)oval-com.redhat.rhsa-def-20190219 highRHSA-2019:0219 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505
RHSA-2019:0219: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20190219 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0219, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.0 ESR. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. |
RHSA-2019:0229: ghostscript security and bug fix update (Important)oval-com.redhat.rhsa-def-20190229 highRHSA-2019:0229 CVE-2018-16540 CVE-2018-19475 CVE-2018-19476 CVE-2018-19477 CVE-2019-6116
RHSA-2019:0229: ghostscript security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190229 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0229, CVE-2018-16540, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477, CVE-2019-6116 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: use-after-free in copydevice handling (699661) (CVE-2018-16540) * ghostscript: access bypass in psi/zdevice2.c (700153) (CVE-2018-19475) * ghostscript: access bypass in psi/zicc.c (700169) (CVE-2018-19476) * ghostscript: access bypass in psi/zfjbig2.c (700168) (CVE-2018-19477) * ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317) (CVE-2019-6116) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Tavis Ormandy (Google Project Zero) for reporting CVE-2019-6116. Bug Fix(es): * Previously, ghostscript-9.07-31.el7_6.1 introduced a regression during the standard input reading, causing a "/invalidfileaccess in --run--" error. With this update, the regression has been fixed and the described error no longer occurs. (BZ#1665919) |
RHSA-2019:0230: polkit security update (Important)oval-com.redhat.rhsa-def-20190230 highRHSA-2019:0230 CVE-2019-6133
RHSA-2019:0230: polkit security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190230 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0230, CVE-2019-6133 |
| Description | The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Jan Rybar (freedesktop.org) for reporting this issue. Upstream acknowledges Jann Horn (Google Project Zero) as the original reporter. |
RHSA-2019:0231: spice security update (Important)oval-com.redhat.rhsa-def-20190231 highRHSA-2019:0231 CVE-2019-3813
RHSA-2019:0231: spice security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190231 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0231, CVE-2019-3813 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Christophe Fergeau (Red Hat). |
RHSA-2019:0232: spice-server security update (Important)oval-com.redhat.rhsa-def-20190232 highRHSA-2019:0232 CVE-2019-3813
RHSA-2019:0232: spice-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190232 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0232, CVE-2019-3813 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol for virtual environments. SPICE users can access a virtualized desktop or server from the local system or any system with network access to the server. SPICE is used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor or on Red Hat Enterprise Virtualization Hypervisors. Security Fix(es): * spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Christophe Fergeau (Red Hat). |
RHSA-2019:0269: thunderbird security update (Important)oval-com.redhat.rhsa-def-20190269 highRHSA-2019:0269 CVE-2016-5824 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505
RHSA-2019:0269: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190269 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0269, CVE-2016-5824, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. |
RHSA-2019:0270: thunderbird security update (Important)oval-com.redhat.rhsa-def-20190270 highRHSA-2019:0270 CVE-2016-5824 CVE-2018-18500 CVE-2018-18501 CVE-2018-18505
RHSA-2019:0270: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0270, CVE-2016-5824, CVE-2018-18500, CVE-2018-18501, CVE-2018-18505 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.5.0. Security Fix(es): * Mozilla: Use-after-free parsing HTML5 stream (CVE-2018-18500) * Mozilla: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5 (CVE-2018-18501) * Mozilla: Privilege escalation through IPC channel messages (CVE-2018-18505) * libical: Multiple use-after-free vulnerabilities (CVE-2016-5824) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Yaniv Frank (SophosLabs), Alex Gaynor, Christoph Diehl, Steven Crane, Jason Kratzer, Gary Kwong, Christian Holler, and Jed Davis as the original reporters. |
RHSA-2019:0368: systemd security update (Important)oval-com.redhat.rhsa-def-20190368 highRHSA-2019:0368 CVE-2019-6454
RHSA-2019:0368: systemd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190368 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0368, CVE-2019-6454 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0373: firefox security update (Important)oval-com.redhat.rhsa-def-20190373 highRHSA-2019:0373 CVE-2018-18356 CVE-2019-5785
RHSA-2019:0373: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190373 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0373, CVE-2018-18356, CVE-2019-5785 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix(es): * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in Skia (CVE-2019-5785) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0374: firefox security update (Important)oval-com.redhat.rhsa-def-20190374 highRHSA-2019:0374 CVE-2018-18356 CVE-2019-5785
RHSA-2019:0374: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190374 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0374, CVE-2018-18356, CVE-2019-5785 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.5.1 ESR. Security Fix(es): * chromium-browser, mozilla: Use after free in Skia (CVE-2018-18356) * mozilla: Integer overflow in Skia (CVE-2019-5785) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0375: flatpak security update (Important)oval-com.redhat.rhsa-def-20190375 highRHSA-2019:0375 CVE-2019-8308
RHSA-2019:0375: flatpak security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190375 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0375, CVE-2019-8308 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: potential /proc based sandbox escape (CVE-2019-8308) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0415: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20190415 highRHSA-2019:0415 CVE-2018-10902
RHSA-2019:0415: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190415 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0415, CVE-2018-10902 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously backported upstream patch caused a change in the behavior of page fault handler. As a consequence, applications compiled through GNU Compiler Collection (GCC) version 4.4.7 sometimes generated stack access exceeding the 64K limit. Running such applications subsequently triggered a segmentation fault. With this update, the 64k limit check in the page fault handler has been removed. As a result, running the affected applications no longer triggers the segmentation fault in the described scenario. Note that removing the limit check does not impact the integrity of the kernel itself. (BZ#1644401) |
RHSA-2019:0416: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20190416 mediumRHSA-2019:0416 CVE-2019-2422
RHSA-2019:0416: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190416 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0416, CVE-2019-2422 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0420: polkit security update (Important)oval-com.redhat.rhsa-def-20190420 highRHSA-2019:0420 CVE-2019-6133
RHSA-2019:0420: polkit security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190420 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0420, CVE-2019-6133 |
| Description | The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Temporary auth hijacking via PID reuse and non-atomic fork (CVE-2019-6133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0435: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20190435 mediumRHSA-2019:0435 CVE-2019-2422
RHSA-2019:0435: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190435 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0435, CVE-2019-2422 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0436: java-11-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20190436 mediumRHSA-2019:0436 CVE-2019-2422
RHSA-2019:0436: java-11-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190436 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0436, CVE-2019-2422 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0462: java-1.7.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20190462 mediumRHSA-2019:0462 CVE-2019-2422
RHSA-2019:0462: java-1.7.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190462 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0462, CVE-2019-2422 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0464: java-1.7.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20190464 mediumRHSA-2019:0464 CVE-2019-2422
RHSA-2019:0464: java-1.7.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190464 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0464, CVE-2019-2422 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0482: cockpit security update (Moderate)oval-com.redhat.rhsa-def-20190482 mediumRHSA-2019:0482 CVE-2019-3804
RHSA-2019:0482: cockpit security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190482 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0482, CVE-2019-3804 |
| Description | Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix(es): * cockpit: Crash when parsing invalid base64 headers (CVE-2019-3804) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0483: openssl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20190483 mediumRHSA-2019:0483 CVE-2018-0735 CVE-2018-5407
RHSA-2019:0483: openssl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190483 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0483, CVE-2018-0735, CVE-2018-5407 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Perform the RSA signature self-tests with SHA-256 (BZ#1673914) |
RHSA-2019:0485: tomcat security update (Moderate)oval-com.redhat.rhsa-def-20190485 mediumRHSA-2019:0485 CVE-2018-11784
RHSA-2019:0485: tomcat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190485 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0485, CVE-2018-11784 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Open redirect in default servlet (CVE-2018-11784) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0512: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20190512 highRHSA-2019:0512 CVE-2018-17972 CVE-2018-18445 CVE-2018-9568
RHSA-2019:0512: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0512, CVE-2018-17972, CVE-2018-18445, CVE-2018-9568 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) and Enhancement(s): * kernel fuse invalidates cached attributes during reads (BZ#1657921) * [NetApp-FC-NVMe] RHEL7.6: nvme reset gets hung indefinitely (BZ#1659937) * Memory reclaim deadlock calling __sock_create() after memalloc_noio_save() (BZ#1660392) * hardened usercopy is causing crash (BZ#1660815) * Backport: xfrm: policy: init locks early (BZ#1660887) * AWS m5 instance type loses NVMe mounted volumes [was: Unable to Mount StatefulSet PV in AWS EBS] (BZ#1661947) * RHEL 7.6 running on a VirtualBox guest with a GUI has a mouse problem (BZ#1662848) * Kernel bug report in cgroups on heavily contested 3.10 node (BZ#1663114) * [PCIe] SHPC probe crash on Non-ACPI/Non-SHPC ports (BZ#1663241) * [Cavium 7.7 Feat] qla2xxx: Update to latest upstream. (BZ#1663508) * Regression in lpfc and the CNE1000 (BE2 FCoE) adapters that no longer initialize (BZ#1664067) * [csiostor] call trace after command: modprobe csiostor (BZ#1665370) * libceph: fall back to sendmsg for slab pages (BZ#1665814) * Deadlock between stop_one_cpu_nowait() and stop_two_cpus() (BZ#1667328) * Soft lockups occur when the sd driver passes a device size of 1 sector to string_get_size() (BZ#1667989) * [RHEL7.7] BUG: unable to handle kernel paging request at ffffffffffffffff (BZ#1668208) * RHEL7.6 - powerpc/pseries: Disable CPU hotplug across migrations / powerpc/rtas: Fix a potential race between CPU-Offline & Migration (LPM) (BZ#1669044) * blk-mq: fix corruption with direct issue (BZ#1670511) * [RHEL7][patch] iscsi driver can block reboot/shutdown (BZ#1670680) * [DELL EMC 7.6 BUG] Unable to create-namespace over Dell NVDIMM-N (BZ#1671743) * efi_bgrt_init fails to ioremap error during boot (BZ#1671745) * Unable to mount a share on kernel- 3.10.0-957.el7. The share can be mounted on kernel-3.10.0-862.14.4.el7 (BZ#1672448) * System crash with RIP nfs_readpage_async+0x43 -- BUG: unable to handle kernel NULL pointer dereference (BZ#1672510) Users of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement. |
RHSA-2019:0514: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20190514 highRHSA-2019:0514 CVE-2018-17972 CVE-2018-18445 CVE-2018-9568
RHSA-2019:0514: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190514 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0514, CVE-2018-17972, CVE-2018-18445, CVE-2018-9568 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: Faulty computation of numberic bounds in the BPF verifier (CVE-2018-18445) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL7.6.z batch#3 source tree (BZ#1672406) Users of kernel-rt are advised to upgrade to these updated packages, which fix this bug. |
RHSA-2019:0597: cloud-init security update (Moderate)oval-com.redhat.rhsa-def-20190597 mediumRHSA-2019:0597 CVE-2019-0816
RHSA-2019:0597: cloud-init security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190597 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0597, CVE-2019-0816 |
| Description | The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fix(es): * cloud-init: extra ssh keys added to authorized_keys on the Azure platform (CVE-2019-0816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0622: firefox security update (Critical)oval-com.redhat.rhsa-def-20190622 highRHSA-2019:0622 CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796
RHSA-2019:0622: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20190622 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0622, CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0623: firefox security update (Critical)oval-com.redhat.rhsa-def-20190623 highRHSA-2019:0623 CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796
RHSA-2019:0623: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20190623 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0623, CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0633: ghostscript security and bug fix update (Important)oval-com.redhat.rhsa-def-20190633 highRHSA-2019:0633 CVE-2019-3835 CVE-2019-3838
RHSA-2019:0633: ghostscript security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190633 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0633, CVE-2019-3835, CVE-2019-3838 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: superexec operator is available (700585) (CVE-2019-3835) * ghostscript: forceput in DefineResource is still accessible (700576) (CVE-2019-3838) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * ghostscript: Regression: double comment chars '%%' in gs_init.ps leading to missing metadata (BZ#1673915) |
RHSA-2019:0638: openwsman security update (Important)oval-com.redhat.rhsa-def-20190638 highRHSA-2019:0638 CVE-2019-3816
RHSA-2019:0638: openwsman security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190638 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0638, CVE-2019-3816 |
| Description | Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es): * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0671: firefox security update (Critical)oval-com.redhat.rhsa-def-20190671 highRHSA-2019:0671 CVE-2019-9810 CVE-2019-9813
RHSA-2019:0671: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20190671 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0671, CVE-2019-9810, CVE-2019-9813 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix(es): * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0672: firefox security update (Critical)oval-com.redhat.rhsa-def-20190672 highRHSA-2019:0672 CVE-2019-9810 CVE-2019-9813
RHSA-2019:0672: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20190672 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0672, CVE-2019-9810, CVE-2019-9813 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. Security Fix(es): * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0679: libssh2 security update (Important)oval-com.redhat.rhsa-def-20190679 highRHSA-2019:0679 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863
RHSA-2019:0679: libssh2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190679 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0679, CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863 |
| Description | The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix(es): * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0680: thunderbird security update (Important)oval-com.redhat.rhsa-def-20190680 highRHSA-2019:0680 CVE-2018-18356 CVE-2018-18506 CVE-2018-18509 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813
RHSA-2019:0680: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190680 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0680, CVE-2018-18356, CVE-2018-18506, CVE-2018-18509, CVE-2019-5785, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0681: thunderbird security update (Important)oval-com.redhat.rhsa-def-20190681 highRHSA-2019:0681 CVE-2018-18356 CVE-2018-18506 CVE-2018-18509 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813
RHSA-2019:0681: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190681 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0681, CVE-2018-18356, CVE-2018-18506, CVE-2018-18509, CVE-2019-5785, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0697: freerdp security update (Important)oval-com.redhat.rhsa-def-20190697 highRHSA-2019:0697 CVE-2018-8786 CVE-2018-8787 CVE-2018-8788
RHSA-2019:0697: freerdp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190697 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0697, CVE-2018-8786, CVE-2018-8787, CVE-2018-8788 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: Integer truncation leading to heap-based buffer overflow in update_read_bitmap_update() function (CVE-2018-8786) * freerdp: Integer overflow leading to heap-based buffer overflow in gdi_Bitmap_Decompress() function (CVE-2018-8787) * freerdp: Out-of-bounds write in nsc_rle_decode() function (CVE-2018-8788) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0710: python security update (Important)oval-com.redhat.rhsa-def-20190710 highRHSA-2019:0710 CVE-2019-9636
RHSA-2019:0710: python security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190710 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0710, CVE-2019-9636 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0711: openssh security update (Low)oval-com.redhat.rhsa-def-20190711 lowRHSA-2019:0711 CVE-2018-15473
RHSA-2019:0711: openssh security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20190711 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:0711, CVE-2018-15473 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0717: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20190717 highRHSA-2019:0717 CVE-2018-13405
RHSA-2019:0717: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190717 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0717, CVE-2018-13405 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * sched/sysctl: Check user input value of sysctl_sched_time_avg (BZ#1579128) * unable to handle kernel NULL pointer dereference at 000000000000005d in tcp_enter_frto+0x102 (BZ#1585892) * qla2xxx: Mask Off Scope bits for Retry delay timer in the driver (BZ#1588133) * [PATCH] perf: Fix a race between ring_buffer_detach() and ring_buffer_wakeup() (BZ#1589340) * RHEL6.10 - kernel: improve spectre mitigation for s390x (BZ#1625381) * kernel panic due to NULL pointer dereference in __wake_up_common through perf_event_wakeup (BZ#1627672) * After upgrading from rhel 6.9 to rhel 6.10, files in a cifs share can't be read (BZ#1636484) * Retpoline impact on vdso gettimeofday performance (BZ#1638552) * [RHEL 6.10] 32-bit kernel-2.6.32-754.3.5 registers the swap of 4k size only (BZ#1670328) |
RHSA-2019:0766: mod_auth_mellon security and bug fix update (Important)oval-com.redhat.rhsa-def-20190766 highRHSA-2019:0766 CVE-2019-3877 CVE-2019-3878
RHSA-2019:0766: mod_auth_mellon security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190766 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0766, CVE-2019-3877, CVE-2019-3878 |
| Description | The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix(es): * mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) * mod_auth_mellon: open redirect in logout url when using URLs with backslashes (CVE-2019-3877) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * mod_auth_mellon Cert files name wrong when hostname contains a number (fixed in upstream package) (BZ#1697487) |
RHSA-2019:0774: java-1.8.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20190774 highRHSA-2019:0774 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698
RHSA-2019:0774: java-1.8.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190774 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0774, CVE-2019-2602, CVE-2019-2684, CVE-2019-2698 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * assert failure in coalesce.cpp: attempted to spill a non-spillable item (BZ#1640127) |
RHSA-2019:0775: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20190775 highRHSA-2019:0775 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698
RHSA-2019:0775: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190775 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0775, CVE-2019-2602, CVE-2019-2684, CVE-2019-2698 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0778: java-11-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20190778 mediumRHSA-2019:0778 CVE-2019-2602 CVE-2019-2684
RHSA-2019:0778: java-11-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190778 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0778, CVE-2019-2602, CVE-2019-2684 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0790: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20190790 highRHSA-2019:0790 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698
RHSA-2019:0790: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190790 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0790, CVE-2019-2602, CVE-2019-2684, CVE-2019-2698 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0791: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20190791 highRHSA-2019:0791 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698
RHSA-2019:0791: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190791 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0791, CVE-2019-2602, CVE-2019-2684, CVE-2019-2698 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0809: ovmf security update (Important)oval-com.redhat.rhsa-def-20190809 highRHSA-2019:0809 CVE-2018-12180
RHSA-2019:0809: ovmf security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190809 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0809, CVE-2018-12180 |
| Description | OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Buffer Overflow in BlockIo service for RAM disk (CVE-2018-12180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0818: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20190818 highRHSA-2019:0818 CVE-2019-6974 CVE-2019-7221
RHSA-2019:0818: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190818 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0818, CVE-2019-6974, CVE-2019-7221 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * rbd: avoid corruption on partially completed bios [rhel-7.6.z] (BZ#1672514) * xfs_vm_writepages deadly embrace between kworker and user task. [rhel-7.6.z] (BZ#1673281) * Offload Connections always get vlan priority 0 [rhel-7.6.z] (BZ#1673821) * [NOKIA] RHEL sends flood of Neighbour Solicitations under specific conditions [rhel-7.6.z] (BZ#1677179) * RHEL 7.6 - Host crash occurred on NVMe/IB system while running controller reset [rhel-7.6.z] (BZ#1678214) * [rhel7] raid0 md workqueue deadlock with stacked md devices [rhel-7.6.z] (BZ#1678215) * [PureStorage7.6]nvme disconnect following an unsuccessful Admin queue creation causes kernel panic [rhel-7.6.z] (BZ#1678216) * RFC: Regression with -fstack-check in 'backport upstream large stack guard patch to RHEL6' patch [rhel-7.6.z] (BZ#1678221) * [Hyper-V] [RHEL 7.6]hv_netvsc: Fix a network regression after ifdown/ifup [rhel-7.6.z] (BZ#1679997) * rtc_cmos: probe of 00:01 failed with error -16 [rhel-7.6.z] (BZ#1683078) * ACPI WDAT watchdog update [rhel-7.6.z] (BZ#1683079) * high ovs-vswitchd CPU usage when VRRP over VXLAN tunnel causing qrouter fail-over [rhel-7.6.z] (BZ#1683093) * Openshift node drops outgoing POD traffic due to NAT hashtable race in __ip_conntrack_confirm() [rhel-7.6.z] (BZ#1686766) * [Backport] [v3,2/2] net: igmp: Allow user-space configuration of igmp unsolicited report interval [rhel-7.6.z] (BZ#1686771) * [RHEL7.6]: Intermittently seen FIFO parity error on T6225-SO adapter [rhel-7.6.z] (BZ#1687487) * The number of unsolict report about IGMP is incorrect [rhel-7.6.z] (BZ#1688225) * RDT driver causing failure to boot on AMD Rome system with more than 255 CPUs [rhel-7.6.z] (BZ#1689120) * mpt3sas_cm0: fault_state(0x2100)! [rhel-7.6.z] (BZ#1689379) * rwsem in inconsistent state leading system to hung [rhel-7.6.z] (BZ#1690323) Users of kernel are advised to upgrade to these updated packages, which fix these bugs. |
RHSA-2019:0833: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20190833 highRHSA-2019:0833 CVE-2019-6974 CVE-2019-7221
RHSA-2019:0833: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190833 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0833, CVE-2019-6974, CVE-2019-7221 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: KVM: potential use-after-free via kvm_ioctl_create_device() (CVE-2019-6974) * Kernel: KVM: nVMX: use-after-free of the hrtimer for emulation of the preemption timer (CVE-2019-7221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * VM hangs on RHEL rt-kernel and OSP 13 [rhel-7.6.z] (BZ#1688673) * kernel-rt: update to the RHEL7.6.z batch#4 source tree (BZ#1689417) Users of kernel are advised to upgrade to these updated packages, which fix these bugs. |
RHSA-2019:0966: firefox security update (Critical)oval-com.redhat.rhsa-def-20190966 highRHSA-2019:0966 CVE-2018-18506 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813
RHSA-2019:0966: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20190966 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0966, CVE-2018-18506, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.6.1 ESR. (BZ#1690308) Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0968: edk2 security update (Important)oval-com.redhat.rhsa-def-20190968 highRHSA-2019:0968 CVE-2018-12180
RHSA-2019:0968: edk2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190968 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0968, CVE-2018-12180 |
| Description | EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Buffer Overflow in BlockIo service for RAM disk (CVE-2018-12180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0971: ghostscript security update (Important)oval-com.redhat.rhsa-def-20190971 highRHSA-2019:0971 CVE-2019-3835 CVE-2019-3838 CVE-2019-3839
RHSA-2019:0971: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190971 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0971, CVE-2019-3835, CVE-2019-3838, CVE-2019-3839 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: superexec operator is available (700585) (CVE-2019-3835) * ghostscript: forceput in DefineResource is still accessible (700576) (CVE-2019-3838) * ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0972: openwsman security update (Important)oval-com.redhat.rhsa-def-20190972 highRHSA-2019:0972 CVE-2019-3816
RHSA-2019:0972: openwsman security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190972 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0972, CVE-2019-3816 |
| Description | Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es): * openwsman: Disclosure of arbitrary files outside of the registered URIs (CVE-2019-3816) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0975: container-tools:rhel8 security and bug fix update (Important)oval-com.redhat.rhsa-def-20190975 highRHSA-2019:0975 CVE-2019-5736
RHSA-2019:0975: container-tools:rhel8 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190975 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0975, CVE-2019-5736 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * A flaw was found in the way runc handled system file descriptors when running containers. A malicious container could use this flaw to overwrite contents of the runc binary and consequently run arbitrary commands on the container host system. (CVE-2019-5736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [stream rhel8] rebase container-selinux to 2.94 (BZ#1693675) * [stream rhel8] unable to mount disk at `/var/lib/containers` via `systemd` unit when `container-selinux` policy installed (BZ#1695669) * [stream rhel8] don't allow a container to connect to random services (BZ#1695689) |
RHSA-2019:0980: httpd:2.4 security update (Important)oval-com.redhat.rhsa-def-20190980 highRHSA-2019:0980 CVE-2019-0211 CVE-2019-0215
RHSA-2019:0980: httpd:2.4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190980 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0980, CVE-2019-0211, CVE-2019-0215 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: privilege escalation from modules scripts (CVE-2019-0211) * httpd: mod_ssl: access control bypass when using per-location client certification authentication (CVE-2019-0215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0981: python27:2.7 security update (Important)oval-com.redhat.rhsa-def-20190981 highRHSA-2019:0981 CVE-2019-7164 CVE-2019-7548 CVE-2019-9636
RHSA-2019:0981: python27:2.7 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0981, CVE-2019-7164, CVE-2019-7548, CVE-2019-9636 |
| Description | Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) * python-sqlalchemy: SQL Injection when the order_by parameter can be controlled (CVE-2019-7164) * python-sqlalchemy: SQL Injection when the group_by parameter can be controlled (CVE-2019-7548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0983: wget security update (Important)oval-com.redhat.rhsa-def-20190983 highRHSA-2019:0983 CVE-2019-5953
RHSA-2019:0983: wget security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190983 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0983, CVE-2019-5953 |
| Description | The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es): * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0984: python36:3.6 security update (Moderate)oval-com.redhat.rhsa-def-20190984 mediumRHSA-2019:0984 CVE-2019-7164 CVE-2019-7548
RHSA-2019:0984: python36:3.6 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190984 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0984, CVE-2019-7164, CVE-2019-7548 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlchemy is an Object Relational Mapper (ORM) that provides a flexible, high-level interface to SQL databases. Security Fix(es): * python-sqlalchemy: SQL Injection when the order_by parameter can be controlled (CVE-2019-7164) * python-sqlalchemy: SQL Injection when the group_by parameter can be controlled (CVE-2019-7548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0985: mod_auth_mellon security update (Important)oval-com.redhat.rhsa-def-20190985 highRHSA-2019:0985 CVE-2019-3878
RHSA-2019:0985: mod_auth_mellon security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190985 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0985, CVE-2019-3878 |
| Description | The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix(es): * mod_auth_mellon: authentication bypass in ECP flow (CVE-2019-3878) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:0990: systemd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20190990 mediumRHSA-2019:0990 CVE-2019-6454
RHSA-2019:0990: systemd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20190990 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:0990, CVE-2019-6454 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Insufficient input validation in bus_process_object() resulting in PID 1 crash (CVE-2019-6454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [PATCH] bus-socket: Fix line_begins() to accept word matching full (BZ#1693578) |
RHSA-2019:0997: python3 security update (Important)oval-com.redhat.rhsa-def-20190997 highRHSA-2019:0997 CVE-2019-9636
RHSA-2019:0997: python3 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20190997 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:0997, CVE-2019-9636 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package provides the "python3" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3-libs package, which should be installed automatically along with python3. The remaining parts of the Python standard library are broken out into the python3-tkinter and python3-test packages. Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1017: ghostscript security update (Important)oval-com.redhat.rhsa-def-20191017 highRHSA-2019:1017 CVE-2019-3839
RHSA-2019:1017: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191017 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1017, CVE-2019-3839 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: missing attack vector protections for CVE-2019-6116 (CVE-2019-3839) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1022: python-jinja2 security update (Important)oval-com.redhat.rhsa-def-20191022 highRHSA-2019:1022 CVE-2016-10745
RHSA-2019:1022: python-jinja2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191022 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1022, CVE-2016-10745 |
| Description | The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): * python-jinja2: Sandbox escape due to information disclosure via str.format (CVE-2016-10745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1024: flatpak security update (Important)oval-com.redhat.rhsa-def-20191024 highRHSA-2019:1024 CVE-2019-10063
RHSA-2019:1024: flatpak security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191024 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1024, CVE-2019-10063 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226) (CVE-2019-10063) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1131: freeradius security update (Important)oval-com.redhat.rhsa-def-20191131 highRHSA-2019:1131 CVE-2019-11234 CVE-2019-11235
RHSA-2019:1131: freeradius security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191131 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1131, CVE-2019-11234, CVE-2019-11235 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * freeradius: eap-pwd: authentication bypass via an invalid curve attack (CVE-2019-11235) * freeradius: eap-pwd: fake authentication using reflection (CVE-2019-11234) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1142: freeradius:3.0 security update (Important)oval-com.redhat.rhsa-def-20191142 highRHSA-2019:1142 CVE-2019-11234 CVE-2019-11235
RHSA-2019:1142: freeradius:3.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191142 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1142, CVE-2019-11234, CVE-2019-11235 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * freeradius: eap-pwd: authentication bypass via an invalid curve attack (CVE-2019-11235) * freeradius: eap-pwd: fake authentication using reflection (CVE-2019-11234) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1143: flatpak security update (Important)oval-com.redhat.rhsa-def-20191143 highRHSA-2019:1143 CVE-2019-10063
RHSA-2019:1143: flatpak security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191143 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1143, CVE-2019-10063 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: Sandbox bypass via IOCSTI (incomplete fix for CVE-2017-5226) (CVE-2019-10063) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1144: thunderbird security update (Important)oval-com.redhat.rhsa-def-20191144 highRHSA-2019:1144 CVE-2018-18356 CVE-2018-18506 CVE-2018-18509 CVE-2019-5785 CVE-2019-9788 CVE-2019-9790 CVE-2019-9791 CVE-2019-9792 CVE-2019-9793 CVE-2019-9795 CVE-2019-9796 CVE-2019-9810 CVE-2019-9813
RHSA-2019:1144: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191144 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1144, CVE-2018-18356, CVE-2018-18506, CVE-2018-18509, CVE-2019-5785, CVE-2019-9788, CVE-2019-9790, CVE-2019-9791, CVE-2019-9792, CVE-2019-9793, CVE-2019-9795, CVE-2019-9796, CVE-2019-9810, CVE-2019-9813 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.6.1. (BZ#1692449) Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 (CVE-2019-9788) * Mozilla: Use-after-free when removing in-use DOM elements (CVE-2019-9790) * Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey (CVE-2019-9791) * Mozilla: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script (CVE-2019-9792) * Mozilla: IonMonkey MArraySlice has incorrect alias information (CVE-2019-9810) * Mozilla: Ionmonkey type confusion with __proto__ mutations (CVE-2019-9813) * Mozilla: Improper bounds checks when Spectre mitigations are disabled (CVE-2019-9793) * Mozilla: Type-confusion in IonMonkey JIT compiler (CVE-2019-9795) * Mozilla: Use-after-free with SMIL animation controller (CVE-2019-9796) * Mozilla: Proxy Auto-Configuration file can define localhost access to be proxied (CVE-2018-18506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1145: bind security update (Important)oval-com.redhat.rhsa-def-20191145 highRHSA-2019:1145 CVE-2018-5743
RHSA-2019:1145: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191145 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1145, CVE-2018-5743 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1146: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20191146 highRHSA-2019:1146 CVE-2019-2602 CVE-2019-2684 CVE-2019-2698
RHSA-2019:1146: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191146 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1146, CVE-2019-2602, CVE-2019-2684, CVE-2019-2698 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1152: python-jinja2 security update (Important)oval-com.redhat.rhsa-def-20191152 highRHSA-2019:1152 CVE-2019-10906
RHSA-2019:1152: python-jinja2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191152 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1152, CVE-2019-10906 |
| Description | The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): * python-jinja2: str.format_map allows sandbox escape (CVE-2019-10906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1167: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20191167 highRHSA-2019:1167 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 CVE-2019-9003
RHSA-2019:1167: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191167 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1167, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091, CVE-2019-9003 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Need to remove radix-tree symbols from the whitelist (BZ#1696222) * Installation of kernel-modules-extra rpm conflicts with kmod weak-modules (BZ#1703395) |
RHSA-2019:1168: kernel security update (Important)oval-com.redhat.rhsa-def-20191168 highRHSA-2019:1168 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
RHSA-2019:1168: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191168 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1168, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1169: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20191169 highRHSA-2019:1169 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
RHSA-2019:1169: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191169 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1169, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * aio O_DIRECT writes to non-page-aligned file locations on ext4 can result in the overlapped portion of the page containing zeros (BZ#1686170) * Tolerate new s390x crypto hardware for migration (BZ#1695496) |
RHSA-2019:1174: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20191174 highRHSA-2019:1174 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
RHSA-2019:1174: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191174 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1174, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1175: virt:rhel security update (Important)oval-com.redhat.rhsa-def-20191175 highRHSA-2019:1175 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2018-20815 CVE-2019-11091 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863
RHSA-2019:1175: virt:rhel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191175 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1175, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2018-20815, CVE-2019-11091, CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) * QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815) * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1176: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20191176 highRHSA-2019:1176 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
RHSA-2019:1176: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191176 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1176, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1177: libvirt security update (Important)oval-com.redhat.rhsa-def-20191177 highRHSA-2019:1177 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
RHSA-2019:1177: libvirt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191177 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1177, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1178: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20191178 highRHSA-2019:1178 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
RHSA-2019:1178: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191178 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1178, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1180: libvirt security update (Important)oval-com.redhat.rhsa-def-20191180 highRHSA-2019:1180 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
RHSA-2019:1180: libvirt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1180, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1181: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20191181 highRHSA-2019:1181 CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091
RHSA-2019:1181: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191181 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1181, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127) * Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1228: wget security update (Important)oval-com.redhat.rhsa-def-20191228 highRHSA-2019:1228 CVE-2019-5953
RHSA-2019:1228: wget security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191228 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1228, CVE-2019-5953 |
| Description | The wget packages provide the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Security Fix(es): * wget: do_conversion() heap-based buffer overflow vulnerability (CVE-2019-5953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1235: ruby security update (Important)oval-com.redhat.rhsa-def-20191235 highRHSA-2019:1235 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325
RHSA-2019:1235: ruby security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191235 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1235, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) * rubygems: Escape sequence injection vulnerability in gem owner (CVE-2019-8322) * rubygems: Escape sequence injection vulnerability in API response handling (CVE-2019-8323) * rubygems: Escape sequence injection vulnerability in errors (CVE-2019-8325) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1238: java-1.8.0-ibm security update (Critical)oval-com.redhat.rhsa-def-20191238 highRHSA-2019:1238 CVE-2018-11212 CVE-2018-12547 CVE-2018-12549 CVE-2019-10245 CVE-2019-2422 CVE-2019-2449 CVE-2019-2602 CVE-2019-2684 CVE-2019-2697 CVE-2019-2698
RHSA-2019:1238: java-1.8.0-ibm security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191238 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1238, CVE-2018-11212, CVE-2018-12547, CVE-2018-12549, CVE-2019-10245, CVE-2019-2422, CVE-2019-2449, CVE-2019-2602, CVE-2019-2684, CVE-2019-2697, CVE-2019-2698 |
| Description | IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP35. Security Fix(es): * IBM JDK: buffer overflow in jio_snprintf() and jio_vsnprintf() (CVE-2018-12547) * IBM JDK: missing null check when accelerating Unsafe calls (CVE-2018-12549) * Oracle JDK: Unspecified vulnerability fixed in 7u221 and 8u211 (2D) (CVE-2019-2697) * OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022) (CVE-2019-2698) * OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290) (CVE-2019-2422) * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) * IBM JDK: Read beyond the end of bytecode array causing JVM crash (CVE-2019-10245) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * Oracle JDK: unspecified vulnerability fixed in 8u201 (Deployment) (CVE-2019-2449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1259: dotnet security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20191259 highRHSA-2019:1259 CVE-2019-0757 CVE-2019-0820 CVE-2019-0980 CVE-2019-0981
RHSA-2019:1259: dotnet security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191259 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1259, CVE-2019-0757, CVE-2019-0820, CVE-2019-0980, CVE-2019-0981 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507. Security Fix(es): * dotnet: NuGet Tampering Vulnerability (CVE-2019-0757) * dotnet: timeouts for regular expressions are not enforced (CVE-2019-0820) * dotnet: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980) * dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471) |
RHSA-2019:1264: libvirt security and bug fix update (Important)oval-com.redhat.rhsa-def-20191264 highRHSA-2019:1264 CVE-2019-10132
RHSA-2019:1264: libvirt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191264 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1264, CVE-2019-10132 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter (CVE-2019-10132) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * libvirt terminates and core-dumps with SIGABRT as a result of a invalid pointer error trying to free memory in virNWFilterBindingDefFree() (BZ#1702173) |
RHSA-2019:1265: firefox security update (Critical)oval-com.redhat.rhsa-def-20191265 highRHSA-2019:1265 CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820
RHSA-2019:1265: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191265 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1265, CVE-2018-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11698, CVE-2019-5798, CVE-2019-7317, CVE-2019-9797, CVE-2019-9800, CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1267: firefox security update (Critical)oval-com.redhat.rhsa-def-20191267 highRHSA-2019:1267 CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820
RHSA-2019:1267: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191267 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1267, CVE-2018-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11698, CVE-2019-5798, CVE-2019-7317, CVE-2019-9797, CVE-2019-9800, CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1268: virt:rhel security update (Important)oval-com.redhat.rhsa-def-20191268 highRHSA-2019:1268 CVE-2019-10132
RHSA-2019:1268: virt:rhel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191268 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1268, CVE-2019-10132 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * libvirt: wrong permissions in systemd admin-sock due to missing SocketMode parameter (CVE-2019-10132) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1269: firefox security update (Critical)oval-com.redhat.rhsa-def-20191269 highRHSA-2019:1269 CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9816 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820
RHSA-2019:1269: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191269 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1269, CVE-2018-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11698, CVE-2019-5798, CVE-2019-7317, CVE-2019-9797, CVE-2019-9800, CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Type confusion with object groups and UnboxedObjects (CVE-2019-9816) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1278: pacemaker security update (Important)oval-com.redhat.rhsa-def-20191278 highRHSA-2019:1278 CVE-2018-16877 CVE-2018-16878 CVE-2019-3885
RHSA-2019:1278: pacemaker security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191278 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1278, CVE-2018-16877, CVE-2018-16878, CVE-2019-3885 |
| Description | The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Security Fix(es): * pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877) * pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878) * pacemaker: Information disclosure through use-after-free (CVE-2019-3885) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1279: pacemaker security and bug fix update (Important)oval-com.redhat.rhsa-def-20191279 highRHSA-2019:1279 CVE-2018-16877 CVE-2018-16878 CVE-2019-3885
RHSA-2019:1279: pacemaker security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191279 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1279, CVE-2018-16877, CVE-2018-16878, CVE-2019-3885 |
| Description | The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Security Fix(es): * pacemaker: Insufficient local IPC client-server authentication on the client's side can lead to local privesc (CVE-2018-16877) * pacemaker: Insufficient verification inflicted preference of uncontrolled processes can lead to DoS (CVE-2018-16878) * pacemaker: Information disclosure through use-after-free (CVE-2019-3885) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Interrupted live migration will get full start rather than completed migration (BZ#1695247) |
RHSA-2019:1294: bind security update (Important)oval-com.redhat.rhsa-def-20191294 highRHSA-2019:1294 CVE-2018-5743
RHSA-2019:1294: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191294 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1294, CVE-2018-5743 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1308: thunderbird security update (Important)oval-com.redhat.rhsa-def-20191308 highRHSA-2019:1308 CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820
RHSA-2019:1308: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191308 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1308, CVE-2018-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11698, CVE-2019-5798, CVE-2019-7317, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1309: thunderbird security update (Important)oval-com.redhat.rhsa-def-20191309 highRHSA-2019:1309 CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820
RHSA-2019:1309: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191309 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1309, CVE-2018-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11698, CVE-2019-5798, CVE-2019-7317, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1310: thunderbird security update (Important)oval-com.redhat.rhsa-def-20191310 highRHSA-2019:1310 CVE-2018-18511 CVE-2019-11691 CVE-2019-11692 CVE-2019-11693 CVE-2019-11698 CVE-2019-5798 CVE-2019-7317 CVE-2019-9797 CVE-2019-9800 CVE-2019-9817 CVE-2019-9819 CVE-2019-9820
RHSA-2019:1310: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191310 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1310, CVE-2018-18511, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-11698, CVE-2019-5798, CVE-2019-7317, CVE-2019-9797, CVE-2019-9800, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7 (CVE-2019-9800) * Mozilla: Cross-origin theft of images with createImageBitmap (CVE-2019-9797) * Mozilla: Stealing of cross-domain images using canvas (CVE-2019-9817) * Mozilla: Compartment mismatch with fetch API (CVE-2019-9819) * Mozilla: Use-after-free of ChromeEventHandler by DocShell (CVE-2019-9820) * Mozilla: Use-after-free in XMLHttpRequest (CVE-2019-11691) * Mozilla: Use-after-free removing listeners in the event listener manager (CVE-2019-11692) * Mozilla: Buffer overflow in WebGL bufferdata on Linux (CVE-2019-11693) * mozilla: Cross-origin theft of images with ImageBitmapRenderingContext (CVE-2018-18511) * chromium-browser: Out of bounds read in Skia (CVE-2019-5798) * Mozilla: Theft of user history data through drag and drop of hyperlinks to and from bookmarks (CVE-2019-11698) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1467: python security update (Important)oval-com.redhat.rhsa-def-20191467 highRHSA-2019:1467 CVE-2019-9636
RHSA-2019:1467: python security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191467 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1467, CVE-2019-9636 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information Disclosure due to urlsplit improper NFKC normalization (CVE-2019-9636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1479: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20191479 highRHSA-2019:1479 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-9213
RHSA-2019:1479: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191479 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1479, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-9213 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms (CVE-2019-9213) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [HPE 8.0 Bug] nvme drive power button does not turn off drive (BZ#1700288) * RHEL8.0 - hw csum failure seen in dmesg and console (using mlx5/mlx4/Mellanox) (BZ#1700289) * RHEL8.0 - vfio-ap: add subsystem to matrix device to avoid libudev failures (kvm) (BZ#1700290) * [FJ8.1 Bug]: Make Fujitsu Erratum 010001 patch work on A64FX v1r0 (BZ#1700901) * [FJ8.0 Bug]: Fujitsu A64FX processor errata - panic by unknown fault (BZ#1700902) * RHEL 8.0 Snapshot 4 - nvme create-ns command hangs after creating 20 namespaces on Bolt (NVMe) (BZ#1701140) * [Cavium/Marvell 8.0 qed] Fix qed_mcp_halt() and qed_mcp_resume() (backporting bug) (BZ#1704184) * [Intel 8.1 Bug] PBF: Base frequency display fix (BZ#1706739) * [RHEL8]read/write operation not permitted to /sys/kernel/debug/gcov/reset (BZ#1708100) * RHEL8.0 - ISST-LTE:pVM:fleetwood:LPM:raylp85:After lpm seeing the console logs on the the lpar at target side (BZ#1708102) * RHEL8.0 - Backport support for software count cache flush Spectre v2 mitigation (BZ#1708112) * [Regression] RHEL8.0 - System crashed with one stress-ng-mremap stressor on Boston (kvm host) (BZ#1708617) * [intel ice Rhel 8 RC1] ethtool -A ethx causes interfaces to go down (BZ#1709433) |
RHSA-2019:1480: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20191480 highRHSA-2019:1480 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-9213
RHSA-2019:1480: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191480 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1480, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-9213 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * kernel: lack of check for mmap minimum address in expand_downwards in mm/mmap.c leads to NULL pointer dereferences exploit on non-SMAP platforms (CVE-2019-9213) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL8.0.z batch#1 source tree (BZ#1704955) |
RHSA-2019:1481: kernel security update (Important)oval-com.redhat.rhsa-def-20191481 highRHSA-2019:1481 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
RHSA-2019:1481: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191481 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1481, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1486: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20191486 highRHSA-2019:1486 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479
RHSA-2019:1486: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191486 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1486, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1488: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20191488 highRHSA-2019:1488 CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2019-3896
RHSA-2019:1488: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191488 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1488, CVE-2019-11477, CVE-2019-11478, CVE-2019-11479, CVE-2019-3896 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented. Each fragment is about TCP maximum segment size (MSS) bytes. To efficiently process SACK blocks, the Linux kernel merges multiple fragmented SKBs into one, potentially overflowing the variable holding the number of segments. A remote attacker could use this flaw to crash the Linux kernel by sending a crafted sequence of SACK segments on a TCP connection with small value of TCP MSS, resulting in a denial of service (DoS). (CVE-2019-11477) * kernel: Double free in lib/idr.c (CVE-2019-3896) * Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service (CVE-2019-11478) * Kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service (CVE-2019-11479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * MDS mitigations not enabled on Intel Skylake CPUs (BZ#1710081) * RHEL6 kernel does not disable SMT with mds=full,nosmt (BZ#1710121) * [RHEL6] md_clear flag missing from /proc/cpuinfo (BZ#1710517) |
RHSA-2019:1492: bind security update (Important)oval-com.redhat.rhsa-def-20191492 highRHSA-2019:1492 CVE-2018-5743
RHSA-2019:1492: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191492 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1492, CVE-2018-5743 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Limiting simultaneous TCP clients is ineffective (CVE-2018-5743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1517: gvfs security update (Moderate)oval-com.redhat.rhsa-def-20191517 mediumRHSA-2019:1517 CVE-2019-3827
RHSA-2019:1517: gvfs security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191517 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1517, CVE-2019-3827 |
| Description | GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es): * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1518: java-11-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20191518 mediumRHSA-2019:1518 CVE-2019-2602 CVE-2019-2684
RHSA-2019:1518: java-11-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191518 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1518, CVE-2019-2602, CVE-2019-2684 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Slow conversion of BigDecimal to long (Libraries, 8211936) (CVE-2019-2602) * OpenJDK: Incorrect skeleton selection in RMI registry server-side dispatch handling (RMI, 8218453) (CVE-2019-2684) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1519: go-toolset:rhel8 security update (Moderate)oval-com.redhat.rhsa-def-20191519 mediumRHSA-2019:1519 CVE-2019-9741
RHSA-2019:1519: go-toolset:rhel8 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191519 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1519, CVE-2019-9741 |
| Description | The go-toolset:rhel8 module provides Go Toolset, a compiler toolset for building applications using the Go language and compiler suite. Security Fix(es): * golang: CRLF injection in net/http (CVE-2019-9741) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1527: WALinuxAgent security update (Moderate)oval-com.redhat.rhsa-def-20191527 mediumRHSA-2019:1527 CVE-2019-0804
RHSA-2019:1527: WALinuxAgent security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191527 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1527, CVE-2019-0804 |
| Description | The Windows Azure Linux Agent supports provisioning and running Linux virtual machines in the Microsoft Windows Azure cloud. Security Fix(es): * WALinuxAgent: swapfile created with weak permissions (CVE-2019-0804) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1529: pki-deps:10.6 security update (Important)oval-com.redhat.rhsa-def-20191529 highRHSA-2019:1529 CVE-2018-11784 CVE-2018-8014 CVE-2018-8034 CVE-2018-8037
RHSA-2019:1529: pki-deps:10.6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191529 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1529, CVE-2018-11784, CVE-2018-8014, CVE-2018-8034, CVE-2018-8037 |
| Description | The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Security Fix(es): * tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up (CVE-2018-8037) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Open redirect in default servlet (CVE-2018-11784) * tomcat: Host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1578: libvirt security update (Moderate)oval-com.redhat.rhsa-def-20191578 mediumRHSA-2019:1578 CVE-2019-10161
RHSA-2019:1578: libvirt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191578 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1578, CVE-2019-10161 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1579: libvirt security and bug fix update (Important)oval-com.redhat.rhsa-def-20191579 highRHSA-2019:1579 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168
RHSA-2019:1579: libvirt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191579 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1579, CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Live migration fail with unsafe error when GPFS is used as shared filesystem (BZ#1715867) |
RHSA-2019:1580: virt:rhel security update (Important)oval-com.redhat.rhsa-def-20191580 highRHSA-2019:1580 CVE-2019-10161 CVE-2019-10166 CVE-2019-10167 CVE-2019-10168
RHSA-2019:1580: virt:rhel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1580, CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API (CVE-2019-10161) * libvirt: virDomainManagedSaveDefineXML API exposed to readonly clients (CVE-2019-10166) * libvirt: arbitrary command execution via virConnectGetDomainCapabilities API (CVE-2019-10167) * libvirt: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs (CVE-2019-10168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1587: python security update (Important)oval-com.redhat.rhsa-def-20191587 highRHSA-2019:1587 CVE-2019-10160
RHSA-2019:1587: python security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191587 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1587, CVE-2019-10160 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: regression of CVE-2019-9636 due to functional fix to allow port numbers in netloc (CVE-2019-10160) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1603: firefox security update (Critical)oval-com.redhat.rhsa-def-20191603 highRHSA-2019:1603 CVE-2019-11707 CVE-2019-11708
RHSA-2019:1603: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191603 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1603, CVE-2019-11707, CVE-2019-11708 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1604: firefox security update (Critical)oval-com.redhat.rhsa-def-20191604 highRHSA-2019:1604 CVE-2019-11707 CVE-2019-11708
RHSA-2019:1604: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191604 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1604, CVE-2019-11707, CVE-2019-11708 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1619: vim security update (Important)oval-com.redhat.rhsa-def-20191619 highRHSA-2019:1619 CVE-2019-12735
RHSA-2019:1619: vim security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191619 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1619, CVE-2019-12735 |
| Description | Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim/neovim: ':source!' command allows arbitrary command execution via modelines (CVE-2019-12735) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1623: thunderbird security update (Important)oval-com.redhat.rhsa-def-20191623 highRHSA-2019:1623 CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 CVE-2019-11707 CVE-2019-11708
RHSA-2019:1623: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191623 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1623, CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706, CVE-2019-11707, CVE-2019-11708 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1624: thunderbird security update (Important)oval-com.redhat.rhsa-def-20191624 highRHSA-2019:1624 CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 CVE-2019-11707 CVE-2019-11708
RHSA-2019:1624: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191624 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1624, CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706, CVE-2019-11707, CVE-2019-11708 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1626: thunderbird security update (Important)oval-com.redhat.rhsa-def-20191626 highRHSA-2019:1626 CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706 CVE-2019-11707 CVE-2019-11708
RHSA-2019:1626: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191626 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1626, CVE-2019-11703, CVE-2019-11704, CVE-2019-11705, CVE-2019-11706, CVE-2019-11707, CVE-2019-11708 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.7.2. Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * thunderbird: Stack buffer overflow in icalrecur_add_bydayrules in icalrecur.c (CVE-2019-11705) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) * thunderbird: Heap buffer over read in icalparser.c parser_get_next_char (CVE-2019-11703) * thunderbird: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c (CVE-2019-11704) * thunderbird: Type confusion in icaltimezone_get_vtimezone_properties function in icalproperty.c (CVE-2019-11706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1650: qemu-kvm security update (Low)oval-com.redhat.rhsa-def-20191650 lowRHSA-2019:1650 CVE-2019-9824
RHSA-2019:1650: qemu-kvm security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20191650 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:1650, CVE-2019-9824 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1652: libssh2 security update (Important)oval-com.redhat.rhsa-def-20191652 highRHSA-2019:1652 CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863
RHSA-2019:1652: libssh2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191652 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1652, CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3863 |
| Description | The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix(es): * libssh2: Integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * libssh2: Integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) * libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) * libssh2: Integer overflow in user authenticate keyboard interactive allows out-of-bounds writes (CVE-2019-3863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1696: firefox security update (Critical)oval-com.redhat.rhsa-def-20191696 highRHSA-2019:1696 CVE-2019-11707 CVE-2019-11708
RHSA-2019:1696: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191696 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1696, CVE-2019-11707, CVE-2019-11708 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.7.2 ESR. Security Fix(es): * Mozilla: Type confusion in Array.pop (CVE-2019-11707) * Mozilla: Sandbox escape using Prompt:Open (CVE-2019-11708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1714: bind security update (Important)oval-com.redhat.rhsa-def-20191714 highRHSA-2019:1714 CVE-2019-6471
RHSA-2019:1714: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191714 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1714, CVE-2019-6471 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1726: dbus security update (Important)oval-com.redhat.rhsa-def-20191726 highRHSA-2019:1726 CVE-2019-12749
RHSA-2019:1726: dbus security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191726 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1726, CVE-2019-12749 |
| Description | D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1763: firefox security update (Critical)oval-com.redhat.rhsa-def-20191763 highRHSA-2019:1763 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 CVE-2019-9811
RHSA-2019:1763: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191763 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1763, CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11730, CVE-2019-9811 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1764: firefox security update (Critical)oval-com.redhat.rhsa-def-20191764 highRHSA-2019:1764 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 CVE-2019-9811
RHSA-2019:1764: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191764 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1764, CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11730, CVE-2019-9811 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1765: firefox security update (Critical)oval-com.redhat.rhsa-def-20191765 highRHSA-2019:1765 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 CVE-2019-9811
RHSA-2019:1765: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20191765 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1765, CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11730, CVE-2019-9811 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.8.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1771: cyrus-imapd security update (Important)oval-com.redhat.rhsa-def-20191771 highRHSA-2019:1771 CVE-2019-11356
RHSA-2019:1771: cyrus-imapd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191771 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1771, CVE-2019-11356 |
| Description | The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fix(es): * cyrus-imapd: buffer overflow in CalDAV request handling triggered by a long iCalendar property name (CVE-2019-11356) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1774: vim security update (Important)oval-com.redhat.rhsa-def-20191774 highRHSA-2019:1774 CVE-2019-12735
RHSA-2019:1774: vim security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191774 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1774, CVE-2019-12735 |
| Description | Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim/neovim: ':source!' command allows arbitrary command execution via modelines (CVE-2019-12735) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1775: thunderbird security update (Important)oval-com.redhat.rhsa-def-20191775 highRHSA-2019:1775 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 CVE-2019-9811
RHSA-2019:1775: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191775 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1775, CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11730, CVE-2019-9811 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1777: thunderbird security update (Important)oval-com.redhat.rhsa-def-20191777 highRHSA-2019:1777 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 CVE-2019-9811
RHSA-2019:1777: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191777 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1777, CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11730, CVE-2019-9811 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1799: thunderbird security and bug fix update (Important)oval-com.redhat.rhsa-def-20191799 highRHSA-2019:1799 CVE-2019-11709 CVE-2019-11711 CVE-2019-11712 CVE-2019-11713 CVE-2019-11715 CVE-2019-11717 CVE-2019-11730 CVE-2019-9811
RHSA-2019:1799: thunderbird security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191799 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1799, CVE-2019-11709, CVE-2019-11711, CVE-2019-11712, CVE-2019-11713, CVE-2019-11715, CVE-2019-11717, CVE-2019-11730, CVE-2019-9811 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.8.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8 (CVE-2019-11709) * Mozilla: Sandbox escape via installation of malicious language pack (CVE-2019-9811) * Mozilla: Script injection within domain through inner window reuse (CVE-2019-11711) * Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects (CVE-2019-11712) * Mozilla: Use-after-free with HTTP/2 cached stream (CVE-2019-11713) * Mozilla: HTML parsing error can contribute to content XSS (CVE-2019-11715) * Mozilla: Caret character improperly escaped in origins (CVE-2019-11717) * Mozilla: Same-origin policy treats all files in a directory as having the same-origin (CVE-2019-11730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Thunderbird fails to authenticate with gmail with ssl/tls and OAuth2 (BZ#1725919) |
RHSA-2019:1810: java-11-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20191810 mediumRHSA-2019:1810 CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821
RHSA-2019:1810: java-11-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191810 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1810, CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2818, CVE-2019-2821 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) * OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1811: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20191811 mediumRHSA-2019:1811 CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842
RHSA-2019:1811: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191811 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1811, CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1815: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20191815 mediumRHSA-2019:1815 CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842
RHSA-2019:1815: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191815 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1815, CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1816: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20191816 mediumRHSA-2019:1816 CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842
RHSA-2019:1816: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191816 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1816, CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1817: java-11-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20191817 mediumRHSA-2019:1817 CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2818 CVE-2019-2821
RHSA-2019:1817: java-11-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191817 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1817, CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2818, CVE-2019-2821 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Incorrect handling of certificate status messages during TLS handshake (JSSE, 8222678) (CVE-2019-2821) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) * OpenJDK: Non-constant time comparison in ChaCha20Cipher (Security, 8221344) (CVE-2019-2818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1839: java-1.7.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20191839 mediumRHSA-2019:1839 CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842
RHSA-2019:1839: java-1.7.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191839 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1839, CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1840: java-1.7.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20191840 mediumRHSA-2019:1840 CVE-2019-2745 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-2842
RHSA-2019:1840: java-1.7.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191840 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1840, CVE-2019-2745, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-2842 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Side-channel attack risks in Elliptic Curve (EC) cryptography (Security, 8208698) (CVE-2019-2745) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511) (CVE-2019-2842) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1873: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20191873 highRHSA-2019:1873 CVE-2018-16871 CVE-2018-16884 CVE-2019-11085 CVE-2019-11811
RHSA-2019:1873: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191873 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1873, CVE-2018-16871, CVE-2018-16884, CVE-2019-11085, CVE-2019-11811 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es) and Enhancement(s): These updated kernel packages include also numerous bug fixes and add several enhancements. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/4309211 |
RHSA-2019:1880: curl security and bug fix update (Low)oval-com.redhat.rhsa-def-20191880 lowRHSA-2019:1880 CVE-2018-14618
RHSA-2019:1880: curl security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20191880 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:1880, CVE-2018-14618 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: NTLM password overflow via integer overflow (CVE-2018-14618) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * baseurl with file:// hangs and then timeout in yum repo (BZ#1709474) * curl crashes on http links with rate-limit (BZ#1711914) |
RHSA-2019:1881: qemu-kvm-ma security and bug fix update (Important)oval-com.redhat.rhsa-def-20191881 highRHSA-2019:1881 CVE-2018-20815
RHSA-2019:1881: qemu-kvm-ma security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191881 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1881, CVE-2018-20815 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: device_tree: heap buffer overflow while loading device tree blob (CVE-2018-20815) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * As newer machine remove csske feature, detection of the processor fail and machine used old version as fallback. This update make feature conditional so detection of newer cpu works properly. (BZ#1720262) |
RHSA-2019:1883: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20191883 highRHSA-2019:1883 CVE-2019-6778
RHSA-2019:1883: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191883 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1883, CVE-2019-6778 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1884: libssh2 security update (Moderate)oval-com.redhat.rhsa-def-20191884 mediumRHSA-2019:1884 CVE-2019-3862
RHSA-2019:1884: libssh2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191884 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1884, CVE-2019-3862 |
| Description | The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix(es): * libssh2: Out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1891: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20191891 highRHSA-2019:1891 CVE-2018-16871 CVE-2018-16884 CVE-2019-11085 CVE-2019-11811
RHSA-2019:1891: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191891 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1891, CVE-2018-16871, CVE-2018-16884, CVE-2019-11085, CVE-2019-11811 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL7.6.z batch#6 source tree (BZ#1718400) |
RHSA-2019:1896: 389-ds-base security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20191896 mediumRHSA-2019:1896 CVE-2019-3883
RHSA-2019:1896: 389-ds-base security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191896 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1896, CVE-2019-3883 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: DoS via hanging secured connections (CVE-2019-3883) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, if you were using the PAM plugin and attempted to bind as a dn that doesn't exist, the server would crash. This has now been fixed. (BZ#1718184) |
RHSA-2019:1898: httpd security update (Low)oval-com.redhat.rhsa-def-20191898 lowRHSA-2019:1898 CVE-2018-1312
RHSA-2019:1898: httpd security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20191898 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:1898, CVE-2018-1312 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Weak Digest auth nonce generation in mod_auth_digest (CVE-2018-1312) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:1931: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20191931 highRHSA-2019:1931 CVE-2017-1000112
RHSA-2019:1931: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191931 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1931, CVE-2017-1000112 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Exploitable memory corruption due to UFO to non-UFO path switch (CVE-2017-1000112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL5.11 - Include backport of CVE Spectre V2 mitigation patch for s390x for kernel (BZ#1571905) Users of kernel are advised to upgrade to these updated packages, which fix this bug. |
RHSA-2019:1951: nss and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20191951 mediumRHSA-2019:1951 CVE-2018-18508 CVE-2019-11719 CVE-2019-11727 CVE-2019-11729 CVE-2019-17007
RHSA-2019:1951: nss and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20191951 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:1951, CVE-2018-18508, CVE-2019-11719, CVE-2019-11727, CVE-2019-11729, CVE-2019-17007 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.44.0), nspr (4.21.0). (BZ#1713187, BZ#1713188) Security Fix(es): * nss: NULL pointer dereference in several CMS functions resulting in a denial of service (CVE-2018-18508) * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * PQG verify fails when create DSA PQG parameters because the counts aren't returned correctly. (BZ#1685325) * zeroization of AES context missing (BZ#1719629) * RSA Pairwise consistency test (BZ#1719630) * FIPS updated for nss-softoken POST (BZ#1722373) * DH/ECDH key tests missing for the PG parameters (BZ#1722374) * NSS should implement continuous random test on it's seed data or use the kernel AF_ALG interface for random (BZ#1725059) * support setting supported signature algorithms in strsclnt utility (BZ#1725110) * certutil -F with no parameters is killed with segmentation fault message (BZ#1725115) * NSS: Support for IKE/IPsec typical PKIX usage so libreswan can use nss without rejecting certs based on EKU (BZ#1725116) * NSS should use getentropy() for seeding its RNG, not /dev/urandom. Needs update to NSS 3.37 (BZ#1725117) * Disable TLS 1.3 in FIPS mode (BZ#1725773) * Wrong alert sent when client uses PKCS#1 signatures in TLS 1.3 (BZ#1728259) * x25519 allowed in FIPS mode (BZ#1728260) * post handshake authentication with selfserv does not work if SSL_ENABLE_SESSION_TICKETS is set (BZ#1728261) Enhancement(s): * Move IKEv1 and IKEv2 KDF's from libreswan to nss-softkn (BZ#1719628) |
RHSA-2019:1959: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20191959 highRHSA-2019:1959 CVE-2018-20784 CVE-2019-11085 CVE-2019-11810 CVE-2019-11811
RHSA-2019:1959: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191959 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1959, CVE-2018-20784, CVE-2019-11085, CVE-2019-11810, CVE-2019-11811 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)
* kernel: DMA attack using peripheral devices (Thunderclap) (BZ#1690716)
* kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)
* kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)
* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [DELL 8.0 z-stream BUG] - "CPU unsupported" message with CFL-H/S 8+2 due to updated Stepping (BZ#1711048)
* RHEL8.0 Snapshot4 - [LTC Test] Guest crashes during vfio device hot-plug/un-plug operations. (kvm) (BZ#1714746)
* Using Transactional Memory (TM) in a Guest Locks-up Host Core on a Power9 System (BZ#1714751)
* VRSAVE register not properly saved and restored (BZ#1714753)
* Fix potential spectre gadget in arch/s390/kvm/interrupt.c (BZ#1714754)
* RHEL8.0 RC2 - kernel/KVM - count cache flush Spectre v2 mitigation (required for POWER9 DD2.3) (BZ#1715018)
* iommu/amd: Set exclusion range correctly (BZ#1715336)
* RHEL8.0 - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (BZ#1715337)
* cross compile builds are broken (BZ#1715339)
* Patch generated by 'make rh-test-patch' doesn't get applied during build (BZ#1715340)
* hard lockup panic in during execution of CFS bandwidth period timer (BZ#1715345)
* perf annotate -P does not give full paths (BZ#1716887)
* [Dell EMC 8.0 BUG] File system corrupting with I/O Stress on H330 PERC on AMD Systems if IOMMU passthrough is disabled (BZ#1717344)
* Fix Spectre v1 gadgets in drivers/gpu/drm/drm_bufs.c and drivers/gpu/drm/drm_ioctl.c (BZ#1717382)
* BUG: SELinux doesn't handle NFS crossmnt well (BZ#1717777)
* krb5{,i,p} doesn't work with older enctypes on aarch64 (BZ#1717800)
* [RHEL-8.0][s390x]ltp-lite mtest06 testing hits EWD due to: rcu: INFO: rcu_sched self-detected stall on CPU (BZ#1717801)
* RHEL 8 Snapshot-6: CN1200E SW iSCSI I/O performance degradation after a SCSI device/target reset rhel-8.0.0.z] (BZ#1717804)
* dm cache metadata: Fix loading discard bitset (BZ#1717868)
* jit'd java code on power9 ppc64le experiences stack corruption (BZ#1717869)
* BUG: connect(AF_UNSPEC, ...) on a connected socket returns an error (BZ#1717870)
* mm: BUG: unable to handle kernel paging request at 0000000057ac6e9d (BZ#1718237)
* [HPE 8.0 BUG] DCPMM fsdax boot initialization takes a long time causing auto-mount to fail (BZ#1719635)
* AMD Rome: WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/mcheck/mce.c:1510 mcheck_cpu_init+0x7a/0x460 (BZ#1721233)
* [RHEL8.1] AMD Rome: EDAC amd64: Error: F0 not found, device 0x1460 (broken BIOS?) (BZ#1722365)
* AMD Rome: Intermittent NMI received for unknown reason (BZ#1722367)
* [DELL 8.0 BUG] - "CPU unsupported" message with WHL-U due to updated Stepping (BZ#1722372)
Enhancement(s):
* RHEL 8 - AMD Rome Support (BZ#1721972)
Users of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.
|
RHSA-2019:1971: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20191971 highRHSA-2019:1971 CVE-2018-20784 CVE-2019-11085 CVE-2019-11810 CVE-2019-11811
RHSA-2019:1971: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191971 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1971, CVE-2018-20784, CVE-2019-11085, CVE-2019-11810, CVE-2019-11811 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085) * kernel: DMA attack using peripheral devices (Thunderclap) (BZ#1690716) * kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) * kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL8.0.z batch#2 source tree (BZ#1717516) |
RHSA-2019:1972: ruby:2.5 security update (Important)oval-com.redhat.rhsa-def-20191972 highRHSA-2019:1972 CVE-2019-8324
RHSA-2019:1972: ruby:2.5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20191972 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:1972, CVE-2019-8324 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * rubygems: Installing a malicious gem may lead to arbitrary code execution (CVE-2019-8324) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2002: redis:5 security update (Important)oval-com.redhat.rhsa-def-20192002 highRHSA-2019:2002 CVE-2019-10192 CVE-2019-10193
RHSA-2019:2002: redis:5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192002 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2002, CVE-2019-10192, CVE-2019-10193 |
| Description | Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix(es): * redis: Heap buffer overflow in HyperLogLog triggered by malicious client (CVE-2019-10192) * redis: Stack buffer overflow in HyperLogLog triggered by malicious client (CVE-2019-10193) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2003: icedtea-web security update (Important)oval-com.redhat.rhsa-def-20192003 highRHSA-2019:2003 CVE-2019-10181 CVE-2019-10182 CVE-2019-10185
RHSA-2019:2003: icedtea-web security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2003, CVE-2019-10181, CVE-2019-10182, CVE-2019-10185 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. Security Fix(es): * icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite (CVE-2019-10182) * icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite (CVE-2019-10185) * icedtea-web: unsigned code injection in a signed JAR file (CVE-2019-10181) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2004: icedtea-web security update (Important)oval-com.redhat.rhsa-def-20192004 highRHSA-2019:2004 CVE-2019-10181 CVE-2019-10182 CVE-2019-10185
RHSA-2019:2004: icedtea-web security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192004 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2004, CVE-2019-10181, CVE-2019-10182, CVE-2019-10185 |
| Description | The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. IcedTea-Web now also contains PolicyEditor - a simple tool to configure Java policies. Security Fix(es): * icedtea-web: path traversal while processing <jar/> elements of JNLP files results in arbitrary file overwrite (CVE-2019-10182) * icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite (CVE-2019-10185) * icedtea-web: unsigned code injection in a signed JAR file (CVE-2019-10181) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2017: zsh security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192017 mediumRHSA-2019:2017 CVE-2018-13259
RHSA-2019:2017: zsh security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192017 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2017, CVE-2018-13259 |
| Description | The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: Improper handling of shebang line longer than 64 (CVE-2018-13259) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2022: poppler security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192022 mediumRHSA-2019:2022 CVE-2018-16646 CVE-2018-18897 CVE-2018-19058 CVE-2018-19059 CVE-2018-19060 CVE-2018-19149 CVE-2018-20481 CVE-2018-20650 CVE-2018-20662 CVE-2019-7310 CVE-2019-9200 CVE-2019-9631
RHSA-2019:2022: poppler security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192022 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2022, CVE-2018-16646, CVE-2018-18897, CVE-2018-19058, CVE-2018-19059, CVE-2018-19060, CVE-2018-19149, CVE-2018-20481, CVE-2018-20650, CVE-2018-20662, CVE-2019-7310, CVE-2019-9200, CVE-2019-9631 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince or Okular. Security Fix(es): * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * poppler: infinite recursion in Parser::getObj function in Parser.cc (CVE-2018-16646) * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * poppler: reachable abort in Object.h (CVE-2018-19058) * poppler: out-of-bounds read in EmbFile::save2 in FileSpec.cc (CVE-2018-19059) * poppler: pdfdetach utility does not validate save paths (CVE-2018-19060) * poppler: NULL pointer dereference in _poppler_attachment_new (CVE-2018-19149) * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) * poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650) * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662) * poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2028: ruby security update (Moderate)oval-com.redhat.rhsa-def-20192028 mediumRHSA-2019:2028 CVE-2017-17742 CVE-2018-1000073 CVE-2018-1000074 CVE-2018-1000075 CVE-2018-1000076 CVE-2018-1000077 CVE-2018-1000078 CVE-2018-1000079 CVE-2018-16396 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780
RHSA-2019:2028: ruby security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192028 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2028, CVE-2017-17742, CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2018-16396, CVE-2018-6914, CVE-2018-8777, CVE-2018-8778, CVE-2018-8779, CVE-2018-8780 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * ruby: HTTP response splitting in WEBrick (CVE-2017-17742) * ruby: DoS by large request in WEBrick (CVE-2018-8777) * ruby: Buffer under-read in String#unpack (CVE-2018-8778) * ruby: Unintentional directory traversal by poisoned NULL byte in Dir (CVE-2018-8780) * ruby: Tainted flags are not propagated in Array#pack and String#unpack with some directives (CVE-2018-16396) * rubygems: Path traversal when writing to a symlinked basedir outside of the root (CVE-2018-1000073) * rubygems: Unsafe Object Deserialization Vulnerability in gem owner allowing arbitrary code execution on specially crafted YAML (CVE-2018-1000074) * rubygems: Improper verification of signatures in tarball allows to install mis-signed gem (CVE-2018-1000076) * rubygems: Missing URL validation on spec home attribute allows malicious gem to set an invalid homepage URL (CVE-2018-1000077) * rubygems: XSS vulnerability in homepage attribute when displayed via gem server (CVE-2018-1000078) * rubygems: Path traversal issue during gem installation allows to write to arbitrary filesystem locations (CVE-2018-1000079) * ruby: Unintentional file and directory creation with directory traversal in tempfile and tmpdir (CVE-2018-6914) * ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket (CVE-2018-8779) * rubygems: Infinite loop vulnerability due to negative size in tar header causes Denial of Service (CVE-2018-1000075) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2029: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20192029 highRHSA-2019:2029 CVE-2018-10853 CVE-2018-13053 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14625 CVE-2018-14734 CVE-2018-15594 CVE-2018-16658 CVE-2018-16885 CVE-2018-18281 CVE-2018-19824 CVE-2018-7755 CVE-2018-8087 CVE-2018-9363 CVE-2018-9516 CVE-2018-9517 CVE-2019-10140 CVE-2019-11599 CVE-2019-11810 CVE-2019-11833 CVE-2019-15927 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-3900 CVE-2019-5489 CVE-2019-7222 CVE-2019-9456
RHSA-2019:2029: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192029 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2029, CVE-2018-10853, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-14625, CVE-2018-14734, CVE-2018-15594, CVE-2018-16658, CVE-2018-16885, CVE-2018-18281, CVE-2018-19824, CVE-2018-7755, CVE-2018-8087, CVE-2018-9363, CVE-2018-9516, CVE-2018-9517, CVE-2019-10140, CVE-2019-11599, CVE-2019-11810, CVE-2019-11833, CVE-2019-15927, CVE-2019-3459, CVE-2019-3460, CVE-2019-3882, CVE-2019-3900, CVE-2019-5489, CVE-2019-7222, CVE-2019-9456 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Buffer overflow in hidp_process_report (CVE-2018-9363) * kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) * kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625) * kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c (CVE-2018-14734) * kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594) * kernel: TLB flush happens too late on mremap (CVE-2018-18281) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c (CVE-2018-7755) * kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087) * kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c (CVE-2018-9516) * kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053) * kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093) * kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094) * kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095) * kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658) * kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2030: python security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192030 mediumRHSA-2019:2030 CVE-2018-14647 CVE-2019-5010 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948
RHSA-2019:2030: python security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192030 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2030, CVE-2018-14647, CVE-2019-5010, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Missing salt initialization in _elementtree.c module (CVE-2018-14647) * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2033: patch security and bug fix update (Low)oval-com.redhat.rhsa-def-20192033 lowRHSA-2019:2033 CVE-2016-10713 CVE-2018-6952
RHSA-2019:2033: patch security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192033 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2033, CVE-2016-10713, CVE-2018-6952 |
| Description | The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es): * patch: Out-of-bounds access in pch_write_line function in pch.c (CVE-2016-10713) * patch: Double free of memory in pch.c:another_hunk() causes a crash (CVE-2018-6952) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2035: python-requests security update (Low)oval-com.redhat.rhsa-def-20192035 lowRHSA-2019:2035 CVE-2018-18074
RHSA-2019:2035: python-requests security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192035 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2035, CVE-2018-18074 |
| Description | The python-requests package contains a library designed to make HTTP requests easy for developers. Security Fix(es): * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2037: fence-agents security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192037 mediumRHSA-2019:2037 CVE-2019-10153
RHSA-2019:2037: fence-agents security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192037 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2037, CVE-2019-10153 |
| Description | The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): * fence-agents: mis-handling of non-ASCII characters in guest comment fields (CVE-2019-10153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2043: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20192043 highRHSA-2019:2043 CVE-2018-10853 CVE-2018-13053 CVE-2018-13093 CVE-2018-13094 CVE-2018-13095 CVE-2018-14625 CVE-2018-14734 CVE-2018-15594 CVE-2018-16658 CVE-2018-16885 CVE-2018-18281 CVE-2018-7755 CVE-2018-8087 CVE-2018-9363 CVE-2018-9516 CVE-2018-9517 CVE-2019-10140 CVE-2019-11599 CVE-2019-11810 CVE-2019-11833 CVE-2019-3459 CVE-2019-3460 CVE-2019-3882 CVE-2019-3900 CVE-2019-5489 CVE-2019-7222 CVE-2019-9456
RHSA-2019:2043: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192043 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2043, CVE-2018-10853, CVE-2018-13053, CVE-2018-13093, CVE-2018-13094, CVE-2018-13095, CVE-2018-14625, CVE-2018-14734, CVE-2018-15594, CVE-2018-16658, CVE-2018-16885, CVE-2018-18281, CVE-2018-7755, CVE-2018-8087, CVE-2018-9363, CVE-2018-9516, CVE-2018-9517, CVE-2019-10140, CVE-2019-11599, CVE-2019-11810, CVE-2019-11833, CVE-2019-3459, CVE-2019-3460, CVE-2019-3882, CVE-2019-3900, CVE-2019-5489, CVE-2019-7222, CVE-2019-9456 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Buffer overflow in hidp_process_report (CVE-2018-9363) * kernel: l2tp: Race condition between pppol2tp_session_create() and l2tp_eth_create() (CVE-2018-9517) * kernel: kvm: guest userspace to guest kernel write (CVE-2018-10853) * kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625) * kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c (CVE-2018-14734) * kernel: Mishandling of indirect calls weakens Spectre mitigation for paravirtual guests (CVE-2018-15594) * kernel: TLB flush happens too late on mremap (CVE-2018-18281) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c (CVE-2018-7755) * kernel: Memory leak in drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() can lead to potential denial of service (CVE-2018-8087) * kernel: HID: debug: Buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c (CVE-2018-9516) * kernel: Integer overflow in the alarm_timer_nsleep function (CVE-2018-13053) * kernel: NULL pointer dereference in lookup_slow function (CVE-2018-13093) * kernel: NULL pointer dereference in xfs_da_shrink_inode function (CVE-2018-13094) * kernel: NULL pointer dereference in fs/xfs/libxfs/xfs_inode_buf.c (CVE-2018-13095) * kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658) * kernel: out-of-bound read in memcpy_fromiovecend() (CVE-2018-16885) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2046: polkit security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192046 mediumRHSA-2019:2046 CVE-2018-19788
RHSA-2019:2046: polkit security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192046 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2046, CVE-2018-19788 |
| Description | The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2047: libcgroup security update (Moderate)oval-com.redhat.rhsa-def-20192047 mediumRHSA-2019:2047 CVE-2018-14348
RHSA-2019:2047: libcgroup security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192047 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2047, CVE-2018-14348 |
| Description | The libcgroup packages provide tools and libraries to control and monitor control groups. Security Fix(es): * libcgroup: cgrulesengd creates log files with insecure permissions (CVE-2018-14348) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2048: exempi security update (Low)oval-com.redhat.rhsa-def-20192048 lowRHSA-2019:2048 CVE-2017-18233 CVE-2017-18234 CVE-2017-18236 CVE-2017-18238 CVE-2018-7730
RHSA-2019:2048: exempi security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192048 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2048, CVE-2017-18233, CVE-2017-18234, CVE-2017-18236, CVE-2017-18238, CVE-2018-7730 |
| Description | Exempi provides a library for easy parsing of XMP metadata. It is a port of Adobe XMP SDK to work on UNIX and to be build with GNU automake. It includes XMPCore and XMPFiles. Security Fix(es): * exempi: Infinite Loop in Chunk class in XMPFiles/source/FormatSupport/RIFF.cpp (CVE-2017-18233) * exempi: Use after free via a PDF file containing JPEG data (CVE-2017-18234) * exempi: Infinite loop in ASF_Support::ReadHeaderObject function in XMPFiles/source/FormatSupport/ASF_Support.cpp (CVE-2017-18236) * exempi: Infinite loop in TradQT_Manager::ParseCachedBoxes function in XMPFiles/source/FormatSupport/QuickTime_Support.cpp (CVE-2017-18238) * exempi: Heap-based buffer overflow in PSD_MetaHandler::CacheFileData function in XMPFiles/source/FormatSupport/PSIR_FileWriter.cpp allows for denial of service via crafted XLS file (CVE-2018-7730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2049: libmspack security update (Moderate)oval-com.redhat.rhsa-def-20192049 mediumRHSA-2019:2049 CVE-2018-18584 CVE-2018-18585
RHSA-2019:2049: libmspack security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192049 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2049, CVE-2018-18584, CVE-2018-18585 |
| Description | The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es): * libmspack: Out-of-bounds write in mspack/cab.h (CVE-2018-18584) * libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes (CVE-2018-18585) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2051: compat-libtiff3 security update (Low)oval-com.redhat.rhsa-def-20192051 lowRHSA-2019:2051 CVE-2018-7456
RHSA-2019:2051: compat-libtiff3 security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192051 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2051, CVE-2018-7456 |
| Description | The compat-libtiff3 package provides libtiff 3, an older version of libtiff library for manipulating TIFF (Tagged Image File Format) image format files. Security Fix(es): * libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2052: libjpeg-turbo security update (Moderate)oval-com.redhat.rhsa-def-20192052 mediumRHSA-2019:2052 CVE-2016-3616 CVE-2018-11212 CVE-2018-11213 CVE-2018-11214 CVE-2018-11813 CVE-2018-14498
RHSA-2019:2052: libjpeg-turbo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192052 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2052, CVE-2016-3616, CVE-2018-11212, CVE-2018-11213, CVE-2018-11214, CVE-2018-11813, CVE-2018-14498 |
| Description | The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg: null pointer dereference in cjpeg (CVE-2016-3616) * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) * libjpeg-turbo: Divide By Zero in alloc_sarray function in jmemmgr.c (CVE-2018-11212) * libjpeg: Segmentation fault in get_text_gray_row function in rdppm.c (CVE-2018-11213) * libjpeg: Segmentation fault in get_text_rgb_row function in rdppm.c (CVE-2018-11214) * libjpeg: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF (CVE-2018-11813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2053: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20192053 mediumRHSA-2019:2053 CVE-2016-3186 CVE-2018-10779 CVE-2018-10963 CVE-2018-12900 CVE-2018-17100 CVE-2018-17101 CVE-2018-18557 CVE-2018-18661 CVE-2018-7456 CVE-2018-8905
RHSA-2019:2053: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192053 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2053, CVE-2016-3186, CVE-2018-10779, CVE-2018-10963, CVE-2018-12900, CVE-2018-17100, CVE-2018-17101, CVE-2018-18557, CVE-2018-18661, CVE-2018-7456, CVE-2018-8905 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: buffer overflow in gif2tiff (CVE-2016-3186) * libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution (CVE-2018-12900) * libtiff: Out-of-bounds write in tif_jbig.c (CVE-2018-18557) * libtiff: NULL pointer dereference in tif_print.c:TIFFPrintDirectory() causes a denial of service (CVE-2018-7456) * libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service (CVE-2018-8905) * libtiff: heap-based buffer over-read in TIFFWriteScanline function in tif_write.c (CVE-2018-10779) * libtiff: reachable assertion in TIFFWriteDirectorySec function in tif_dirwrite.c (CVE-2018-10963) * libtiff: Integer overflow in multiply_ms in tools/ppm2tiff.c (CVE-2018-17100) * libtiff: Two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c (CVE-2018-17101) * libtiff: tiff2bw tool failed memory allocation leads to crash (CVE-2018-18661) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2057: bind security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192057 mediumRHSA-2019:2057 CVE-2018-5741
RHSA-2019:2057: bind security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192057 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2057, CVE-2018-5741 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The following packages have been upgraded to a later upstream version: bind (9.11.4). (BZ#1640561) Security Fix(es): * bind: Incorrect documentation of krb5-subdomain and ms-subdomain update policies (CVE-2018-5741) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2060: dhcp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192060 mediumRHSA-2019:2060 CVE-2019-6470
RHSA-2019:2060: dhcp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192060 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2060, CVE-2019-6470 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: double-deletion of the released addresses in the dhcpv6 code leading to crash and possible DoS (CVE-2019-6470) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2075: binutils security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192075 mediumRHSA-2019:2075 CVE-2018-1000876 CVE-2018-12641 CVE-2018-12697
RHSA-2019:2075: binutils security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192075 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2075, CVE-2018-1000876, CVE-2018-12641, CVE-2018-12697 |
| Description | The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: integer overflow leads to heap-based buffer overflow in objdump (CVE-2018-1000876) * binutils: Stack Exhaustion in the demangling functions provided by libiberty (CVE-2018-12641) * binutils: NULL pointer dereference in work_stuff_copy_to_from in cplus-dem.c. (CVE-2018-12697) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2077: ntp security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20192077 lowRHSA-2019:2077 CVE-2018-12327
RHSA-2019:2077: ntp security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192077 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2077, CVE-2018-12327 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * ntp: Stack-based buffer overflow in ntpq and ntpdc allows denial of service or code execution (CVE-2018-12327) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2078: qemu-kvm security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20192078 lowRHSA-2019:2078 CVE-2019-9824
RHSA-2019:2078: qemu-kvm security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192078 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2078, CVE-2019-9824 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: Slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2079: Xorg security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192079 mediumRHSA-2019:2079 CVE-2018-14598 CVE-2018-14599 CVE-2018-14600 CVE-2018-15853 CVE-2018-15854 CVE-2018-15855 CVE-2018-15856 CVE-2018-15857 CVE-2018-15859 CVE-2018-15861 CVE-2018-15862 CVE-2018-15863 CVE-2018-15864
RHSA-2019:2079: Xorg security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192079 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2079, CVE-2018-14598, CVE-2018-14599, CVE-2018-14600, CVE-2018-15853, CVE-2018-15854, CVE-2018-15855, CVE-2018-15856, CVE-2018-15857, CVE-2018-15859, CVE-2018-15861, CVE-2018-15862, CVE-2018-15863, CVE-2018-15864 |
| Description | X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * libX11: Crash on invalid reply in XListExtensions in ListExt.c (CVE-2018-14598) * libX11: Off-by-one error in XListExtensions in ListExt.c (CVE-2018-14599) * libX11: Out of Bounds write in XListExtensions in ListExt.c (CVE-2018-14600) * libxkbcommon: Invalid free in ExprAppendMultiKeysymList resulting in a crash (CVE-2018-15857) * libxkbcommon: Endless recursion in xkbcomp/expr.c resulting in a crash (CVE-2018-15853) * libxkbcommon: NULL pointer dereference resulting in a crash (CVE-2018-15854) * libxkbcommon: NULL pointer dereference when handling xkb_geometry (CVE-2018-15855) * libxkbcommon: Infinite loop when reaching EOL unexpectedly resulting in a crash (CVE-2018-15856) * libxkbcommon: NULL pointer dereference when parsing invalid atoms in ExprResolveLhs resulting in a crash (CVE-2018-15859) * libxkbcommon: NULL pointer dereference in ExprResolveLhs resulting in a crash (CVE-2018-15861) * libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash (CVE-2018-15862) * libxkbcommon: NULL pointer dereference in ResolveStateAndPredicate resulting in a crash (CVE-2018-15863) * libxkbcommon: NULL pointer dereference in resolve_keysym resulting in a crash (CVE-2018-15864) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2091: systemd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192091 mediumRHSA-2019:2091 CVE-2018-15686 CVE-2018-16866 CVE-2018-16888
RHSA-2019:2091: systemd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192091 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2091, CVE-2018-15686, CVE-2018-16866, CVE-2018-16888 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: line splitting via fgets() allows for state injection during daemon-reexec (CVE-2018-15686) * systemd: out-of-bounds read when parsing a crafted syslog message (CVE-2018-16866) * systemd: kills privileged process if unprivileged PIDFile was tampered (CVE-2018-16888) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2097: perl-Archive-Tar security update (Moderate)oval-com.redhat.rhsa-def-20192097 mediumRHSA-2019:2097 CVE-2018-12015
RHSA-2019:2097: perl-Archive-Tar security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192097 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2097, CVE-2018-12015 |
| Description | The Archive::Tar module provides a mechanism for Perl scripts to manipulate tar archive files. Security Fix(es): * perl: Directory traversal in Archive::Tar (CVE-2018-12015) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2099: samba security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192099 mediumRHSA-2019:2099 CVE-2019-3880
RHSA-2019:2099: samba security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192099 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2099, CVE-2019-3880 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.9.1). (BZ#1649434) Security Fix(es): * samba: save registry file outside share as unprivileged user (CVE-2019-3880) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2101: exiv2 security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20192101 lowRHSA-2019:2101 CVE-2017-17724 CVE-2018-10772 CVE-2018-10958 CVE-2018-10998 CVE-2018-10999 CVE-2018-11037 CVE-2018-12264 CVE-2018-12265 CVE-2018-14046 CVE-2018-17282 CVE-2018-17581 CVE-2018-18915 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-19607 CVE-2018-20096 CVE-2018-20097 CVE-2018-20098 CVE-2018-20099 CVE-2018-4868 CVE-2018-8976 CVE-2018-8977 CVE-2018-9305 CVE-2019-9143
RHSA-2019:2101: exiv2 security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192101 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2101, CVE-2017-17724, CVE-2018-10772, CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11037, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-17282, CVE-2018-17581, CVE-2018-18915, CVE-2018-19107, CVE-2018-19108, CVE-2018-19535, CVE-2018-19607, CVE-2018-20096, CVE-2018-20097, CVE-2018-20098, CVE-2018-20099, CVE-2018-4868, CVE-2018-8976, CVE-2018-8977, CVE-2018-9305, CVE-2019-9143 |
| Description | The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.0). (BZ#1652637) Security Fix(es): * exiv2: heap-buffer-overflow in Exiv2::IptcData::printStructure in src/iptc.cpp (CVE-2017-17724) * exiv2: out-of-bounds read in Exiv2::Internal::stringFormat image.cpp (CVE-2018-8976) * exiv2: invalid memory access in Exiv2::Internal::printCsLensFFFF function in canonmn_int.cpp (CVE-2018-8977) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772) * exiv2: SIGABRT caused by memory allocation in types.cpp:Exiv2::Internal::PngChunk::zlibUncompress() (CVE-2018-10958) * exiv2: SIGABRT by triggering an incorrect Safe::add call (CVE-2018-10998) * exiv2: information leak via a crafted file (CVE-2018-11037) * exiv2: integer overflow in getData function in preview.cpp (CVE-2018-12264) * exiv2: integer overflow in the LoaderExifJpeg class in preview.cpp (CVE-2018-12265) * exiv2: heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp (CVE-2018-14046) * exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282) * exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581) * exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915) * exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107) * exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108) * exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535) * exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607) * exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096) * exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097) * exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098) * exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2110: rsyslog security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192110 mediumRHSA-2019:2110 CVE-2018-16881
RHSA-2019:2110: rsyslog security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192110 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2110, CVE-2018-16881 |
| Description | The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix(es): * rsyslog: imptcp: integer overflow when Octet-Counted TCP Framing is enabled (CVE-2018-16881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2112: mod_auth_openidc security update (Moderate)oval-com.redhat.rhsa-def-20192112 mediumRHSA-2019:2112 CVE-2017-6059 CVE-2017-6413
RHSA-2019:2112: mod_auth_openidc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192112 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2112, CVE-2017-6059, CVE-2017-6413 |
| Description | mod_auth_openidc enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: OIDC_CLAIM and OIDCAuthNHeader not skipped in an "AuthType oauth20" configuration (CVE-2017-6413) * mod_auth_openidc: Shows user-supplied content on error pages (CVE-2017-6059) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2118: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192118 mediumRHSA-2019:2118 CVE-2016-10739
RHSA-2019:2118: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192118 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2118, CVE-2016-10739 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2125: ovmf security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192125 mediumRHSA-2019:2125 CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-12181 CVE-2018-3613 CVE-2018-5407 CVE-2019-0160 CVE-2019-0161
RHSA-2019:2125: ovmf security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192125 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2125, CVE-2017-5731, CVE-2017-5732, CVE-2017-5733, CVE-2017-5734, CVE-2017-5735, CVE-2018-12181, CVE-2018-3613, CVE-2018-5407, CVE-2019-0160, CVE-2019-0161 |
| Description | OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Privilege escalation via processing of malformed files in TianoCompress.c (CVE-2017-5731) * edk2: Privilege escalation via processing of malformed files in BaseUefiDecompressLib.c (CVE-2017-5732) * edk2: Privilege escalation via heap-based buffer overflow in MakeTable() function (CVE-2017-5733) * edk2: Privilege escalation via stack-based buffer overflow in MakeTable() function (CVE-2017-5734) * edk2: Privilege escalation via heap-based buffer overflow in Decode() function (CVE-2017-5735) * edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users (CVE-2018-3613) * openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash) (CVE-2018-5407) * edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181) * edk2: buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160) * edk2: stack overflow in XHCI causing denial of service (CVE-2019-0161) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2126: libwpd security update (Low)oval-com.redhat.rhsa-def-20192126 lowRHSA-2019:2126 CVE-2018-19208
RHSA-2019:2126: libwpd security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192126 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2126, CVE-2018-19208 |
| Description | libwpd is a library for reading and converting Corel WordPerfect Office documents. Security Fix(es): * libwpd: NULL pointer dereference in the function WP6ContentListener::defineTable in WP6ContentListener.cpp (CVE-2018-19208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2130: libreoffice security and bug fix update (Low)oval-com.redhat.rhsa-def-20192130 lowRHSA-2019:2130 CVE-2018-16858
RHSA-2019:2130: libreoffice security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192130 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2130, CVE-2018-16858 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning (CVE-2018-16858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2135: qt5 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192135 mediumRHSA-2019:2135 CVE-2018-15518 CVE-2018-19869 CVE-2018-19870 CVE-2018-19871 CVE-2018-19873
RHSA-2019:2135: qt5 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2135, CVE-2018-15518, CVE-2018-19869, CVE-2018-19870, CVE-2018-19871, CVE-2018-19873 |
| Description | Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. The following packages have been upgraded to a later upstream version: qt5-qt3d (5.9.7), qt5-qtbase (5.9.7), qt5-qtcanvas3d (5.9.7), qt5-qtconnectivity (5.9.7), qt5-qtdeclarative (5.9.7), qt5-qtdoc (5.9.7), qt5-qtgraphicaleffects (5.9.7), qt5-qtimageformats (5.9.7), qt5-qtlocation (5.9.7), qt5-qtmultimedia (5.9.7), qt5-qtquickcontrols (5.9.7), qt5-qtquickcontrols2 (5.9.7), qt5-qtscript (5.9.7), qt5-qtsensors (5.9.7), qt5-qtserialbus (5.9.7), qt5-qtserialport (5.9.7), qt5-qtsvg (5.9.7), qt5-qttools (5.9.7), qt5-qttranslations (5.9.7), qt5-qtwayland (5.9.7), qt5-qtwebchannel (5.9.7), qt5-qtwebsockets (5.9.7), qt5-qtx11extras (5.9.7), qt5-qtxmlpatterns (5.9.7). (BZ#1564000, BZ#1564001, BZ#1564002, BZ#1564003, BZ#1564004, BZ#1564006, BZ#1564007, BZ#1564008, BZ#1564009, BZ#1564010, BZ#1564011, BZ#1564012, BZ#1564013, BZ#1564014, BZ#1564015, BZ#1564016, BZ#1564017, BZ#1564018, BZ#1564019, BZ#1564020, BZ#1564021, BZ#1564022, BZ#1564023, BZ#1564024) Security Fix(es): * qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518) * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) * qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870) * qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2136: libssh2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192136 mediumRHSA-2019:2136 CVE-2019-3858 CVE-2019-3861
RHSA-2019:2136: libssh2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192136 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2136, CVE-2019-3858, CVE-2019-3861 |
| Description | The libssh2 packages provide a library that implements the SSH2 protocol. The following packages have been upgraded to a later upstream version: libssh2 (1.8.0). (BZ#1592784) Security Fix(es): * libssh2: Zero-byte allocation with a specially crafted SFTP packed leading to an out-of-bounds read (CVE-2019-3858) * libssh2: Out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2137: keycloak-httpd-client-install security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20192137 lowRHSA-2019:2137 CVE-2017-15111 CVE-2017-15112
RHSA-2019:2137: keycloak-httpd-client-install security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192137 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2137, CVE-2017-15111, CVE-2017-15112 |
| Description | The keycloak-httpd-client-install packages provide various libraries and tools that can automate and simplify the configuration of Apache httpd authentication modules when registering as a Red Hat Single Sign-On (RH-SSO, also called Keycloak) federated Identity Provider (IdP) client. The following packages have been upgraded to a later upstream version: keycloak-httpd-client-install (0.8). (BZ#1673716) Security Fix(es): * keycloak-httpd-client-install: unsafe /tmp log file in --log-file option in keycloak_cli.py (CVE-2017-15111) * keycloak-httpd-client-install: unsafe use of -p/--admin-password on command line (CVE-2017-15112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2141: kde-workspace security and bug fix update (Low)oval-com.redhat.rhsa-def-20192141 lowRHSA-2019:2141 CVE-2018-6790
RHSA-2019:2141: kde-workspace security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192141 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2141, CVE-2018-6790 |
| Description | The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. The kde-workspace packages consist of components providing the KDE graphical desktop environment. Security Fix(es): * kde-workspace: Missing sanitization of notifications allows to leak client IP address via IMG element (CVE-2018-6790) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2143: openssh security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20192143 lowRHSA-2019:2143 CVE-2018-15473
RHSA-2019:2143: openssh security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192143 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2143, CVE-2018-15473 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2145: gvfs security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192145 mediumRHSA-2019:2145 CVE-2019-3827
RHSA-2019:2145: gvfs security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192145 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2145, CVE-2019-3827 |
| Description | GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es): * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2154: opensc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192154 mediumRHSA-2019:2154 CVE-2018-16391 CVE-2018-16392 CVE-2018-16393 CVE-2018-16418 CVE-2018-16419 CVE-2018-16420 CVE-2018-16421 CVE-2018-16422 CVE-2018-16423 CVE-2018-16426 CVE-2018-16427
RHSA-2019:2154: opensc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192154 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2154, CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16426, CVE-2018-16427 |
| Description | The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. The following packages have been upgraded to a later upstream version: opensc (0.19.0). (BZ#1656791) Security Fix(es): * opensc: Buffer overflows handling responses from Muscle Cards in card-muscle.c:muscle_list_files() (CVE-2018-16391) * opensc: Buffer overflows handling responses from TCOS Cards in card-tcos.c:tcos_select_file() (CVE-2018-16392) * opensc: Buffer overflows handling responses from Gemsafe V1 Smartcards in pkcs15-gemsafeV1.c:gemsafe_get_cert_len() (CVE-2018-16393) * opensc: Buffer overflow handling string concatention in tools/util.c:util_acl_to_str() (CVE-2018-16418) * opensc: Buffer overflow handling responses from Cryptoflex cards in cryptoflex-tool.c:read_public_key() (CVE-2018-16419) * opensc: Buffer overflows handling responses from ePass 2003 Cards in card-epass2003.c:decrypt_response() (CVE-2018-16420) * opensc: Buffer overflows handling responses from CAC Cards in card-cac.c:cac_get_serial_nr_from_CUID() (CVE-2018-16421) * opensc: Buffer overflow handling responses from esteid cards in pkcs15-esteid.c:sc_pkcs15emu_esteid_init() (CVE-2018-16422) * opensc: Double free handling responses from smartcards in libopensc/sc.c:sc_file_set_sec_attr() (CVE-2018-16423) * opensc: Out of bounds reads handling responses from smartcards (CVE-2018-16427) * opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file() (CVE-2018-16426) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2157: freerdp and vinagre security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20192157 lowRHSA-2019:2157 CVE-2018-1000852
RHSA-2019:2157: freerdp and vinagre security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192157 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2157, CVE-2018-1000852 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop. The following packages have been upgraded to a later upstream version: freerdp (2.0.0). (BZ#1291254) Security Fix(es): * freerdp: out of bounds read in drdynvc_process_capability_request (CVE-2018-1000852) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2159: unzip security update (Low)oval-com.redhat.rhsa-def-20192159 lowRHSA-2019:2159 CVE-2018-18384
RHSA-2019:2159: unzip security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192159 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2159, CVE-2018-18384 |
| Description | The unzip utility is used to list, test, and extract files from zip archives. Security Fix(es): * unzip: Buffer overflow in list.c resulting in a denial of service (CVE-2018-18384) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2162: blktrace security update (Low)oval-com.redhat.rhsa-def-20192162 lowRHSA-2019:2162 CVE-2018-10689
RHSA-2019:2162: blktrace security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192162 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2162, CVE-2018-10689 |
| Description | The blktrace packages contain a number of utilities to record the I/O trace information for the kernel to user space, and utilities to analyze and view the trace information. Security Fix(es): * blktrace: buffer overflow in the dev_map_read function in btt/devmap.c (CVE-2018-10689) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2166: qemu-kvm-ma security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192166 mediumRHSA-2019:2166 CVE-2018-17963 CVE-2019-6501
RHSA-2019:2166: qemu-kvm-ma security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192166 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2166, CVE-2018-17963, CVE-2019-6501 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: net: ignore packets with large size (CVE-2018-17963) * QEMU: scsi-generic: possible OOB access while handling inquiry request (CVE-2019-6501) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2169: linux-firmware security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20192169 highRHSA-2019:2169 CVE-2018-5383
RHSA-2019:2169: linux-firmware security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192169 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2169, CVE-2018-5383 |
| Description | The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * kernel: Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange (CVE-2018-5383) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2177: sssd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192177 mediumRHSA-2019:2177 CVE-2018-16838 CVE-2019-3811
RHSA-2019:2177: sssd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192177 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2177, CVE-2018-16838, CVE-2019-3811 |
| Description | The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The following packages have been upgraded to a later upstream version: sssd (1.16.4). (BZ#1658994) Security Fix(es): * sssd: fallback_homedir returns '/' for empty home directories in passwd file (CVE-2019-3811) * sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2178: udisks2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192178 mediumRHSA-2019:2178 CVE-2018-17336
RHSA-2019:2178: udisks2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192178 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2178, CVE-2018-17336 |
| Description | The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es): * udisks: Format string vulnerability in udisks_log in udiskslogging.c (CVE-2018-17336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2181: curl security and bug fix update (Low)oval-com.redhat.rhsa-def-20192181 lowRHSA-2019:2181 CVE-2018-16842
RHSA-2019:2181: curl security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192181 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2181, CVE-2018-16842 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Heap-based buffer over-read in the curl tool warning formatting (CVE-2018-16842) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2189: procps-ng security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192189 mediumRHSA-2019:2189 CVE-2018-1122
RHSA-2019:2189: procps-ng security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192189 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2189, CVE-2018-1122 |
| Description | The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es): * procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2196: zziplib security update (Low)oval-com.redhat.rhsa-def-20192196 lowRHSA-2019:2196 CVE-2018-16548 CVE-2018-6541
RHSA-2019:2196: zziplib security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192196 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2196, CVE-2018-16548, CVE-2018-6541 |
| Description | The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: Bus error caused by loading of a misaligned address inzzip/zip.c (CVE-2018-6541) * zziplib: Memory leak triggered in the function __zzip_parse_root_directory in zip.c (CVE-2018-16548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2197: elfutils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20192197 lowRHSA-2019:2197 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665
RHSA-2019:2197: elfutils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2197, CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665 |
| Description | The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The following packages have been upgraded to a later upstream version: elfutils (0.176). (BZ#1676504) Security Fix(es): * elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file (CVE-2018-16062) * elfutils: Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402) * elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash (CVE-2018-16403) * elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl (CVE-2018-18310) * elfutils: eu-size cannot handle recursive ar files (CVE-2018-18520) * elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c (CVE-2018-18521) * elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw (CVE-2019-7149) * elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150) * elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h (CVE-2019-7664) * elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2205: tomcat security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192205 mediumRHSA-2019:2205 CVE-2018-1304 CVE-2018-1305 CVE-2018-8014 CVE-2018-8034
RHSA-2019:2205: tomcat security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192205 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2205, CVE-2018-1304, CVE-2018-1305, CVE-2018-8014, CVE-2018-8034 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304) * tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305) * tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins (CVE-2018-8014) * tomcat: Host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2229: spice-gtk security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192229 mediumRHSA-2019:2229 CVE-2018-10893
RHSA-2019:2229: spice-gtk security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192229 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2229, CVE-2018-10893 |
| Description | The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. The libgovirt packages contain a library that allows applications to use the oVirt Representational State Transfer (REST) API to list virtual machines (VMs) managed by an oVirt instance. The library is also used to get the connection parameters needed to establish a connection to the VMs using Simple Protocol For Independent Computing Environments (SPICE) or Virtual Network Computing (VNC). The spice-vdagent packages provide a SPICE agent for Linux guests. The virt-viewer packages provide Virtual Machine Viewer, which is a lightweight interface for interacting with the graphical display of a virtualized guest. Security Fix(es): * spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2237: nss, nss-softokn, nss-util, and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192237 mediumRHSA-2019:2237 CVE-2018-0495 CVE-2018-12404 CVE-2019-17007
RHSA-2019:2237: nss, nss-softokn, nss-util, and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192237 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2237, CVE-2018-0495, CVE-2018-12404, CVE-2019-17007 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.44.0), nss-softokn (3.44.0), nss-util (3.44.0), nspr (4.21.0). (BZ#1645231, BZ#1692269, BZ#1692271, BZ#1692274) Security Fix(es): * ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries (CVE-2018-0495) * nss: Cache side-channel variant of the Bleichenbacher attack (CVE-2018-12404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2258: http-parser security update (Moderate)oval-com.redhat.rhsa-def-20192258 mediumRHSA-2019:2258 CVE-2018-12121 CVE-2018-7159
RHSA-2019:2258: http-parser security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192258 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2258, CVE-2018-12121, CVE-2018-7159 |
| Description | The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es): * nodejs: Denial of Service with large HTTP headers (CVE-2018-12121) * nodejs: HTTP parser allowed for spaces inside Content-Length header values (CVE-2018-7159) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2272: python-urllib3 security update (Moderate)oval-com.redhat.rhsa-def-20192272 mediumRHSA-2019:2272 CVE-2018-20060 CVE-2019-11236
RHSA-2019:2272: python-urllib3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192272 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2272, CVE-2018-20060, CVE-2019-11236 |
| Description | The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2276: mercurial security update (Moderate)oval-com.redhat.rhsa-def-20192276 mediumRHSA-2019:2276 CVE-2018-1000132 CVE-2018-13346 CVE-2018-13347
RHSA-2019:2276: mercurial security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192276 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2276, CVE-2018-1000132, CVE-2018-13346, CVE-2018-13347 |
| Description | Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix(es): * mercurial: Buffer underflow in mpatch.c:mpatch_apply() (CVE-2018-13347) * mercurial: HTTP server permissions bypass (CVE-2018-1000132) * mercurial: Missing check for fragment start position in mpatch.c:mpatch_apply() (CVE-2018-13346) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2280: uriparser security update (Moderate)oval-com.redhat.rhsa-def-20192280 mediumRHSA-2019:2280 CVE-2018-19198 CVE-2018-19199
RHSA-2019:2280: uriparser security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192280 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2280, CVE-2018-19198, CVE-2018-19199 |
| Description | Uriparser is a URI parsing library, which is written in C and strictly complies with RFC 3986. Security Fix(es): * uriparser: Out-of-bounds write via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19198) * uriparser: Integer overflow via uriComposeQuery* or uriComposeQueryEx* function (CVE-2018-19199) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2281: ghostscript security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20192281 lowRHSA-2019:2281 CVE-2018-11645
RHSA-2019:2281: ghostscript security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192281 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2281, CVE-2018-11645 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. The following packages have been upgraded to a later upstream version: ghostscript (9.25). (BZ#1636115) Security Fix(es): * ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files (CVE-2018-11645) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2283: sox security update (Low)oval-com.redhat.rhsa-def-20192283 lowRHSA-2019:2283 CVE-2017-18189
RHSA-2019:2283: sox security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192283 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2283, CVE-2017-18189 |
| Description | SoX (Sound eXchange) is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Security Fix(es): * sox: NULL pointer dereference in startread function in xa.c (CVE-2017-18189) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2285: keepalived security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192285 mediumRHSA-2019:2285 CVE-2018-19044
RHSA-2019:2285: keepalived security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192285 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2285, CVE-2018-19044 |
| Description | The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover. Security Fix(es): * keepalived: Improper pathname validation allows for overwrite of arbitrary filenames via symlinks (CVE-2018-19044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2290: libsolv security and bug fix update (Low)oval-com.redhat.rhsa-def-20192290 lowRHSA-2019:2290 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
RHSA-2019:2290: libsolv security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192290 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2290, CVE-2018-20532, CVE-2018-20533, CVE-2018-20534 |
| Description | The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fix(es): * libsolv: NULL pointer dereference in function testcase_read (CVE-2018-20532) * libsolv: NULL pointer dereference in function testcase_str2dep_complex (CVE-2018-20533) * libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2294: libvirt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20192294 mediumRHSA-2019:2294 CVE-2019-3840
RHSA-2019:2294: libvirt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192294 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2294, CVE-2019-3840 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: NULL pointer dereference after running qemuAgentCommand in qemuAgentGetInterfaces function (CVE-2019-3840) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2298: libarchive security update (Moderate)oval-com.redhat.rhsa-def-20192298 mediumRHSA-2019:2298 CVE-2017-14503 CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020
RHSA-2019:2298: libarchive security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192298 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2298, CVE-2017-14503, CVE-2018-1000877, CVE-2018-1000878, CVE-2019-1000019, CVE-2019-1000020 |
| Description | The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: Double free in RAR decoder resulting in a denial of service (CVE-2018-1000877) * libarchive: Use after free in RAR decoder resulting in a denial of service (CVE-2018-1000878) * libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) * libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service (CVE-2019-1000020) * libarchive: Out-of-bounds read in lha_read_data_none (CVE-2017-14503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2304: openssl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192304 mediumRHSA-2019:2304 CVE-2018-0734 CVE-2019-1559
RHSA-2019:2304: openssl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192304 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2304, CVE-2018-0734, CVE-2019-1559 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: 0-byte record padding oracle (CVE-2019-1559) * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2308: libguestfs-winsupport security update (Low)oval-com.redhat.rhsa-def-20192308 lowRHSA-2019:2308 CVE-2019-9755
RHSA-2019:2308: libguestfs-winsupport security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192308 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2308, CVE-2019-9755 |
| Description | The libguestfs-winsupport package adds support for Windows guests to libguestfs, a set of tools and libraries allowing users to access and modify virtual machine (VM) disk images. Security Fix(es): * ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2327: mariadb security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192327 mediumRHSA-2019:2327 CVE-2018-3058 CVE-2018-3063 CVE-2018-3066 CVE-2018-3081 CVE-2018-3282 CVE-2019-2503 CVE-2019-2529 CVE-2019-2614 CVE-2019-2627 CVE-2020-14550 CVE-2021-2011
RHSA-2019:2327: mariadb security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192327 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2327, CVE-2018-3058, CVE-2018-3063, CVE-2018-3066, CVE-2018-3081, CVE-2018-3282, CVE-2019-2503, CVE-2019-2529, CVE-2019-2614, CVE-2019-2627, CVE-2020-14550, CVE-2021-2011 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.64). (BZ#1610986, BZ#1664043) Security Fix(es): * mysql: MyISAM unspecified vulnerability (CPU Jul 2018) (CVE-2018-3058) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2018) (CVE-2018-3063) * mysql: Client programs unspecified vulnerability (CPU Jul 2018) (CVE-2018-3081) * mysql: Server: Storage Engines unspecified vulnerability (CPU Oct 2018) (CVE-2018-3282) * mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019) (CVE-2019-2503) * mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2019) (CVE-2019-2529) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: Server: Options unspecified vulnerability (CPU Jul 2018) (CVE-2018-3066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2332: advancecomp security update (Low)oval-com.redhat.rhsa-def-20192332 lowRHSA-2019:2332 CVE-2019-8379 CVE-2019-8383
RHSA-2019:2332: advancecomp security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192332 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2332, CVE-2019-8379, CVE-2019-8383 |
| Description | AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. Security Fix(es): * advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h (CVE-2019-8379) * advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c (CVE-2019-8383) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2336: unixODBC security update (Moderate)oval-com.redhat.rhsa-def-20192336 mediumRHSA-2019:2336 CVE-2018-7409 CVE-2018-7485
RHSA-2019:2336: unixODBC security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192336 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2336, CVE-2018-7409, CVE-2018-7485 |
| Description | The unixODBC packages contain a framework that supports accessing databases through the ODBC protocol. Security Fix(es): * unixODBC: Buffer overflow in unicode_to_ansi_copy() can lead to crash or other unspecified impact (CVE-2018-7409) * unixODBC: Insecure buffer copy in SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c (CVE-2018-7485) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2343: httpd security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192343 mediumRHSA-2019:2343 CVE-2019-0217 CVE-2019-0220
RHSA-2019:2343: httpd security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192343 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2343, CVE-2019-0217, CVE-2019-0220 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. |
RHSA-2019:2405: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20192405 highRHSA-2019:2405 CVE-2019-1125 CVE-2019-13272
RHSA-2019:2405: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192405 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2405, CVE-2019-1125, CVE-2019-13272 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2411: kernel security update (Important)oval-com.redhat.rhsa-def-20192411 highRHSA-2019:2411 CVE-2019-1125 CVE-2019-13272
RHSA-2019:2411: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192411 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2411, CVE-2019-1125, CVE-2019-13272 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: broken permission and object lifetime handling for PTRACE_TRACEME (CVE-2019-13272) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2462: ghostscript security update (Important)oval-com.redhat.rhsa-def-20192462 highRHSA-2019:2462 CVE-2019-10216
RHSA-2019:2462: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192462 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2462, CVE-2019-10216 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: -dSAFER escape via .buildfont1 (701394) (CVE-2019-10216) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2465: ghostscript security update (Important)oval-com.redhat.rhsa-def-20192465 highRHSA-2019:2465 CVE-2019-10216
RHSA-2019:2465: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192465 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2465, CVE-2019-10216 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: -dSAFER escape via .buildfont1 (701394) (CVE-2019-10216) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2471: openssl security update (Moderate)oval-com.redhat.rhsa-def-20192471 mediumRHSA-2019:2471 CVE-2019-1559
RHSA-2019:2471: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192471 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2471, CVE-2019-1559 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: 0-byte record padding oracle (CVE-2019-1559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2473: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20192473 highRHSA-2019:2473 CVE-2017-17805 CVE-2018-17972 CVE-2019-1125 CVE-2019-5489
RHSA-2019:2473: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192473 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2473, CVE-2017-17805, CVE-2018-17972, CVE-2019-1125, CVE-2019-5489 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: page cache side channel attacks (CVE-2019-5489) * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service (CVE-2017-17805) * kernel: Unprivileged users able to inspect kernel stacks of arbitrary tasks (CVE-2018-17972) * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * OOPS with Null Pointer exception in v4l2_ctrl_query_menu when second arg of function is NULL (BZ#1647975) * Another RHEL 6 hang in congestion_wait() (BZ#1658254) * kernel crash after running user space script (BZ#1663262) * RHEL-6.10: Don't report the use of retpoline on Skylake as vulnerable (BZ#1666102) * Bad pagetable: 000f “*pdpt = 0000000000000000 *pde = 0000000000000000” RHEL 6 32bit (BZ#1702782) * fs/binfmt_misc.c: do not allow offset overflow [6.10.z] (BZ#1710149) * Wrong spectre backport causing linux headers to break compilation of 3rd party packages (BZ#1722185) |
RHSA-2019:2511: mysql:8.0 security update (Important)oval-com.redhat.rhsa-def-20192511 highRHSA-2019:2511 CVE-2019-2420 CVE-2019-2434 CVE-2019-2436 CVE-2019-2455 CVE-2019-2481 CVE-2019-2482 CVE-2019-2486 CVE-2019-2494 CVE-2019-2495 CVE-2019-2502 CVE-2019-2503 CVE-2019-2507 CVE-2019-2510 CVE-2019-2528 CVE-2019-2529 CVE-2019-2530 CVE-2019-2531 CVE-2019-2532 CVE-2019-2533 CVE-2019-2534 CVE-2019-2535 CVE-2019-2536 CVE-2019-2537 CVE-2019-2539 CVE-2019-2580 CVE-2019-2581 CVE-2019-2584 CVE-2019-2585 CVE-2019-2587 CVE-2019-2589 CVE-2019-2592 CVE-2019-2593 CVE-2019-2596 CVE-2019-2606 CVE-2019-2607 CVE-2019-2614 CVE-2019-2617 CVE-2019-2620 CVE-2019-2623 CVE-2019-2624 CVE-2019-2625 CVE-2019-2626 CVE-2019-2627 CVE-2019-2628 CVE-2019-2630 CVE-2019-2631 CVE-2019-2634 CVE-2019-2635 CVE-2019-2636 CVE-2019-2644 CVE-2019-2681 CVE-2019-2683 CVE-2019-2685 CVE-2019-2686 CVE-2019-2687 CVE-2019-2688 CVE-2019-2689 CVE-2019-2691 CVE-2019-2693 CVE-2019-2694 CVE-2019-2695 CVE-2019-2737 CVE-2019-2738 CVE-2019-2739 CVE-2019-2740 CVE-2019-2752 CVE-2019-2755 CVE-2019-2757 CVE-2019-2758 CVE-2019-2774 CVE-2019-2778 CVE-2019-2780 CVE-2019-2784 CVE-2019-2785 CVE-2019-2789 CVE-2019-2795 CVE-2019-2796 CVE-2019-2797 CVE-2019-2798 CVE-2019-2800 CVE-2019-2801 CVE-2019-2802 CVE-2019-2803 CVE-2019-2805 CVE-2019-2808 CVE-2019-2810 CVE-2019-2811 CVE-2019-2812 CVE-2019-2814 CVE-2019-2815 CVE-2019-2819 CVE-2019-2826 CVE-2019-2830 CVE-2019-2834 CVE-2019-2879 CVE-2019-2948 CVE-2019-2950 CVE-2019-2969 CVE-2019-3003
RHSA-2019:2511: mysql:8.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192511 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2511, CVE-2019-2420, CVE-2019-2434, CVE-2019-2436, CVE-2019-2455, CVE-2019-2481, CVE-2019-2482, CVE-2019-2486, CVE-2019-2494, CVE-2019-2495, CVE-2019-2502, CVE-2019-2503, CVE-2019-2507, CVE-2019-2510, CVE-2019-2528, CVE-2019-2529, CVE-2019-2530, CVE-2019-2531, CVE-2019-2532, CVE-2019-2533, CVE-2019-2534, CVE-2019-2535, CVE-2019-2536, CVE-2019-2537, CVE-2019-2539, CVE-2019-2580, CVE-2019-2581, CVE-2019-2584, CVE-2019-2585, CVE-2019-2587, CVE-2019-2589, CVE-2019-2592, CVE-2019-2593, CVE-2019-2596, CVE-2019-2606, CVE-2019-2607, CVE-2019-2614, CVE-2019-2617, CVE-2019-2620, CVE-2019-2623, CVE-2019-2624, CVE-2019-2625, CVE-2019-2626, CVE-2019-2627, CVE-2019-2628, CVE-2019-2630, CVE-2019-2631, CVE-2019-2634, CVE-2019-2635, CVE-2019-2636, CVE-2019-2644, CVE-2019-2681, CVE-2019-2683, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2691, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2737, CVE-2019-2738, CVE-2019-2739, CVE-2019-2740, CVE-2019-2752, CVE-2019-2755, CVE-2019-2757, CVE-2019-2758, CVE-2019-2774, CVE-2019-2778, CVE-2019-2780, CVE-2019-2784, CVE-2019-2785, CVE-2019-2789, CVE-2019-2795, CVE-2019-2796, CVE-2019-2797, CVE-2019-2798, CVE-2019-2800, CVE-2019-2801, CVE-2019-2802, CVE-2019-2803, CVE-2019-2805, CVE-2019-2808, CVE-2019-2810, CVE-2019-2811, CVE-2019-2812, CVE-2019-2814, CVE-2019-2815, CVE-2019-2819, CVE-2019-2826, CVE-2019-2830, CVE-2019-2834, CVE-2019-2879, CVE-2019-2948, CVE-2019-2950, CVE-2019-2969, CVE-2019-3003 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. The following packages have been upgraded to a later upstream version: mysql (8.0.17). Security Fix(es): * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2800, CVE-2019-2436, CVE-2019-2531, CVE-2019-2534, CVE-2019-2614, CVE-2019-2617, CVE-2019-2630, CVE-2019-2634, CVE-2019-2635, CVE-2019-2755) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2420, CVE-2019-2481, CVE-2019-2507, CVE-2019-2529, CVE-2019-2530, CVE-2019-2581, CVE-2019-2596, CVE-2019-2607, CVE-2019-2625, CVE-2019-2681, CVE-2019-2685, CVE-2019-2686, CVE-2019-2687, CVE-2019-2688, CVE-2019-2689, CVE-2019-2693, CVE-2019-2694, CVE-2019-2695, CVE-2019-2757, CVE-2019-2774, CVE-2019-2796, CVE-2019-2802, CVE-2019-2803, CVE-2019-2808, CVE-2019-2810, CVE-2019-2812, CVE-2019-2815, CVE-2019-2830, CVE-2019-2834) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-2434, CVE-2019-2455, CVE-2019-2805) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2482, CVE-2019-2592) * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2019-2486, CVE-2019-2532, CVE-2019-2533, CVE-2019-2584, CVE-2019-2589, CVE-2019-2606, CVE-2019-2620, CVE-2019-2627, CVE-2019-2739, CVE-2019-2778, CVE-2019-2811, CVE-2019-2789) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2494, CVE-2019-2495, CVE-2019-2537, CVE-2019-2626, CVE-2019-2644) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2502, CVE-2019-2510, CVE-2019-2580, CVE-2019-2585, CVE-2019-2593, CVE-2019-2624, CVE-2019-2628, CVE-2019-2758, CVE-2019-2785, CVE-2019-2798, CVE-2019-2879, CVE-2019-2814) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2019-2503) * mysql: Server: Partition multiple unspecified vulnerabilities (CVE-2019-2528, CVE-2019-2587) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2019-2535, CVE-2019-2623, CVE-2019-2683, CVE-2019-2752) * mysql: Server: Packaging unspecified vulnerability (CVE-2019-2536) * mysql: Server: Connection unspecified vulnerability (CVE-2019-2539) * mysql: Server: Information Schema unspecified vulnerability (CVE-2019-2631) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2019-2636) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2019-2691, CVE-2019-2826) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2019-2737) * mysql: Server: XML unspecified vulnerability (CVE-2019-2740) * mysql: Server: Components / Services unspecified vulnerability (CVE-2019-2780) * mysql: Server: DML unspecified vulnerability (CVE-2019-2784) * mysql: Server: Charsets unspecified vulnerability (CVE-2019-2795) * mysql: Client programs unspecified vulnerability (CVE-2019-2797) * mysql: Server: FTS unspecified vulnerability (CVE-2019-2801) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2019-2819) * mysql: Server: Compiling unspecified vulnerability (CVE-2019-2738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2512: subversion:1.10 security update (Important)oval-com.redhat.rhsa-def-20192512 highRHSA-2019:2512 CVE-2019-0203
RHSA-2019:2512: subversion:1.10 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2512, CVE-2019-0203 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: NULL pointer dereference in svnserve leading to an unauthenticated remote DoS (CVE-2019-0203) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2571: pango security update (Important)oval-com.redhat.rhsa-def-20192571 highRHSA-2019:2571 CVE-2019-1010238
RHSA-2019:2571: pango security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192571 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2571, CVE-2019-1010238 |
| Description | Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Security Fix(es): * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2582: pango security update (Important)oval-com.redhat.rhsa-def-20192582 highRHSA-2019:2582 CVE-2019-1010238
RHSA-2019:2582: pango security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192582 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2582, CVE-2019-1010238 |
| Description | Pango is a library for laying out and rendering of text, with an emphasis on internationalization. Pango forms the core of text and font handling for the GTK+ widget toolkit. Security Fix(es): * pango: pango_log2vis_get_embedding_levels() heap-based buffer overflow (CVE-2019-1010238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2586: ghostscript security update (Important)oval-com.redhat.rhsa-def-20192586 highRHSA-2019:2586 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817
RHSA-2019:2586: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192586 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2586, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) (CVE-2019-14811) * ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444) (CVE-2019-14812) * ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) (CVE-2019-14813) * ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450) (CVE-2019-14817) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2590: java-1.8.0-ibm security update (Important)oval-com.redhat.rhsa-def-20192590 highRHSA-2019:2590 CVE-2019-11772 CVE-2019-11775 CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-7317
RHSA-2019:2590: java-1.8.0-ibm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192590 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2590, CVE-2019-11772, CVE-2019-11775, CVE-2019-2762, CVE-2019-2769, CVE-2019-2786, CVE-2019-2816, CVE-2019-7317 |
| Description | IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP40. Security Fix(es): * IBM JDK: Out-of-bounds access in the String.getBytes method (CVE-2019-11772) * IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2591: ghostscript security update (Important)oval-com.redhat.rhsa-def-20192591 highRHSA-2019:2591 CVE-2019-14811 CVE-2019-14812 CVE-2019-14813 CVE-2019-14817
RHSA-2019:2591: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192591 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2591, CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445) (CVE-2019-14811) * ghostscript: Safer mode bypass by .forceput exposure in setuserparams (701444) (CVE-2019-14812) * ghostscript: Safer mode bypass by .forceput exposure in setsystemparams (701443) (CVE-2019-14813) * ghostscript: Safer mode bypass by .forceput exposure in .pdfexectoken and other procedures (701450) (CVE-2019-14817) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2593: squid:4 security update (Important)oval-com.redhat.rhsa-def-20192593 highRHSA-2019:2593 CVE-2019-12527
RHSA-2019:2593: squid:4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192593 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2593, CVE-2019-12527 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: heap-based buffer overflow in HttpHeader::getAuth (CVE-2019-12527) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2600: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20192600 highRHSA-2019:2600 CVE-2019-1125 CVE-2019-9500
RHSA-2019:2600: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192600 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2600, CVE-2019-1125, CVE-2019-9500 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) * kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [mlx4] VXLAN over VLAN TCP segmentation (BZ#1734333) * Race condition in /dev/sg due to missing synchronization causes corruption in RHV (BZ#1737380) * panic handing smb2_reconnect due to a use after free (BZ#1737382) * NFSv4.1 client stuck in infinite loop when received NFS4ERR_SEQ_MISORDERED error (BZ#1739077) * Backport TCP follow-up for small buffers (BZ#1739130) |
RHSA-2019:2606: kdelibs and kde-settings security and bug fix update (Important)oval-com.redhat.rhsa-def-20192606 highRHSA-2019:2606 CVE-2019-14744
RHSA-2019:2606: kdelibs and kde-settings security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192606 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2606, CVE-2019-14744 |
| Description | The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Security Fix(es): * kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction (CVE-2019-14744) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kde.csh profile file contains bourne-shell code (BZ#1740042) |
RHSA-2019:2607: qemu-kvm security update (Low)oval-com.redhat.rhsa-def-20192607 lowRHSA-2019:2607 CVE-2019-12155
RHSA-2019:2607: qemu-kvm security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192607 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2607, CVE-2019-12155 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2609: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20192609 highRHSA-2019:2609 CVE-2019-1125 CVE-2019-9500
RHSA-2019:2609: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192609 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2609, CVE-2019-1125, CVE-2019-9500 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: hw: Spectre SWAPGS gadget vulnerability (CVE-2019-1125) * kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * BUG: scheduling while atomic in zswap (BZ#1737372) * kernel-rt: update to the RHEL7.7.z batch#1 source tree (BZ#1740918) |
RHSA-2019:2663: firefox security update (Important)oval-com.redhat.rhsa-def-20192663 highRHSA-2019:2663 CVE-2019-11733 CVE-2019-11735 CVE-2019-11738 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11747 CVE-2019-11748 CVE-2019-11749 CVE-2019-11750 CVE-2019-11752 CVE-2019-9812
RHSA-2019:2663: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192663 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2663, CVE-2019-11733, CVE-2019-11735, CVE-2019-11738, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11747, CVE-2019-11748, CVE-2019-11749, CVE-2019-11750, CVE-2019-11752, CVE-2019-9812 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.1.0 ESR. Security Fix(es): * Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1 (CVE-2019-11735) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) * Mozilla: Persistence of WebRTC permissions in a third party context (CVE-2019-11748) * Mozilla: Camera information available without prompting using getUserMedia (CVE-2019-11749) * Mozilla: Type confusion in Spidermonkey (CVE-2019-11750) * Mozilla: Content security policy bypass through hash-based sources in directives (CVE-2019-11738) * Mozilla: 'Forget about this site' removes sites from pre-loaded HSTS list (CVE-2019-11747) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2692: nghttp2 security update (Important)oval-com.redhat.rhsa-def-20192692 highRHSA-2019:2692 CVE-2019-9511 CVE-2019-9513
RHSA-2019:2692: nghttp2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192692 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2692, CVE-2019-9511, CVE-2019-9513 |
| Description | libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2694: firefox security update (Important)oval-com.redhat.rhsa-def-20192694 highRHSA-2019:2694 CVE-2019-11733 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-9812
RHSA-2019:2694: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192694 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2694, CVE-2019-11733, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.9.0 ESR. Security Fix(es): * Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * firefox: stored passwords in 'Saved Logins' can be copied without master password entry (CVE-2019-11733) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2703: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20192703 highRHSA-2019:2703 CVE-2018-19824 CVE-2019-11487 CVE-2019-12817 CVE-2019-3846 CVE-2019-3887 CVE-2019-9500 CVE-2019-9503
RHSA-2019:2703: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192703 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2703, CVE-2018-19824, CVE-2019-11487, CVE-2019-12817, CVE-2019-3846, CVE-2019-3887, CVE-2019-9500, CVE-2019-9503 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS (CVE-2019-3887) * kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500) * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) * kernel: ppc: unrelated processes being able to read/write to each other's virtual memory (CVE-2019-12817) * kernel: Use-after-free in sound/usb/card.c:usb_audio_probe() (CVE-2018-19824) * kernel: brcmfmac frame validation bypass (CVE-2019-9503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [DELL EMC 8.0 BUG]: pciehp deadlock resulting in NVMe device not being recognized when hot plugged (BZ#1712261) * Host crashed while try to boot a compatible guest attached huge page by"-object memory-backend-file *"[1G-P9] (BZ#1714758) * Setting malformed authenc key will crash the system (BZ#1715335) * BUG: memory allocation failure in inode_doinit_with_dentry()/context_to_sid() (BZ#1717780) * [HPEMC 8.1 BUG] Protect against concurrent calls into UV BIOS (BZ#1724534) * PHC jumping on I350 (igb) (BZ#1726352) * aarch64 kernel missing vulnerabilities status files (BZ#1726353) * BUG: KASAN: use-after-free in skb_release_data() (BZ#1726354) * [RHEL8][PANIC][aarch64] kernel panic when loading the dme1737 module (BZ#1726355) * [RHEL8] [aarch64] Changes for BZ1672997 break kaslr (BZ#1726357) * Network fails to come up when booting with kernel 3.10.0-862.el7.x86_64, several hung tasks can be seen in logs. (BZ#1726358) * [Intel] 'cpupower frequency-set' produces unexpected results for some processors (BZ#1726360) * HDMI/DP audio: ELD not updated on hotplug event (BZ#1726361) * [mlx5_core] CX5 Adapter works not as expected when MTU is 9000, Unable to handle kernel paging request at virtual address 3ae0aafeff4b6b5a (BZ#1726372) * [DELL 8.0 Bug] - hid-multitouch 0018:1FD2:8008.0001 ,lost function from S3 resume (BZ#1727098) * [RHEL8.1 Pre Beta] [Power8] data corruption while returning from watchpoint exception handler (BZ#1733281) * RHEL8.1 pre-Beta - cacheinfo code unsafe vs LPM (BZ#1733282) * RHEL8.1 pre-Beta - [ZZ/Zeppelin] [kernel-4.18.0-100.el8.ppc64le] Hash MMU allows child to write parents process address space (BZ#1734689) |
RHSA-2019:2713: poppler security update (Moderate)oval-com.redhat.rhsa-def-20192713 mediumRHSA-2019:2713 CVE-2018-18897 CVE-2018-20481 CVE-2018-20551 CVE-2018-20650 CVE-2018-20662 CVE-2019-10871 CVE-2019-12293 CVE-2019-7310 CVE-2019-9200 CVE-2019-9631 CVE-2019-9903 CVE-2019-9959
RHSA-2019:2713: poppler security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192713 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2713, CVE-2018-18897, CVE-2018-20481, CVE-2018-20551, CVE-2018-20650, CVE-2018-20662, CVE-2019-10871, CVE-2019-12293, CVE-2019-7310, CVE-2019-9200, CVE-2019-9631, CVE-2019-9903, CVE-2019-9959 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: heap-based buffer over-read in XRef::getEntry in XRef.cc (CVE-2019-7310) * poppler: heap-based buffer overflow in function ImageStream::getLine() in Stream.cc (CVE-2019-9200) * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871) * poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293) * poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc (CVE-2018-18897) * poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc (CVE-2018-20481) * poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c (CVE-2018-20551) * poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc (CVE-2018-20650) * poppler: SIGABRT PDFDoc::setup class in PDFDoc.cc (CVE-2018-20662) * poppler: heap-based buffer over-read in function downsample_row_box_filter in CairoRescaleBox.cc (CVE-2019-9631) * poppler: stack consumption in function Dict::find() in Dict.cc (CVE-2019-9903) * poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2720: pki-deps:10.6 security update (Important)oval-com.redhat.rhsa-def-20192720 highRHSA-2019:2720 CVE-2019-12384
RHSA-2019:2720: pki-deps:10.6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192720 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2720, CVE-2019-12384 |
| Description | The Public Key Infrastructure (PKI) Deps module contains fundamental packages required as dependencies for the pki-core module by Red Hat Certificate System. Security Fix(es): * jackson-databind: failure to block the logback-core class from polymorphic deserialization leading to remote code execution (CVE-2019-12384) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2722: libwmf security update (Low)oval-com.redhat.rhsa-def-20192722 lowRHSA-2019:2722 CVE-2019-6978
RHSA-2019:2722: libwmf security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20192722 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:2722, CVE-2019-6978 |
| Description | The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2726: go-toolset:rhel8 security and bug fix update (Important)oval-com.redhat.rhsa-def-20192726 highRHSA-2019:2726 CVE-2019-9512 CVE-2019-9514
RHSA-2019:2726: go-toolset:rhel8 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192726 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2726, CVE-2019-9512, CVE-2019-9514 |
| Description | Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Failure trying to conntect to image registry using TLS when buildah is compiled with FIPS mode (BZ#1743169) |
RHSA-2019:2729: firefox security update (Important)oval-com.redhat.rhsa-def-20192729 highRHSA-2019:2729 CVE-2019-11733 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752 CVE-2019-9812
RHSA-2019:2729: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192729 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2729, CVE-2019-11733, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752, CVE-2019-9812 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 60.9.0 ESR. Security Fix(es): * Mozilla: Sandbox escape through Firefox Sync (CVE-2019-9812) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * firefox: stored passwords in 'Saved Logins' can be copied without master password entry (CVE-2019-11733) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2731: .NET Core on Red Hat Enterprise Linux security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20192731 mediumRHSA-2019:2731 CVE-2019-1301
RHSA-2019:2731: .NET Core on Red Hat Enterprise Linux security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20192731 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:2731, CVE-2019-1301 |
| Description | NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 2.1.509 and Runtime 2.1.13. Security Fix(es): * dotnet: System.Net.Sockets.dll Socket.ConnectAsync Denial of Service (CVE-2019-1301) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2736: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20192736 highRHSA-2019:2736 CVE-2018-9568 CVE-2019-11810
RHSA-2019:2736: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192736 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2736, CVE-2018-9568, CVE-2019-11810 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Memory corruption due to incorrect socket cloning (CVE-2018-9568) * kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * fragmented packets timing out (BZ#1728931) * Backport TCP follow-up for small buffers (BZ#1732107) |
RHSA-2019:2741: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20192741 highRHSA-2019:2741 CVE-2018-19824 CVE-2019-11487 CVE-2019-3846 CVE-2019-3887 CVE-2019-9500 CVE-2019-9503
RHSA-2019:2741: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192741 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2741, CVE-2018-19824, CVE-2019-11487, CVE-2019-3846, CVE-2019-3887, CVE-2019-9500, CVE-2019-9503 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * Kernel: KVM: nVMX: guest accesses L0 MSR causes potential DoS (CVE-2019-3887) * kernel: brcmfmac heap buffer overflow in brcmf_wowl_nd_results (CVE-2019-9500) * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) * kernel: brcmfmac frame validation bypass (CVE-2019-9503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * BUG: scheduling while atomic in zswap (BZ#1726362) * kernel-rt: update to the RHEL8.0.z batch#3 source tree (BZ#1734475) |
RHSA-2019:2773: thunderbird security update (Important)oval-com.redhat.rhsa-def-20192773 highRHSA-2019:2773 CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752
RHSA-2019:2773: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192773 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2773, CVE-2019-11739, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2774: thunderbird security update (Important)oval-com.redhat.rhsa-def-20192774 highRHSA-2019:2774 CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752
RHSA-2019:2774: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192774 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2774, CVE-2019-11739, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2798: patch security update (Important)oval-com.redhat.rhsa-def-20192798 highRHSA-2019:2798 CVE-2018-20969 CVE-2019-13638
RHSA-2019:2798: patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192798 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2798, CVE-2018-20969, CVE-2019-13638 |
| Description | The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es): * patch: do_ed_script in pch.c does not block strings beginning with a ! character (CVE-2018-20969) * patch: OS shell command injection when processing crafted patch files (CVE-2019-13638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2799: nginx:1.14 security update (Important)oval-com.redhat.rhsa-def-20192799 highRHSA-2019:2799 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516
RHSA-2019:2799: nginx:1.14 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192799 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2799, CVE-2019-9511, CVE-2019-9513, CVE-2019-9516 |
| Description | Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 (Post Office Protocol 3) and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fix(es): * HTTP/2: large amount of data request leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PRIORITY frames resulting in excessive resource consumption (CVE-2019-9513) * HTTP/2: 0-length headers leads to denial of service (CVE-2019-9516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2807: thunderbird security update (Important)oval-com.redhat.rhsa-def-20192807 highRHSA-2019:2807 CVE-2019-11739 CVE-2019-11740 CVE-2019-11742 CVE-2019-11743 CVE-2019-11744 CVE-2019-11746 CVE-2019-11752
RHSA-2019:2807: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192807 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2807, CVE-2019-11739, CVE-2019-11740, CVE-2019-11742, CVE-2019-11743, CVE-2019-11744, CVE-2019-11746, CVE-2019-11752 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 60.9.0. Security Fix(es): * Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message (CVE-2019-11739) * Mozilla: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9 (CVE-2019-11740) * Mozilla: Same-origin policy violation with SVG filters and canvas to steal cross-origin images (CVE-2019-11742) * Mozilla: XSS by breaking out of title and textarea elements using innerHTML (CVE-2019-11744) * Mozilla: Use-after-free while manipulating video (CVE-2019-11746) * Mozilla: Use-after-free while extracting a key value in IndexedDB (CVE-2019-11752) * Mozilla: Cross-origin access to unload event attributes (CVE-2019-11743) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2808: kernel security update (Important)oval-com.redhat.rhsa-def-20192808 highRHSA-2019:2808 CVE-2019-5489
RHSA-2019:2808: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192808 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2808, CVE-2019-5489 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: page cache side channel attacks (CVE-2019-5489) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2822: dovecot security update (Important)oval-com.redhat.rhsa-def-20192822 highRHSA-2019:2822 CVE-2019-11500
RHSA-2019:2822: dovecot security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192822 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2822, CVE-2019-11500 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2827: kernel security update (Important)oval-com.redhat.rhsa-def-20192827 highRHSA-2019:2827 CVE-2019-14835
RHSA-2019:2827: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192827 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2827, CVE-2019-14835 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) |
RHSA-2019:2828: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20192828 highRHSA-2019:2828 CVE-2019-14835
RHSA-2019:2828: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192828 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2828, CVE-2019-14835 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) |
RHSA-2019:2829: kernel security update (Important)oval-com.redhat.rhsa-def-20192829 highRHSA-2019:2829 CVE-2019-14835
RHSA-2019:2829: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192829 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2829, CVE-2019-14835 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) |
RHSA-2019:2830: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20192830 highRHSA-2019:2830 CVE-2019-14835
RHSA-2019:2830: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192830 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2830, CVE-2019-14835 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) |
RHSA-2019:2836: dovecot security update (Important)oval-com.redhat.rhsa-def-20192836 highRHSA-2019:2836 CVE-2019-11500
RHSA-2019:2836: dovecot security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192836 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2836, CVE-2019-11500 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2854: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20192854 highRHSA-2019:2854 CVE-2019-14835
RHSA-2019:2854: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192854 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2854, CVE-2019-14835 |
| Description | This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2863: kernel security update (Important)oval-com.redhat.rhsa-def-20192863 highRHSA-2019:2863 CVE-2019-14835
RHSA-2019:2863: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192863 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2863, CVE-2019-14835 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835) |
RHSA-2019:2885: dovecot security update (Important)oval-com.redhat.rhsa-def-20192885 highRHSA-2019:2885 CVE-2019-11500
RHSA-2019:2885: dovecot security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192885 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2885, CVE-2019-11500 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes (CVE-2019-11500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2892: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20192892 highRHSA-2019:2892 CVE-2018-10839 CVE-2018-11806 CVE-2018-17962 CVE-2019-12155 CVE-2019-6778
RHSA-2019:2892: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192892 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2892, CVE-2018-10839, CVE-2018-11806, CVE-2018-17962, CVE-2019-12155, CVE-2019-6778 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow while reassembling fragmented datagrams (CVE-2018-11806) * QEMU: slirp: heap buffer overflow in tcp_emu() (CVE-2019-6778) * QEMU: ne2000: integer overflow leads to buffer overflow issue (CVE-2018-10839) * QEMU: pcnet: integer overflow leads to buffer overflow (CVE-2018-17962) * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2893: httpd:2.4 security update (Important)oval-com.redhat.rhsa-def-20192893 highRHSA-2019:2893 CVE-2019-9517
RHSA-2019:2893: httpd:2.4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192893 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2893, CVE-2019-9517 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2925: nodejs:10 security update (Important)oval-com.redhat.rhsa-def-20192925 highRHSA-2019:2925 CVE-2019-5737 CVE-2019-9511 CVE-2019-9512 CVE-2019-9513 CVE-2019-9514 CVE-2019-9515 CVE-2019-9516 CVE-2019-9517 CVE-2019-9518
RHSA-2019:2925: nodejs:10 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192925 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2925, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.16.3). Security Fix(es): * HTTP/2: large amount of data requests leads to denial of service (CVE-2019-9511) * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using PRIORITY frames results in excessive resource consumption (CVE-2019-9513) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: 0-length headers lead to denial of service (CVE-2019-9516) * HTTP/2: request for large response leads to denial of service (CVE-2019-9517) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2945: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20192945 highRHSA-2019:2945 CVE-2019-9500
RHSA-2019:2945: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192945 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2945, CVE-2019-9500 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security fix(es): * If the Wake-up on Wireless LAN functionality is configured in the brcmfmac driver, which only works with Broadcom FullMAC chipsets, a malicious event frame can be constructed to trigger a heap buffer overflow in the brcmf_wowl_nd_results() function. This vulnerability can be exploited by compromised chipsets to compromise the host, or when used in combination with another brcmfmac driver flaw (CVE-2019-9503), can be used remotely. This can result in a remote denial of service (DoS). Due to the nature of the flaw, a remote privilege escalation cannot be fully ruled out. (CVE-2019-9500) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:2964: patch security update (Important)oval-com.redhat.rhsa-def-20192964 highRHSA-2019:2964 CVE-2018-20969 CVE-2019-13638
RHSA-2019:2964: patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20192964 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:2964, CVE-2018-20969, CVE-2019-13638 |
| Description | The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es): * patch: do_ed_script in pch.c does not block strings beginning with a ! character (CVE-2018-20969) * patch: OS shell command injection when processing crafted patch files (CVE-2019-13638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3055: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20193055 highRHSA-2019:3055 CVE-2018-20856 CVE-2019-10126 CVE-2019-3846 CVE-2019-9506
RHSA-2019:3055: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193055 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3055, CVE-2018-20856, CVE-2019-10126, CVE-2019-3846, CVE-2019-9506 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes: * gfs2: Fix iomap write page reclaim deadlock (BZ#1737373) * [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178) * high update_cfs_rq_blocked_load contention (BZ#1740180) * [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows Server 2019. (BZ#1740188) * kvm: backport cpuidle-haltpoll driver (BZ#1740192) * Growing unreclaimable slab memory (BZ#1741920) * [bnx2x] ping failed from pf to vf which has been attached to vm (BZ#1741926) * [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324) * Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid (BZ#1744442) * RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6 address (BZ#1744443) * RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system (BZ#1744444) * NFSv4.0 client sending a double CLOSE (leading to EIO application failure) (BZ#1744946) * [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but the VM was unavailable for 2 hours (BZ#1748239) * NFS client autodisconnect timer may fire immediately after TCP connection setup and may cause DoS type reconnect problem in complex network environments (BZ#1749290) * [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296) * Allows macvlan to operated correctly over the active-backup mode to support bonding events. (BZ#1751579) * [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ#1752421) Users of kernel are advised to upgrade to these updated packages, which fix these bugs. |
RHSA-2019:3067: jss security update (Important)oval-com.redhat.rhsa-def-20193067 highRHSA-2019:3067 CVE-2019-14823
RHSA-2019:3067: jss security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193067 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3067, CVE-2019-14823 |
| Description | Java Security Services (JSS) provides an interface between Java Virtual Machine and Network Security Services (NSS). It supports most of the security standards and encryption technologies supported by NSS including communication through SSL/TLS network protocols. JSS is primarily utilized by the Certificate Server as a part of the Identity Management System. Security Fix(es): * JSS: OCSP policy "Leaf and Chain" implicitly trusts the root certificate (CVE-2019-14823) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3076: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20193076 highRHSA-2019:3076 CVE-2018-20856 CVE-2019-10126 CVE-2019-3846 CVE-2019-9506
RHSA-2019:3076: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193076 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3076, CVE-2018-20856, CVE-2019-10126, CVE-2019-3846, CVE-2019-9506 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3089: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20193089 highRHSA-2019:3089 CVE-2018-20856 CVE-2019-10126 CVE-2019-3846 CVE-2019-9506
RHSA-2019:3089: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193089 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3089, CVE-2018-20856, CVE-2019-10126, CVE-2019-3846, CVE-2019-9506 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570) |
RHSA-2019:3127: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20193127 highRHSA-2019:3127 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
RHSA-2019:3127: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193127 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3127, CVE-2019-2945, CVE-2019-2949, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2977, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Out of bounds access in optimized String indexof implementation (Hotspot, 8224062) (CVE-2019-2977) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3128: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20193128 highRHSA-2019:3128 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
RHSA-2019:3128: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193128 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3128, CVE-2019-2945, CVE-2019-2949, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3134: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20193134 highRHSA-2019:3134 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
RHSA-2019:3134: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193134 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3134, CVE-2019-2945, CVE-2019-2949, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3135: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20193135 highRHSA-2019:3135 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2977 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
RHSA-2019:3135: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3135, CVE-2019-2945, CVE-2019-2949, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2977, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Out of bounds access in optimized String indexof implementation (Hotspot, 8224062) (CVE-2019-2977) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3136: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20193136 highRHSA-2019:3136 CVE-2019-2945 CVE-2019-2949 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
RHSA-2019:3136: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193136 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3136, CVE-2019-2945, CVE-2019-2949, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3157: java-1.7.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20193157 mediumRHSA-2019:3157 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
RHSA-2019:3157: java-1.7.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193157 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3157, CVE-2019-2945, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3158: java-1.7.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20193158 mediumRHSA-2019:3158 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2987 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2999
RHSA-2019:3158: java-1.7.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193158 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3158, CVE-2019-2945, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2987, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2999 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Missing glyph bitmap image dimension check in FreetypeFontScaler (2D, 8225286) (CVE-2019-2987) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3193: firefox security update (Critical)oval-com.redhat.rhsa-def-20193193 highRHSA-2019:3193 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
RHSA-2019:3193: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20193193 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3193, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3196: firefox security update (Critical)oval-com.redhat.rhsa-def-20193196 highRHSA-2019:3196 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
RHSA-2019:3196: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20193196 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3196, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3197: sudo security update (Important)oval-com.redhat.rhsa-def-20193197 highRHSA-2019:3197 CVE-2019-14287
RHSA-2019:3197: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3197, CVE-2019-14287 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3210: thunderbird security update (Important)oval-com.redhat.rhsa-def-20193210 highRHSA-2019:3210 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
RHSA-2019:3210: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193210 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3210, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3237: thunderbird security update (Important)oval-com.redhat.rhsa-def-20193237 highRHSA-2019:3237 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
RHSA-2019:3237: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193237 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3237, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3281: firefox security update (Critical)oval-com.redhat.rhsa-def-20193281 highRHSA-2019:3281 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764
RHSA-2019:3281: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20193281 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3281, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3286: php security update (Critical)oval-com.redhat.rhsa-def-20193286 highRHSA-2019:3286 CVE-2019-11043
RHSA-2019:3286: php security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20193286 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3286, CVE-2019-11043 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3287: php security update (Critical)oval-com.redhat.rhsa-def-20193287 highRHSA-2019:3287 CVE-2019-11043
RHSA-2019:3287: php security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20193287 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3287, CVE-2019-11043 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3309: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20193309 highRHSA-2019:3309 CVE-2018-16884 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2019-10126 CVE-2019-10207 CVE-2019-10638 CVE-2019-11599 CVE-2019-11833 CVE-2019-11884 CVE-2019-13233 CVE-2019-14821 CVE-2019-15666 CVE-2019-15916 CVE-2019-15921 CVE-2019-15924 CVE-2019-16994 CVE-2019-3459 CVE-2019-3460 CVE-2019-3874 CVE-2019-3882 CVE-2019-3900 CVE-2019-5489 CVE-2019-7222 CVE-2019-9506 CVE-2020-10720
RHSA-2019:3309: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193309 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3309, CVE-2018-16884, CVE-2018-19854, CVE-2018-19985, CVE-2018-20169, CVE-2019-10126, CVE-2019-10207, CVE-2019-10638, CVE-2019-11599, CVE-2019-11833, CVE-2019-11884, CVE-2019-13233, CVE-2019-14821, CVE-2019-15666, CVE-2019-15916, CVE-2019-15921, CVE-2019-15924, CVE-2019-16994, CVE-2019-3459, CVE-2019-3460, CVE-2019-3874, CVE-2019-3882, CVE-2019-3900, CVE-2019-5489, CVE-2019-7222, CVE-2019-9506, CVE-2020-10720 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3335: python27:2.7 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193335 mediumRHSA-2019:3335 CVE-2019-11236 CVE-2019-11324 CVE-2019-6446 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948
RHSA-2019:3335: python27:2.7 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193335 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3335, CVE-2019-11236, CVE-2019-11324, CVE-2019-6446, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948 |
| Description | Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. Security Fix(es): * numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution (CVE-2019-6446) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3338: edk2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193338 mediumRHSA-2019:3338 CVE-2018-12181 CVE-2019-0160 CVE-2019-0161
RHSA-2019:3338: edk2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193338 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3338, CVE-2018-12181, CVE-2019-0160, CVE-2019-0161 |
| Description | EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: Stack buffer overflow with corrupted BMP (CVE-2018-12181) * edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media (CVE-2019-0160) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3345: virt:rhel security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20193345 lowRHSA-2019:3345 CVE-2019-12155 CVE-2019-9755 CVE-2019-9824
RHSA-2019:3345: virt:rhel security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193345 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3345, CVE-2019-12155, CVE-2019-9755, CVE-2019-9824 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * ntfs-3g: heap-based buffer overflow leads to local root privilege escalation (CVE-2019-9755) * QEMU: slirp: information leakage in tcp_emu() due to uninitialized stack variables (CVE-2019-9824) * QEMU: qxl: null pointer dereference while releasing spice resources (CVE-2019-12155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3352: gdb security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20193352 lowRHSA-2019:3352 CVE-2018-20657
RHSA-2019:3352: gdb security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193352 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3352, CVE-2018-20657 |
| Description | The GNU Debugger (GDB) allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fix(es): * libiberty: Memory leak in demangle_template function resulting in a denial of service (CVE-2018-20657) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3353: freeradius:3.0 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193353 mediumRHSA-2019:3353 CVE-2019-10143
RHSA-2019:3353: freeradius:3.0 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193353 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3353, CVE-2019-10143 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * freeradius: privilege escalation due to insecure logrotate configuration (CVE-2019-10143) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3387: osinfo-db and libosinfo security and bug fix update (Low)oval-com.redhat.rhsa-def-20193387 lowRHSA-2019:3387 CVE-2019-13313
RHSA-2019:3387: osinfo-db and libosinfo security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193387 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3387, CVE-2019-13313 |
| Description | The osinfo-db package contains a database that provides information about operating systems and hypervisor platforms to facilitate the automated configuration and provisioning of new virtual machines. The libosinfo packages provide a library that allows virtualization provisioning tools to determine the optimal device settings for a combination of hypervisor and operating system. Security Fix(es): * Libosinfo: osinfo-install-script option leaks password via command line argument (CVE-2019-13313) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3390: qt5-qtbase security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193390 mediumRHSA-2019:3390 CVE-2018-15518 CVE-2018-19870 CVE-2018-19873
RHSA-2019:3390: qt5-qtbase security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193390 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3390, CVE-2018-15518, CVE-2018-19870, CVE-2018-19873 |
| Description | Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518) * qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870) * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3391: libreswan security and bug fix update (Low)oval-com.redhat.rhsa-def-20193391 lowRHSA-2019:3391 CVE-2019-10155 CVE-2019-12312
RHSA-2019:3391: libreswan security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193391 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3391, CVE-2019-10155, CVE-2019-12312 |
| Description | Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). The following packages have been upgraded to a later upstream version: libreswan (3.29). (BZ#1738853) Security Fix(es): * libreswan: vulnerability in the processing of IKEv1 informational packets due to missing integrity check (CVE-2019-10155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3401: 389-ds:1.4 security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20193401 highRHSA-2019:3401 CVE-2018-10871 CVE-2019-10224 CVE-2019-14824 CVE-2019-3883
RHSA-2019:3401: 389-ds:1.4 security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193401 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3401, CVE-2018-10871, CVE-2019-10224, CVE-2019-14824, CVE-2019-3883 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. The following packages have been upgraded to a later upstream version: 389-ds-base (1.4.1.3). (BZ#1712467) Security Fix(es): * 389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824) * 389-ds-base: replication and the Retro Changelog plugin store plaintext password by default (CVE-2018-10871) * 389-ds-base: DoS via hanging secured connections (CVE-2019-3883) * 389-ds-base: using dscreate in verbose mode results in information disclosure (CVE-2019-10224) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3403: container-tools:rhel8 security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20193403 highRHSA-2019:3403 CVE-2019-10214 CVE-2019-14378 CVE-2019-9946
RHSA-2019:3403: container-tools:rhel8 security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193403 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3403, CVE-2019-10214, CVE-2019-14378, CVE-2019-9946 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3419: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20193419 mediumRHSA-2019:3419 CVE-2018-12900
RHSA-2019:3419: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193419 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3419, CVE-2018-12900 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service or possibly code execution (CVE-2018-12900) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3421: mod_auth_mellon security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193421 mediumRHSA-2019:3421 CVE-2019-3877
RHSA-2019:3421: mod_auth_mellon security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193421 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3421, CVE-2019-3877 |
| Description | The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix(es): * mod_auth_mellon: open redirect in logout url when using URLs with backslashes (CVE-2019-3877) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193433 mediumRHSA-2019:3433 CVE-2019-14809
RHSA-2019:3433: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193433 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3433, CVE-2019-14809 |
| Description | Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: malformed hosts in URLs leads to authorization bypass (CVE-2019-14809) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3436: httpd:2.4 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193436 mediumRHSA-2019:3436 CVE-2019-0217 CVE-2019-0220
RHSA-2019:3436: httpd:2.4 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193436 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3436, CVE-2019-0217, CVE-2019-0220 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_auth_digest: access control bypass due to race condition (CVE-2019-0217) * httpd: URL normalization inconsistency (CVE-2019-0220) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3464: virt-manager security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20193464 lowRHSA-2019:3464 CVE-2019-10183
RHSA-2019:3464: virt-manager security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193464 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3464, CVE-2019-10183 |
| Description | Virtual Machine Manager (virt-manager) is a graphical tool for administering virtual machines for KVM, Xen, and Linux Containers (LXC). The virt-manager utility uses the libvirt API and can start, stop, add or remove virtualized devices, connect to a graphical or serial console, and view resource usage statistics for existing virtualized guests on local or remote machines. The following packages have been upgraded to a later upstream version: virt-manager (2.2.1). (BZ#1727881) Security Fix(es): * virt-install: unattended option leaks password via command line argument (CVE-2019-10183) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3467: dovecot security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193467 mediumRHSA-2019:3467 CVE-2019-3814
RHSA-2019:3467: dovecot security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193467 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3467, CVE-2019-3814 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Improper certificate validation (CVE-2019-3814) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3476: squid:4 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193476 mediumRHSA-2019:3476 CVE-2019-13345
RHSA-2019:3476: squid:4 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193476 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3476, CVE-2019-13345 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3494: container-tools:1.0 security and bug fix update (Important)oval-com.redhat.rhsa-def-20193494 highRHSA-2019:3494 CVE-2019-10214 CVE-2019-14378
RHSA-2019:3494: container-tools:1.0 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193494 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3494, CVE-2019-10214, CVE-2019-14378 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * containers/image: not enforcing TLS when sending username+password credentials to token servers leading to credential disclosure (CVE-2019-10214) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3497: http-parser security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193497 mediumRHSA-2019:3497 CVE-2018-12121
RHSA-2019:3497: http-parser security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193497 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3497, CVE-2018-12121 |
| Description | The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es): * nodejs: Denial of Service with large HTTP headers (CVE-2018-12121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3513: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193513 mediumRHSA-2019:3513 CVE-2016-10739
RHSA-2019:3513: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193513 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3513, CVE-2016-10739 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: getaddrinfo should reject IP addresses with trailing characters (CVE-2016-10739) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3517: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20193517 highRHSA-2019:3517 CVE-2015-1593 CVE-2018-16884 CVE-2018-19854 CVE-2018-19985 CVE-2018-20169 CVE-2019-10126 CVE-2019-10207 CVE-2019-10638 CVE-2019-11599 CVE-2019-11833 CVE-2019-11884 CVE-2019-12382 CVE-2019-13233 CVE-2019-13648 CVE-2019-14821 CVE-2019-15214 CVE-2019-15666 CVE-2019-15916 CVE-2019-15919 CVE-2019-15920 CVE-2019-15921 CVE-2019-15924 CVE-2019-15927 CVE-2019-16994 CVE-2019-20811 CVE-2019-3459 CVE-2019-3460 CVE-2019-3874 CVE-2019-3882 CVE-2019-3900 CVE-2019-5489 CVE-2019-7222 CVE-2019-9506 CVE-2020-10720
RHSA-2019:3517: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193517 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3517, CVE-2015-1593, CVE-2018-16884, CVE-2018-19854, CVE-2018-19985, CVE-2018-20169, CVE-2019-10126, CVE-2019-10207, CVE-2019-10638, CVE-2019-11599, CVE-2019-11833, CVE-2019-11884, CVE-2019-12382, CVE-2019-13233, CVE-2019-13648, CVE-2019-14821, CVE-2019-15214, CVE-2019-15666, CVE-2019-15916, CVE-2019-15919, CVE-2019-15920, CVE-2019-15921, CVE-2019-15924, CVE-2019-15927, CVE-2019-16994, CVE-2019-20811, CVE-2019-3459, CVE-2019-3460, CVE-2019-3874, CVE-2019-3882, CVE-2019-3900, CVE-2019-5489, CVE-2019-7222, CVE-2019-9506, CVE-2020-10720 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: nfs: use-after-free in svc_process_common() (CVE-2018-16884) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * Kernel: page cache side channel attacks (CVE-2019-5489) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c (CVE-2018-19854) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: Heap address information leak while using L2CAP_GET_CONF_OPT (CVE-2019-3459) * kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP (CVE-2019-3460) * kernel: SCTP socket buffer memory leak leading to denial of service (CVE-2019-3874) * kernel: denial of service vector through vfio DMA mappings (CVE-2019-3882) * kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping (CVE-2019-11599) * kernel: fs/ext4/extents.c leads to information disclosure (CVE-2019-11833) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: Linux stack ASLR implementation Integer overflow (CVE-2015-1593) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: KVM: leak of uninitialized stack contents to guest (CVE-2019-7222) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3520: python3 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193520 mediumRHSA-2019:3520 CVE-2019-5010 CVE-2019-9740 CVE-2019-9947 CVE-2019-9948
RHSA-2019:3520: python3 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193520 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3520, CVE-2019-5010, CVE-2019-9740, CVE-2019-9947, CVE-2019-9948 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: NULL pointer dereference using a specially crafted X509 certificate (CVE-2019-5010) * python: CRLF injection via the query part of the url passed to urlopen() (CVE-2019-9740) * python: CRLF injection via the path part of the url passed to urlopen() (CVE-2019-9947) * python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms (CVE-2019-9948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3525: dhcp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193525 mediumRHSA-2019:3525 CVE-2019-6470
RHSA-2019:3525: dhcp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193525 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3525, CVE-2019-6470 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: double-deletion of the released addresses in the dhcpv6 code leading to crash and possible DoS (CVE-2019-6470) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3530: glib2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193530 mediumRHSA-2019:3530 CVE-2019-12450
RHSA-2019:3530: glib2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193530 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3530, CVE-2019-12450 |
| Description | GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3552: bind security and bug fix update (Low)oval-com.redhat.rhsa-def-20193552 lowRHSA-2019:3552 CVE-2018-5745 CVE-2019-6465
RHSA-2019:3552: bind security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193552 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3552, CVE-2018-5745, CVE-2019-6465 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3553: GNOME security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20193553 lowRHSA-2019:3553 CVE-2019-11070 CVE-2019-11459 CVE-2019-12795 CVE-2019-3820 CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8518 CVE-2019-8523 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8666 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8676 CVE-2019-8677 CVE-2019-8679 CVE-2019-8681 CVE-2019-8686 CVE-2019-8687 CVE-2019-8689 CVE-2019-8690 CVE-2019-8726 CVE-2019-8735 CVE-2019-8768
RHSA-2019:3553: GNOME security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193553 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3553, CVE-2019-11070, CVE-2019-11459, CVE-2019-12795, CVE-2019-3820, CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8518, CVE-2019-8523, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8666, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8676, CVE-2019-8677, CVE-2019-8679, CVE-2019-8681, CVE-2019-8686, CVE-2019-8687, CVE-2019-8689, CVE-2019-8690, CVE-2019-8726, CVE-2019-8735, CVE-2019-8768 |
| Description | GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es): * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459) * gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20193575 lowRHSA-2019:3575 CVE-2019-7146 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665
RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193575 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3575, CVE-2019-7146, CVE-2019-7149, CVE-2019-7150, CVE-2019-7664, CVE-2019-7665 |
| Description | The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The following packages have been upgraded to a later upstream version: elfutils (0.176). (BZ#1683705) Security Fix(es): * elfutils: buffer over-read in the ebl_object_note function in eblobjnote.c in libebl (CVE-2019-7146) * elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw (CVE-2019-7149) * elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150) * elfutils: out of bound write in elf_cvt_note in libelf/note_xlate.h (CVE-2019-7664) * elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3582: samba security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193582 mediumRHSA-2019:3582 CVE-2019-3880
RHSA-2019:3582: samba security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193582 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3582, CVE-2019-3880 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.10.4). (BZ#1638001) Security Fix(es): * samba: save registry file outside share as unprivileged user (CVE-2019-3880) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3583: yum security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193583 mediumRHSA-2019:3583 CVE-2018-20534 CVE-2019-3817
RHSA-2019:3583: yum security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193583 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3583, CVE-2018-20534, CVE-2019-3817 |
| Description | Yum is a command-line utility that allows the user to check for updates and automatically download and install updated RPM packages. Yum automatically obtains and downloads dependencies, prompting the user for permission as necessary. The following packages have been upgraded to a later upstream version: dnf (4.2.7), dnf-plugins-core (4.0.8), libcomps (0.1.11), libdnf (0.35.1), librepo (1.10.3), libsolv (0.7.4). (BZ#1690288, BZ#1690289, BZ#1690299, BZ#1692402, BZ#1694019, BZ#1697946) Security Fix(es): * libcomps: use after free when merging two objmrtrees (CVE-2019-3817) * libsolv: illegal address access in pool_whatprovides in src/pool.h (CVE-2018-20534) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3590: python-urllib3 security update (Moderate)oval-com.redhat.rhsa-def-20193590 mediumRHSA-2019:3590 CVE-2019-11236 CVE-2019-11324
RHSA-2019:3590: python-urllib3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193590 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3590, CVE-2019-11236, CVE-2019-11324 |
| Description | The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3592: systemd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193592 mediumRHSA-2019:3592 CVE-2019-15718
RHSA-2019:3592: systemd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193592 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3592, CVE-2019-15718 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: systemd-resolved allows unprivileged users to configure DNS (CVE-2019-15718) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3600: gnutls security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193600 mediumRHSA-2019:3600 CVE-2019-3829 CVE-2019-3836
RHSA-2019:3600: gnutls security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193600 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3600, CVE-2019-3829, CVE-2019-3836 |
| Description | The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. The following packages have been upgraded to a later upstream version: gnutls (3.6.8). (BZ#1689967) Security Fix(es): * gnutls: use-after-free/double-free in certificate verification (CVE-2019-3829) * gnutls: invalid pointer access upon receiving async handshake messages (CVE-2019-3836) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3610: libqb security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193610 mediumRHSA-2019:3610 CVE-2019-12779
RHSA-2019:3610: libqb security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193610 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3610, CVE-2019-12779 |
| Description | The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Security Fix(es): * libqb: Insecure treatment of IPC (temporary) files (CVE-2019-12779) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3624: libseccomp security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193624 mediumRHSA-2019:3624 CVE-2019-9893
RHSA-2019:3624: libseccomp security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193624 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3624, CVE-2019-9893 |
| Description | The libseccomp library provides an interface to the Linux Kernel's syscall filtering mechanism, seccomp. The libseccomp API allows an application to specify which system calls or system call arguments the application is allowed to execute, all of which are then enforced by the Linux Kernel. The following packages have been upgraded to a later upstream version: libseccomp (2.4.1). (BZ#1688938) Security Fix(es): * libseccomp: incorrect generation of syscall filters in libseccomp (CVE-2019-9893) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3643: gettext security update (Low)oval-com.redhat.rhsa-def-20193643 lowRHSA-2019:3643 CVE-2018-18751
RHSA-2019:3643: gettext security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193643 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3643, CVE-2018-18751 |
| Description | The gettext packages provide a documentation for producing multi-lingual messages in programs, set of conventions about how programs should be written, a runtime library, and a directory and file naming organization for the message catalogs. Security Fix(es): * gettext: double free in default_add_message in read-catalog.c (CVE-2018-18751) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3651: sssd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20193651 lowRHSA-2019:3651 CVE-2018-16838
RHSA-2019:3651: sssd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193651 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3651, CVE-2018-16838 |
| Description | The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. The following packages have been upgraded to a later upstream version: sssd (2.2.0). (BZ#1687281) Security Fix(es): * sssd: improper implementation of GPOs due to too restrictive permissions (CVE-2018-16838) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3673: lldpad security and bug fix update (Low)oval-com.redhat.rhsa-def-20193673 lowRHSA-2019:3673 CVE-2018-10932
RHSA-2019:3673: lldpad security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193673 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3673, CVE-2018-10932 |
| Description | The lldpad packages provide the Linux user space daemon and configuration tool for Intel's Link Layer Discovery Protocol (LLDP) Agent with Enhanced Ethernet support. Security Fix(es): * lldptool: improper sanitization of shell-escape codes (CVE-2018-10932) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3694: sudo security update (Important)oval-com.redhat.rhsa-def-20193694 highRHSA-2019:3694 CVE-2019-14287
RHSA-2019:3694: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193694 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3694, CVE-2019-14287 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3698: libarchive security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193698 mediumRHSA-2019:3698 CVE-2017-14503 CVE-2018-1000877 CVE-2018-1000878 CVE-2019-1000019 CVE-2019-1000020
RHSA-2019:3698: libarchive security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193698 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3698, CVE-2017-14503, CVE-2018-1000877, CVE-2018-1000878, CVE-2019-1000019, CVE-2019-1000020 |
| Description | The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: Double free in RAR decoder resulting in a denial of service (CVE-2018-1000877) * libarchive: Use after free in RAR decoder resulting in a denial of service (CVE-2018-1000878) * libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service (CVE-2019-1000019) * libarchive: Infinite recursion in archive_read_support_format_iso9660.c resulting in denial of service (CVE-2019-1000020) * libarchive: Out-of-bounds read in lha_read_data_none (CVE-2017-14503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3699: evolution security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193699 mediumRHSA-2019:3699 CVE-2019-3890
RHSA-2019:3699: evolution security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193699 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3699, CVE-2019-3890 |
| Description | Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Security Fix(es): * evolution-ews: all certificate errors ignored if configured to ignore an initial error in gnome-online-accounts creation resulting in the connection open to being viewed and modified. (CVE-2019-3890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3700: openssl security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20193700 lowRHSA-2019:3700 CVE-2018-0734 CVE-2018-0735 CVE-2019-1543
RHSA-2019:3700: openssl security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193700 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3700, CVE-2018-0734, CVE-2018-0735, CVE-2019-1543 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl (1.1.1c). (BZ#1643026) Security Fix(es): * openssl: timing side channel attack in the DSA signature algorithm (CVE-2018-0734) * openssl: timing side channel attack in the ECDSA signature generation (CVE-2018-0735) * openssl: ChaCha20-Poly1305 with long nonces (CVE-2019-1543) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3701: curl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193701 mediumRHSA-2019:3701 CVE-2018-16890 CVE-2018-20483 CVE-2019-3822 CVE-2019-3823
RHSA-2019:3701: curl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193701 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3701, CVE-2018-16890, CVE-2018-20483, CVE-2019-3822, CVE-2019-3823 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: NTLM type-2 heap out-of-bounds buffer read (CVE-2018-16890) * wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483) * curl: NTLMv2 type-3 header stack buffer overflow (CVE-2019-3822) * curl: SMTP end-of-response out-of-bounds read (CVE-2019-3823) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3702: openssh security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20193702 mediumRHSA-2019:3702 CVE-2018-20685 CVE-2019-6109 CVE-2019-6111
RHSA-2019:3702: openssh security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193702 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3702, CVE-2018-20685, CVE-2019-6109, CVE-2019-6111 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh (8.0p1). (BZ#1691045) Security Fix(es): * openssh: scp client improper directory name validation (CVE-2018-20685) * openssh: Improper validation of object names allows malicious server to overwrite files via scp client (CVE-2019-6111) * openssh: Missing character encoding in progress display allows for spoofing of scp client output (CVE-2019-6109) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3703: libvorbis security update (Low)oval-com.redhat.rhsa-def-20193703 lowRHSA-2019:3703 CVE-2018-10392 CVE-2018-10393
RHSA-2019:3703: libvorbis security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193703 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3703, CVE-2018-10392, CVE-2018-10393 |
| Description | The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis, a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed format for audio and music at fixed and variable bitrates. Security Fix(es): * libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392) * libvorbis: stack buffer overflow in bark_noise_hybridmp function (CVE-2018-10393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3704: numpy security update (Moderate)oval-com.redhat.rhsa-def-20193704 mediumRHSA-2019:3704 CVE-2019-6446
RHSA-2019:3704: numpy security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193704 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3704, CVE-2019-6446 |
| Description | The numpy packages provide NumPY. NumPY is an extension to the Python programming language, which adds support for large, multi-dimensional arrays and matrices, and a library of mathematical functions that operate on such arrays. Security Fix(es): * numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution (CVE-2019-6446) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3705: libjpeg-turbo security update (Moderate)oval-com.redhat.rhsa-def-20193705 mediumRHSA-2019:3705 CVE-2018-14498
RHSA-2019:3705: libjpeg-turbo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193705 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3705, CVE-2018-14498 |
| Description | The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg-turbo: heap-based buffer over-read via crafted 8-bit BMP in get_8bit_row in rdbmp.c leads to denial of service (CVE-2018-14498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3706: lua security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193706 mediumRHSA-2019:3706 CVE-2019-6706
RHSA-2019:3706: lua security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193706 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3706, CVE-2019-6706 |
| Description | The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fix(es): * lua: use-after-free in lua_upvaluejoin in lapi.c resulting in denial of service (CVE-2019-6706) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3707: dbus security update (Moderate)oval-com.redhat.rhsa-def-20193707 mediumRHSA-2019:3707 CVE-2019-12749
RHSA-2019:3707: dbus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193707 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3707, CVE-2019-12749 |
| Description | D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20193708 mediumRHSA-2019:3708 CVE-2019-2510 CVE-2019-2537 CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2020-2922 CVE-2021-2007
RHSA-2019:3708: mariadb:10.3 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20193708 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:3708, CVE-2019-2510, CVE-2019-2537, CVE-2019-2614, CVE-2019-2627, CVE-2019-2628, CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2020-2922, CVE-2021-2007 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.17), galera (25.3.26). (BZ#1701687, BZ#1711265, BZ#1741358) Security Fix(es): * mysql: InnoDB unspecified vulnerability (CPU Jan 2019) (CVE-2019-2510) * mysql: Server: DDL unspecified vulnerability (CPU Jan 2019) (CVE-2019-2537) * mysql: Server: Replication unspecified vulnerability (CPU Apr 2019) (CVE-2019-2614) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Apr 2019) (CVE-2019-2627) * mysql: InnoDB unspecified vulnerability (CPU Apr 2019) (CVE-2019-2628) * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739) * mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740) * mysql: InnoDB unspecified vulnerability (CPU Jul 2019) (CVE-2019-2758) * mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2019:3735: php:7.2 security update (Critical)oval-com.redhat.rhsa-def-20193735 highRHSA-2019:3735 CVE-2019-11043
RHSA-2019:3735: php:7.2 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20193735 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3735, CVE-2019-11043 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3736: php:7.3 security update (Critical)oval-com.redhat.rhsa-def-20193736 highRHSA-2019:3736 CVE-2019-11043
RHSA-2019:3736: php:7.3 security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20193736 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3736, CVE-2019-11043 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: underflow in env_path_info in fpm_main.c (CVE-2019-11043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3755: sudo security update (Important)oval-com.redhat.rhsa-def-20193755 highRHSA-2019:3755 CVE-2019-14287
RHSA-2019:3755: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193755 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3755, CVE-2019-14287 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3756: thunderbird security update (Important)oval-com.redhat.rhsa-def-20193756 highRHSA-2019:3756 CVE-2019-11757 CVE-2019-11758 CVE-2019-11759 CVE-2019-11760 CVE-2019-11761 CVE-2019-11762 CVE-2019-11763 CVE-2019-11764 CVE-2019-15903
RHSA-2019:3756: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193756 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3756, CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.2.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 (CVE-2019-11764) * Mozilla: Use-after-free when creating index updates in IndexedDB (CVE-2019-11757) * Mozilla: Potentially exploitable crash due to 360 Total Security (CVE-2019-11758) * Mozilla: Stack buffer overflow in HKDF output (CVE-2019-11759) * Mozilla: Stack buffer overflow in WebRTC networking (CVE-2019-11760) * Mozilla: Unintended access to a privileged JSONView object (CVE-2019-11761) * Mozilla: document.domain-based origin isolation has same-origin-property violation (CVE-2019-11762) * Mozilla: Incorrect HTML parsing results in XSS bypass technique (CVE-2019-11763) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3832: kernel security update (Important)oval-com.redhat.rhsa-def-20193832 highRHSA-2019:3832 CVE-2018-12207 CVE-2019-0154 CVE-2019-11135
RHSA-2019:3832: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193832 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3832, CVE-2018-12207, CVE-2019-0154, CVE-2019-11135 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3833: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20193833 highRHSA-2019:3833 CVE-2018-12207 CVE-2019-0154 CVE-2019-11135
RHSA-2019:3833: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193833 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3833, CVE-2018-12207, CVE-2019-0154, CVE-2019-11135 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3834: kernel security update (Important)oval-com.redhat.rhsa-def-20193834 highRHSA-2019:3834 CVE-2018-12207 CVE-2019-0154 CVE-2019-11135
RHSA-2019:3834: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193834 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3834, CVE-2018-12207, CVE-2019-0154, CVE-2019-11135 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3835: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20193835 highRHSA-2019:3835 CVE-2018-12207 CVE-2019-0154 CVE-2019-11135
RHSA-2019:3835: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193835 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3835, CVE-2018-12207, CVE-2019-0154, CVE-2019-11135 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3836: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20193836 highRHSA-2019:3836 CVE-2018-12207 CVE-2019-0154 CVE-2019-11135 CVE-2019-3900
RHSA-2019:3836: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193836 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3836, CVE-2018-12207, CVE-2019-0154, CVE-2019-11135, CVE-2019-3900 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * Kernel: vhost_net: infinite loop while receiving packets leads to DoS (CVE-2019-3900) * hw: Intel GPU Denial Of Service while accessing MMIO in lower power state (CVE-2019-0154) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Intel 6.10 Bug] With mWait/C-states disabled, HT on, ibrs enabled, performance impact observed on user space benchmark (BZ#1560787) * kernel-2.6.32-573.60.2.el6 hangs/resets during boot in efi_enter_virtual_mode() on Xeon v2 E7-2870 (BZ#1645724) * Slab leak: skbuff_head_cache slab object still allocated after mcast processes are stopped and "fragments dropped after timeout" errors are shown (BZ#1752536) |
RHSA-2019:3870: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20193870 highRHSA-2019:3870 CVE-2019-0155
RHSA-2019:3870: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193870 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3870, CVE-2019-0155 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3871: kernel security update (Important)oval-com.redhat.rhsa-def-20193871 highRHSA-2019:3871 CVE-2019-0155
RHSA-2019:3871: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193871 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3871, CVE-2019-0155 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3872: kernel security update (Important)oval-com.redhat.rhsa-def-20193872 highRHSA-2019:3872 CVE-2019-0155
RHSA-2019:3872: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193872 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3872, CVE-2019-0155 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3878: kernel security update (Important)oval-com.redhat.rhsa-def-20193878 highRHSA-2019:3878 CVE-2019-0155
RHSA-2019:3878: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193878 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3878, CVE-2019-0155 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3887: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20193887 highRHSA-2019:3887 CVE-2019-0155
RHSA-2019:3887: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193887 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3887, CVE-2019-0155 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * hardware: Intel GPU blitter manipulation can allow for arbitrary kernel memory write (CVE-2019-0155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3888: ghostscript security update (Important)oval-com.redhat.rhsa-def-20193888 highRHSA-2019:3888 CVE-2019-14869
RHSA-2019:3888: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193888 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3888, CVE-2019-14869 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: -dSAFER escape in .charkeys (701841) (CVE-2019-14869) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3890: ghostscript security update (Important)oval-com.redhat.rhsa-def-20193890 highRHSA-2019:3890 CVE-2019-14869
RHSA-2019:3890: ghostscript security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193890 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3890, CVE-2019-14869 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * ghostscript: -dSAFER escape in .charkeys (701841) (CVE-2019-14869) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3936: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20193936 highRHSA-2019:3936 CVE-2018-12207 CVE-2019-11135
RHSA-2019:3936: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193936 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3936, CVE-2018-12207, CVE-2019-11135 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) |
RHSA-2019:3950: SDL security update (Important)oval-com.redhat.rhsa-def-20193950 highRHSA-2019:3950 CVE-2019-13616
RHSA-2019:3950: SDL security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193950 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3950, CVE-2019-13616 |
| Description | Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3951: SDL security update (Important)oval-com.redhat.rhsa-def-20193951 highRHSA-2019:3951 CVE-2019-13616
RHSA-2019:3951: SDL security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193951 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3951, CVE-2019-13616 |
| Description | Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * SDL: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3968: qemu-kvm-ma security update (Important)oval-com.redhat.rhsa-def-20193968 highRHSA-2019:3968 CVE-2019-14378
RHSA-2019:3968: qemu-kvm-ma security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193968 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3968, CVE-2019-14378 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3976: tcpdump security update (Low)oval-com.redhat.rhsa-def-20193976 lowRHSA-2019:3976 CVE-2018-19519
RHSA-2019:3976: tcpdump security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20193976 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2019:3976, CVE-2018-19519 |
| Description | The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. Security Fix(es): * tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:3978: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20193978 highRHSA-2019:3978 CVE-2019-14821 CVE-2019-15239
RHSA-2019:3978: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193978 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3978, CVE-2019-14821, CVE-2019-15239 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL7.7.z batch#3 source tree (BZ#1762889) |
RHSA-2019:3979: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20193979 highRHSA-2019:3979 CVE-2019-14821 CVE-2019-15239
RHSA-2019:3979: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193979 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3979, CVE-2019-14821, CVE-2019-15239 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks InfoScale) (BZ#1752423) * RHEL7 fnic spamming logs: Current vnic speed set to : 40000 (BZ#1754836) * kernel build: parallelize redhat/mod-sign.sh (BZ#1755330) * kernel build: speed up module compression step (BZ#1755339) * Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests (BZ#1755781) * NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265) * Regression: panic in pick_next_task_rt (BZ#1756267) * ixgbe reports "Detected Tx Unit Hang" with adapter reset on RHEL 7 (BZ#1757350) * [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. (BZ#1757757) * nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is called from timeout handler (BZ#1758051) * [mlx5] VF Representer naming is not consistent/persistent through reboots with OSPD deployment (BZ#1759003) * OS getting restarted because of driver issue with QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02). (BZ#1759447) * mlx5: Load balancing not working over VF LAG configuration (BZ#1759449) * RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR (BZ#1763620) * RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621) * RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test (BZ#1763624) * RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625) * xfs hangs on acquiring xfs_buf semaphore (BZ#1764245) * single CPU VM hangs during open_posix_testsuite (BZ#1766087) * rcu_sched self-detected stall on CPU while booting with nohz_full (BZ#1766098) |
RHSA-2019:3981: 389-ds-base security and bug fix update (Important)oval-com.redhat.rhsa-def-20193981 highRHSA-2019:3981 CVE-2019-14824
RHSA-2019:3981: 389-ds-base security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20193981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:3981, CVE-2019-14824 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: Read permission check bypass via the deref plugin (CVE-2019-14824) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * DB Deadlock on modrdn appears to corrupt database and entry cache (BZ#1749289) * After audit log file is rotated, DS version string is logged after each update (BZ#1754831) * Extremely slow LDIF import with ldif2db (BZ#1763622) * ns-slapd crash on concurrent SASL BINDs, connection_call_io_layer_callbacks must hold hold c_mutex (BZ#1763627) * CleanAllRUV task limit not enforced (BZ#1767622) |
RHSA-2019:4024: SDL security update (Important)oval-com.redhat.rhsa-def-20194024 highRHSA-2019:4024 CVE-2019-14906
RHSA-2019:4024: SDL security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194024 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4024, CVE-2019-14906 |
| Description | Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * SDL: CVE-2019-13616 not fixed in Red Hat Enterprise Linux 7 erratum RHSA-2019:3950 (CVE-2019-14906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4107: firefox security update (Critical)oval-com.redhat.rhsa-def-20194107 highRHSA-2019:4107 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012
RHSA-2019:4107: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20194107 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4107, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4108: firefox security update (Critical)oval-com.redhat.rhsa-def-20194108 highRHSA-2019:4108 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012
RHSA-2019:4108: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20194108 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4108, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4111: firefox security update (Critical)oval-com.redhat.rhsa-def-20194111 highRHSA-2019:4111 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012
RHSA-2019:4111: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20194111 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4111, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4114: nss security update (Important)oval-com.redhat.rhsa-def-20194114 highRHSA-2019:4114 CVE-2019-11745
RHSA-2019:4114: nss security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194114 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4114, CVE-2019-11745 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4148: thunderbird security update (Important)oval-com.redhat.rhsa-def-20194148 highRHSA-2019:4148 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012
RHSA-2019:4148: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194148 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4148, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4152: nss-softokn security update (Important)oval-com.redhat.rhsa-def-20194152 highRHSA-2019:4152 CVE-2019-11745
RHSA-2019:4152: nss-softokn security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194152 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4152, CVE-2019-11745 |
| Description | The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4190: nss, nss-softokn, nss-util security update (Important)oval-com.redhat.rhsa-def-20194190 highRHSA-2019:4190 CVE-2019-11729 CVE-2019-11745
RHSA-2019:4190: nss, nss-softokn, nss-util security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194190 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4190, CVE-2019-11729, CVE-2019-11745 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with the Network Security Services (NSS) libraries. Security Fix(es): * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate (CVE-2019-11745) * nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault (CVE-2019-11729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4191: sudo security update (Important)oval-com.redhat.rhsa-def-20194191 highRHSA-2019:4191 CVE-2019-14287
RHSA-2019:4191: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194191 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4191, CVE-2019-14287 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword (CVE-2019-14287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4195: thunderbird security update (Important)oval-com.redhat.rhsa-def-20194195 highRHSA-2019:4195 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012
RHSA-2019:4195: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194195 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4195, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4205: thunderbird security update (Important)oval-com.redhat.rhsa-def-20194205 highRHSA-2019:4205 CVE-2019-17005 CVE-2019-17008 CVE-2019-17010 CVE-2019-17011 CVE-2019-17012
RHSA-2019:4205: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194205 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4205, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.3.0. Security Fix(es): * Mozilla: Use-after-free in worker destruction (CVE-2019-17008) * Mozilla: Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 (CVE-2019-17012) * Mozilla: Buffer overflow in plain text serializer (CVE-2019-17005) * Mozilla: Use-after-free when performing device orientation checks (CVE-2019-17010) * Mozilla: Use-after-free when retrieving a document in antitracking (CVE-2019-17011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4240: openslp security update (Critical)oval-com.redhat.rhsa-def-20194240 highRHSA-2019:4240 CVE-2019-5544
RHSA-2019:4240: openslp security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20194240 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4240, CVE-2019-5544 |
| Description | OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Security Fix(es): * openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4245: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20194245 highRHSA-2019:4245 CVE-2019-19339
RHSA-2019:4245: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194245 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4245, CVE-2019-19339 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix: * kpatch: hw: incomplete fix for CVE-2018-12207 (CVE-2019-19339) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4254: freetype security update (Moderate)oval-com.redhat.rhsa-def-20194254 mediumRHSA-2019:4254 CVE-2015-9381 CVE-2015-9382
RHSA-2019:4254: freetype security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20194254 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2019:4254, CVE-2015-9381, CVE-2015-9382 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fix(es): * freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to information disclosure (CVE-2015-9381) * freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read (CVE-2015-9382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4256: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20194256 highRHSA-2019:4256 CVE-2019-14821
RHSA-2019:4256: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194256 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4256, CVE-2019-14821 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * KEYS: prevent creating a different user's keyrings RHEL-6.10 (BZ#1537371) * BUG: unable to handle kernel NULL pointer dereference at (null) (BZ#1733760) * long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1749512) |
RHSA-2019:4269: container-tools:rhel8 security and bug fix update (Important)oval-com.redhat.rhsa-def-20194269 highRHSA-2019:4269 CVE-2019-16884 CVE-2019-18466 CVE-2019-9512 CVE-2019-9514
RHSA-2019:4269: container-tools:rhel8 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194269 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4269, CVE-2019-16884, CVE-2019-18466, CVE-2019-9512, CVE-2019-9514 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * avc: podman run --security-opt label=type:svirt_qemu_net_t (BZ#1764318) * backport json-file logging support to 1.4.2 (BZ#1770176) * Selinux won't allow SCTP inter pod communication (BZ#1774382) |
RHSA-2019:4273: container-tools:1.0 security update (Important)oval-com.redhat.rhsa-def-20194273 highRHSA-2019:4273 CVE-2019-9512 CVE-2019-9514
RHSA-2019:4273: container-tools:1.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194273 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4273, CVE-2019-9512, CVE-2019-9514 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4326: fribidi security update (Important)oval-com.redhat.rhsa-def-20194326 highRHSA-2019:4326 CVE-2019-18397
RHSA-2019:4326: fribidi security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194326 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4326, CVE-2019-18397 |
| Description | A library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fix(es): * fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution (CVE-2019-18397) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4356: git security update (Important)oval-com.redhat.rhsa-def-20194356 highRHSA-2019:4356 CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1387
RHSA-2019:4356: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194356 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4356, CVE-2019-1348, CVE-2019-1349, CVE-2019-1352, CVE-2019-1387 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. The following packages have been upgraded to a later upstream version: git (2.18.2). (BZ#1784058) Security Fix(es): * git: Remote code execution in recursive clones with nested submodules (CVE-2019-1387) * git: Arbitrary path overwriting via export-marks in-stream command feature (CVE-2019-1348) * git: Recursive submodule cloning allows using git directory twice with synonymous directory name written in .git/ (CVE-2019-1349) * git: Files inside the .git directory may be overwritten during cloning via NTFS Alternate Data Streams (CVE-2019-1352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2019:4360: libyang security update (Important)oval-com.redhat.rhsa-def-20194360 highRHSA-2019:4360 CVE-2019-19333 CVE-2019-19334
RHSA-2019:4360: libyang security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194360 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4360, CVE-2019-19333, CVE-2019-19334 |
| Description | The libyang package provides a library for YANG data modeling language. libyang is a YANG data modelling language parser and toolkit written (and providing API) in C. The library is used e.g. in libnetconf2, Netopeer2, sysrepo and FRRouting projects. Security Fix(es): * libyang: stack-based buffer overflow in make_canonical when bits leaf type is used (CVE-2019-19333) * libyang: stack-based buffer overflow in make_canonical when identityref leaf type is used (CVE-2019-19334) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. IMPORTANT: The libyang-devel sub-package has recently been removed from the AppStream repository. If you have previously installed libyang-devel, remove it prior to applying this advisory to make the update successful. |
RHSA-2019:4361: fribidi security update (Important)oval-com.redhat.rhsa-def-20194361 highRHSA-2019:4361 CVE-2019-18397
RHSA-2019:4361: fribidi security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20194361 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2019:4361, CVE-2019-18397 |
| Description | A library to handle bidirectional scripts (for example Hebrew, Arabic), so that the display is done in the proper way, while the text data itself is always written in logical order. Security Fix(es): * fribidi: buffer overflow in fribidi_get_par_embedding_levels_ex() in lib/fribidi-bidi.c leading to denial of service and possible code execution (CVE-2019-18397) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0027: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20200027 highRHSA-2020:0027 CVE-2019-14821 CVE-2019-15239
RHSA-2020:0027: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200027 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0027, CVE-2019-14821, CVE-2019-15239 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security fix(es): * Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821) * kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239) For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0028: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20200028 highRHSA-2020:0028 CVE-2018-12207 CVE-2019-11135
RHSA-2020:0028: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200028 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0028, CVE-2018-12207, CVE-2019-11135 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * hw: Machine Check Error on Page Size Change (IFU) (CVE-2018-12207) * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0046: java-1.8.0-ibm security update (Moderate)oval-com.redhat.rhsa-def-20200046 mediumRHSA-2020:0046 CVE-2019-17631 CVE-2019-2945 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999
RHSA-2020:0046: java-1.8.0-ibm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20200046 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:0046, CVE-2019-17631, CVE-2019-2945, CVE-2019-2962, CVE-2019-2964, CVE-2019-2973, CVE-2019-2975, CVE-2019-2978, CVE-2019-2981, CVE-2019-2983, CVE-2019-2988, CVE-2019-2989, CVE-2019-2992, CVE-2019-2996, CVE-2019-2999 |
| Description | IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6. Security Fix(es): * OpenJDK: Unexpected exception thrown during regular expression processing in Nashorn (Scripting, 8223518) (CVE-2019-2975) * OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978) * OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989) * Oracle JDK: unspecified vulnerability fixed in 8u221 (Deployment) (CVE-2019-2996) * IBM JDK: Unrestricted access to diagnostic operations (CVE-2019-17631) * OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945) * OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962) * OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964) * OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973) * OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981) * OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983) * OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988) * OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992) * OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0085: firefox security update (Critical)oval-com.redhat.rhsa-def-20200085 highRHSA-2020:0085 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026
RHSA-2020:0085: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20200085 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0085, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0086: firefox security update (Critical)oval-com.redhat.rhsa-def-20200086 highRHSA-2020:0086 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026
RHSA-2020:0086: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20200086 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0086, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0111: firefox security update (Critical)oval-com.redhat.rhsa-def-20200111 highRHSA-2020:0111 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026
RHSA-2020:0111: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20200111 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0111, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0120: thunderbird security update (Important)oval-com.redhat.rhsa-def-20200120 highRHSA-2020:0120 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026
RHSA-2020:0120: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200120 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0120, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0122: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20200122 highRHSA-2020:0122 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655
RHSA-2020:0122: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200122 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0122, CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect handling of unexpected CertificateVerify TLS handshake messages (JSSE, 8231780) (CVE-2020-2655) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0123: thunderbird security update (Important)oval-com.redhat.rhsa-def-20200123 highRHSA-2020:0123 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026
RHSA-2020:0123: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200123 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0123, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0124: git security update (Important)oval-com.redhat.rhsa-def-20200124 highRHSA-2020:0124 CVE-2019-1387
RHSA-2020:0124: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200124 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0124, CVE-2019-1387 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: Remote code execution in recursive clones with nested submodules (CVE-2019-1387) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0127: thunderbird security update (Important)oval-com.redhat.rhsa-def-20200127 highRHSA-2020:0127 CVE-2019-17016 CVE-2019-17017 CVE-2019-17022 CVE-2019-17024 CVE-2019-17026
RHSA-2020:0127: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200127 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0127, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Security Fix(es): * Mozilla: IonMonkey type confusion with StoreElementHole and FallibleStoreElement (CVE-2019-17026) * Mozilla: Bypass of @namespace CSS sanitization during pasting (CVE-2019-17016) * Mozilla: Type Confusion in XPCVariant.cpp (CVE-2019-17017) * Mozilla: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4 (CVE-2019-17024) * Mozilla: CSS sanitization does not escape HTML tags (CVE-2019-17022) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0128: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20200128 highRHSA-2020:0128 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2655
RHSA-2020:0128: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200128 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0128, CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2655 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect handling of unexpected CertificateVerify TLS handshake messages (JSSE, 8231780) (CVE-2020-2655) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0130: .NET Core on Red Hat Enterprise Linux security and bug fix update (Critical)oval-com.redhat.rhsa-def-20200130 highRHSA-2020:0130 CVE-2020-0602 CVE-2020-0603
RHSA-2020:0130: .NET Core on Red Hat Enterprise Linux security and bug fix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20200130 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0130, CVE-2020-0602, CVE-2020-0603 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.0.102 and .NET Core Runtime 3.0.2. Security Fixes: * dotnet: Memory Corruption in SignalR (CVE-2020-0603) * dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE pages listed in the References section. |
RHSA-2020:0157: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20200157 highRHSA-2020:0157 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659
RHSA-2020:0157: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200157 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0157, CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0194: apache-commons-beanutils security update (Important)oval-com.redhat.rhsa-def-20200194 highRHSA-2020:0194 CVE-2019-10086
RHSA-2020:0194: apache-commons-beanutils security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200194 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0194, CVE-2019-10086 |
| Description | The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fix(es): * apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default (CVE-2019-10086) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0195: python-reportlab security update (Important)oval-com.redhat.rhsa-def-20200195 highRHSA-2020:0195 CVE-2019-17626
RHSA-2020:0195: python-reportlab security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200195 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0195, CVE-2019-17626 |
| Description | Python-reportlab is a library used for generation of PDF documents. Security Fix(es): * python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0196: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20200196 highRHSA-2020:0196 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659
RHSA-2020:0196: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200196 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0196, CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0197: python-reportlab security update (Important)oval-com.redhat.rhsa-def-20200197 highRHSA-2020:0197 CVE-2019-17626
RHSA-2020:0197: python-reportlab security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0197, CVE-2019-17626 |
| Description | Python-reportlab is a library used for generation of PDF documents. Security Fix(es): * python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0199: openslp security update (Critical)oval-com.redhat.rhsa-def-20200199 highRHSA-2020:0199 CVE-2019-5544
RHSA-2020:0199: openslp security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20200199 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0199, CVE-2019-5544 |
| Description | OpenSLP is an open source implementation of the Service Location Protocol (SLP) which is an Internet Engineering Task Force (IETF) standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Security Fix(es): * openslp: Heap-based buffer overflow in ProcessSrvRqst() in slpd_process.c leading to remote code execution (CVE-2019-5544) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0201: python-reportlab security update (Important)oval-com.redhat.rhsa-def-20200201 highRHSA-2020:0201 CVE-2019-17626
RHSA-2020:0201: python-reportlab security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200201 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0201, CVE-2019-17626 |
| Description | Python-reportlab is a library used for generation of PDF documents. Security Fix(es): * python-reportlab: code injection in colors.py allows attacker to execute code (CVE-2019-17626) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0202: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20200202 highRHSA-2020:0202 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659
RHSA-2020:0202: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200202 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0202, CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checkum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0203: libarchive security update (Important)oval-com.redhat.rhsa-def-20200203 highRHSA-2020:0203 CVE-2019-18408
RHSA-2020:0203: libarchive security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200203 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0203, CVE-2019-18408 |
| Description | The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry (CVE-2019-18408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0227: sqlite security update (Important)oval-com.redhat.rhsa-def-20200227 highRHSA-2020:0227 CVE-2019-13734
RHSA-2020:0227: sqlite security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200227 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0227, CVE-2019-13734 |
| Description | SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0262: openjpeg2 security update (Important)oval-com.redhat.rhsa-def-20200262 highRHSA-2020:0262 CVE-2020-6851
RHSA-2020:0262: openjpeg2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200262 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0262, CVE-2020-6851 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor() (CVE-2020-6851) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0271: libarchive security update (Important)oval-com.redhat.rhsa-def-20200271 highRHSA-2020:0271 CVE-2019-18408
RHSA-2020:0271: libarchive security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200271 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0271, CVE-2019-18408 |
| Description | The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: use-after-free in archive_read_format_rar_read_data when there is an error in the decompression of an archive entry (CVE-2019-18408) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0273: sqlite security update (Important)oval-com.redhat.rhsa-def-20200273 highRHSA-2020:0273 CVE-2019-13734
RHSA-2020:0273: sqlite security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200273 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0273, CVE-2019-13734 |
| Description | SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: fts3: improve shadow table corruption detection (CVE-2019-13734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0274: openjpeg2 security update (Important)oval-com.redhat.rhsa-def-20200274 highRHSA-2020:0274 CVE-2020-6851
RHSA-2020:0274: openjpeg2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200274 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0274, CVE-2020-6851 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: Heap-based buffer overflow in opj_t1_clbl_decode_processor() (CVE-2020-6851) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0279: virt:rhel security update (Moderate)oval-com.redhat.rhsa-def-20200279 mediumRHSA-2020:0279 CVE-2019-11135
RHSA-2020:0279: virt:rhel security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20200279 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:0279, CVE-2019-11135 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0316: git security update (Important)oval-com.redhat.rhsa-def-20200316 highRHSA-2020:0316 CVE-2018-17456
RHSA-2020:0316: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200316 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0316, CVE-2018-17456 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: arbitrary code execution via .gitmodules (CVE-2018-17456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0328: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20200328 highRHSA-2020:0328 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 CVE-2019-14901 CVE-2019-17666 CVE-2019-19338
RHSA-2020:0328: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200328 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0328, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14895, CVE-2019-14898, CVE-2019-14901, CVE-2019-17666, CVE-2019-19338 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.1.z2 source tree (BZ#1780326) |
RHSA-2020:0329: go-toolset:rhel8 security update (Moderate)oval-com.redhat.rhsa-def-20200329 mediumRHSA-2020:0329 CVE-2019-16276 CVE-2019-17596
RHSA-2020:0329: go-toolset:rhel8 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20200329 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:0329, CVE-2019-16276, CVE-2019-17596 |
| Description | Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: HTTP/1.1 headers with a space before the colon leads to filter bypass or request smuggling (CVE-2019-16276) * golang: invalid public key causes panic in dsa.Verify (CVE-2019-17596) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0335: grub2 security update (Moderate)oval-com.redhat.rhsa-def-20200335 mediumRHSA-2020:0335 CVE-2019-14865
RHSA-2020:0335: grub2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20200335 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:0335, CVE-2019-14865 |
| Description | The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: grub2-set-bootflag utility causes grubenv corruption rendering the system non-bootable (CVE-2019-14865) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0339: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20200339 highRHSA-2020:0339 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 CVE-2019-14901 CVE-2019-17666 CVE-2019-19338
RHSA-2020:0339: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200339 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0339, CVE-2019-14814, CVE-2019-14815, CVE-2019-14816, CVE-2019-14895, CVE-2019-14898, CVE-2019-14901, CVE-2019-17666, CVE-2019-19338 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816) * kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895) * kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: heap overflow in mwifiex_set_uap_rates() function of Marvell Wifi Driver leading to DoS (CVE-2019-14814) * kernel: heap-overflow in mwifiex_set_wmm_params() function of Marvell WiFi driver leading to DoS (CVE-2019-14815) * kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Azure][8.1] Include patch "PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it" (BZ#1764635) * block layer: update to v5.3 (BZ#1777766) * backport xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (BZ#1778692) * Backport important bugfixes from upstream post 5.3 (BZ#1778693) * LUN path recovery issue with Emulex LPe32002 HBA in RHEL 8.0 Server during storage side cable pull testing (BZ#1781108) * cifs tasks enter D state and error out with "CIFS VFS: SMB signature verification returned error = -5" (BZ#1781110) * Update CIFS to linux 5.3 (except RDMA and conflicts) (BZ#1781113) * RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781114) * blk-mq: overwirte performance drops on real MQ device (BZ#1782181) |
RHSA-2020:0348: container-tools:rhel8 security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20200348 highRHSA-2020:0348 CVE-2019-15890 CVE-2020-7039
RHSA-2020:0348: container-tools:rhel8 security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200348 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0348, CVE-2019-15890, CVE-2020-7039 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. |
RHSA-2020:0366: qemu-kvm security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20200366 highRHSA-2020:0366 CVE-2019-11135 CVE-2019-14378
RHSA-2020:0366: qemu-kvm security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200366 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0366, CVE-2019-11135, CVE-2019-14378 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * hw: TSX Transaction Asynchronous Abort (TAA) (CVE-2019-11135) * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM qemu-kvm (BZ#1730606) Enhancement(s): * [Intel 7.8 FEAT] MDS_NO exposure to guest - qemu-kvm (BZ#1755333) |
RHSA-2020:0374: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20200374 highRHSA-2020:0374 CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 CVE-2019-14901 CVE-2019-17133
RHSA-2020:0374: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200374 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0374, CVE-2019-14816, CVE-2019-14895, CVE-2019-14898, CVE-2019-14901, CVE-2019-17133 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)
* kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)
* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)
* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)
* kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [Azure][7.8] Include patch "PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it" (BZ#1766089)
* [Hyper-V][RHEL7.8] When accelerated networking is enabled on RedHat, network interface(eth0) moved to new network namespace does not obtain IP address. (BZ#1766093)
* [Azure][RHEL 7.6] hv_vmbus probe pass-through GPU card failed (BZ#1766097)
* SMB3: Do not error out on large file transfers if server responds with STATUS_INSUFFICIENT_RESOURCES (BZ#1767621)
* Since RHEL commit 5330f5d09820 high load can cause dm-multipath path failures (BZ#1770113)
* Hard lockup in free_one_page()->_raw_spin_lock() because sosreport command is reading from /proc/pagetypeinfo (BZ#1770732)
* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() (BZ#1772812)
* fix compat statfs64() returning EOVERFLOW for when _FILE_OFFSET_BITS=64 (BZ#1775678)
* Guest crash after load cpuidle-haltpoll driver (BZ#1776289)
* RHEL 7.7 long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1776290)
* Multiple "mv" processes hung on a gfs2 filesystem (BZ#1777297)
* Moving Egress IP will result in conntrack sessions being DESTROYED (BZ#1779564)
* core: backports from upstream (BZ#1780033)
* kernel BUG at arch/powerpc/platforms/pseries/lpar.c:482! (BZ#1780148)
* Race between tty_open() and flush_to_ldisc() using the tty_struct->driver_data field. (BZ#1780163)
|
RHSA-2020:0375: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20200375 highRHSA-2020:0375 CVE-2019-14816 CVE-2019-14895 CVE-2019-14898 CVE-2019-14901 CVE-2019-17133
RHSA-2020:0375: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200375 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0375, CVE-2019-14816, CVE-2019-14895, CVE-2019-14898, CVE-2019-14901, CVE-2019-17133 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: heap overflow in mwifiex_update_vs_ie() function of Marvell WiFi driver (CVE-2019-14816)
* kernel: heap-based buffer overflow in mwifiex_process_country_ie() function in drivers/net/wireless/marvell/mwifiex/sta_ioctl.c (CVE-2019-14895)
* kernel: heap overflow in marvell/mwifiex/tdls.c (CVE-2019-14901)
* kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133)
* kernel: incomplete fix for race condition between mmget_not_zero()/get_task_mm() and core dumping in CVE-2019-11599 (CVE-2019-14898)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522)
* kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322)
* kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157)
* kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057)
|
RHSA-2020:0378: ipa security and bug fix update (Important)oval-com.redhat.rhsa-def-20200378 highRHSA-2020:0378 CVE-2019-10195 CVE-2019-14867
RHSA-2020:0378: ipa security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200378 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0378, CVE-2019-10195, CVE-2019-14867 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * ipa: Denial of service in IPA server due to wrong use of ber_scanf() (CVE-2019-14867) * ipa: Batch API logging user passwords to /var/log/httpd/error_log (CVE-2019-10195) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Issue with adding multiple RHEL 7 IPA replica to RHEL 6 IPA master (BZ#1770728) * User incorrectly added to negative cache when backend is reconnecting to IPA service / timed out: error code 32 'No such object' (BZ#1773953) * After upgrade AD Trust Agents were removed from LDAP (BZ#1781153) |
RHSA-2020:0465: java-1.8.0-ibm security update (Important)oval-com.redhat.rhsa-def-20200465 highRHSA-2020:0465 CVE-2020-2583 CVE-2020-2593 CVE-2020-2604 CVE-2020-2659
RHSA-2020:0465: java-1.8.0-ibm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200465 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0465, CVE-2020-2583, CVE-2020-2593, CVE-2020-2604, CVE-2020-2659 |
| Description | IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Security Fix(es): * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0471: spice-gtk security update (Moderate)oval-com.redhat.rhsa-def-20200471 mediumRHSA-2020:0471 CVE-2018-10893
RHSA-2020:0471: spice-gtk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20200471 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:0471, CVE-2018-10893 |
| Description | The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Security Fix(es): * spice-client: Insufficient encoding checks for LZ can cause different integer/buffer overflows (CVE-2018-10893) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0487: sudo security update (Important)oval-com.redhat.rhsa-def-20200487 highRHSA-2020:0487 CVE-2019-18634
RHSA-2020:0487: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200487 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0487, CVE-2019-18634 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0512: firefox security update (Important)oval-com.redhat.rhsa-def-20200512 highRHSA-2020:0512 CVE-2020-6796 CVE-2020-6798 CVE-2020-6800
RHSA-2020:0512: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0512, CVE-2020-6796, CVE-2020-6798, CVE-2020-6800 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.5.0 ESR. Security Fix(es): * Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) * Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0515: ksh security update (Important)oval-com.redhat.rhsa-def-20200515 highRHSA-2020:0515 CVE-2019-14868
RHSA-2020:0515: ksh security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200515 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0515, CVE-2019-14868 |
| Description | KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0520: firefox security update (Important)oval-com.redhat.rhsa-def-20200520 highRHSA-2020:0520 CVE-2020-6796 CVE-2020-6798 CVE-2020-6800
RHSA-2020:0520: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200520 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0520, CVE-2020-6796, CVE-2020-6798, CVE-2020-6800 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.5.0 ESR. Security Fix(es): * Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) * Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0521: firefox security update (Important)oval-com.redhat.rhsa-def-20200521 highRHSA-2020:0521 CVE-2020-6796 CVE-2020-6798 CVE-2020-6800
RHSA-2020:0521: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200521 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0521, CVE-2020-6796, CVE-2020-6798, CVE-2020-6800 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.5.0 ESR. Security Fix(es): * Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796) * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) * Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0540: sudo security update (Important)oval-com.redhat.rhsa-def-20200540 highRHSA-2020:0540 CVE-2019-18634
RHSA-2020:0540: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200540 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0540, CVE-2019-18634 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0541: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20200541 highRHSA-2020:0541 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659
RHSA-2020:0541: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200541 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0541, CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0550: openjpeg2 security update (Important)oval-com.redhat.rhsa-def-20200550 highRHSA-2020:0550 CVE-2020-8112
RHSA-2020:0550: openjpeg2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200550 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0550, CVE-2020-8112 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0559: ksh security update (Important)oval-com.redhat.rhsa-def-20200559 highRHSA-2020:0559 CVE-2019-14868
RHSA-2020:0559: ksh security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200559 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0559, CVE-2019-14868 |
| Description | KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0568: ksh security update (Important)oval-com.redhat.rhsa-def-20200568 highRHSA-2020:0568 CVE-2019-14868
RHSA-2020:0568: ksh security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200568 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0568, CVE-2019-14868 |
| Description | KornShell (ksh) is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell (sh) and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard (IEEE Std 1003.2-1992). Security Fix(es): * ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (CVE-2019-14868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0570: openjpeg2 security update (Important)oval-com.redhat.rhsa-def-20200570 highRHSA-2020:0570 CVE-2020-8112
RHSA-2020:0570: openjpeg2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200570 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0570, CVE-2020-8112 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: heap-based buffer overflow in pj_t1_clbl_decode_processor in openjp2/t1.c (CVE-2020-8112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0574: thunderbird security update (Important)oval-com.redhat.rhsa-def-20200574 highRHSA-2020:0574 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800
RHSA-2020:0574: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200574 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0574, CVE-2020-6792, CVE-2020-6793, CVE-2020-6794, CVE-2020-6795, CVE-2020-6798, CVE-2020-6800 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) * Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) * Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) * Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) * Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) * Mozilla: Message ID calculation was based on uninitialized data (CVE-2020-6792) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0575: systemd security and bug fix update (Important)oval-com.redhat.rhsa-def-20200575 highRHSA-2020:0575 CVE-2020-1712
RHSA-2020:0575: systemd security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200575 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0575, CVE-2020-1712 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: use-after-free when asynchronous polkit queries are performed (CVE-2020-1712) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * systemd: systemctl reload command breaks ordering dependencies between units (BZ#1781712) |
RHSA-2020:0576: thunderbird security update (Important)oval-com.redhat.rhsa-def-20200576 highRHSA-2020:0576 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800
RHSA-2020:0576: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200576 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0576, CVE-2020-6792, CVE-2020-6793, CVE-2020-6794, CVE-2020-6795, CVE-2020-6798, CVE-2020-6800 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) * Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) * Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) * Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) * Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) * Mozilla: Message ID calculation was based on uninitialized data (CVE-2020-6792) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0577: thunderbird security update (Important)oval-com.redhat.rhsa-def-20200577 highRHSA-2020:0577 CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800
RHSA-2020:0577: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200577 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0577, CVE-2020-6792, CVE-2020-6793, CVE-2020-6794, CVE-2020-6795, CVE-2020-6798, CVE-2020-6800 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800) * Mozilla: Out-of-bounds read when processing certain email messages (CVE-2020-6793) * Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords (CVE-2020-6794) * Mozilla: Crash processing S/MIME messages with multiple signatures (CVE-2020-6795) * Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798) * Mozilla: Message ID calculation was based on uninitialized data (CVE-2020-6792) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0578: python-pillow security update (Important)oval-com.redhat.rhsa-def-20200578 highRHSA-2020:0578 CVE-2019-16865 CVE-2020-5312
RHSA-2020:0578: python-pillow security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200578 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0578, CVE-2019-16865, CVE-2020-5312 |
| Description | The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312) * python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service (CVE-2019-16865) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0579: nodejs:10 security update (Important)oval-com.redhat.rhsa-def-20200579 highRHSA-2020:0579 CVE-2019-15604 CVE-2019-15605 CVE-2019-15606 CVE-2019-16775 CVE-2019-16776 CVE-2019-16777
RHSA-2020:0579: nodejs:10 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200579 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0579, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.19.0). Security Fix(es): * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) * npm: Symlink reference outside of node_modules folder through the bin field upon installation (CVE-2019-16775) * npm: Arbitrary file write via constructed entry in the package.json bin field (CVE-2019-16776) * npm: Global node_modules Binary Overwrite (CVE-2019-16777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0580: python-pillow security update (Important)oval-com.redhat.rhsa-def-20200580 highRHSA-2020:0580 CVE-2019-16865 CVE-2020-5311 CVE-2020-5312
RHSA-2020:0580: python-pillow security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200580 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0580, CVE-2019-16865, CVE-2020-5311, CVE-2020-5312 |
| Description | The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c (CVE-2020-5311) * python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312) * python-pillow: reading specially crafted image files leads to allocation of large amounts of memory and denial of service (CVE-2019-16865) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0598: nodejs:12 security update (Important)oval-com.redhat.rhsa-def-20200598 highRHSA-2020:0598 CVE-2019-15604 CVE-2019-15605 CVE-2019-15606
RHSA-2020:0598: nodejs:12 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200598 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0598, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (12.16.1). Security Fix(es): * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) * nodejs: Remotely trigger an assertion on a TLS server with a malformed certificate string (CVE-2019-15604) * nodejs: HTTP header values do not have trailing optional whitespace trimmed (CVE-2019-15606) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0630: ppp security update (Important)oval-com.redhat.rhsa-def-20200630 highRHSA-2020:0630 CVE-2020-8597
RHSA-2020:0630: ppp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200630 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0630, CVE-2020-8597 |
| Description | The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0631: ppp security update (Important)oval-com.redhat.rhsa-def-20200631 highRHSA-2020:0631 CVE-2020-8597
RHSA-2020:0631: ppp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200631 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0631, CVE-2020-8597 |
| Description | The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0632: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20200632 highRHSA-2020:0632 CVE-2020-2583 CVE-2020-2590 CVE-2020-2593 CVE-2020-2601 CVE-2020-2604 CVE-2020-2654 CVE-2020-2659
RHSA-2020:0632: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200632 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0632, CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Serialization filter changes via jdk.serialFilter property modification (Serialization, 8231422) (CVE-2020-2604) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect isBuiltinStreamHandler check causing URL normalization issues (Networking, 8228548) (CVE-2020-2593) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Incorrect exception processing during deserialization in BeanContextSupport (Serialization, 8224909) (CVE-2020-2583) * OpenJDK: Incomplete enforcement of maxDatagramSockets limit in DatagramChannelImpl (Networking, 8231795) (CVE-2020-2659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0633: ppp security update (Important)oval-com.redhat.rhsa-def-20200633 highRHSA-2020:0633 CVE-2020-8597
RHSA-2020:0633: ppp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200633 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0633, CVE-2020-8597 |
| Description | The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0702: xerces-c security update (Important)oval-com.redhat.rhsa-def-20200702 highRHSA-2020:0702 CVE-2018-1311
RHSA-2020:0702: xerces-c security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200702 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0702, CVE-2018-1311 |
| Description | Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es): * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0703: http-parser security update (Important)oval-com.redhat.rhsa-def-20200703 highRHSA-2020:0703 CVE-2019-15605
RHSA-2020:0703: http-parser security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200703 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0703, CVE-2019-15605 |
| Description | The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es): * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0704: xerces-c security update (Important)oval-com.redhat.rhsa-def-20200704 highRHSA-2020:0704 CVE-2018-1311
RHSA-2020:0704: xerces-c security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200704 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0704, CVE-2018-1311 |
| Description | Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Security Fix(es): * xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs (CVE-2018-1311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0708: http-parser security update (Important)oval-com.redhat.rhsa-def-20200708 highRHSA-2020:0708 CVE-2019-15605
RHSA-2020:0708: http-parser security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200708 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0708, CVE-2019-15605 |
| Description | The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. Security Fix(es): * nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0726: sudo security update (Important)oval-com.redhat.rhsa-def-20200726 highRHSA-2020:0726 CVE-2019-18634
RHSA-2020:0726: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200726 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0726, CVE-2019-18634 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Stack based buffer overflow when pwfeedback is enabled (CVE-2019-18634) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0775: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20200775 highRHSA-2020:0775 CVE-2019-14378 CVE-2019-15890 CVE-2020-7039
RHSA-2020:0775: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200775 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0775, CVE-2019-14378, CVE-2019-15890, CVE-2020-7039 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: heap buffer overflow during packet reassembly (CVE-2019-14378) * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) * QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0790: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20200790 highRHSA-2020:0790 CVE-2019-17055 CVE-2019-17133
RHSA-2020:0790: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200790 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0790, CVE-2019-17055, CVE-2019-17133 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: buffer overflow in cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c (CVE-2019-17133) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * LACP bond does not function because bonding driver sees slave speed & duplex as Unknown (BZ#1772779) * ixgbevf guess causes excessive interrupts in hypervisor due to get link settings (BZ#1795404) |
RHSA-2020:0815: firefox security update (Important)oval-com.redhat.rhsa-def-20200815 highRHSA-2020:0815 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814
RHSA-2020:0815: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200815 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0815, CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.0 ESR. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0816: firefox security update (Important)oval-com.redhat.rhsa-def-20200816 highRHSA-2020:0816 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814
RHSA-2020:0816: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200816 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0816, CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.0 ESR. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0820: firefox security update (Important)oval-com.redhat.rhsa-def-20200820 highRHSA-2020:0820 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814
RHSA-2020:0820: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200820 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0820, CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.0 ESR. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0834: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20200834 highRHSA-2020:0834 CVE-2019-11487 CVE-2019-17666 CVE-2019-19338
RHSA-2020:0834: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200834 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0834, CVE-2019-11487, CVE-2019-17666, CVE-2019-19338 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL7.7 - default idle mishandles lazy irq state (BZ#1767620) * Sanitize MM backported code for RHEL7 (BZ#1768386) * A bio with a flush and write to an md device can be lost and never complete by the md layer (BZ#1773482) * [FJ7.7 Bug]: [REG] Read from /proc/net/if_inet6 never stop. (BZ#1778084) * RHEL7.7 - zfcp: fix reaction on bit error threshold notification (BZ#1778691) * RHEL7.7 Snapshot3 - Kernel Panic when running LTP mm test on s390x (BZ#1780035) * Leak in cachefiles driver (BZ#1780149) * VFS: Busy inodes after unmount of loop0 when encountering duplicate directory inodes (BZ#1781159) * Allocation failure in md's r10buf_pool_alloc function leads to a crash from accessing uninitialized pointers (BZ#1781584) * [Hyper-V][RHEL7.6]Hyper-V guest waiting indefinitely for RCU callback when removing a mem cgroup (BZ#1783177) * A bnx2fc abort attempt doesn't timeout from miscalculation causing a huge timeout value (BZ#1784824) * scsi: libiscsi: fall back to sendmsg for slab pages (BZ#1784826) * RHEL7.7 - kernel: avoid cpu yield in SMT environment (BZ#1787558) * RHEL7.6 - kernel: jump label transformation performance (BZ#1787559) * drm radeon power management warning on VERDE cards (BZ#1789744) * Duplicate enum value in include/linux/blk_types.h (BZ#1791781) * [HPE 7.7 Bug] hpsa: bug fix for reset issue (BZ#1791782) * System Crash on vport creation (NPIV on FCoE) (BZ#1791825) * [Hyper-V][RHEL 7.8] Four Mellanox Patches needed for kernels that have that have SRIOV (BZ#1792371) * WARNING: CPU: 7 PID: 2049 at mm/slub.c:2296 ___slab_alloc+0x508/0x520 (BZ#1793086) * fio with ioengine=pmemblk on fsdax failed (BZ#1793088) * [HPE 7.7 Bug] hpsa: bug fixes (BZ#1793579) * perf top -p PID does not show anything (BZ#1793581) * Delay in RT task scheduled. Incorrect nr_scheduled value. (BZ#1796261) * A directory on a gfs2 filesystem appears corrupt on nodeB after nodeA renames the directory (BZ#1796431) * ixgbevf interface goes down on hypervisor and causes outage (BZ#1796798) * Can't enable virt-ssbd on some AMD hosts (BZ#1797511) * [HPEMC 7.8 BUG] x86/boot/64: Avoid mapping reserved ranges in early page tables (BZ#1798163) Enhancement(s): * scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show' (BZ#1791595) |
RHSA-2020:0839: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20200839 highRHSA-2020:0839 CVE-2019-11487 CVE-2019-17666 CVE-2019-19338
RHSA-2020:0839: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200839 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0839, CVE-2019-11487, CVE-2019-17666, CVE-2019-19338 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135) (CVE-2019-19338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL7.7.z batch#5 source tree (BZ#1794131) |
RHSA-2020:0850: python-pip security update (Moderate)oval-com.redhat.rhsa-def-20200850 mediumRHSA-2020:0850 CVE-2018-18074 CVE-2018-20060 CVE-2019-11236 CVE-2019-11324
RHSA-2020:0850: python-pip security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20200850 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:0850, CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324 |
| Description | pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0851: python-virtualenv security update (Moderate)oval-com.redhat.rhsa-def-20200851 mediumRHSA-2020:0851 CVE-2018-18074 CVE-2018-20060 CVE-2019-11236
RHSA-2020:0851: python-virtualenv security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20200851 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:0851, CVE-2018-18074, CVE-2018-20060, CVE-2019-11236 |
| Description | The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0853: zsh security update (Important)oval-com.redhat.rhsa-def-20200853 highRHSA-2020:0853 CVE-2019-20044
RHSA-2020:0853: zsh security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200853 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0853, CVE-2019-20044 |
| Description | The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0855: tomcat security update (Important)oval-com.redhat.rhsa-def-20200855 highRHSA-2020:0855 CVE-2020-1938
RHSA-2020:0855: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200855 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0855, CVE-2020-1938 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0892: zsh security update (Important)oval-com.redhat.rhsa-def-20200892 highRHSA-2020:0892 CVE-2019-20044
RHSA-2020:0892: zsh security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200892 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0892, CVE-2019-20044 |
| Description | The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0896: icu security update (Important)oval-com.redhat.rhsa-def-20200896 highRHSA-2020:0896 CVE-2020-10531
RHSA-2020:0896: icu security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200896 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0896, CVE-2020-10531 |
| Description | The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Security Fix(es): * ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0897: icu security update (Important)oval-com.redhat.rhsa-def-20200897 highRHSA-2020:0897 CVE-2020-10531
RHSA-2020:0897: icu security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200897 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0897, CVE-2020-10531 |
| Description | The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Security Fix(es): * ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0898: python-imaging security update (Important)oval-com.redhat.rhsa-def-20200898 highRHSA-2020:0898 CVE-2020-5312
RHSA-2020:0898: python-imaging security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200898 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0898, CVE-2020-5312 |
| Description | The Python Imaging Library (PIL) adds image processing capabilities to your Python interpreter. This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. Security Fix(es): * python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0902: icu security update (Important)oval-com.redhat.rhsa-def-20200902 highRHSA-2020:0902 CVE-2020-10531
RHSA-2020:0902: icu security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200902 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0902, CVE-2020-10531 |
| Description | The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Security Fix(es): * ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0903: zsh security update (Important)oval-com.redhat.rhsa-def-20200903 highRHSA-2020:0903 CVE-2019-20044
RHSA-2020:0903: zsh security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200903 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0903, CVE-2019-20044 |
| Description | The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell (the Korn shell), but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions (with autoloading), a history mechanism, and more. Security Fix(es): * zsh: insecure dropping of privileges when unsetting PRIVILEGED option (CVE-2019-20044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0905: thunderbird security update (Important)oval-com.redhat.rhsa-def-20200905 highRHSA-2020:0905 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814
RHSA-2020:0905: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200905 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0905, CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0912: tomcat6 security update (Important)oval-com.redhat.rhsa-def-20200912 highRHSA-2020:0912 CVE-2020-1938
RHSA-2020:0912: tomcat6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200912 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0912, CVE-2020-1938 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability (CVE-2020-1938) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0913: libvncserver security update (Important)oval-com.redhat.rhsa-def-20200913 highRHSA-2020:0913 CVE-2019-15690 CVE-2019-20788
RHSA-2020:0913: libvncserver security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200913 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0913, CVE-2019-15690, CVE-2019-20788 |
| Description | LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow (CVE-2019-15690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0914: thunderbird security update (Important)oval-com.redhat.rhsa-def-20200914 highRHSA-2020:0914 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814
RHSA-2020:0914: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200914 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0914, CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0919: thunderbird security update (Important)oval-com.redhat.rhsa-def-20200919 highRHSA-2020:0919 CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814
RHSA-2020:0919: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200919 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0919, CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0920: libvncserver security update (Important)oval-com.redhat.rhsa-def-20200920 highRHSA-2020:0920 CVE-2019-15690 CVE-2019-20788
RHSA-2020:0920: libvncserver security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200920 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0920, CVE-2019-15690, CVE-2019-20788 |
| Description | LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: HandleCursorShape() integer overflow resulting in heap-based buffer overflow (CVE-2019-15690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0981: ipmitool security update (Important)oval-com.redhat.rhsa-def-20200981 highRHSA-2020:0981 CVE-2020-5208
RHSA-2020:0981: ipmitool security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0981, CVE-2020-5208 |
| Description | The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control. Security Fix(es): * ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:0984: ipmitool security update (Important)oval-com.redhat.rhsa-def-20200984 highRHSA-2020:0984 CVE-2020-5208
RHSA-2020:0984: ipmitool security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20200984 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:0984, CVE-2020-5208 |
| Description | The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control. Security Fix(es): * ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1000: rsyslog security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201000 mediumRHSA-2020:1000 CVE-2019-17041 CVE-2019-17042
RHSA-2020:1000: rsyslog security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201000 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1000, CVE-2019-17041, CVE-2019-17042 |
| Description | The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. Security Fix(es): * rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c (CVE-2019-17041) * rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c (CVE-2019-17042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1003: mod_auth_mellon security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201003 mediumRHSA-2020:1003 CVE-2019-13038
RHSA-2020:1003: mod_auth_mellon security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1003, CVE-2019-13038 |
| Description | The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix(es): * mod_auth_mellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft (CVE-2019-13038) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1011: expat security update (Moderate)oval-com.redhat.rhsa-def-20201011 mediumRHSA-2020:1011 CVE-2015-2716
RHSA-2020:1011: expat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201011 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1011, CVE-2015-2716 |
| Description | Expat is a C library for parsing XML documents. Security Fix(es): * expat: Integer overflow leading to buffer overflow in XML_GetBuffer() (CVE-2015-2716) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1016: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201016 mediumRHSA-2020:1016 CVE-2015-9289 CVE-2017-17807 CVE-2018-19985 CVE-2018-20169 CVE-2018-7191 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-11190 CVE-2019-11884 CVE-2019-12382 CVE-2019-13233 CVE-2019-13648 CVE-2019-14283 CVE-2019-14814 CVE-2019-14815 CVE-2019-15090 CVE-2019-15214 CVE-2019-15221 CVE-2019-15916 CVE-2019-16746 CVE-2019-18660 CVE-2019-3901 CVE-2019-5108 CVE-2019-9503
RHSA-2020:1016: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1016, CVE-2015-9289, CVE-2017-17807, CVE-2018-19985, CVE-2018-20169, CVE-2018-7191, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11190, CVE-2019-11884, CVE-2019-12382, CVE-2019-13233, CVE-2019-13648, CVE-2019-14283, CVE-2019-14814, CVE-2019-14815, CVE-2019-15090, CVE-2019-15214, CVE-2019-15221, CVE-2019-15916, CVE-2019-16746, CVE-2019-18660, CVE-2019-3901, CVE-2019-5108, CVE-2019-9503 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) * kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) * kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) * kernel: brcmfmac frame validation bypass (CVE-2019-9503) * kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: denial of service in arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c via sigreturn() system call (CVE-2019-13648) * kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) * kernel: (powerpc) incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1020: curl security and bug fix update (Low)oval-com.redhat.rhsa-def-20201020 lowRHSA-2020:1020 CVE-2019-5436
RHSA-2020:1020: curl security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201020 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1020, CVE-2019-5436 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1021: GNOME security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201021 mediumRHSA-2020:1021 CVE-2019-3820
RHSA-2020:1021: GNOME security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201021 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1021, CVE-2019-3820 |
| Description | GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es): * gnome-shell: partial lock screen bypass (CVE-2019-3820) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1022: file security update (Low)oval-com.redhat.rhsa-def-20201022 lowRHSA-2020:1022 CVE-2018-10360
RHSA-2020:1022: file security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201022 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1022, CVE-2018-10360 |
| Description | The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es): * file: out-of-bounds read via a crafted ELF file (CVE-2018-10360) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1034: doxygen security and bug fix update (Low)oval-com.redhat.rhsa-def-20201034 lowRHSA-2020:1034 CVE-2016-10245
RHSA-2020:1034: doxygen security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201034 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1034, CVE-2016-10245 |
| Description | Doxygen can generate an online class browser (in HTML) and/or a reference manual (in LaTeX) from a set of documented source files. The documentation is extracted directly from the sources. Doxygen can also be configured to extract the code structure from undocumented source files. Security Fix(es): * doxygen: cross-site scripting in templates/html/search_opensearch.php (CVE-2016-10245) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1036: texlive security update (Moderate)oval-com.redhat.rhsa-def-20201036 mediumRHSA-2020:1036 CVE-2018-17407
RHSA-2020:1036: texlive security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201036 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1036, CVE-2018-17407 |
| Description | The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems. Security Fix(es): * texlive: Buffer overflow in t1_check_unusual_charstring function in writet1.c (CVE-2018-17407) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1037: advancecomp security update (Moderate)oval-com.redhat.rhsa-def-20201037 mediumRHSA-2020:1037 CVE-2019-9210
RHSA-2020:1037: advancecomp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201037 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1037, CVE-2019-9210 |
| Description | AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files. Security Fix(es): * advancecomp: integer overflow in png_compress in pngex.cc (CVE-2019-9210) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1045: lftp security update (Moderate)oval-com.redhat.rhsa-def-20201045 mediumRHSA-2020:1045 CVE-2018-10916
RHSA-2020:1045: lftp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201045 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1045, CVE-2018-10916 |
| Description | LFTP is a file transfer utility for File Transfer Protocol (FTP), Secure File Transfer Protocol (SFTP), Hypertext Transfer Protocol (HTTP), and other commonly used protocols. It uses the readline library for input, and provides support for bookmarks, built-in monitoring, job control, and parallel transfer of multiple files at the same time. Security Fix(es): * lftp: particular remote file names may lead to current working directory erased (CVE-2018-10916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1047: wireshark security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201047 mediumRHSA-2020:1047 CVE-2018-11362 CVE-2018-14340 CVE-2018-14341 CVE-2018-14368 CVE-2018-16057 CVE-2018-19622 CVE-2018-7418
RHSA-2020:1047: wireshark security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201047 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1047, CVE-2018-11362, CVE-2018-14340, CVE-2018-14341, CVE-2018-14368, CVE-2018-16057, CVE-2018-19622, CVE-2018-7418 |
| Description | The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix(es): * wireshark: Out-of-bounds read in packet-ldss.c (CVE-2018-11362) * wireshark: Multiple dissectors could crash (wnpa-sec-2018-36) (CVE-2018-14340) * wireshark: DICOM dissector infinite loop (wnpa-sec-2018-39) (CVE-2018-14341) * wireshark: Bazaar dissector infinite loop (wnpa-sec-2018-40) (CVE-2018-14368) * wireshark: SIGCOMP dissector crash in packet-sigcomp.c (CVE-2018-7418) * wireshark: Radiotap dissector crash (CVE-2018-16057) * wireshark: Infinite loop in the MMSE dissector (CVE-2018-19622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1050: cups security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201050 mediumRHSA-2020:1050 CVE-2018-4180 CVE-2018-4181 CVE-2018-4300 CVE-2018-4700
RHSA-2020:1050: cups security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201050 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1050, CVE-2018-4180, CVE-2018-4181, CVE-2018-4300, CVE-2018-4700 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: Local privilege escalation to root due to insecure environment variable handling (CVE-2018-4180) * cups: Manipulation of cupsd.conf by a local attacker resulting in limited reads of arbitrary files as root (CVE-2018-4181) * cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1051: libosinfo security and bug fix update (Low)oval-com.redhat.rhsa-def-20201051 lowRHSA-2020:1051 CVE-2019-13313
RHSA-2020:1051: libosinfo security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201051 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1051, CVE-2019-13313 |
| Description | The libosinfo packages provide a library that allows virtualization provisioning tools to determine the optimal device settings for a combination of hypervisor and operating system. Security Fix(es): * Libosinfo: osinfo-install-script option leaks password via command line argument (CVE-2019-13313) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1054: mailman security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201054 mediumRHSA-2020:1054 CVE-2018-0618 CVE-2018-13796
RHSA-2020:1054: mailman security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201054 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1054, CVE-2018-0618, CVE-2018-13796 |
| Description | Mailman is a program used to help manage e-mail discussion lists. Security Fix(es): * mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages (CVE-2018-0618) * mailman: Mishandled URLs in Utils.py:GetPathPieces() allows attackers to display arbitrary text on trusted sites (CVE-2018-13796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1061: bind security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201061 mediumRHSA-2020:1061 CVE-2018-5745 CVE-2019-6465 CVE-2019-6477
RHSA-2020:1061: bind security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201061 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1061, CVE-2018-5745, CVE-2019-6465, CVE-2019-6477 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477) * bind: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys (CVE-2018-5745) * bind: Controls for zone transfers may not be properly applied to DLZs if the zones are writable (CVE-2019-6465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1062: dovecot security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201062 mediumRHSA-2020:1062 CVE-2019-3814 CVE-2019-7524
RHSA-2020:1062: dovecot security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201062 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1062, CVE-2019-3814, CVE-2019-7524 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Improper certificate validation (CVE-2019-3814) * dovecot: Buffer overflow in indexer-worker process results in privilege escalation (CVE-2019-7524) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1068: squid security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201068 mediumRHSA-2020:1068 CVE-2018-1000024 CVE-2018-1000027 CVE-2019-13345
RHSA-2020:1068: squid security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201068 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1068, CVE-2018-1000024, CVE-2018-1000027, CVE-2019-13345 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: Incorrect pointer handling when processing ESI Responses can lead to denial of service (CVE-2018-1000024) * squid: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service (CVE-2018-1000027) * squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1070: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201070 mediumRHSA-2020:1070 CVE-2015-9289 CVE-2017-17807 CVE-2018-19985 CVE-2018-20169 CVE-2018-7191 CVE-2019-10207 CVE-2019-10638 CVE-2019-10639 CVE-2019-11190 CVE-2019-11884 CVE-2019-12382 CVE-2019-13233 CVE-2019-14283 CVE-2019-14815 CVE-2019-15221 CVE-2019-15916 CVE-2019-16746 CVE-2019-3901 CVE-2019-9503
RHSA-2020:1070: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201070 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1070, CVE-2015-9289, CVE-2017-17807, CVE-2018-19985, CVE-2018-20169, CVE-2018-7191, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11190, CVE-2019-11884, CVE-2019-12382, CVE-2019-13233, CVE-2019-14283, CVE-2019-14815, CVE-2019-15221, CVE-2019-15916, CVE-2019-16746, CVE-2019-3901, CVE-2019-9503 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out of bound read in DVB connexant driver. (CVE-2015-9289) * kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission (CVE-2017-17807) * kernel: denial of service via ioctl call in network tun handling (CVE-2018-7191) * kernel: usb: missing size check in the __usb_get_extra_descriptor() leading to DoS (CVE-2018-20169) * kernel: perf_event_open() and execve() race in setuid programs allows a data leak (CVE-2019-3901) * kernel: brcmfmac frame validation bypass (CVE-2019-9503) * kernel: null-pointer dereference in hci_uart_set_flow_control (CVE-2019-10207) * kernel: sensitive information disclosure from kernel stack memory via HIDPCONNADD command (CVE-2019-11884) * kernel: unchecked kstrdup of fwstr in drm_load_edid_firmware leads to denial of service (CVE-2019-12382) * kernel: use-after-free in arch/x86/lib/insn-eval.c (CVE-2019-13233) * kernel: integer overflow and OOB read in drivers/block/floppy.c (CVE-2019-14283) * kernel: memory leak in register_queue_kobjects() in net/core/net-sysfs.c leads to denial of service (CVE-2019-15916) * kernel: buffer-overflow hardening in WiFi beacon validation code. (CVE-2019-16746) * kernel: oob memory read in hso_probe in drivers/net/usb/hso.c (CVE-2018-19985) * Kernel: net: weak IP ID generation leads to remote device tracking (CVE-2019-10638) * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * kernel: ASLR bypass for setuid binaries due to late install_exec_creds() (CVE-2019-11190) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1074: poppler and evince security update (Moderate)oval-com.redhat.rhsa-def-20201074 mediumRHSA-2020:1074 CVE-2018-21009 CVE-2019-10871 CVE-2019-11459 CVE-2019-12293 CVE-2019-9959
RHSA-2020:1074: poppler and evince security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201074 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1074, CVE-2018-21009, CVE-2019-10871, CVE-2019-11459, CVE-2019-12293, CVE-2019-9959 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Security Fix(es): * poppler: integer overflow in Parser::makeStream in Parser.cc (CVE-2018-21009) * poppler: heap-based buffer over-read in function PSOutputDev::checkPageSlice in PSOutputDev.cc (CVE-2019-10871) * poppler: heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc (CVE-2019-12293) * poppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959) * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1080: evolution security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201080 mediumRHSA-2020:1080 CVE-2018-15587 CVE-2019-3890
RHSA-2020:1080: evolution security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201080 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1080, CVE-2018-15587, CVE-2019-3890 |
| Description | Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Security Fix(es): * evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages (CVE-2018-15587) * evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts (CVE-2019-3890) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1081: net-snmp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201081 mediumRHSA-2020:1081 CVE-2018-18066
RHSA-2020:1081: net-snmp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201081 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1081, CVE-2018-18066 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. Security Fix(es): * net-snmp: NULL pointer exception in snmp_oid_compare in snmplib/snmp_api.c resulting in a denial of service (CVE-2018-18066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1084: samba security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201084 mediumRHSA-2020:1084 CVE-2019-10197 CVE-2019-10218
RHSA-2020:1084: samba security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201084 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1084, CVE-2019-10197, CVE-2019-10218 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.10.4). (BZ#1724991) Security Fix(es): * samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) * samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1091: python-twisted-web security update (Moderate)oval-com.redhat.rhsa-def-20201091 mediumRHSA-2020:1091 CVE-2019-12387
RHSA-2020:1091: python-twisted-web security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201091 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1091, CVE-2019-12387 |
| Description | Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix(es): * python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods (CVE-2019-12387) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1100: mariadb security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201100 mediumRHSA-2020:1100 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2805 CVE-2020-2922 CVE-2021-2007
RHSA-2020:1100: mariadb security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201100 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1100, CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2805, CVE-2020-2922, CVE-2021-2007 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.65). (BZ#1741357) Security Fix(es): * mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019) (CVE-2019-2737) * mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2019) (CVE-2019-2739) * mysql: Server: XML unspecified vulnerability (CPU Jul 2019) (CVE-2019-2740) * mysql: Server: Parser unspecified vulnerability (CPU Jul 2019) (CVE-2019-2805) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1101: bluez security update (Low)oval-com.redhat.rhsa-def-20201101 lowRHSA-2020:1101 CVE-2018-10910
RHSA-2020:1101: bluez security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201101 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1101, CVE-2018-10910 |
| Description | The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices (CVE-2018-10910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1112: php security update (Moderate)oval-com.redhat.rhsa-def-20201112 mediumRHSA-2020:1112 CVE-2018-10547 CVE-2018-5712 CVE-2018-7584 CVE-2019-9024
RHSA-2020:1112: php security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201112 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1112, CVE-2018-10547, CVE-2018-5712, CVE-2018-7584, CVE-2019-9024 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: Reflected XSS on PHAR 404 page (CVE-2018-5712) * php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response (CVE-2018-7584) * php: Reflected XSS vulnerability on PHAR 403 and 404 error pages (CVE-2018-10547) * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1113: bash security update (Moderate)oval-com.redhat.rhsa-def-20201113 mediumRHSA-2020:1113 CVE-2019-9924
RHSA-2020:1113: bash security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201113 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1113, CVE-2019-9924 |
| Description | The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * bash: BASH_CMD is writable in restricted bash shells (CVE-2019-9924) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1116: qemu-kvm security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20201116 highRHSA-2020:1116 CVE-2020-7039
RHSA-2020:1116: qemu-kvm security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201116 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1116, CVE-2020-7039 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1121: httpd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201121 mediumRHSA-2020:1121 CVE-2017-15710 CVE-2018-1301 CVE-2018-17199
RHSA-2020:1121: httpd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201121 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1121, CVE-2017-15710, CVE-2018-1301, CVE-2018-17199 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_session_cookie does not respect expiry time (CVE-2018-17199) * httpd: Out of bounds write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710) * httpd: Out of bounds access after failure in reading the HTTP request (CVE-2018-1301) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1126: mutt security update (Moderate)oval-com.redhat.rhsa-def-20201126 mediumRHSA-2020:1126 CVE-2018-14355
RHSA-2020:1126: mutt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201126 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1126, CVE-2018-14355 |
| Description | Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Security Fix(es): * mutt: IMAP header caching path traversal vulnerability (CVE-2018-14355) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1131: python security update (Moderate)oval-com.redhat.rhsa-def-20201131 mediumRHSA-2020:1131 CVE-2018-20852 CVE-2019-16056
RHSA-2020:1131: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201131 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1131, CVE-2018-20852, CVE-2019-16056 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1132: python3 security update (Moderate)oval-com.redhat.rhsa-def-20201132 mediumRHSA-2020:1132 CVE-2018-20852 CVE-2019-16056
RHSA-2020:1132: python3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201132 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1132, CVE-2018-20852, CVE-2019-16056 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. This package provides the "python3" executable: the reference interpreter for the Python language, version 3. The majority of its standard library is provided in the python3-libs package, which should be installed automatically along with python3. The remaining parts of the Python standard library are broken out into the python3-tkinter and python3-test packages. Security Fix(es): * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1135: polkit security and bug fix update (Low)oval-com.redhat.rhsa-def-20201135 lowRHSA-2020:1135 CVE-2018-1116
RHSA-2020:1135: polkit security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1135, CVE-2018-1116 |
| Description | The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd (CVE-2018-1116) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1138: gettext security and bug fix update (Low)oval-com.redhat.rhsa-def-20201138 lowRHSA-2020:1138 CVE-2018-18751
RHSA-2020:1138: gettext security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201138 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1138, CVE-2018-18751 |
| Description | The gettext packages provide a documentation for producing multi-lingual messages in programs, set of conventions about how programs should be written, a runtime library, and a directory and file naming organization for the message catalogs. Security Fix(es): * gettext: double free in default_add_message in read-catalog.c (CVE-2018-18751) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1150: qemu-kvm-ma security update (Important)oval-com.redhat.rhsa-def-20201150 highRHSA-2020:1150 CVE-2020-1711 CVE-2020-7039
RHSA-2020:1150: qemu-kvm-ma security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201150 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1150, CVE-2020-1711, CVE-2020-7039 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711) * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1151: libreoffice security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201151 mediumRHSA-2020:1151 CVE-2019-9848 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9853 CVE-2019-9854
RHSA-2020:1151: libreoffice security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201151 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1151, CVE-2019-9848, CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852, CVE-2019-9853, CVE-2019-9854 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: LibreLogo script can be manipulated into executing arbitrary python commands (CVE-2019-9848) * libreoffice: Insufficient URL validation allowing LibreLogo script execution (CVE-2019-9850) * libreoffice: LibreLogo global-event script execution (CVE-2019-9851) * libreoffice: Insufficient URL encoding flaw in allowed script location check (CVE-2019-9852) * libreoffice: Insufficient URL decoding flaw in categorizing macro location (CVE-2019-9853) * libreoffice: Unsafe URL assembly flaw in allowed script location check (CVE-2019-9854) * libreoffice: Remote resources protection module not applied to bullet graphics (CVE-2019-9849) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1167: nbdkit security and bug fix update (Low)oval-com.redhat.rhsa-def-20201167 lowRHSA-2020:1167 CVE-2019-14850
RHSA-2020:1167: nbdkit security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201167 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1167, CVE-2019-14850 |
| Description | Network Block Device (NBD) is a protocol for accessing hard disks and other disk-like devices over the network. The nbdkit toolkit utilizes NBD to create servers with minimal dependencies. The package contains plug-in support for the C and Python programming languages. Security Fix(es): * nbdkit: denial of service due to premature opening of back-end connection (CVE-2019-14850) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1172: qt security update (Moderate)oval-com.redhat.rhsa-def-20201172 mediumRHSA-2020:1172 CVE-2018-15518 CVE-2018-19869 CVE-2018-19870 CVE-2018-19871 CVE-2018-19872 CVE-2018-19873
RHSA-2020:1172: qt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201172 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1172, CVE-2018-15518, CVE-2018-19869, CVE-2018-19870, CVE-2018-19871, CVE-2018-19872, CVE-2018-19873 |
| Description | The qt packages contain a software toolkit that simplifies the task of writing and maintaining Graphical User Interface (GUI) applications for the X Window System. Security Fix(es): * qt5-qtbase: Double free in QXmlStreamReader (CVE-2018-15518) * qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872) * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) * qt5-qtbase: QImage allocation failure in qgifhandler (CVE-2018-19870) * qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) * qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file (CVE-2018-19873) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1173: okular security update (Moderate)oval-com.redhat.rhsa-def-20201173 mediumRHSA-2020:1173 CVE-2018-1000801
RHSA-2020:1173: okular security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201173 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1173, CVE-2018-1000801 |
| Description | Okular is a universal document viewer developed by KDE supporting different kinds of documents, like PDF, Postscript, DjVu, CHM, XPS, ePub and others. Security Fix(es): * okular: Directory traversal in function unpackDocumentArchive() in core/document.cpp (CVE-2018-1000801) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1175: taglib security update (Low)oval-com.redhat.rhsa-def-20201175 lowRHSA-2020:1175 CVE-2018-11439
RHSA-2020:1175: taglib security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201175 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1175, CVE-2018-11439 |
| Description | TagLib is a library for reading and editing the meta-data of different audio formats. Security Fix(es): * taglib: heap-based buffer over-read via a crafted audio file (CVE-2018-11439) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1176: avahi security update (Low)oval-com.redhat.rhsa-def-20201176 lowRHSA-2020:1176 CVE-2017-6519
RHSA-2020:1176: avahi security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201176 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1176, CVE-2017-6519 |
| Description | Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: Multicast DNS responds to unicast queries outside of local network (CVE-2017-6519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1178: zziplib security update (Moderate)oval-com.redhat.rhsa-def-20201178 mediumRHSA-2020:1178 CVE-2018-17828
RHSA-2020:1178: zziplib security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201178 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1178, CVE-2018-17828 |
| Description | The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1180: ImageMagick security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201180 mediumRHSA-2020:1180 CVE-2017-1000476 CVE-2017-11166 CVE-2017-12805 CVE-2017-12806 CVE-2017-18251 CVE-2017-18252 CVE-2017-18254 CVE-2017-18271 CVE-2017-18273 CVE-2018-10177 CVE-2018-10804 CVE-2018-10805 CVE-2018-11656 CVE-2018-12599 CVE-2018-12600 CVE-2018-13153 CVE-2018-14434 CVE-2018-14435 CVE-2018-14436 CVE-2018-14437 CVE-2018-15607 CVE-2018-16328 CVE-2018-16640 CVE-2018-16642 CVE-2018-16643 CVE-2018-16644 CVE-2018-16645 CVE-2018-16749 CVE-2018-16750 CVE-2018-17966 CVE-2018-17967 CVE-2018-18016 CVE-2018-18024 CVE-2018-18544 CVE-2018-20467 CVE-2018-8804 CVE-2018-9133 CVE-2019-10131 CVE-2019-10650 CVE-2019-11470 CVE-2019-11472 CVE-2019-11597 CVE-2019-11598 CVE-2019-12974 CVE-2019-12975 CVE-2019-12976 CVE-2019-12978 CVE-2019-12979 CVE-2019-13133 CVE-2019-13134 CVE-2019-13135 CVE-2019-13295 CVE-2019-13297 CVE-2019-13300 CVE-2019-13301 CVE-2019-13304 CVE-2019-13305 CVE-2019-13306 CVE-2019-13307 CVE-2019-13309 CVE-2019-13310 CVE-2019-13311 CVE-2019-13454 CVE-2019-14980 CVE-2019-14981 CVE-2019-15139 CVE-2019-15140 CVE-2019-15141 CVE-2019-16708 CVE-2019-16709 CVE-2019-16710 CVE-2019-16711 CVE-2019-16712 CVE-2019-16713 CVE-2019-17540 CVE-2019-17541 CVE-2019-19948 CVE-2019-19949 CVE-2019-7175 CVE-2019-7397 CVE-2019-7398 CVE-2019-9956
RHSA-2020:1180: ImageMagick security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201180 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1180, CVE-2017-1000476, CVE-2017-11166, CVE-2017-12805, CVE-2017-12806, CVE-2017-18251, CVE-2017-18252, CVE-2017-18254, CVE-2017-18271, CVE-2017-18273, CVE-2018-10177, CVE-2018-10804, CVE-2018-10805, CVE-2018-11656, CVE-2018-12599, CVE-2018-12600, CVE-2018-13153, CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-15607, CVE-2018-16328, CVE-2018-16640, CVE-2018-16642, CVE-2018-16643, CVE-2018-16644, CVE-2018-16645, CVE-2018-16749, CVE-2018-16750, CVE-2018-17966, CVE-2018-17967, CVE-2018-18016, CVE-2018-18024, CVE-2018-18544, CVE-2018-20467, CVE-2018-8804, CVE-2018-9133, CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472, CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12975, CVE-2019-12976, CVE-2019-12978, CVE-2019-12979, CVE-2019-13133, CVE-2019-13134, CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13454, CVE-2019-14980, CVE-2019-14981, CVE-2019-15139, CVE-2019-15140, CVE-2019-15141, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, CVE-2019-16712, CVE-2019-16713, CVE-2019-17540, CVE-2019-17541, CVE-2019-19948, CVE-2019-19949, CVE-2019-7175, CVE-2019-7397, CVE-2019-7398, CVE-2019-9956 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. The following packages have been upgraded to a later upstream version: ImageMagick (6.9.10.68). (BZ#1764595) Security Fix(es): * ImageMagick: multiple security vulnerabilities (CVE-2018-12599, CVE-2018-12600, CVE-2019-9956, CVE-2019-11597, CVE-2019-11598, CVE-2019-12974, CVE-2019-12978, CVE-2019-12979, CVE-2019-13135, CVE-2019-13295, CVE-2019-13297, CVE-2019-13300, CVE-2019-13301, CVE-2019-13304, CVE-2019-13305, CVE-2019-13306, CVE-2019-13307, CVE-2019-15139, CVE-2019-15140, CVE-2019-15141, CVE-2019-17540, CVE-2019-17541, CVE-2019-19948, CVE-2017-11166, CVE-2017-12805, CVE-2017-12806, CVE-2017-18251, CVE-2017-18252, CVE-2017-18254, CVE-2017-18271, CVE-2017-18273, CVE-2017-1000476, CVE-2018-8804, CVE-2018-9133, CVE-2018-10177, CVE-2018-10804, CVE-2018-10805, CVE-2018-11656, CVE-2018-13153, CVE-2018-14434, CVE-2018-14435, CVE-2018-14436, CVE-2018-14437, CVE-2018-15607, CVE-2018-16328, CVE-2018-16749, CVE-2018-16750, CVE-2018-18544, CVE-2018-20467, CVE-2019-7175, CVE-2019-7397, CVE-2019-7398, CVE-2019-10131, CVE-2019-10650, CVE-2019-11470, CVE-2019-11472, CVE-2019-12975, CVE-2019-12976, CVE-2019-13133, CVE-2019-13134, CVE-2019-13309, CVE-2019-13310, CVE-2019-13311, CVE-2019-13454, CVE-2019-14980, CVE-2019-14981, CVE-2019-16708, CVE-2019-16709, CVE-2019-16710, CVE-2019-16711, CVE-2019-16712, CVE-2019-16713, CVE-2019-19949) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1181: unzip security update (Low)oval-com.redhat.rhsa-def-20201181 lowRHSA-2020:1181 CVE-2019-13232
RHSA-2020:1181: unzip security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201181 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1181, CVE-2019-13232 |
| Description | The unzip utility is used to list, test, and extract files from zip archives. Security Fix(es): * unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1185: libsndfile security update (Moderate)oval-com.redhat.rhsa-def-20201185 mediumRHSA-2020:1185 CVE-2018-13139
RHSA-2020:1185: libsndfile security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201185 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1185, CVE-2018-13139 |
| Description | libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: stack-based buffer overflow in sndfile-deinterleave utility (CVE-2018-13139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1189: libqb security update (Moderate)oval-com.redhat.rhsa-def-20201189 mediumRHSA-2020:1189 CVE-2019-12779
RHSA-2020:1189: libqb security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201189 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1189, CVE-2019-12779 |
| Description | The libqb packages provide a library with the primary purpose of providing high performance client/server reusable features, such as high performance logging, tracing, inter-process communication, and polling. Security Fix(es): * libqb: Insecure treatment of IPC (temporary) files (CVE-2019-12779) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1190: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20201190 mediumRHSA-2020:1190 CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567
RHSA-2020:1190: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201190 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1190, CVE-2015-8035, CVE-2016-5131, CVE-2017-15412, CVE-2017-18258, CVE-2018-14404, CVE-2018-14567 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use after free triggered by XPointer paths beginning with range-to (CVE-2016-5131) * libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c (CVE-2017-15412) * libxml2: DoS caused by incorrect error detection during XZ decompression (CVE-2015-8035) * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404) * libxml2: Unrestricted memory usage in xz_head() function in xzlib.c (CVE-2017-18258) * libxml2: Infinite loop caused by incorrect error detection during LZMA decompression (CVE-2018-14567) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.8 Release Notes linked from the References section. |
RHSA-2020:1208: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20201208 highRHSA-2020:1208 CVE-2020-8608
RHSA-2020:1208: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201208 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1208, CVE-2020-8608 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1209: qemu-kvm-ma security update (Important)oval-com.redhat.rhsa-def-20201209 highRHSA-2020:1209 CVE-2020-8608
RHSA-2020:1209: qemu-kvm-ma security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201209 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1209, CVE-2020-8608 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1288: haproxy security update (Critical)oval-com.redhat.rhsa-def-20201288 highRHSA-2020:1288 CVE-2020-11100
RHSA-2020:1288: haproxy security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20201288 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1288, CVE-2020-11100 |
| Description | The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fix(es): * haproxy: malformed HTTP/2 requests can lead to out-of-bounds writes (CVE-2020-11100) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1293: nodejs:12 security update (Important)oval-com.redhat.rhsa-def-20201293 highRHSA-2020:1293 CVE-2020-10531
RHSA-2020:1293: nodejs:12 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201293 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1293, CVE-2020-10531 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1317: nodejs:10 security update (Important)oval-com.redhat.rhsa-def-20201317 highRHSA-2020:1317 CVE-2020-10531
RHSA-2020:1317: nodejs:10 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201317 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1317, CVE-2020-10531 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1318: telnet security update (Important)oval-com.redhat.rhsa-def-20201318 highRHSA-2020:1318 CVE-2020-10188
RHSA-2020:1318: telnet security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201318 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1318, CVE-2020-10188 |
| Description | Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. Security Fix(es): * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1331: ipmitool security update (Important)oval-com.redhat.rhsa-def-20201331 highRHSA-2020:1331 CVE-2020-5208
RHSA-2020:1331: ipmitool security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201331 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1331, CVE-2020-5208 |
| Description | The ipmitool packages contain a command-line utility for interfacing with devices that support the Intelligent Platform Management Interface (IPMI) specification. IPMI is an open standard for machine health, inventory, and remote power control. Security Fix(es): * ipmitool: Buffer overflow in read_fru_area_section function in lib/ipmi_fru.c (CVE-2020-5208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1334: telnet security update (Important)oval-com.redhat.rhsa-def-20201334 highRHSA-2020:1334 CVE-2020-10188
RHSA-2020:1334: telnet security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201334 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1334, CVE-2020-10188 |
| Description | Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. Security Fix(es): * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1335: telnet security update (Important)oval-com.redhat.rhsa-def-20201335 highRHSA-2020:1335 CVE-2020-10188
RHSA-2020:1335: telnet security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201335 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1335, CVE-2020-10188 |
| Description | Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. Security Fix(es): * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1338: firefox security update (Critical)oval-com.redhat.rhsa-def-20201338 highRHSA-2020:1338 CVE-2020-6819 CVE-2020-6820
RHSA-2020:1338: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20201338 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1338, CVE-2020-6819, CVE-2020-6820 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.1 ESR. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1339: firefox security update (Critical)oval-com.redhat.rhsa-def-20201339 highRHSA-2020:1339 CVE-2020-6819 CVE-2020-6820
RHSA-2020:1339: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20201339 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1339, CVE-2020-6819, CVE-2020-6820 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.1 ESR. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1341: firefox security update (Critical)oval-com.redhat.rhsa-def-20201341 highRHSA-2020:1341 CVE-2020-6819 CVE-2020-6820
RHSA-2020:1341: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20201341 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1341, CVE-2020-6819, CVE-2020-6820 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.6.1 ESR. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1349: krb5-appl security update (Important)oval-com.redhat.rhsa-def-20201349 highRHSA-2020:1349 CVE-2020-10188
RHSA-2020:1349: krb5-appl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201349 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1349, CVE-2020-10188 |
| Description | The krb5-appl packages contain Kerberos-aware versions of telnet, ftp, rsh, and rlogin clients and servers. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and trusted third-party, the Key Distribution Center (KDC). Security Fix(es): * telnet-server: no bounds checks in nextitem() function allows to remotely execute arbitrary code (CVE-2020-10188) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1358: virt:rhel security and bug fix update (Important)oval-com.redhat.rhsa-def-20201358 highRHSA-2020:1358 CVE-2020-1711 CVE-2020-7039
RHSA-2020:1358: virt:rhel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201358 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1358, CVE-2020-1711, CVE-2020-7039 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * QEMU: block: iscsi: OOB heap access via an unexpected response of iSCSI Server (CVE-2020-1711) * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * libvirtd: error : virCPUx86UpdateLive:3110 : operation failed: guest CPU doesn't match specification: missing features: fxsr_opt (BZ#1809510) |
RHSA-2020:1360: container-tools:1.0 security update (Important)oval-com.redhat.rhsa-def-20201360 highRHSA-2020:1360 CVE-2020-7039
RHSA-2020:1360: container-tools:1.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201360 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1360, CVE-2020-7039 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() (CVE-2020-7039) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1372: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201372 mediumRHSA-2020:1372 CVE-2019-15030 CVE-2019-15031 CVE-2019-18660 CVE-2019-19527
RHSA-2020:1372: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201372 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1372, CVE-2019-15030, CVE-2019-15031, CVE-2019-18660, CVE-2019-19527 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: local user can read vector registers of other users' processes via a Facility Unavailable exception (CVE-2019-15030) * kernel: powerpc: local user can read vector registers of other users' processes via an interrupt (CVE-2019-15031) * kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) * kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [FJ8.1 Bug]: fs/devpts: always delete dcache dentry-s in dput() (BZ#1783959) * qla2xxx: call dma_free_coherent with correct size in all cases in qla24xx_sp_unmap (BZ#1788206) * qla2xxxx: Firmware update for Gen7 adapter could result in an unusable adapter (BZ#1790350) * s390/sclp: Fix bit checked for has_sipl (BZ#1791408) * RHEL8.1 - Error output for CPU-MF auxtrace data in perf: (BZ#1792198) * [FJ8.0 Bug]: [kernel]: using "kexec -e" to reboot A64FX system causes system panic during the boot of the 2nd kernel (BZ#1792200) * Fixup tlbie vs store ordering issue on POWER9 (BZ#1794058) * RHEL8.1 - qeth: add safeguards to RX data path (BZ#1794059) * RHEL8.1 - STC940:ZZ:Fleet:RHEL:LPM failed with no rmc connection during 6th iteration (ibmvnic) (BZ#1794060) * RHEL8.1 - disable trace-imc feature (perf:) (BZ#1794061) * [Broadcom RHEL8.2 FEAT]: megaraid_sas driver update request (BZ#1795335) * RHEL8.1 pre-Beta - [ FW940 ] [ zz P9 ] kdump fails when XIVE is enabled and dump is trigged from HMC. (BZ#1795337) * T10 DIF: OOM observed while running I/O (BZ#1795338) * backport fix for potential deadlock relative to snapshot COW throttling (BZ#1796490) * Neoverse n1 errata 1542419 "Core may fetch stale instructions from memory and violate ordering" (BZ#1797518) * [HPE 8.1 Bug] hpsa: bug fix for reset issue (BZ#1797519) * [HPE 8.0 BUG] System crash when reading /sys/block/<dm>/mq/0/cpu_list file (BZ#1797960) * kernel: T10 CRC not using hardware-accelerated version from crct10dif_pclmul (BZ#1797961) * [FJ8.1 Bug]: Dirty pages remain when write() returns ENOSPC. (BZ#1797962) * RHEL 8 - NVMe/FC Fabric Broadcom Autoconnect Script Fails to Reconnect after Controller Reset (BZ#1798381) * [RHEL8.2]: Chelsio crypto co-processor Driver (chcr) bugfixes (BZ#1798527) * [RHEL8.1][Snapshot-1]LUN discovery says unrecognized (BZ#1801216) * 8.2 snap2 kernel incorrectly signed in brew (BZ#1807231) |
RHSA-2020:1378: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201378 mediumRHSA-2020:1378 CVE-2019-19527
RHSA-2020:1378: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201378 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1378, CVE-2019-19527 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.1.z3 source tree (BZ#1794136) * [kernel-rt-debug] BUG: MAX_LOCKDEP_CHAINS too low! (BZ#1794199) |
RHSA-2020:1379: container-tools:rhel8 security and bug fix update (Important)oval-com.redhat.rhsa-def-20201379 highRHSA-2020:1379 CVE-2020-8608
RHSA-2020:1379: container-tools:rhel8 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201379 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1379, CVE-2020-8608 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * useradd and groupadd fail under rootless Buildah and podman [stream-container-tools-rhel8-rhel-8.1.1] (BZ#1803495) * Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.1.1/buildah] (BZ#1804188) * Podman support for FIPS Mode requires a bind mount inside the container [stream-container-tools-rhel8-rhel-8.1.1/podman] (BZ#1804194) * fuse-overlayfs segfault [stream-container-tools-rhel8-rhel-8.1.1/fuse-overlayfs] (BZ#1805016) * buildah COPY command is slow when .dockerignore file is not present [stream-container-tools-rhel8-rhel-8.1.1/buildah] (BZ#1806119) |
RHSA-2020:1403: qemu-kvm security and bug fix update (Important)oval-com.redhat.rhsa-def-20201403 highRHSA-2020:1403 CVE-2020-8608
RHSA-2020:1403: qemu-kvm security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201403 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1403, CVE-2020-8608 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * QEMU: Slirp: disable emulation of tcp programs like ftp IRC etc. [rhel-6] (BZ#1791680) |
RHSA-2020:1406: firefox security update (Important)oval-com.redhat.rhsa-def-20201406 highRHSA-2020:1406 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825
RHSA-2020:1406: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201406 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1406, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Security Fix(es): * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1420: firefox security update (Important)oval-com.redhat.rhsa-def-20201420 highRHSA-2020:1420 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825
RHSA-2020:1420: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201420 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1420, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Security Fix(es): * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1429: firefox security update (Important)oval-com.redhat.rhsa-def-20201429 highRHSA-2020:1429 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825
RHSA-2020:1429: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201429 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1429, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.7.0 ESR. Security Fix(es): * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1488: thunderbird security update (Important)oval-com.redhat.rhsa-def-20201488 highRHSA-2020:1488 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825
RHSA-2020:1488: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201488 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1488, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1489: thunderbird security update (Important)oval-com.redhat.rhsa-def-20201489 highRHSA-2020:1489 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825
RHSA-2020:1489: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201489 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1489, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1495: thunderbird security update (Important)oval-com.redhat.rhsa-def-20201495 highRHSA-2020:1495 CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822 CVE-2020-6825
RHSA-2020:1495: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201495 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1495, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.7.0. Security Fix(es): * Mozilla: Use-after-free while running the nsDocShell destructor (CVE-2020-6819) * Mozilla: Use-after-free when handling a ReadableStream (CVE-2020-6820) * Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method (CVE-2020-6821) * Mozilla: Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 (CVE-2020-6825) * Mozilla: Out of bounds write in GMPDecodeData when processing large images (CVE-2020-6822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1497: tigervnc security update (Moderate)oval-com.redhat.rhsa-def-20201497 mediumRHSA-2020:1497 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695
RHSA-2020:1497: tigervnc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201497 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1497, CVE-2019-15691, CVE-2019-15692, CVE-2019-15693, CVE-2019-15694, CVE-2019-15695 |
| Description | Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691) * tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks (CVE-2019-15692) * tigervnc: Heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693) * tigervnc: Heap buffer overflow in DecodeManager::decodeRect (CVE-2019-15694) * tigervnc: Stack buffer overflow in CMsgReader::readSetCursor (CVE-2019-15695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1506: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20201506 highRHSA-2020:1506 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830
RHSA-2020:1506: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201506 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1506, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1507: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20201507 highRHSA-2020:1507 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830
RHSA-2020:1507: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201507 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1507, CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1508: java-1.7.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20201508 highRHSA-2020:1508 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830
RHSA-2020:1508: java-1.7.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201508 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1508, CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830 |
| Description | The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1509: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20201509 highRHSA-2020:1509 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830
RHSA-2020:1509: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201509 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1509, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2767, CVE-2020-2773, CVE-2020-2778, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2816, CVE-2020-2830 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) * OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1511: git security update (Important)oval-com.redhat.rhsa-def-20201511 highRHSA-2020:1511 CVE-2020-5260
RHSA-2020:1511: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201511 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1511, CVE-2020-5260 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1512: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20201512 highRHSA-2020:1512 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830
RHSA-2020:1512: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1512, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1513: git security update (Important)oval-com.redhat.rhsa-def-20201513 highRHSA-2020:1513 CVE-2020-5260
RHSA-2020:1513: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201513 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1513, CVE-2020-5260 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1514: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20201514 highRHSA-2020:1514 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2767 CVE-2020-2773 CVE-2020-2778 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2816 CVE-2020-2830
RHSA-2020:1514: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201514 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1514, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2767, CVE-2020-2773, CVE-2020-2778, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2816, CVE-2020-2830 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Application data accepted before TLS handshake completion (JSSE, 8235691) (CVE-2020-2816) * OpenJDK: Incorrect handling of Certificate messages during TLS handshake (JSSE, 8232581) (CVE-2020-2767) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Incomplete enforcement of algorithm restrictions for TLS (JSSE, 8232424) (CVE-2020-2778) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1515: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20201515 highRHSA-2020:1515 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2773 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830
RHSA-2020:1515: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201515 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1515, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2773, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1524: kernel security update (Important)oval-com.redhat.rhsa-def-20201524 highRHSA-2020:1524 CVE-2017-1000371 CVE-2019-17666
RHSA-2020:1524: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201524 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1524, CVE-2017-1000371, CVE-2019-17666 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel lacks a certain upper-bound check, leading to a buffer overflow (CVE-2019-17666) * kernel: offset2lib allows for the stack guard page to be jumped over (CVE-2017-1000371) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1561: python-twisted-web security update (Important)oval-com.redhat.rhsa-def-20201561 highRHSA-2020:1561 CVE-2020-10108 CVE-2020-10109
RHSA-2020:1561: python-twisted-web security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201561 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1561, CVE-2020-10108, CVE-2020-10109 |
| Description | Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix(es): * python-twisted: HTTP request smuggling when presented with two Content-Length headers (CVE-2020-10108) * python-twisted: HTTP request smuggling when presented with a Content-Length and a chunked Transfer-Encoding header (CVE-2020-10109) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1567: kernel-rt security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20201567 highRHSA-2020:1567 CVE-2018-16871 CVE-2019-10639 CVE-2019-12819 CVE-2019-15090 CVE-2019-15099 CVE-2019-15221 CVE-2019-15223 CVE-2019-16234 CVE-2019-17053 CVE-2019-17055 CVE-2019-18282 CVE-2019-18805 CVE-2019-19045 CVE-2019-19047 CVE-2019-19055 CVE-2019-19057 CVE-2019-19058 CVE-2019-19059 CVE-2019-19065 CVE-2019-19067 CVE-2019-19073 CVE-2019-19074 CVE-2019-19077 CVE-2019-19532 CVE-2019-19534 CVE-2019-19768 CVE-2019-19922 CVE-2019-5108 CVE-2019-8980 CVE-2020-10690 CVE-2020-1749 CVE-2020-7053
RHSA-2020:1567: kernel-rt security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201567 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1567, CVE-2018-16871, CVE-2019-10639, CVE-2019-12819, CVE-2019-15090, CVE-2019-15099, CVE-2019-15221, CVE-2019-15223, CVE-2019-16234, CVE-2019-17053, CVE-2019-17055, CVE-2019-18282, CVE-2019-18805, CVE-2019-19045, CVE-2019-19047, CVE-2019-19055, CVE-2019-19057, CVE-2019-19058, CVE-2019-19059, CVE-2019-19065, CVE-2019-19067, CVE-2019-19073, CVE-2019-19074, CVE-2019-19077, CVE-2019-19532, CVE-2019-19534, CVE-2019-19768, CVE-2019-19922, CVE-2019-5108, CVE-2019-8980, CVE-2020-10690, CVE-2020-1749, CVE-2020-7053 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980) * kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) * kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) * kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534) * kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090) * kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099) * kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221) * kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057) * kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073) * kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074) * kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RT: update RT source tree to the RHEL-8.2 tree (BZ#1708716) * KVM-RT guest fails boot with emulatorsched (BZ#1712781) * 8 vCPU guest need max latency < 20 us with stress [RT-8.2] (BZ#1757165) * Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike [rt-8] (BZ#1788352) * RT: Add rpm Provide of 'kernel' to indicate that this is a kernel package (BZ#1796284) * [RHEL8] RT kernel signed by test certificate and not Red Hat Secure Boot (BZ#1806871) Enhancement(s): * update to the upstream 5.x RT patchset (BZ#1680161) |
RHSA-2020:1576: memcached security update (Moderate)oval-com.redhat.rhsa-def-20201576 mediumRHSA-2020:1576 CVE-2019-11596
RHSA-2020:1576: memcached security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201576 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1576, CVE-2019-11596 |
| Description | memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix(es): * memcached: null-pointer dereference in "lru mode" and "lru temp_ttl" causing denial of service (CVE-2019-11596) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201577 mediumRHSA-2020:1577 CVE-2017-18005 CVE-2018-10772 CVE-2018-11037 CVE-2018-14338 CVE-2018-17229 CVE-2018-17230 CVE-2018-17282 CVE-2018-17581 CVE-2018-18915 CVE-2018-19107 CVE-2018-19108 CVE-2018-19535 CVE-2018-19607 CVE-2018-20096 CVE-2018-20097 CVE-2018-20098 CVE-2018-20099 CVE-2018-4868 CVE-2018-9303 CVE-2018-9304 CVE-2018-9305 CVE-2018-9306 CVE-2019-13109 CVE-2019-13111 CVE-2019-13112 CVE-2019-13113 CVE-2019-13114 CVE-2019-20421 CVE-2019-9143
RHSA-2020:1577: exiv2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201577 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1577, CVE-2017-18005, CVE-2018-10772, CVE-2018-11037, CVE-2018-14338, CVE-2018-17229, CVE-2018-17230, CVE-2018-17282, CVE-2018-17581, CVE-2018-18915, CVE-2018-19107, CVE-2018-19108, CVE-2018-19535, CVE-2018-19607, CVE-2018-20096, CVE-2018-20097, CVE-2018-20098, CVE-2018-20099, CVE-2018-4868, CVE-2018-9303, CVE-2018-9304, CVE-2018-9305, CVE-2018-9306, CVE-2019-13109, CVE-2019-13111, CVE-2019-13112, CVE-2019-13113, CVE-2019-13114, CVE-2019-20421, CVE-2019-9143 |
| Description | The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.2). (BZ#1651917) Security Fix(es): * exiv2: infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421) * exiv2: null pointer dereference in the Exiv2::DataValue::toLong function in value.cpp (CVE-2017-18005) * exiv2: Excessive memory allocation in Exiv2::Jp2Image::readMetadata function in jp2image.cpp (CVE-2018-4868) * exiv2: assertion failure in BigTiffImage::readData in bigtiffimage.cpp (CVE-2018-9303) * exiv2: divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp (CVE-2018-9304) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9305) * exiv2: OOB read in pngimage.cpp:tEXtToDataBuf() allows for crash via crafted file (CVE-2018-10772) * exiv2: information leak via a crafted file (CVE-2018-11037) * exiv2: buffer overflow in samples/geotag.cpp (CVE-2018-14338) * exiv2: heap-based buffer overflow in Exiv2::d2Data in types.cpp (CVE-2018-17229) * exiv2: heap-based buffer overflow in Exiv2::ul2Data in types.cpp (CVE-2018-17230) * exiv2: NULL pointer dereference in Exiv2::DataValue::copy in value.cpp leading to application crash (CVE-2018-17282) * exiv2: Stack overflow in CiffDirectory::readDirectory() at crwimage_int.cpp leading to denial of service (CVE-2018-17581) * exiv2: infinite loop in Exiv2::Image::printIFDStructure function in image.cpp (CVE-2018-18915) * exiv2: heap-based buffer over-read in Exiv2::IptcParser::decode in iptc.cpp (CVE-2018-19107) * exiv2: infinite loop in Exiv2::PsdImage::readMetadata in psdimage.cpp (CVE-2018-19108) * exiv2: heap-based buffer over-read in PngChunk::readRawProfile in pngchunk_int.cpp (CVE-2018-19535) * exiv2: NULL pointer dereference in Exiv2::isoSpeed in easyaccess.cpp (CVE-2018-19607) * exiv2: Heap-based buffer over-read in Exiv2::tEXtToDataBuf function resulting in a denial of service (CVE-2018-20096) * exiv2: Segmentation fault in Exiv2::Internal::TiffParserWorker::findPrimaryGroups function (CVE-2018-20097) * exiv2: Heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20098) * exiv2: Infinite loop in Exiv2::Jp2Image::encodeJp2Header resulting in a denial of service (CVE-2018-20099) * exiv2: infinite recursion in Exiv2::Image::printTiffStructure in file image.cpp resulting in denial of service (CVE-2019-9143) * exiv2: denial of service in PngImage::readMetadata (CVE-2019-13109) * exiv2: integer overflow in WebPImage::decodeChunks leads to denial of service (CVE-2019-13111) * exiv2: uncontrolled memory allocation in PngChunk::parseChunkContent causing denial of service (CVE-2019-13112) * exiv2: invalid data location in CRW image file causing denial of service (CVE-2019-13113) * exiv2: null-pointer dereference in http.c causing denial of service (CVE-2019-13114) * exiv2: out of bounds read in IptcData::printStructure in iptc.c (CVE-2018-9306) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1581: wavpack security update (Low)oval-com.redhat.rhsa-def-20201581 lowRHSA-2020:1581 CVE-2018-19840 CVE-2018-19841 CVE-2019-1010315 CVE-2019-1010317 CVE-2019-1010319 CVE-2019-11498
RHSA-2020:1581: wavpack security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201581 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1581, CVE-2018-19840, CVE-2018-19841, CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010319, CVE-2019-11498 |
| Description | WavPack is a completely open audio compression format providing lossless, high-quality lossy, and a unique hybrid compression mode. Security Fix(es): * wawpack: Infinite loop in WavpackPackInit function lead to DoS (CVE-2018-19840) * wawpack: Out-of-bounds read in WavpackVerifySingleBlock function leads to DoS (CVE-2018-19841) * wavpack: Use of uninitialized variable in WavpackSetConfiguration64 leads to DoS (CVE-2019-11498) * wavpack: Divide by zero in ParseDsdiffHeaderConfig leads to crash (CVE-2019-1010315) * wavpack: Use of uninitialized variable in ParseCaffHeaderConfig leads to DoS (CVE-2019-1010317) * wavpack: Use of uninitialized variable in ParseWave64HeaderConfig leads to DoS (CVE-2019-1010319) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1598: libreoffice security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201598 mediumRHSA-2020:1598 CVE-2019-9849 CVE-2019-9850 CVE-2019-9851 CVE-2019-9852 CVE-2019-9853 CVE-2019-9854
RHSA-2020:1598: libreoffice security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201598 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1598, CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852, CVE-2019-9853, CVE-2019-9854 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. Security Fix(es): * libreoffice: Insufficient URL validation allowing LibreLogo script execution (CVE-2019-9850) * libreoffice: LibreLogo global-event script execution (CVE-2019-9851) * libreoffice: Insufficient URL encoding flaw in allowed script location check (CVE-2019-9852) * libreoffice: Insufficient URL decoding flaw in categorizing macro location (CVE-2019-9853) * libreoffice: Unsafe URL assembly flaw in allowed script location check (CVE-2019-9854) * libreoffice: Remote resources protection module not applied to bullet graphics (CVE-2019-9849) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1600: evolution security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201600 mediumRHSA-2020:1600 CVE-2018-15587
RHSA-2020:1600: evolution security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201600 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1600, CVE-2018-15587 |
| Description | Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Security Fix(es): * evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages (CVE-2018-15587) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1604: tcpdump security update (Low)oval-com.redhat.rhsa-def-20201604 lowRHSA-2020:1604 CVE-2018-19519
RHSA-2020:1604: tcpdump security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201604 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1604, CVE-2018-19519 |
| Description | The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. Security Fix(es): * tcpdump: Stack-based buffer over-read in print-hncp.c:print_prefix() via crafted pcap (CVE-2018-19519) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1605: python27:2.7 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201605 mediumRHSA-2020:1605 CVE-2018-18074 CVE-2018-20060 CVE-2018-20852 CVE-2019-11236 CVE-2019-11324 CVE-2019-16056 CVE-2019-16935
RHSA-2020:1605: python27:2.7 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201605 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1605, CVE-2018-18074, CVE-2018-20060, CVE-2018-20852, CVE-2019-11236, CVE-2019-11324, CVE-2019-16056, CVE-2019-16935 |
| Description | Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. The following packages have been upgraded to a later upstream version: python2 (2.7.17). (BZ#1759944) Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1616: irssi security update (Low)oval-com.redhat.rhsa-def-20201616 lowRHSA-2020:1616 CVE-2019-13045
RHSA-2020:1616: irssi security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201616 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1616, CVE-2019-13045 |
| Description | Irssi is a modular IRC client with Perl scripting. Security Fix(es): * irssi: use after free when sending SASL login to server (CVE-2019-13045) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201624 mediumRHSA-2020:1624 CVE-2018-20783 CVE-2019-11034 CVE-2019-11035 CVE-2019-11036 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-9020 CVE-2019-9021 CVE-2019-9022 CVE-2019-9023 CVE-2019-9024 CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640
RHSA-2020:1624: php:7.2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201624 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1624, CVE-2018-20783, CVE-2019-11034, CVE-2019-11035, CVE-2019-11036, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-9020, CVE-2019-9021, CVE-2019-9022, CVE-2019-9023, CVE-2019-9024, CVE-2019-9637, CVE-2019-9638, CVE-2019-9639, CVE-2019-9640 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (7.2.24). (BZ#1726981) Security Fix(es): * php: Invalid memory access in function xmlrpc_decode() (CVE-2019-9020) * php: File rename across filesystems may allow unwanted access during processing (CVE-2019-9637) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9638) * php: Uninitialized read in exif_process_IFD_in_MAKERNOTE (CVE-2019-9639) * php: Invalid read in exif_process_SOFn() (CVE-2019-9640) * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) * php: Buffer over-read in exif_read_data() (CVE-2019-11040) * php: Buffer over-read in PHAR reading functions (CVE-2018-20783) * php: Heap-based buffer over-read in PHAR reading functions (CVE-2019-9021) * php: memcpy with negative length via crafted DNS response (CVE-2019-9022) * php: Heap-based buffer over-read in mbstring regular expression functions (CVE-2019-9023) * php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c (CVE-2019-9024) * php: Heap buffer overflow in function exif_process_IFD_TAG() (CVE-2019-11034) * php: Heap buffer overflow in function exif_iif_add_value() (CVE-2019-11035) * php: Buffer over-read in exif_process_IFD_TAG() leading to information disclosure (CVE-2019-11036) * php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) * php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1631: GStreamer, libmad, and SDL security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20201631 lowRHSA-2020:1631 CVE-2018-7263
RHSA-2020:1631: GStreamer, libmad, and SDL security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201631 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1631, CVE-2018-7263 |
| Description | The GStreamer library provides a streaming media framework based on graphs of media data filters. The libmad package is an MPEG audio decoder capable of 24-bit output. Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * libmad: Double-free in the mad_decoder_run() function (CVE-2018-7263) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1635: gdb security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201635 mediumRHSA-2020:1635 CVE-2019-1010180
RHSA-2020:1635: gdb security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201635 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1635, CVE-2019-1010180 |
| Description | The GNU Debugger (GDB) allows users to debug programs written in various programming languages including C, C++, and Fortran. Security Fix(es): * gdb: buffer overflow while opening an ELF for debugging leads to Dos, information dislosure and code execution (CVE-2019-1010180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1636: libsndfile security update (Moderate)oval-com.redhat.rhsa-def-20201636 mediumRHSA-2020:1636 CVE-2018-13139 CVE-2018-19662
RHSA-2020:1636: libsndfile security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201636 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1636, CVE-2018-13139, CVE-2018-19662 |
| Description | libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: stack-based buffer overflow in sndfile-deinterleave utility (CVE-2018-13139) * libsndfile: buffer over-read in the function i2alaw_array in alaw.c (CVE-2018-19662) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201644 mediumRHSA-2020:1644 CVE-2019-14540 CVE-2019-16335 CVE-2019-16942 CVE-2019-16943 CVE-2019-17531 CVE-2019-20330 CVE-2020-10672 CVE-2020-10673 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548
RHSA-2020:1644: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201644 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1644, CVE-2019-14540, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17531, CVE-2019-20330, CVE-2020-10672, CVE-2020-10673, CVE-2020-8840, CVE-2020-9546, CVE-2020-9547, CVE-2020-9548 |
| Description | The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariConfig (CVE-2019-14540) * jackson-databind: Serialization gadgets in com.zaxxer.hikari.HikariDataSource (CVE-2019-16335) * jackson-databind: Serialization gadgets in org.apache.commons.dbcp.datasources.* (CVE-2019-16942) * jackson-databind: Serialization gadgets in com.p6spy.engine.spy.P6DataSource (CVE-2019-16943) * jackson-databind: Serialization gadgets in org.apache.log4j.receivers.db.* (CVE-2019-17531) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1650: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201650 mediumRHSA-2020:1650 CVE-2019-19921 CVE-2020-1702 CVE-2020-1726
RHSA-2020:1650: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201650 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1650, CVE-2019-19921, CVE-2020-1702, CVE-2020-1726 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) * containers/image: Container images read entire image manifest into memory (CVE-2020-1702) * podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1653: zziplib security update (Moderate)oval-com.redhat.rhsa-def-20201653 mediumRHSA-2020:1653 CVE-2018-17828
RHSA-2020:1653: zziplib security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201653 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1653, CVE-2018-17828 |
| Description | The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1659: grafana security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201659 mediumRHSA-2020:1659 CVE-2019-15043
RHSA-2020:1659: grafana security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201659 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1659, CVE-2019-15043 |
| Description | Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (6.3.6). (BZ#1725278) Security Fix(es): * grafana: incorrect access control in snapshot HTTP API leads to denial of service (CVE-2019-15043) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1660: mod_auth_mellon security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201660 mediumRHSA-2020:1660 CVE-2019-13038
RHSA-2020:1660: mod_auth_mellon security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201660 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1660, CVE-2019-13038 |
| Description | The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Security Fix(es): * mod_auth_mellon: Open Redirect via the login?ReturnTo= substring which could facilitate information theft (CVE-2019-13038) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1665: qt5 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201665 mediumRHSA-2020:1665 CVE-2018-19869 CVE-2018-19871 CVE-2018-19872
RHSA-2020:1665: qt5 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201665 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1665, CVE-2018-19869, CVE-2018-19871, CVE-2018-19872 |
| Description | Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. The following packages have been upgraded to a later upstream version: qt5 (5.12.5), qt5-qt3d (5.12.5), qt5-qtbase (5.12.5), qt5-qtcanvas3d (5.12.5), qt5-qtconnectivity (5.12.5), qt5-qtdeclarative (5.12.5), qt5-qtdoc (5.12.5), qt5-qtgraphicaleffects (5.12.5), qt5-qtimageformats (5.12.5), qt5-qtlocation (5.12.5), qt5-qtmultimedia (5.12.5), qt5-qtquickcontrols (5.12.5), qt5-qtquickcontrols2 (5.12.5), qt5-qtscript (5.12.5), qt5-qtsensors (5.12.5), qt5-qtserialbus (5.12.5), qt5-qtserialport (5.12.5), qt5-qtsvg (5.12.5), qt5-qttools (5.12.5), qt5-qttranslations (5.12.5), qt5-qtwayland (5.12.5), qt5-qtwebchannel (5.12.5), qt5-qtwebsockets (5.12.5), qt5-qtx11extras (5.12.5), qt5-qtxmlpatterns (5.12.5), python-qt5 (5.13.1), sip (4.19.19). (BZ#1775603, BZ#1775604) Security Fix(es): * qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp (CVE-2018-19872) * qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service (CVE-2018-19869) * qt5-qtimageformats: QTgaFile CPU exhaustion (CVE-2018-19871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1672: freeradius:3.0 security update (Moderate)oval-com.redhat.rhsa-def-20201672 mediumRHSA-2020:1672 CVE-2019-13456
RHSA-2020:1672: freeradius:3.0 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201672 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1672, CVE-2019-13456 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations (CVE-2019-13456) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1686: libmspack security and bug fix update (Low)oval-com.redhat.rhsa-def-20201686 lowRHSA-2020:1686 CVE-2019-1010305
RHSA-2020:1686: libmspack security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201686 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1686, CVE-2019-1010305 |
| Description | The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es): * libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1688: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20201688 mediumRHSA-2020:1688 CVE-2019-14973
RHSA-2020:1688: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201688 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1688, CVE-2019-14973 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c (CVE-2019-14973) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1702: rsyslog security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201702 mediumRHSA-2020:1702 CVE-2019-17041 CVE-2019-17042
RHSA-2020:1702: rsyslog security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201702 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1702, CVE-2019-17041, CVE-2019-17042 |
| Description | The rsyslog packages provide an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine-grained control over output format. The following packages have been upgraded to a later upstream version: rsyslog (8.1911.0). (BZ#1740683) Security Fix(es): * rsyslog: heap-based overflow in contrib/pmaixforwardedfrom/pmaixforwardedfrom.c (CVE-2019-17041) * rsyslog: heap-based overflow in contrib/pmcisconames/pmcisconames.c (CVE-2019-17042) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1708: liblouis security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201708 mediumRHSA-2020:1708 CVE-2018-11577 CVE-2018-11684 CVE-2018-11685 CVE-2018-12085
RHSA-2020:1708: liblouis security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201708 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1708, CVE-2018-11577, CVE-2018-11684, CVE-2018-11685, CVE-2018-12085 |
| Description | Liblouis is an open source braille translator and back-translator named in honor of Louis Braille. It features support for computer and literary braille, supports contracted and uncontracted translation for many languages and has support for hyphenation. New languages can easily be added through tables that support a rule or dictionary based approach. Liblouis also supports math braille (Nemeth and Marburg). Security Fix(es): * liblouis: Stack-based buffer overflow in function includeFile in compileTranslationTable.c (CVE-2018-11684) * liblouis: Stack-based buffer overflow in function compileHyphenation in compileTranslationTable.c (CVE-2018-11685) * liblouis: Segmentation fault in logging.c:lou_logPrint() (CVE-2018-11577) * liblouis: Stack-based buffer overflow in compileTranslationTable.c (CVE-2018-12085) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1712: edk2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201712 mediumRHSA-2020:1712 CVE-2019-14563
RHSA-2020:1712: edk2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201712 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1712, CVE-2019-14563 |
| Description | EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib (CVE-2019-14563) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1715: dnsmasq security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20201715 lowRHSA-2020:1715 CVE-2019-14834
RHSA-2020:1715: dnsmasq security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201715 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1715, CVE-2019-14834 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: memory leak in the create_helper() function in /src/helper.c (CVE-2019-14834) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1716: unbound security update (Moderate)oval-com.redhat.rhsa-def-20201716 mediumRHSA-2020:1716 CVE-2019-18934
RHSA-2020:1716: unbound security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201716 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1716, CVE-2019-18934 |
| Description | The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: command injection with data coming from a specially crafted IPSECKEY answer (CVE-2019-18934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1725: haproxy security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201725 mediumRHSA-2020:1725 CVE-2019-18277 CVE-2019-19330
RHSA-2020:1725: haproxy security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201725 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1725, CVE-2019-18277, CVE-2019-19330 |
| Description | The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. The following packages have been upgraded to a later upstream version: haproxy (1.8.23). (BZ#1774745) Security Fix(es): * haproxy: HTTP request smuggling issue with transfer-encoding header containing an obfuscated "chunked" value (CVE-2019-18277) * haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks (CVE-2019-19330) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1735: dpdk security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201735 mediumRHSA-2020:1735 CVE-2019-14818
RHSA-2020:1735: dpdk security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201735 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1735, CVE-2019-14818 |
| Description | The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. The following packages have been upgraded to a later upstream version: dpdk (19.11). (BZ#1773889) Security Fix(es): * dpdk: possible memory leak leads to denial of service (CVE-2019-14818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1764: python3 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201764 mediumRHSA-2020:1764 CVE-2018-20852 CVE-2019-16056
RHSA-2020:1764: python3 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201764 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1764, CVE-2018-20852, CVE-2019-16056 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Cookie domain check returns incorrect results (CVE-2018-20852) * python: email.utils.parseaddr wrongly parses email addresses (CVE-2019-16056) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1765: cups security and bug fix update (Low)oval-com.redhat.rhsa-def-20201765 lowRHSA-2020:1765 CVE-2019-8675 CVE-2019-8696
RHSA-2020:1765: cups security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201765 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1765, CVE-2019-8675, CVE-2019-8696 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: stack-buffer-overflow in libcups's asn1_get_type function (CVE-2019-8675) * cups: stack-buffer-overflow in libcups's asn1_get_packed function (CVE-2019-8696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1766: GNOME security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201766 mediumRHSA-2020:1766 CVE-2018-20337 CVE-2019-12447 CVE-2019-12448 CVE-2019-12449 CVE-2019-3825
RHSA-2020:1766: GNOME security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201766 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1766, CVE-2018-20337, CVE-2019-12447, CVE-2019-12448, CVE-2019-12449, CVE-2019-3825 |
| Description | GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es): * LibRaw: stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp (CVE-2018-20337) * gdm: lock screen bypass when timed login is enabled (CVE-2019-3825) * gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c (CVE-2019-12447) * gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write (CVE-2019-12448) * gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges (CVE-2019-12449) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1769: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20201769 highRHSA-2020:1769 CVE-2018-16871 CVE-2019-10639 CVE-2019-12819 CVE-2019-15090 CVE-2019-15099 CVE-2019-15221 CVE-2019-15223 CVE-2019-16234 CVE-2019-16746 CVE-2019-17053 CVE-2019-17055 CVE-2019-18282 CVE-2019-18805 CVE-2019-19045 CVE-2019-19047 CVE-2019-19055 CVE-2019-19057 CVE-2019-19058 CVE-2019-19059 CVE-2019-19065 CVE-2019-19067 CVE-2019-19073 CVE-2019-19074 CVE-2019-19077 CVE-2019-19532 CVE-2019-19534 CVE-2019-19768 CVE-2019-19922 CVE-2019-5108 CVE-2019-8980 CVE-2020-10690 CVE-2020-1749 CVE-2020-7053
RHSA-2020:1769: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201769 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1769, CVE-2018-16871, CVE-2019-10639, CVE-2019-12819, CVE-2019-15090, CVE-2019-15099, CVE-2019-15221, CVE-2019-15223, CVE-2019-16234, CVE-2019-16746, CVE-2019-17053, CVE-2019-17055, CVE-2019-18282, CVE-2019-18805, CVE-2019-19045, CVE-2019-19047, CVE-2019-19055, CVE-2019-19057, CVE-2019-19058, CVE-2019-19059, CVE-2019-19065, CVE-2019-19067, CVE-2019-19073, CVE-2019-19074, CVE-2019-19077, CVE-2019-19532, CVE-2019-19534, CVE-2019-19768, CVE-2019-19922, CVE-2019-5108, CVE-2019-8980, CVE-2020-10690, CVE-2020-1749, CVE-2020-7053 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * kernel: nfs: NULL pointer dereference due to an anomalized NFS message sequence (CVE-2018-16871) * kernel: memory leak in the kernel_read_file function in fs/exec.c allows to cause a denial of service (CVE-2019-8980) * kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol. (CVE-2019-17053) * kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol. (CVE-2019-17055) * kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c (CVE-2019-18805) * kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver (CVE-2019-19534) * kernel: some ipv6 protocols not encrypted over ipsec tunnel. (CVE-2020-1749) * Kernel: net: using kernel space address bits to derive IP ID may potentially break KASLR (CVE-2019-10639) * kernel: An out-of-bounds read in drivers/scsi/qedi/qedi_dbg.c leading to crash or information disclosure (CVE-2019-15090) * kernel: a NULL pointer dereference in drivers/net/wireless/ath/ath10k/usb.c leads to a crash (CVE-2019-15099) * kernel: Null pointer dereference in the sound/usb/line6/pcm.c (CVE-2019-15221) * kernel: Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c allows for a DoS (CVE-2019-19057) * kernel: Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel (DOS) (CVE-2019-19073) * kernel: a memory leak in the ath9k management function in allows local DoS (CVE-2019-19074) * kernel: when cpu.cfs_quota_us is used allows attackers to cause a denial of service against non-cpu-bound applications (CVE-2019-19922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. |
RHSA-2020:1787: unzip security update (Low)oval-com.redhat.rhsa-def-20201787 lowRHSA-2020:1787 CVE-2019-13232
RHSA-2020:1787: unzip security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201787 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1787, CVE-2019-13232 |
| Description | The unzip utility is used to list, test, and extract files from zip archives. Security Fix(es): * unzip: overlapping of files in ZIP container leads to denial of service (CVE-2019-13232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1792: curl security update (Moderate)oval-com.redhat.rhsa-def-20201792 mediumRHSA-2020:1792 CVE-2019-5436 CVE-2019-5481 CVE-2019-5482
RHSA-2020:1792: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201792 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1792, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: double free due to subsequent call of realloc() (CVE-2019-5481) * curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) * curl: TFTP receive heap buffer overflow in tftp_receive_packet() function (CVE-2019-5436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1794: systemd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201794 mediumRHSA-2020:1794 CVE-2019-3843 CVE-2019-3844
RHSA-2020:1794: systemd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201794 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1794, CVE-2019-3843, CVE-2019-3844 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: services with DynamicUser can create SUID/SGID binaries (CVE-2019-3843) * systemd: services with DynamicUser can get new privileges and create SGID binaries (CVE-2019-3844) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1797: binutils security and bug fix update (Low)oval-com.redhat.rhsa-def-20201797 lowRHSA-2020:1797 CVE-2019-1010204 CVE-2019-17451
RHSA-2020:1797: binutils security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201797 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1797, CVE-2019-1010204, CVE-2019-17451 |
| Description | The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c (CVE-2019-17451) * binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service (CVE-2019-1010204) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1804: sudo security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201804 mediumRHSA-2020:1804 CVE-2019-19232 CVE-2019-19234
RHSA-2020:1804: sudo security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201804 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1804, CVE-2019-19232, CVE-2019-19234 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. The following packages have been upgraded to a later upstream version: sudo (1.8.29). (BZ#1733961) Security Fix(es): * sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user (CVE-2019-19232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1810: sqlite security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201810 mediumRHSA-2020:1810 CVE-2019-13752 CVE-2019-13753 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19959 CVE-2019-8457
RHSA-2020:1810: sqlite security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201810 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1810, CVE-2019-13752, CVE-2019-13753, CVE-2019-19923, CVE-2019-19924, CVE-2019-19925, CVE-2019-19959, CVE-2019-8457 |
| Description | SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: heap out-of-bound read in function rtreenode() (CVE-2019-8457) * sqlite: fts3: improve shadow table corruption detection (CVE-2019-13752) * sqlite: fts3: incorrectly removed corruption check (CVE-2019-13753) * sqlite: mishandling of certain uses of SELECT DISTINCT involving a LEFT JOIN in flattenSubquery in select.c leads to a NULL pointer dereference (CVE-2019-19923) * sqlite: incorrect sqlite3WindowRewrite() error handling leads to mishandling certain parser-tree rewriting (CVE-2019-19924) * sqlite: zipfileUpdate in ext/misc/zipfile.c mishandles a NULL pathname during an update of a ZIP archive (CVE-2019-19925) * sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames (CVE-2019-19959) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1827: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20201827 mediumRHSA-2020:1827 CVE-2018-14404 CVE-2018-9251
RHSA-2020:1827: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201827 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1827, CVE-2018-14404, CVE-2018-9251 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c (CVE-2018-14404) * libxml2: infinite loop in xz_decomp function in xzlib.c (CVE-2018-9251) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1828: glibc security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20201828 lowRHSA-2020:1828 CVE-2019-19126
RHSA-2020:1828: glibc security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201828 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1828, CVE-2019-19126 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1840: openssl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201840 mediumRHSA-2020:1840 CVE-2019-1547 CVE-2019-1549 CVE-2019-1563
RHSA-2020:1840: openssl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201840 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1840, CVE-2019-1547, CVE-2019-1549, CVE-2019-1563 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: side-channel weak encryption vulnerability (CVE-2019-1547) * openssl: information disclosure in fork() (CVE-2019-1549) * openssl: information disclosure in PKCS7_dataDecode and CMS_decrypt_set1_pkey (CVE-2019-1563) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1845: bind security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201845 mediumRHSA-2020:1845 CVE-2019-6477
RHSA-2020:1845: bind security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201845 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1845, CVE-2019-6477 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The following packages have been upgraded to a later upstream version: bind (9.11.13). (BZ#1704328) Security Fix(es): * bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1852: patch security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201852 mediumRHSA-2020:1852 CVE-2019-13636
RHSA-2020:1852: patch security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201852 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1852, CVE-2019-13636 |
| Description | The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es): * patch: the following of symlinks in inp.c and util.c is mishandled in cases other than input files (CVE-2019-13636) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1864: gcc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201864 mediumRHSA-2020:1864 CVE-2019-15847
RHSA-2020:1864: gcc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201864 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1864, CVE-2019-15847 |
| Description | The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * gcc: POWER9 "DARN" RNG intrinsic produces repeated output (CVE-2019-15847) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201878 mediumRHSA-2020:1878 CVE-2019-10197 CVE-2019-10218 CVE-2019-14907
RHSA-2020:1878: samba security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201878 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1878, CVE-2019-10197, CVE-2019-10218, CVE-2019-14907 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.11.2). (BZ#1754409) Security Fix(es): * samba: Combination of parameters and permissions can allow user to escape from the share path definition (CVE-2019-10197) * samba: smb client vulnerable to filenames containing path separators (CVE-2019-10218) * samba: Crash after failed character conversion at log level 3 or above (CVE-2019-14907) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1880: ibus and glib2 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20201880 mediumRHSA-2020:1880 CVE-2019-14822
RHSA-2020:1880: ibus and glib2 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201880 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1880, CVE-2019-14822 |
| Description | GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. The Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. Security Fix(es): * ibus: missing authorization allows local attacker to access the input bus of another user (CVE-2019-14822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1912: bluez security update (Low)oval-com.redhat.rhsa-def-20201912 lowRHSA-2020:1912 CVE-2018-10910
RHSA-2020:1912: bluez security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20201912 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:1912, CVE-2018-10910 |
| Description | The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * bluez: failure in disabling Bluetooth discoverability in certain cases may lead to the unauthorized pairing of Bluetooth devices (CVE-2018-10910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20201913 mediumRHSA-2020:1913 CVE-2019-5094 CVE-2019-5188
RHSA-2020:1913: e2fsprogs security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201913 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1913, CVE-2019-5094, CVE-2019-5188 |
| Description | The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. The following packages have been upgraded to a later upstream version: e2fsprogs (1.45.4). (BZ#1783777) Security Fix(es): * e2fsprogs: crafted ext4 partition leads to out-of-bounds write (CVE-2019-5094) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1916: python-pip security update (Moderate)oval-com.redhat.rhsa-def-20201916 mediumRHSA-2020:1916 CVE-2018-18074 CVE-2018-20060 CVE-2019-11236 CVE-2019-11324
RHSA-2020:1916: python-pip security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201916 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1916, CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324 |
| Description | pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1921: fontforge security update (Moderate)oval-com.redhat.rhsa-def-20201921 mediumRHSA-2020:1921 CVE-2020-5395
RHSA-2020:1921: fontforge security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201921 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1921, CVE-2020-5395 |
| Description | FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): * fontforge: out-of-bounds write in SFD_GetFontMetaData function in sfd.c (CVE-2020-5395) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:1926: container-tools:1.0 security and bug fix update (Important)oval-com.redhat.rhsa-def-20201926 highRHSA-2020:1926 CVE-2020-10696
RHSA-2020:1926: container-tools:1.0 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201926 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1926, CVE-2020-10696 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * conflicting requests: failed to install container-tools:1.0 (BZ#1813776) * podman run container error with avc denied (BZ#1816541) |
RHSA-2020:1931: container-tools:2.0 security update (Important)oval-com.redhat.rhsa-def-20201931 highRHSA-2020:1931 CVE-2020-10696
RHSA-2020:1931: container-tools:2.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201931 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1931, CVE-2020-10696 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1932: container-tools:rhel8 security update (Important)oval-com.redhat.rhsa-def-20201932 highRHSA-2020:1932 CVE-2020-10696
RHSA-2020:1932: container-tools:rhel8 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201932 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1932, CVE-2020-10696 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1933: targetcli security update (Important)oval-com.redhat.rhsa-def-20201933 highRHSA-2020:1933 CVE-2020-10699
RHSA-2020:1933: targetcli security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201933 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1933, CVE-2020-10699 |
| Description | The targetcli package contains an administration shell for configuring Internet Small Computer System Interface (iSCSI), Fibre Channel over Ethernet (FCoE), and other SCSI targets, using the Target Core Mod/Linux-IO (TCM/LIO) kernel target subsystem. FCoE users also need to install and use the fcoe-utils package. Security Fix(es): * targetcli: world writable /var/run/targetclid.sock allows unprivileged user to execute commands (CVE-2020-10699) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1962: python-twisted-web security update (Important)oval-com.redhat.rhsa-def-20201962 highRHSA-2020:1962 CVE-2020-10108
RHSA-2020:1962: python-twisted-web security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201962 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1962, CVE-2020-10108 |
| Description | Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Security Fix(es): * python-twisted: HTTP request smuggling when presented with two Content-Length headers (CVE-2020-10108) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1980: git security update (Important)oval-com.redhat.rhsa-def-20201980 highRHSA-2020:1980 CVE-2020-11008
RHSA-2020:1980: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20201980 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:1980, CVE-2020-11008 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. The following packages have been upgraded to a later upstream version: git (2.18.4). (BZ#1826008) Security Fix(es): * git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:1998: gnutls security update (Moderate)oval-com.redhat.rhsa-def-20201998 mediumRHSA-2020:1998 CVE-2020-11501
RHSA-2020:1998: gnutls security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20201998 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:1998, CVE-2020-11501 |
| Description | The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: DTLS client hello contains a random value of all zeroes (CVE-2020-11501) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2031: firefox security update (Critical)oval-com.redhat.rhsa-def-20202031 highRHSA-2020:2031 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-6831
RHSA-2020:2031: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20202031 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2031, CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-6831 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2036: firefox security update (Critical)oval-com.redhat.rhsa-def-20202036 highRHSA-2020:2036 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-6831
RHSA-2020:2036: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20202036 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2036, CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-6831 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2037: firefox security update (Critical)oval-com.redhat.rhsa-def-20202037 highRHSA-2020:2037 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-6831
RHSA-2020:2037: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20202037 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2037, CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-6831 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * Mozilla: Buffer overflow in SCTP chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2040: squid security update (Important)oval-com.redhat.rhsa-def-20202040 highRHSA-2020:2040 CVE-2019-12519 CVE-2019-12525 CVE-2020-11945
RHSA-2020:2040: squid security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202040 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2040, CVE-2019-12519, CVE-2019-12525, CVE-2020-11945 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519) * squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945) * squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2041: squid:4 security update (Important)oval-com.redhat.rhsa-def-20202041 highRHSA-2020:2041 CVE-2019-12519 CVE-2019-12525 CVE-2020-11945
RHSA-2020:2041: squid:4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202041 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2041, CVE-2019-12519, CVE-2019-12525, CVE-2020-11945 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow (CVE-2019-12519) * squid: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution (CVE-2020-11945) * squid: parsing of header Proxy-Authentication leads to memory corruption (CVE-2019-12525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2046: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20202046 highRHSA-2020:2046 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 CVE-2020-6831
RHSA-2020:2046: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20202046 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2046, CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-12397, CVE-2020-6831 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2049: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20202049 highRHSA-2020:2049 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 CVE-2020-6831
RHSA-2020:2049: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20202049 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2049, CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-12397, CVE-2020-6831 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2050: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20202050 highRHSA-2020:2050 CVE-2020-12387 CVE-2020-12392 CVE-2020-12395 CVE-2020-12397 CVE-2020-6831
RHSA-2020:2050: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20202050 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2050, CVE-2020-12387, CVE-2020-12392, CVE-2020-12395, CVE-2020-12397, CVE-2020-6831 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.8.0. Security Fix(es): * Mozilla: Use-after-free during worker shutdown (CVE-2020-12387) * Mozilla: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 (CVE-2020-12395) * usrsctp: Buffer overflow in AUTH chunk input validation (CVE-2020-6831) * Mozilla: Arbitrary local file access with 'Copy as cURL' (CVE-2020-12392) * Mozilla: Sender Email Address Spoofing using encoded Unicode characters (CVE-2020-12397) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2068: python-pip security update (Moderate)oval-com.redhat.rhsa-def-20202068 mediumRHSA-2020:2068 CVE-2018-18074 CVE-2018-20060 CVE-2019-11236 CVE-2019-11324
RHSA-2020:2068: python-pip security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202068 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2068, CVE-2018-18074, CVE-2018-20060, CVE-2019-11236, CVE-2019-11324 |
| Description | pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python" Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-urllib3: Certification mishandle when error should be thrown (CVE-2019-11324) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2070: libreswan security update (Important)oval-com.redhat.rhsa-def-20202070 highRHSA-2020:2070 CVE-2020-1763
RHSA-2020:2070: libreswan security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202070 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2070, CVE-2020-1763 |
| Description | Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network (VPN). Security Fix(es): * libreswan: DoS attack via malicious IKEv1 informational exchange message (CVE-2020-1763) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2081: python-virtualenv security update (Moderate)oval-com.redhat.rhsa-def-20202081 mediumRHSA-2020:2081 CVE-2018-18074 CVE-2018-20060 CVE-2019-11236
RHSA-2020:2081: python-virtualenv security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202081 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2081, CVE-2018-18074, CVE-2018-20060, CVE-2019-11236 |
| Description | The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Security Fix(es): * python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure (CVE-2018-20060) * python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service (CVE-2019-11236) * python-requests: Redirect from HTTPS to HTTP does not remove Authorization header (CVE-2018-18074) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2082: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20202082 highRHSA-2020:2082 CVE-2017-18595 CVE-2019-19768 CVE-2020-10711
RHSA-2020:2082: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202082 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2082, CVE-2017-18595, CVE-2019-19768, CVE-2020-10711 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Delay in RT task scheduled. Incorrect nr_scheduled value. (BZ#1796262) * ixgbevf interface goes down on hypervisor and causes outage (BZ#1796799) * kernel: UAF in cdev_put() when a PTP device is removed while its chardev is open (BZ#1798396) * [HPEMC RHEL 7.7 RHEL 7.8 REGRESSION] kernel not populating numa_nod in /sys/devices... for PMEM (BZ#1801699) * Unable to exclude files from auditing (BZ#1806430) * DNAT'd packet is not unmangled upon reply on openshift node (BZ#1806447) * top shows super high loads when tuned profile realtime-virtual-host is applied (BZ#1808030) * [RHEL 7.9] mdraid devices do not autocorrect read errors on parity blocks (BZ#1810062) * Observed a memory leak while using dm-multipath (BZ#1812937) * RHEL7.8: megaraid_sas: MSIx allocation fails in resume path (BZ#1813249) * Backport: Guest microcode version mismatch on secondary processors (BZ#1814003) * dm-multipath high load backport incorrect (BZ#1814537) * qla2xxx: Urgent driver fix needed. Initiator does not relogin to target after receiving an explicit logout (BZ#1815596) * Potential deadlock in iscsi_if_rx func (BZ#1817497) * High iSCSI read latency resolved by 'tcp: implement coalescing on backlog queue' (BZ#1817499) * kdump: crashkernel=xM,low is likely to fail when x is big enough (BZ#1817502) * [RHEL7.8][Azure]Commits to resolve high network latency (BZ#1817935) * net_sched: remove a bogus warning in hfsc (BZ#1821262) * NETDEV WATCHDOG: enp3s0 (r8169): transmit queue 0 timed out (BZ#1822548) * BUG: unable to handle kernel NULL pointer dereference at fl_dump (BZ#1824548) * [ Marvell 7.9] update qla2xxx driver with critical bug fixes (BZ#1827274) |
RHSA-2020:2085: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20202085 highRHSA-2020:2085 CVE-2017-18595 CVE-2019-19768 CVE-2020-10711
RHSA-2020:2085: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202085 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2085, CVE-2017-18595, CVE-2019-19768, CVE-2020-10711 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (CVE-2017-18595) * kernel: use-after-free in __blk_add_trace in kernel/trace/blktrace.c (CVE-2019-19768) * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the RHEL7.8.z batch#1 source tree (BZ#1812282) |
RHSA-2020:2102: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20202102 highRHSA-2020:2102 CVE-2020-10711 CVE-2020-11884 CVE-2020-2732
RHSA-2020:2102: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202102 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2102, CVE-2020-10711, CVE-2020-11884, CVE-2020-2732 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) * Kernel: s390: page table upgrade in secondary address mode may lead to privilege escalation (CVE-2020-11884) * Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL8.2][Azure]Commits to resolve high network latency (BZ#1817945) * cpu.share scheduling performance issue (BZ#1819909) * [DELL 8.2 BUG] [WD 19 SC/DC/TBT] ALSA: Microphone can't record via front port after suspend (BZ#1821376) |
RHSA-2020:2103: kernel security update (Important)oval-com.redhat.rhsa-def-20202103 highRHSA-2020:2103 CVE-2020-10711
RHSA-2020:2103: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202103 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2103, CVE-2020-10711 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2125: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20202125 highRHSA-2020:2125 CVE-2020-10711
RHSA-2020:2125: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202125 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2125, CVE-2020-10711 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2143: .NET Core security update (Important)oval-com.redhat.rhsa-def-20202143 highRHSA-2020:2143 CVE-2020-1108
RHSA-2020:2143: .NET Core security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202143 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2143, CVE-2020-1108 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core Runtime 2.1.18 and SDK 2.1.514. Security Fix(es): * dotnet: Denial of service via untrusted input (CVE-2020-1108) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2171: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20202171 highRHSA-2020:2171 CVE-2020-10711 CVE-2020-2732
RHSA-2020:2171: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202171 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2171, CVE-2020-10711, CVE-2020-2732 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: NetLabel: null pointer dereference while receiving CIPSO packet with null category may cause kernel panic (CVE-2020-10711) * Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources (CVE-2020-2732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the latest RHEL-8.2.z source tree (BZ#1831781) |
RHSA-2020:2241: java-1.8.0-ibm security update (Important)oval-com.redhat.rhsa-def-20202241 highRHSA-2020:2241 CVE-2019-2949 CVE-2020-2654 CVE-2020-2754 CVE-2020-2755 CVE-2020-2756 CVE-2020-2757 CVE-2020-2781 CVE-2020-2800 CVE-2020-2803 CVE-2020-2805 CVE-2020-2830
RHSA-2020:2241: java-1.8.0-ibm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202241 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2241, CVE-2019-2949, CVE-2020-2654, CVE-2020-2754, CVE-2020-2755, CVE-2020-2756, CVE-2020-2757, CVE-2020-2781, CVE-2020-2800, CVE-2020-2803, CVE-2020-2805, CVE-2020-2830 |
| Description | IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP10. Security Fix(es): * OpenJDK: Improper handling of Kerberos proxy credentials (Kerberos, 8220302) (CVE-2019-2949) * OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841) (CVE-2020-2803) * OpenJDK: Incorrect type checks in MethodType.readObject() (Libraries, 8235274) (CVE-2020-2805) * OpenJDK: Excessive memory usage in OID processing in X.509 certificate parsing (Libraries, 8234037) (CVE-2020-2654) * OpenJDK: Re-use of single TLS session for new connections (JSSE, 8234408) (CVE-2020-2781) * OpenJDK: CRLF injection into HTTP headers in HttpServer (Lightweight HTTP Server, 8234825) (CVE-2020-2800) * OpenJDK: Regular expression DoS in Scanner (Concurrency, 8236201) (CVE-2020-2830) * OpenJDK: Misplaced regular expression syntax error check in RegExpScanner (Scripting, 8223898) (CVE-2020-2754) * OpenJDK: Incorrect handling of empty string nodes in regular expression Parser (Scripting, 8223904) (CVE-2020-2755) * OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541) (CVE-2020-2756) * OpenJDK: Uncaught InstantiationError exception in ObjectStreamClass (Serialization, 8224549) (CVE-2020-2757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2250: dotnet3.1 security update (Important)oval-com.redhat.rhsa-def-20202250 highRHSA-2020:2250 CVE-2020-1108 CVE-2020-1161
RHSA-2020:2250: dotnet3.1 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202250 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2250, CVE-2020-1108, CVE-2020-1161 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.104 and .NET Core Runtime 3.1.4. Security Fixes: * dotnet: Denial of service via untrusted input (CVE-2020-1108) * dotnet: Denial of service due to infinite loop (CVE-2020-1161) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2334: freerdp security update (Important)oval-com.redhat.rhsa-def-20202334 highRHSA-2020:2334 CVE-2020-11521 CVE-2020-11523 CVE-2020-11524
RHSA-2020:2334: freerdp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202334 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2334, CVE-2020-11521, CVE-2020-11523, CVE-2020-11524 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) * freerdp: Integer overflow in region.c (CVE-2020-11523) * freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2336: freerdp security update (Important)oval-com.redhat.rhsa-def-20202336 highRHSA-2020:2336 CVE-2020-11521 CVE-2020-11523 CVE-2020-11524
RHSA-2020:2336: freerdp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202336 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2336, CVE-2020-11521, CVE-2020-11523, CVE-2020-11524 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: Out-of-bounds write in planar.c (CVE-2020-11521) * freerdp: Integer overflow in region.c (CVE-2020-11523) * freerdp: Out-of-bounds write in interleaved.c (CVE-2020-11524) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2337: git security update (Important)oval-com.redhat.rhsa-def-20202337 highRHSA-2020:2337 CVE-2020-11008
RHSA-2020:2337: git security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202337 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2337, CVE-2020-11008 |
| Description | Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2338: bind security update (Important)oval-com.redhat.rhsa-def-20202338 highRHSA-2020:2338 CVE-2020-8616 CVE-2020-8617
RHSA-2020:2338: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202338 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2338, CVE-2020-8616, CVE-2020-8617 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2344: bind security update (Important)oval-com.redhat.rhsa-def-20202344 highRHSA-2020:2344 CVE-2020-8616 CVE-2020-8617
RHSA-2020:2344: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202344 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2344, CVE-2020-8616, CVE-2020-8617 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2378: firefox security update (Important)oval-com.redhat.rhsa-def-20202378 highRHSA-2020:2378 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410
RHSA-2020:2378: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202378 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2378, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2379: firefox security update (Important)oval-com.redhat.rhsa-def-20202379 highRHSA-2020:2379 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410
RHSA-2020:2379: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202379 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2379, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2381: firefox security update (Important)oval-com.redhat.rhsa-def-20202381 highRHSA-2020:2381 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410
RHSA-2020:2381: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202381 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2381, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Security Fix(es): * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2383: bind security update (Important)oval-com.redhat.rhsa-def-20202383 highRHSA-2020:2383 CVE-2020-8616 CVE-2020-8617
RHSA-2020:2383: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202383 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2383, CVE-2020-8616, CVE-2020-8617 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: BIND does not sufficiently limit the number of fetches performed when processing referrals (CVE-2020-8616) * bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c (CVE-2020-8617) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2405: freerdp security update (Important)oval-com.redhat.rhsa-def-20202405 highRHSA-2020:2405 CVE-2020-13398
RHSA-2020:2405: freerdp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202405 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2405, CVE-2020-13398 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2406: freerdp security update (Important)oval-com.redhat.rhsa-def-20202406 highRHSA-2020:2406 CVE-2020-13398
RHSA-2020:2406: freerdp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202406 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2406, CVE-2020-13398 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2407: freerdp security update (Important)oval-com.redhat.rhsa-def-20202407 highRHSA-2020:2407 CVE-2020-13398
RHSA-2020:2407: freerdp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202407 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2407, CVE-2020-13398 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2414: unbound security update (Important)oval-com.redhat.rhsa-def-20202414 highRHSA-2020:2414 CVE-2020-12662 CVE-2020-12663
RHSA-2020:2414: unbound security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202414 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2414, CVE-2020-12662, CVE-2020-12663 |
| Description | The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2416: unbound security update (Important)oval-com.redhat.rhsa-def-20202416 highRHSA-2020:2416 CVE-2020-12662 CVE-2020-12663
RHSA-2020:2416: unbound security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202416 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2416, CVE-2020-12662, CVE-2020-12663 |
| Description | The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2427: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20202427 highRHSA-2020:2427 CVE-2020-12657
RHSA-2020:2427: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202427 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2427, CVE-2020-12657 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body (CVE-2020-12657) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel: hw: provide reporting and microcode mitigation toggle for CVE-2020-0543 / Special Register Buffer Data Sampling (SRBDS) (BZ#1827191) * ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets (BZ#1821375) * IB/core: deadlock on rdma_nl_mutex when netlink triggers on-demand modprobe rdma_cm (BZ#1821381) * dm: fix excessive bio splitting that results in performance regressions (BZ#1821382) * system time jumps when hotplug vcpu on a long uptime guest (BZ#1822498) * [DELL 8.2 BUG]Ethernet : e1000e doesn't work after S2I (BZ#1825262) * NFSv3 sec=krb5p fails against an ONTAP server (BZ#1826219) * Stand-alone CPU Linpack test reports bad residual on HPC Cluster node(s) while running RHEL 8 (BZ#1827619) * [DELL 8.2 BUG]bluetooth Scanning block S3 and Suspend to idle (BZ#1827620) * RHEL8.2 Beta - SMC-R connection with vlan-id fails (BZ#1827631) * RHEL8.1 - RHEL8.1 kernel 4.18.0-147.3.1.el8.bz181950_test001.ppc64le+debug failed during LPM test (p8/p9):idahop08:LPM (vtpm) (BZ#1827632) * missing version.h dependency for modpost may cause build to fail (BZ#1828229) * efi: kernel panic during ltp fs test - read_all -d /sys -q -r 10 (BZ#1829527) * Let "isolcpus=" skip unknown sub-parameters (BZ#1832367) * RHEL8.0 - Very bad performance with small blocks in FC-IO found by SAP HANA on POWER tests on RHEL8.0 (compared to RHEL7.4) (BZ#1834517) * [FJ8.2 Bug]: [REG] NFS-client panic at nfs4_get_valid_delegation+0x1c/0x40 [nfsv4] (BZ#1837969) * [RHEL-8.3] upstream bonding driver refresh (BZ#1838477) * Enable xt_u32 module (BZ#1840799) * Move xt_u32 module to kernel-modules-extra (BZ#1840800) |
RHSA-2020:2428: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20202428 highRHSA-2020:2428 CVE-2020-12657
RHSA-2020:2428: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202428 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2428, CVE-2020-12657 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body (CVE-2020-12657) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel: hw: provide reporting and microcode mitigation toggle for CVE-2020-0543 / Special Register Buffer Data Sampling (SRBDS) (BZ#1827193) * kernel-rt: update RT source tree to the RHEL-8.2.z1 source tree (BZ#1816271) |
RHSA-2020:2430: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20202430 mediumRHSA-2020:2430 CVE-2017-12192
RHSA-2020:2430: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202430 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2430, CVE-2017-12192 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: NULL pointer dereference due to KEYCTL_READ on negative key (CVE-2017-12192) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel: hw: provide reporting and microcode mitigation toggle for CVE-2020-0543 / Special Register Buffer Data Sampling (SRBDS) (BZ#1827185) * Bonding not failing over in mode=1 under 2.6.32-754.28.1 (...27.1 works OK) (BZ#1828604) |
RHSA-2020:2431: microcode_ctl security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20202431 mediumRHSA-2020:2431 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549
RHSA-2020:2431: microcode_ctl security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202431 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2431, CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 |
| Description | Security Fix(es):
* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
* hw: L1D Cache Eviction Sampling (CVE-2020-0549)
* hw: Vector Register Data Sampling (CVE-2020-0548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es) and Enhancement(s):
* Update Intel CPU microcode to microcode-20200602 release, addresses:
- Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f
up to 0x621;
- Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718
up to 0x71a;
- Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;
- Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e
up to 0x2f;
- Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25
up to 0x26;
- Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;
- Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21
up to 0x22;
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151
up to 0x1000157;
- Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode
(in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065
up to 0x2006906;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c
up to 0x4002f01;
- Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c
up to 0x5002f01;
- Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46
up to 0x78;
- Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode
from revision 0xca up to 0xd6;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision
0xca up to 0xd6;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca
up to 0xd6;
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca
up to 0xd6;
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.
- Change the URL to point to the GitHub repository since the microcode download section at Intel Download Center does not exist anymore.
* Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment
models.
* Re-generate initramfs not only for the currently running kernel,
but for several recently installed kernels as well.
|
RHSA-2020:2432: microcode_ctl security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20202432 mediumRHSA-2020:2432 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549
RHSA-2020:2432: microcode_ctl security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202432 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2432, CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 |
| Description | Security Fix(es):
* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
* hw: L1D Cache Eviction Sampling (CVE-2020-0549)
* hw: Vector Register Data Sampling (CVE-2020-0548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Update Intel CPU microcode to microcode-20200602 release, addresses:
- Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f
up to 0x621;
- Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718
up to 0x71a;
- Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;
- Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e
up to 0x2f;
- Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25
up to 0x26;
- Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;
- Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21
up to 0x22;
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151
up to 0x1000157;
- Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode
(in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065
up to 0x2006906;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c
up to 0x4002f01;
- Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c
up to 0x5002f01;
- Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46
up to 0x78;
- Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode
from revision 0xca up to 0xd6;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision
0xca up to 0xd6;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca
up to 0xd6;
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca
up to 0xd6;
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.
- Change the URL in the intel-microcode2ucode.8 to point to the GitHub
repository since the microcode download section at Intel Download Center
does not exist anymore.
* Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment
models.
* Re-generate initramfs not only for the currently running kernel,
but for several recently installed kernels as well.
* Avoid find being SIGPIPE'd on early "grep -q" exit in the dracut script.
* Update stale posttrans dependency, add triggers for proper handling
of the debug kernel flavour along with kernel-rt.
|
RHSA-2020:2433: microcode_ctl security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20202433 mediumRHSA-2020:2433 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549
RHSA-2020:2433: microcode_ctl security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202433 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2433, CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 |
| Description | The microcode_ctl packages provide microcode updates for Intel and AMD processors.
Security Fix(es):
* hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543)
* hw: L1D Cache Eviction Sampling (CVE-2020-0549)
* hw: Vector Register Data Sampling (CVE-2020-0548)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es) and Enhancement(s):
* Update Intel CPU microcode to microcode-20200602 release, addresses:
- Update of 06-3c-03/0x32 (HSW C0) microcode from revision 0x27 up to 0x28;
- Update of 06-3d-04/0xc0 (BDW-U/Y E0/F0) microcode from revision 0x2e
up to 0x2f;
- Update of 06-45-01/0x72 (HSW-U C0/D0) microcode from revision 0x25
up to 0x26;
- Update of 06-46-01/0x32 (HSW-H C0) microcode from revision 0x1b up to 0x1c;
- Update of 06-47-01/0x22 (BDW-H/Xeon E3 E0/G0) microcode from revision 0x21
up to 0x22;
- Update of 06-4e-03/0xc0 (SKL-U/Y D0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000151
up to 0x1000157;
- Update of 06-55-04/0xb7 (SKX-SP H0/M0/U0, SKX-D M1) microcode
(in intel-06-55-04/intel-ucode/06-55-04) from revision 0x2000065
up to 0x2006906;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x400002c
up to 0x4002f01;
- Update of 06-55-07/0xbf (CLX-SP B1) microcode from revision 0x500002c
up to 0x5002f01;
- Update of 06-5e-03/0x36 (SKL-H/S R0/N0) microcode from revision 0xd6
up to 0xdc;
- Update of 06-8e-09/0x10 (AML-Y22 H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-09/0xc0 (KBL-U/Y H0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0a/0xc0 (CFL-U43e D0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode from revision 0xca
up to 0xd6;
- Update of 06-8e-0c/0x94 (AML-Y42 V0, CML-Y42 V0, WHL-U V0) microcode
from revision 0xca up to 0xd6;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode from revision
0xca up to 0xd6;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E3 U0) microcode from revision 0xca
up to 0xd6;
- Update of 06-9e-0b/0x02 (CFL-S B0) microcode from revision 0xca up to 0xd6;
- Update of 06-9e-0c/0x22 (CFL-H/S P0) microcode from revision 0xca
up to 0xd6;
- Update of 06-9e-0d/0x22 (CFL-H R0) microcode from revision 0xca up to 0xd6.
* Update Intel CPU microcode to microcode-20200520 release:
- Update of 06-2d-06/0x6d (SNB-E/EN/EP C1/M0) microcode from revision 0x61f
up to 0x621;
- Update of 06-2d-07/0x6d (SNB-E/EN/EP C2/M1) microcode from revision 0x718
up to 0x71a;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x46
up to 0x78.
(BZ#1839193)
* Narrow down SKL-SP/W/X blacklist to exclude Server/FPGA/Fabric segment
models. (BZ#1835555)
|
RHSA-2020:2450: .NET Core 3.1 on Red Hat Enterprise Linux 8 security update (Important)oval-com.redhat.rhsa-def-20202450 highRHSA-2020:2450 CVE-2020-1108
RHSA-2020:2450: .NET Core 3.1 on Red Hat Enterprise Linux 8 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202450 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2450, CVE-2020-1108 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.105 and .NET Core Runtime 3.1.5. Security Fixes: * dotnet: Denial of service via untrusted input (CVE-2020-1108) This is an additional update to comprehensively address CVE-2020-1108. Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2462: pcs security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20202462 mediumRHSA-2020:2462 CVE-2020-10663
RHSA-2020:2462: pcs security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202462 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2462, CVE-2020-10663 |
| Description | The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * rubygem-json: Unsafe Object Creation Vulnerability in JSON (CVE-2020-10663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * pcs status on remotes is not working on rhel8.2 any longer (BZ#1832914) * pcs cluster stop --all throws errors and doesn't seem to honor the request-timeout option (BZ#1838084) * [GUI] Colocation constraint can't be added (BZ#1840158) |
RHSA-2020:2471: .NET Core on Red Hat Enterprise Linux 8 security update (Important)oval-com.redhat.rhsa-def-20202471 highRHSA-2020:2471 CVE-2020-1108
RHSA-2020:2471: .NET Core on Red Hat Enterprise Linux 8 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202471 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2471, CVE-2020-1108 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core Runtime 2.1.19 and SDK 2.1.515. Security Fix(es): * dotnet: Denial of service via untrusted input (CVE-2020-1108) This is an additional update to comprehensively address CVE-2020-1108. Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2516: libexif security update (Moderate)oval-com.redhat.rhsa-def-20202516 mediumRHSA-2020:2516 CVE-2020-13112
RHSA-2020:2516: libexif security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202516 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2516, CVE-2020-13112 |
| Description | The libexif packages provide a library for extracting extra information from image files. Security Fix(es): * libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2529: tomcat6 security update (Important)oval-com.redhat.rhsa-def-20202529 highRHSA-2020:2529 CVE-2020-9484
RHSA-2020:2529: tomcat6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202529 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2529, CVE-2020-9484 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2530: tomcat security update (Important)oval-com.redhat.rhsa-def-20202530 highRHSA-2020:2530 CVE-2020-9484
RHSA-2020:2530: tomcat security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202530 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2530, CVE-2020-9484 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: deserialization flaw in session persistence storage leading to RCE (CVE-2020-9484) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2549: libexif security update (Moderate)oval-com.redhat.rhsa-def-20202549 mediumRHSA-2020:2549 CVE-2020-13112
RHSA-2020:2549: libexif security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202549 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2549, CVE-2020-13112 |
| Description | The libexif packages provide a library for extracting extra information from image files. Security Fix(es): * libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2550: libexif security update (Moderate)oval-com.redhat.rhsa-def-20202550 mediumRHSA-2020:2550 CVE-2020-13112
RHSA-2020:2550: libexif security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202550 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2550, CVE-2020-13112 |
| Description | The libexif packages provide a library for extracting extra information from image files. Security Fix(es): * libexif: several buffer over-reads in EXIF MakerNote handling can lead to information disclosure and DoS (CVE-2020-13112) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2567: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20202567 highRHSA-2020:2567 CVE-2020-12657
RHSA-2020:2567: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202567 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2567, CVE-2020-12657 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body (CVE-2020-12657) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2613: thunderbird security update (Important)oval-com.redhat.rhsa-def-20202613 highRHSA-2020:2613 CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410
RHSA-2020:2613: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202613 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2613, CVE-2020-12398, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Security Fix(es): * Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2614: thunderbird security update (Important)oval-com.redhat.rhsa-def-20202614 highRHSA-2020:2614 CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410
RHSA-2020:2614: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202614 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2614, CVE-2020-12398, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Security Fix(es): * Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2615: thunderbird security update (Important)oval-com.redhat.rhsa-def-20202615 highRHSA-2020:2615 CVE-2020-12398 CVE-2020-12405 CVE-2020-12406 CVE-2020-12410
RHSA-2020:2615: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202615 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2615, CVE-2020-12398, CVE-2020-12405, CVE-2020-12406, CVE-2020-12410 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Security Fix(es): * Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage (CVE-2020-12398) * Mozilla: Use-after-free in SharedWorkerService (CVE-2020-12405) * Mozilla: JavaScript Type confusion with NativeTypes (CVE-2020-12406) * Mozilla: Memory safety bugs fixed in Firefox 77 and Firefox ESR 68.9 (CVE-2020-12410) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2637: gnutls security update (Important)oval-com.redhat.rhsa-def-20202637 highRHSA-2020:2637 CVE-2020-13777
RHSA-2020:2637: gnutls security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202637 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2637, CVE-2020-13777 |
| Description | The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: session resumption works without master key allowing MITM (CVE-2020-13777) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2640: unbound security update (Important)oval-com.redhat.rhsa-def-20202640 highRHSA-2020:2640 CVE-2020-12662 CVE-2020-12663
RHSA-2020:2640: unbound security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202640 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2640, CVE-2020-12662, CVE-2020-12663 |
| Description | The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: amplification of an incoming query into a large number of queries directed to a target (CVE-2020-12662) * unbound: infinite loop via malformed DNS answers received from upstream servers (CVE-2020-12663) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2641: grafana security update (Important)oval-com.redhat.rhsa-def-20202641 highRHSA-2020:2641 CVE-2020-13379
RHSA-2020:2641: grafana security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202641 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2641, CVE-2020-13379 |
| Description | Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: SSRF incorrect access control vulnerability allows unauthenticated users to make grafana send HTTP requests to any URL (CVE-2020-13379) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2642: unbound security update (Important)oval-com.redhat.rhsa-def-20202642 highRHSA-2020:2642 CVE-2020-10772
RHSA-2020:2642: unbound security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202642 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2642, CVE-2020-10772 |
| Description | The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: incomplete fix for CVE-2020-12662 in RHEL7 (CVE-2020-10772) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2663: ntp security update (Moderate)oval-com.redhat.rhsa-def-20202663 mediumRHSA-2020:2663 CVE-2020-11868 CVE-2020-13817
RHSA-2020:2663: ntp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202663 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2663, CVE-2020-11868, CVE-2020-13817 |
| Description | The Network Time Protocol (NTP) is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Security Fix(es): * ntp: ntpd using highly predictable transmit timestamps could result in time change or DoS (CVE-2020-13817) * ntp: DoS on client ntpd using server mode packet (CVE-2020-11868) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2664: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20202664 highRHSA-2020:2664 CVE-2020-12888
RHSA-2020:2664: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202664 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2664, CVE-2020-12888 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel: hw: provide reporting and microcode mitigation toggle for CVE-2020-0543 / Special Register Buffer Data Sampling (SRBDS) (BZ#1827187) * kernel BUG at fs/fscache/operation.c:70! FS-Cache: 4 == 5 is false - current state is FSCACHE_OP_ST_COMPLETE but should be FSCACHE_OP_CANCELLED in fscache_enqueue_operation (BZ#1839757) * Deadlock condition grabbing ssb_state lock (BZ#1841121) |
RHSA-2020:2665: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20202665 highRHSA-2020:2665 CVE-2020-12888
RHSA-2020:2665: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202665 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2665, CVE-2020-12888 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel: hw: provide reporting and microcode mitigation toggle for CVE-2020-0543 / Special Register Buffer Data Sampling (SRBDS) (BZ#1827198) * kernel-rt: update to the latest RHEL7.8.z source tree (BZ#1844620) |
RHSA-2020:2755: nghttp2 security update (Important)oval-com.redhat.rhsa-def-20202755 highRHSA-2020:2755 CVE-2020-11080
RHSA-2020:2755: nghttp2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202755 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2755, CVE-2020-11080 |
| Description | libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 (HTTP/2) protocol in C. Security Fix(es): * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2774: virt:rhel security update (Important)oval-com.redhat.rhsa-def-20202774 highRHSA-2020:2774 CVE-2019-20382 CVE-2020-8608
RHSA-2020:2774: virt:rhel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202774 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2774, CVE-2019-20382, CVE-2020-8608 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * QEMU: Slirp: potential OOB access due to unsafe snprintf() usages (CVE-2020-8608) * QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2824: firefox security update (Important)oval-com.redhat.rhsa-def-20202824 highRHSA-2020:2824 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421
RHSA-2020:2824: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202824 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2824, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Security Fix(es): * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2827: firefox security update (Important)oval-com.redhat.rhsa-def-20202827 highRHSA-2020:2827 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421
RHSA-2020:2827: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202827 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2827, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Security Fix(es): * Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2828: firefox security update (Important)oval-com.redhat.rhsa-def-20202828 highRHSA-2020:2828 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421
RHSA-2020:2828: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202828 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2828, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.10.0 ESR. Security Fix(es): * Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2848: nodejs:10 security update (Important)oval-com.redhat.rhsa-def-20202848 highRHSA-2020:2848 CVE-2020-11080 CVE-2020-7598 CVE-2020-8174
RHSA-2020:2848: nodejs:10 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202848 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2848, CVE-2020-11080, CVE-2020-7598, CVE-2020-8174 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.21.0). Security Fix(es): * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2852: nodejs:12 security update (Important)oval-com.redhat.rhsa-def-20202852 highRHSA-2020:2852 CVE-2020-11080 CVE-2020-7598 CVE-2020-8172 CVE-2020-8174
RHSA-2020:2852: nodejs:12 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202852 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2852, CVE-2020-11080, CVE-2020-7598, CVE-2020-8172, CVE-2020-8174 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (12.18.2). Security Fix(es): * nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) * nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598) * nodejs: TLS session reuse can lead to hostname verification bypass (CVE-2020-8172) * nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2894: dbus security update (Important)oval-com.redhat.rhsa-def-20202894 highRHSA-2020:2894 CVE-2020-12049
RHSA-2020:2894: dbus security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202894 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2894, CVE-2020-12049 |
| Description | D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2897: jbig2dec security update (Important)oval-com.redhat.rhsa-def-20202897 highRHSA-2020:2897 CVE-2020-12268
RHSA-2020:2897: jbig2dec security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202897 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2897, CVE-2020-12268 |
| Description | jbig2dec is a decoder implementation of the JBIG2 image compression format. Security Fix(es): * jbig2dec: heap-based buffer overflow in jbig2_image_compose in jbig2_image.c (CVE-2020-12268) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2901: dovecot security update (Important)oval-com.redhat.rhsa-def-20202901 highRHSA-2020:2901 CVE-2020-10957
RHSA-2020:2901: dovecot security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202901 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2901, CVE-2020-10957 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: malformed NOOP commands leads to DoS (CVE-2020-10957) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2902: sane-backends security update (Important)oval-com.redhat.rhsa-def-20202902 highRHSA-2020:2902 CVE-2020-12861 CVE-2020-12865
RHSA-2020:2902: sane-backends security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202902 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2902, CVE-2020-12861, CVE-2020-12865 |
| Description | Scanner Access Now Easy (SANE) is a universal scanner interface. The SANE application programming interface (API) provides standardized access to any raster image scanner hardware (for example, flatbed scanners, hand-held scanners, video and still cameras, and frame-grabbers). Security Fix(es): * sane-backends: Heap buffer overflow in epsonds_net_read in epsonds-net.c (CVE-2020-12861) * sane-backends: Heap buffer overflow in esci2_img (CVE-2020-12865) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2906: thunderbird security update (Important)oval-com.redhat.rhsa-def-20202906 highRHSA-2020:2906 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-15646
RHSA-2020:2906: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202906 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2906, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421, CVE-2020-15646 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.10.0. Security Fix(es): * Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2933: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20202933 mediumRHSA-2020:2933 CVE-2019-18660
RHSA-2020:2933: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20202933 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:2933, CVE-2019-18660 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: incomplete Spectre-RSB mitigation leads to information exposure (CVE-2019-18660) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Page soft offlining may result in soft lockup or crash during hugepage migration (BZ#1839653) * Backport NETDEV_CHANGE event fix for LACP (BZ#1841819) |
RHSA-2020:2938: .NET Core security and bugfix update (Critical)oval-com.redhat.rhsa-def-20202938 highRHSA-2020:2938 CVE-2020-1147
RHSA-2020:2938: .NET Core security and bugfix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20202938 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2938, CVE-2020-1147 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. Security Fix(es): * .NT Core: XML source markup processing remote code execution (CVE-2020-1147) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2954: .NET Core 3.1 security and bugfix update (Critical)oval-com.redhat.rhsa-def-20202954 highRHSA-2020:2954 CVE-2020-1147
RHSA-2020:2954: .NET Core 3.1 security and bugfix update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20202954 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2954, CVE-2020-1147 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.106 and .NET Core Runtime 3.1.6. * .NET Core: XML source markup processing remote code execution (CVE-2020-1147) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2966: thunderbird security update (Important)oval-com.redhat.rhsa-def-20202966 highRHSA-2020:2966 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-15646
RHSA-2020:2966: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202966 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2966, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421, CVE-2020-15646 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.10.0. Security Fix(es): * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2968: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20202968 highRHSA-2020:2968 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621
RHSA-2020:2968: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202968 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2968, CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578) * OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2969: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20202969 highRHSA-2020:2969 CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621
RHSA-2020:2969: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202969 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2969, CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239) (CVE-2020-14562) * OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867) (CVE-2020-14573) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2970: java-11-openjdk security and enhancement update (Important)oval-com.redhat.rhsa-def-20202970 highRHSA-2020:2970 CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621
RHSA-2020:2970: java-11-openjdk security and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202970 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2970, CVE-2020-14556, CVE-2020-14562, CVE-2020-14573, CVE-2020-14577, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Excessive memory usage in ImageIO TIFF plugin (ImageIO, 8233239) (CVE-2020-14562) * OpenJDK: Incomplete interface type checks in Graal compiler (Hotspot, 8236867) (CVE-2020-14573) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Enhancement(s): * Add -static-libs subpackage with statically linked OpenJDK libraries (BZ#1848701) |
RHSA-2020:2972: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20202972 highRHSA-2020:2972 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621
RHSA-2020:2972: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202972 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2972, CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578) * OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:2985: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20202985 highRHSA-2020:2985 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621
RHSA-2020:2985: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20202985 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:2985, CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578) * OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3010: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20203010 highRHSA-2020:3010 CVE-2019-19807 CVE-2019-3016 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-12653 CVE-2020-12654 CVE-2020-12888
RHSA-2020:3010: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203010 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3010, CVE-2019-19807, CVE-2019-3016, CVE-2020-10757, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-12653, CVE-2020-12654, CVE-2020-12888 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in sound/core/timer.c (CVE-2019-19807) * kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757) * kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766) * kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767) * kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768) * kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653) * kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654) * Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888) * kernel: kvm: Information leak within a KVM guest (CVE-2019-3016) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [FJ8.2 Bug]: kernel: retrieving process core dump of the init process (PID 1) fails (BZ#1821378) * [FJ8.0 Bug]: System hungs up after setting parameters for hugepages (BZ#1835789) * RHEL8.2 Alpha - ISST-LTE:PowerVM: vNIC DLPAR crashes the LPAR (ibmvnic) (BZ#1836229) * "[sig-network] Services should be rejected when no endpoints exist" test fails frequently on RHEL8 nodes (BZ#1836302) * RHEL8.2 Beta - RHEL8.2 reports EEH errors on internal SAS adapter during HTX run on PMEM (SCM/pmem) (BZ#1842406) * RHEL8.1 - s390/cio: fix virtio-ccw DMA without PV (BZ#1842620) * deadlock between modprobe and netns exit (BZ#1845164) * exit_boot failed when install RHEL8.1 (BZ#1846180) * http request is taking more time for endpoint running on different host via nodeport service (BZ#1847128) * RHEL8.1 - zEDC problems on z14 (genwqe/pci) (BZ#1847453) * WARNING: CPU: 1 PID: 0 at arch/x86/kernel/apic/vector.c:846 free_moved_vector+0x141/0x150 (BZ#1848545) * Backport conntrack race condition fixes (BZ#1851003) * nf_conntrack module unload fail and refcount become to negative (BZ#1851005) * OVS: backport performance patches from upstream to 8.2z (BZ#1851235) * RHEL8.3: backport "smp: Allow smp_call_function_single_async() to insert locked csd" (BZ#1851406) * [DELL EMC 8.2 BUG] NVMe drive is not detected after multiple hotplug (hot add + surprise remove) operations (BZ#1852045) Enhancement(s): * [Mellanox 8.3 FEAT] mlx5: drivers update upto Linux v5.5 (BZ#1843544) * [IBM 8.3 FEAT] Update nvme driver to latest level for POWER (BZ#1846405) |
RHSA-2020:3011: NetworkManager security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203011 mediumRHSA-2020:3011 CVE-2020-10754
RHSA-2020:3011: NetworkManager security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203011 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3011, CVE-2020-10754 |
| Description | NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Security Fix(es): * NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults (CVE-2020-10754) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * NetworkManager doesn't reconnect after DHCP failure (BZ#1843357) |
RHSA-2020:3014: dbus security update (Important)oval-com.redhat.rhsa-def-20203014 highRHSA-2020:3014 CVE-2020-12049
RHSA-2020:3014: dbus security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203014 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3014, CVE-2020-12049 |
| Description | D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: denial of service via file descriptor leak (CVE-2020-12049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3016: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20203016 highRHSA-2020:3016 CVE-2019-19807 CVE-2019-3016 CVE-2020-10757 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-12653 CVE-2020-12654 CVE-2020-12888
RHSA-2020:3016: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203016 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3016, CVE-2019-19807, CVE-2019-3016, CVE-2020-10757, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2020-12653, CVE-2020-12654, CVE-2020-12888 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in sound/core/timer.c (CVE-2019-19807) * kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757) * kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766) * kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767) * kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768) * kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653) * kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654) * Kernel: vfio: access to disabled MMIO space of some devices may lead to DoS scenario (CVE-2020-12888) * kernel: kvm: Information leak within a KVM guest (CVE-2019-3016) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.2.z2 source tree (BZ#1829582) |
RHSA-2020:3032: mod_auth_openidc:2.3 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203032 mediumRHSA-2020:3032 CVE-2019-14857 CVE-2019-20479
RHSA-2020:3032: mod_auth_openidc:2.3 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203032 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3032, CVE-2019-14857, CVE-2019-20479 |
| Description | The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes (CVE-2019-14857) * mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash (CVE-2019-20479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Module stream mod_auth_openidc:2.3 does not have correct module.md file (BZ#1844107) |
RHSA-2020:3038: thunderbird security update (Important)oval-com.redhat.rhsa-def-20203038 highRHSA-2020:3038 CVE-2020-12417 CVE-2020-12418 CVE-2020-12419 CVE-2020-12420 CVE-2020-12421 CVE-2020-15646
RHSA-2020:3038: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203038 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3038, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421, CVE-2020-15646 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.10.0. Security Fix(es): * Mozilla: Memory corruption due to missing sign-extension for ValueTags on ARM64 (CVE-2020-12417) * Mozilla: Information disclosure due to manipulated URL object (CVE-2020-12418) * Mozilla: Use-after-free in nsGlobalWindowInner (CVE-2020-12419) * Mozilla: Use-After-Free when trying to connect to a STUN server (CVE-2020-12420) * Mozilla: Add-On updates did not respect the same certificate trust rules as software updates (CVE-2020-12421) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3050: cloud-init security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20203050 lowRHSA-2020:3050 CVE-2018-10896
RHSA-2020:3050: cloud-init security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203050 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3050, CVE-2018-10896 |
| Description | The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. The following packages have been upgraded to a later upstream version: cloud-init (19.4). (BZ#1811912) Security Fix(es): * cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:3053: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20203053 mediumRHSA-2020:3053 CVE-2020-1983 CVE-2021-20188
RHSA-2020:3053: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203053 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3053, CVE-2020-1983, CVE-2021-20188 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. |
RHSA-2020:3073: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20203073 highRHSA-2020:3073 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768
RHSA-2020:3073: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203073 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3073, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection. (CVE-2020-10766) * kernel: Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available. (CVE-2020-10767) * kernel: Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command. (CVE-2020-10768) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3176: postgresql-jdbc security update (Important)oval-com.redhat.rhsa-def-20203176 highRHSA-2020:3176 CVE-2020-13692
RHSA-2020:3176: postgresql-jdbc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203176 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3176, CVE-2020-13692 |
| Description | PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fix(es): * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) This update introduces a backwards incompatible change required to resolve this issue. Refer to the Red Hat Knowledgebase article 5266441 linked to in the References section for information on how to re-enable the old insecure behavior. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3185: python-pillow security update (Important)oval-com.redhat.rhsa-def-20203185 highRHSA-2020:3185 CVE-2020-11538 CVE-2020-5313
RHSA-2020:3185: python-pillow security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203185 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3185, CVE-2020-11538, CVE-2020-5313 |
| Description | The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538) * python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3216: grub2 security update (Moderate)oval-com.redhat.rhsa-def-20203216 mediumRHSA-2020:3216 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707
RHSA-2020:3216: grub2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203216 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3216, CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 |
| Description | The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupd packages provide a service that allows session software to update device firmware. Security Fix(es): * grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713) * grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308) * grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309) * grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310) * grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311) * grub2: Fail kernel validation without shim protocol (CVE-2020-15705) * grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706) * grub2: Integer overflow in initrd size handling (CVE-2020-15707) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3217: grub2 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203217 mediumRHSA-2020:3217 CVE-2020-10713 CVE-2020-14308 CVE-2020-14309 CVE-2020-14310 CVE-2020-14311 CVE-2020-15705 CVE-2020-15706 CVE-2020-15707
RHSA-2020:3217: grub2 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203217 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3217, CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707 |
| Description | The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. The fwupdate packages provide a service that allows session software to update device firmware. Security Fix(es): * grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713) * grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent heap-based buffer overflow (CVE-2020-14308) * grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow (CVE-2020-14309) * grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310) * grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311) * grub2: Fail kernel validation without shim protocol (CVE-2020-15705) * grub2: Use-after-free redefining a function whilst the same function is already executing (CVE-2020-15706) * grub2: Integer overflow in initrd size handling (CVE-2020-15707) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * grub2 doesn't handle relative paths correctly for UEFI HTTP Boot (BZ#1616395) * UEFI HTTP boot over IPv6 does not work (BZ#1732765) Users of grub2 are advised to upgrade to these updated packages, which fix these bugs. |
RHSA-2020:3218: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203218 mediumRHSA-2020:3218 CVE-2019-20908 CVE-2020-15780
RHSA-2020:3218: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203218 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3218, CVE-2019-20908, CVE-2020-15780 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: lockdown: bypass through ACPI write via efivar_ssdt (CVE-2019-20908) * kernel: lockdown: bypass through ACPI write via acpi_configfs (CVE-2020-15780) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837433) * [Regression] RHEL8.2 RC - [Boston/DD2.1] [RHEL8.2/kernel-4.18.0-193.el8.ppc64le] Host kernel crashes while running storage test bucket on KVM guest (iscsi) (BZ#1852048) * RHEL8.2 - s390/mm: fix panic in gup_fast on large pud (BZ#1853336) |
RHSA-2020:3219: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203219 mediumRHSA-2020:3219 CVE-2019-20908 CVE-2020-15780
RHSA-2020:3219: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203219 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3219, CVE-2019-20908, CVE-2020-15780 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: lockdown: bypass through ACPI write via efivar_ssdt (CVE-2019-20908) * kernel: lockdown: bypass through ACPI write via acpi_configfs (CVE-2020-15780) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837441) * kernel-rt: update RT source tree to the RHEL-8.2.z3 source tree (BZ#1856816) |
RHSA-2020:3220: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20203220 highRHSA-2020:3220 CVE-2019-19527 CVE-2020-10757 CVE-2020-12653 CVE-2020-12654
RHSA-2020:3220: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203220 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3220, CVE-2019-19527, CVE-2020-10757, CVE-2020-12653, CVE-2020-12654 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757) * kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653) * kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654) * kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL7.7 - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (BZ#1830889) * [DELL EMC 7.8 BUG bnxt_en] Error messages related to hwrm observed for BCM 57504 under dmesg in RHEL 7.8 (BZ#1834190) * kernel: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837429) * RHEL7.7 - Request: retrofit kernel commit f82b4b6 to RHEL 7.7/7.8 3.10 kernels. (BZ#1838602) * kipmi thread high CPU consumption when performing BMC firmware upgrade (BZ#1841825) * RHEL7.7 - virtio-blk: fix hw_queue stopped on arbitrary error (kvm) (BZ#1842994) * rhel 7 infinite blocked waiting on inode_dio_wait in nfs (BZ#1845520) * http request is taking more time for endpoint running on different host via nodeport service (BZ#1847333) * ext4: change LRU to round-robin in extent status tree shrinker (BZ#1847343) * libaio is returning duplicate events (BZ#1850055) * After upgrade to 3.9.89 pod containers with CPU limits fail to start due to cgroup error (BZ#1850500) * Fix dpdk regression introduced by bz1837297 (BZ#1852245) |
RHSA-2020:3221: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20203221 highRHSA-2020:3221 CVE-2019-19527 CVE-2020-10757 CVE-2020-12653 CVE-2020-12654
RHSA-2020:3221: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203221 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3221, CVE-2019-19527, CVE-2020-10757, CVE-2020-12653, CVE-2020-12654 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: kernel: DAX hugepages not considered during mremap (CVE-2020-10757) * kernel: buffer overflow in mwifiex_cmd_append_vsie_tlv function in drivers/net/wireless/marvell/mwifiex/scan.c (CVE-2020-12653) * kernel: heap-based buffer overflow in mwifiex_ret_wmm_get_status function in drivers/net/wireless/marvell/mwifiex/wmm.c (CVE-2020-12654) * kernel: use-after-free caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver (CVE-2019-19527) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: provide infrastructure to support dual-signing of the kernel (foundation to help address CVE-2020-10713) (BZ#1837438) * kernel-rt: update to the latest RHEL7.8.z3 source tree (BZ#1848017) |
RHSA-2020:3233: firefox security update (Important)oval-com.redhat.rhsa-def-20203233 highRHSA-2020:3233 CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514
RHSA-2020:3233: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203233 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3233, CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3241: firefox security update (Important)oval-com.redhat.rhsa-def-20203241 highRHSA-2020:3241 CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514
RHSA-2020:3241: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203241 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3241, CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3253: firefox security update (Important)oval-com.redhat.rhsa-def-20203253 highRHSA-2020:3253 CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514
RHSA-2020:3253: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203253 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3253, CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3280: nss and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20203280 mediumRHSA-2020:3280 CVE-2019-11756 CVE-2019-17006 CVE-2019-17023 CVE-2020-12399 CVE-2020-12402
RHSA-2020:3280: nss and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203280 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3280, CVE-2019-11756, CVE-2019-17006, CVE-2019-17023, CVE-2020-12399, CVE-2020-12402 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nspr (4.25.0). (BZ#1809549, BZ#1809550) Security Fix(es): * nss: UAF in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Install of update of nss.x86_64 adds i686 into transaction (BZ#1663187) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1691409) * TLS Keying Material Exporter is unsupported by command line tools (BZ#1691454) * TLS_AES_256_GCM_SHA384 is not marked as FIPS compatible (BZ#1711375) * Make TLS 1.3 work in FIPS mode (BZ#1724250) * NSS rejects records with large padding with SHA384 HMAC (BZ#1750921) * NSS missing IKEv1 Quick Mode KDF (BZ#1809637) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1825270) * FIPS needs nss to restrict valid dh primes to those primes that are approved. (BZ#1854564) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1855825) Enhancement(s): * [RFE] nss should use AES for storage of keys (BZ#1723819) |
RHSA-2020:3281: libvncserver security update (Important)oval-com.redhat.rhsa-def-20203281 highRHSA-2020:3281 CVE-2017-18922
RHSA-2020:3281: libvncserver security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203281 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3281, CVE-2017-18922 |
| Description | LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: websocket decoding buffer overflow (CVE-2017-18922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3284: postgresql-jdbc security update (Important)oval-com.redhat.rhsa-def-20203284 highRHSA-2020:3284 CVE-2020-13692
RHSA-2020:3284: postgresql-jdbc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203284 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3284, CVE-2020-13692 |
| Description | PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fix(es): * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) This update introduces a backwards incompatible change required to resolve this issue. Refer to the Red Hat Knowledgebase article 5266441 linked to in the References section for information on how to re-enable the old insecure behavior. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3285: postgresql-jdbc security update (Important)oval-com.redhat.rhsa-def-20203285 highRHSA-2020:3285 CVE-2020-13692
RHSA-2020:3285: postgresql-jdbc security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203285 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3285, CVE-2020-13692 |
| Description | PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fix(es): * postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692) This update introduces a backwards incompatible change required to resolve this issue. Refer to the Red Hat Knowledgebase article 5266441 linked to in the References section for information on how to re-enable the old insecure behavior. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3341: thunderbird security update (Important)oval-com.redhat.rhsa-def-20203341 highRHSA-2020:3341 CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514
RHSA-2020:3341: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203341 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3341, CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3344: thunderbird security update (Important)oval-com.redhat.rhsa-def-20203344 highRHSA-2020:3344 CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514
RHSA-2020:3344: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203344 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3344, CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3345: thunderbird security update (Important)oval-com.redhat.rhsa-def-20203345 highRHSA-2020:3345 CVE-2020-15652 CVE-2020-15659 CVE-2020-6463 CVE-2020-6514
RHSA-2020:3345: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203345 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3345, CVE-2020-15652, CVE-2020-15659, CVE-2020-6463, CVE-2020-6514 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.11.0. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3385: libvncserver security update (Important)oval-com.redhat.rhsa-def-20203385 highRHSA-2020:3385 CVE-2017-18922
RHSA-2020:3385: libvncserver security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203385 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3385, CVE-2017-18922 |
| Description | LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: websocket decoding buffer overflow (CVE-2017-18922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3386: java-1.8.0-ibm security update (Important)oval-com.redhat.rhsa-def-20203386 highRHSA-2020:3386 CVE-2019-17639 CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 CVE-2020-2590 CVE-2020-2601
RHSA-2020:3386: java-1.8.0-ibm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203386 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3386, CVE-2019-17639, CVE-2020-14556, CVE-2020-14577, CVE-2020-14578, CVE-2020-14579, CVE-2020-14583, CVE-2020-14593, CVE-2020-14621, CVE-2020-2590, CVE-2020-2601 |
| Description | IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP15. Security Fix(es): * OpenJDK: Use of unsafe RSA-MD5 checksum in Kerberos TGS (Security, 8229951) (CVE-2020-2601) * OpenJDK: Bypass of boundary checks in nio.Buffer via concurrent access (Libraries, 8238920) (CVE-2020-14583) * OpenJDK: Incomplete bounds checks in Affine Transformations (2D, 8240119) (CVE-2020-14593) * IBM JDK: Information disclosure via calls to System.arraycopy() with invalid length (CVE-2019-17639) * OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352) (CVE-2020-2590) * OpenJDK: Incorrect handling of access control context in ForkJoinPool (Libraries, 8237117) (CVE-2020-14556) * OpenJDK: Unexpected exception raised by DerInputStream (Libraries, 8237731) (CVE-2020-14578) * OpenJDK: Unexpected exception raised by DerValue.equals() (Libraries, 8237736) (CVE-2020-14579) * OpenJDK: XML validation manipulation due to incomplete application of the use-grammar-pool-only feature (JAXP, 8242136) (CVE-2020-14621) * OpenJDK: HostnameChecker does not ensure X.509 certificate names are in normalized form (JSSE, 8237592) (CVE-2020-14577) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3422: .NET Core 3.1 security and bugfix update (Important)oval-com.redhat.rhsa-def-20203422 highRHSA-2020:3422 CVE-2020-1597
RHSA-2020:3422: .NET Core 3.1 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203422 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3422, CVE-2020-1597 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.107 and .NET Core Runtime 3.1.7. Security Fixes: * .NET Core: ASP.NET Core Resource Consumption Denial of Service (CVE-2020-1597) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3548: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20203548 highRHSA-2020:3548 CVE-2017-2647 CVE-2019-14896
RHSA-2020:3548: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203548 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3548, CVE-2017-2647, CVE-2019-14896 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Null pointer dereference in search_keyring (CVE-2017-2647) * kernel: heap-based buffer overflow in lbs_ibss_join_existing function in drivers/net/wireless/marvell/libertas/cfg.c (CVE-2019-14896) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Crash in mptscsih_io_done() due to buffer overrun in sense_buf_pool (BZ#1824907) |
RHSA-2020:3556: firefox security update (Important)oval-com.redhat.rhsa-def-20203556 highRHSA-2020:3556 CVE-2020-15664 CVE-2020-15669
RHSA-2020:3556: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203556 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3556, CVE-2020-15664, CVE-2020-15669 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3557: firefox security update (Important)oval-com.redhat.rhsa-def-20203557 highRHSA-2020:3557 CVE-2020-12422 CVE-2020-12424 CVE-2020-12425 CVE-2020-15648 CVE-2020-15653 CVE-2020-15654 CVE-2020-15656 CVE-2020-15658 CVE-2020-15664 CVE-2020-15669
RHSA-2020:3557: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203557 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3557, CVE-2020-12422, CVE-2020-12424, CVE-2020-12425, CVE-2020-15648, CVE-2020-15653, CVE-2020-15654, CVE-2020-15656, CVE-2020-15658, CVE-2020-15664, CVE-2020-15669 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.2.0 ESR. Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) * Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (CVE-2020-12422) * Mozilla: X-Frame-Options bypass using object or embed tags (CVE-2020-15648) * Mozilla: Bypassing iframe sandbox when allowing popups (CVE-2020-15653) * Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656) * Mozilla: WebRTC permission prompt could have been bypassed by a compromised content process (CVE-2020-12424) * Mozilla: Out of bound read in Date.parse() (CVE-2020-12425) * Mozilla: Custom cursor can overlay user interface (CVE-2020-15654) * Mozilla: Overriding file type when saving to disk (CVE-2020-15658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3558: firefox security update (Important)oval-com.redhat.rhsa-def-20203558 highRHSA-2020:3558 CVE-2020-15664 CVE-2020-15669
RHSA-2020:3558: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203558 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3558, CVE-2020-15664, CVE-2020-15669 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3617: dovecot security update (Important)oval-com.redhat.rhsa-def-20203617 highRHSA-2020:3617 CVE-2020-12100 CVE-2020-12673 CVE-2020-12674
RHSA-2020:3617: dovecot security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203617 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3617, CVE-2020-12100, CVE-2020-12673, CVE-2020-12674 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100) * dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673) * dovecot: Crash due to assert in RPA implementation (CVE-2020-12674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3623: squid:4 security update (Important)oval-com.redhat.rhsa-def-20203623 highRHSA-2020:3623 CVE-2020-15810 CVE-2020-15811
RHSA-2020:3623: squid:4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203623 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3623, CVE-2020-15810, CVE-2020-15811 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810) * squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3631: thunderbird security update (Important)oval-com.redhat.rhsa-def-20203631 highRHSA-2020:3631 CVE-2020-15664 CVE-2020-15669
RHSA-2020:3631: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203631 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3631, CVE-2020-15664, CVE-2020-15669 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3634: thunderbird security update (Important)oval-com.redhat.rhsa-def-20203634 highRHSA-2020:3634 CVE-2020-15664 CVE-2020-15669
RHSA-2020:3634: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203634 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3634, CVE-2020-15664, CVE-2020-15669 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3643: thunderbird security update (Important)oval-com.redhat.rhsa-def-20203643 highRHSA-2020:3643 CVE-2020-15664 CVE-2020-15669
RHSA-2020:3643: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203643 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3643, CVE-2020-15664, CVE-2020-15669 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.12.0. Security Fix(es): * Mozilla: Attacker-induced prompt for extension installation (CVE-2020-15664) * Mozilla: Use-After-Free when aborting an operation (CVE-2020-15669) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3654: libcroco security update (Moderate)oval-com.redhat.rhsa-def-20203654 mediumRHSA-2020:3654 CVE-2020-12825
RHSA-2020:3654: libcroco security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203654 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3654, CVE-2020-12825 |
| Description | The libcroco is a standalone Cascading Style Sheet level 2 (CSS2) parsing and manipulation library. Security Fix(es): * libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c (CVE-2020-12825) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3658: librepo security update (Important)oval-com.redhat.rhsa-def-20203658 highRHSA-2020:3658 CVE-2020-14352
RHSA-2020:3658: librepo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203658 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3658, CVE-2020-14352 |
| Description | The librepo library provides a C and Python API to download repository metadata. Security Fix(es): * librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20203662 mediumRHSA-2020:3662 CVE-2019-11039 CVE-2019-11040 CVE-2019-11041 CVE-2019-11042 CVE-2019-11045 CVE-2019-11047 CVE-2019-11048 CVE-2019-11050 CVE-2019-13224 CVE-2019-13225 CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2019-20454 CVE-2020-7059 CVE-2020-7060 CVE-2020-7062 CVE-2020-7063 CVE-2020-7064 CVE-2020-7065 CVE-2020-7066
RHSA-2020:3662: php:7.3 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203662 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3662, CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-13224, CVE-2019-13225, CVE-2019-16163, CVE-2019-19203, CVE-2019-19204, CVE-2019-19246, CVE-2019-20454, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (7.3.20). (BZ#1856655) Security Fix(es): * php: Out-of-bounds read due to integer overflow in iconv_mime_decode_headers() (CVE-2019-11039) * php: Buffer over-read in exif_read_data() (CVE-2019-11040) * php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045) * php: Information disclosure in exif_read_data() (CVE-2019-11047) * php: Integer wraparounds when receiving multipart forms (CVE-2019-11048) * oniguruma: Use-after-free in onig_new_deluxe() in regext.c (CVE-2019-13224) * oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225) * oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c (CVE-2019-16163) * oniguruma: Heap-based buffer over-read in function gb18030_mbc_enc_len in file gb18030.c (CVE-2019-19203) * oniguruma: Heap-based buffer over-read in function fetch_interval_quantifier in regparse.c (CVE-2019-19204) * pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454) * php: Out of bounds read in php_strip_tags_ex (CVE-2020-7059) * php: Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060) * php: NULL pointer dereference in PHP session upload progress (CVE-2020-7062) * php: Files added to tar with Phar::buildFromIterator have all-access permissions (CVE-2020-7063) * php: Information disclosure in exif_read_data() function (CVE-2020-7064) * php: Using mb_strtolower() function with UTF-32LE encoding leads to potential code execution (CVE-2020-7065) * php: Heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) * php: Heap buffer over-read in exif_process_user_comment() (CVE-2019-11042) * php: Out of bounds read when parsing EXIF information (CVE-2019-11050) * oniguruma: Heap-based buffer overflow in str_lower_case_match in regexec.c (CVE-2019-19246) * php: Information disclosure in function get_headers (CVE-2020-7066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3665: go-toolset:rhel8 security update (Moderate)oval-com.redhat.rhsa-def-20203665 mediumRHSA-2020:3665 CVE-2020-14040 CVE-2020-15586 CVE-2020-16845
RHSA-2020:3665: go-toolset:rhel8 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203665 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3665, CVE-2020-14040, CVE-2020-15586, CVE-2020-16845 |
| Description | Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) * golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586) * golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3669: postgresql:10 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203669 mediumRHSA-2020:3669 CVE-2019-10130 CVE-2019-10164 CVE-2019-10208 CVE-2020-14349 CVE-2020-14350 CVE-2020-1720
RHSA-2020:3669: postgresql:10 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203669 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3669, CVE-2019-10130, CVE-2019-10164, CVE-2019-10208, CVE-2020-14349, CVE-2020-14350, CVE-2020-1720 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (10.14). Security Fix(es): * postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164) * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208) * postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349) * postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350) * postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130) * postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Module stream postgresql:10 does not have correct module.md file (BZ#1857228) |
RHSA-2020:3699: .NET Core 3.1 security and bugfix update (Important)oval-com.redhat.rhsa-def-20203699 highRHSA-2020:3699 CVE-2020-1045
RHSA-2020:3699: .NET Core 3.1 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203699 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3699, CVE-2020-1045 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8. Security Fixes: * .NET Core: ASP.NET cookie prefix spoofing vulnerability (CVE-2020-1045) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3713: dovecot security update (Important)oval-com.redhat.rhsa-def-20203713 highRHSA-2020:3713 CVE-2020-12100 CVE-2020-12673 CVE-2020-12674
RHSA-2020:3713: dovecot security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203713 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3713, CVE-2020-12100, CVE-2020-12673, CVE-2020-12674 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: Resource exhaustion via deeply nested MIME parts (CVE-2020-12100) * dovecot: Out of bound reads in dovecot NTLM implementation (CVE-2020-12673) * dovecot: Crash due to assert in RPA implementation (CVE-2020-12674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3714: httpd:2.4 security update (Important)oval-com.redhat.rhsa-def-20203714 highRHSA-2020:3714 CVE-2020-9490
RHSA-2020:3714: httpd:2.4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203714 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3714, CVE-2020-9490 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Push diary crash on specifically crafted HTTP/2 header (CVE-2020-9490) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3732: mysql:8.0 security update (Important)oval-com.redhat.rhsa-def-20203732 highRHSA-2020:3732 CVE-2019-2911 CVE-2019-2914 CVE-2019-2938 CVE-2019-2946 CVE-2019-2957 CVE-2019-2960 CVE-2019-2963 CVE-2019-2966 CVE-2019-2967 CVE-2019-2968 CVE-2019-2974 CVE-2019-2982 CVE-2019-2991 CVE-2019-2993 CVE-2019-2997 CVE-2019-2998 CVE-2019-3004 CVE-2019-3009 CVE-2019-3011 CVE-2019-3018 CVE-2020-14539 CVE-2020-14540 CVE-2020-14547 CVE-2020-14550 CVE-2020-14553 CVE-2020-14559 CVE-2020-14567 CVE-2020-14568 CVE-2020-14575 CVE-2020-14576 CVE-2020-14586 CVE-2020-14597 CVE-2020-14614 CVE-2020-14619 CVE-2020-14620 CVE-2020-14623 CVE-2020-14624 CVE-2020-14631 CVE-2020-14632 CVE-2020-14633 CVE-2020-14634 CVE-2020-14641 CVE-2020-14643 CVE-2020-14651 CVE-2020-14654 CVE-2020-14656 CVE-2020-14663 CVE-2020-14678 CVE-2020-14680 CVE-2020-14697 CVE-2020-14702 CVE-2020-14725 CVE-2020-14799 CVE-2020-2570 CVE-2020-2573 CVE-2020-2574 CVE-2020-2577 CVE-2020-2579 CVE-2020-2580 CVE-2020-2584 CVE-2020-2588 CVE-2020-2589 CVE-2020-2627 CVE-2020-2660 CVE-2020-2679 CVE-2020-2686 CVE-2020-2694 CVE-2020-2752 CVE-2020-2759 CVE-2020-2760 CVE-2020-2761 CVE-2020-2762 CVE-2020-2763 CVE-2020-2765 CVE-2020-2770 CVE-2020-2774 CVE-2020-2779 CVE-2020-2780 CVE-2020-2804 CVE-2020-2812 CVE-2020-2814 CVE-2020-2853 CVE-2020-2892 CVE-2020-2893 CVE-2020-2895 CVE-2020-2896 CVE-2020-2897 CVE-2020-2898 CVE-2020-2901 CVE-2020-2903 CVE-2020-2904 CVE-2020-2921 CVE-2020-2922 CVE-2020-2923 CVE-2020-2924 CVE-2020-2925 CVE-2020-2926 CVE-2020-2928 CVE-2020-2930 CVE-2021-1998 CVE-2021-2006 CVE-2021-2007 CVE-2021-2009 CVE-2021-2012 CVE-2021-2016 CVE-2021-2019 CVE-2021-2020 CVE-2021-2144 CVE-2021-2160
RHSA-2020:3732: mysql:8.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203732 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3732, CVE-2019-2911, CVE-2019-2914, CVE-2019-2938, CVE-2019-2946, CVE-2019-2957, CVE-2019-2960, CVE-2019-2963, CVE-2019-2966, CVE-2019-2967, CVE-2019-2968, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2993, CVE-2019-2997, CVE-2019-2998, CVE-2019-3004, CVE-2019-3009, CVE-2019-3011, CVE-2019-3018, CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14550, CVE-2020-14553, CVE-2020-14559, CVE-2020-14567, CVE-2020-14568, CVE-2020-14575, CVE-2020-14576, CVE-2020-14586, CVE-2020-14597, CVE-2020-14614, CVE-2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, CVE-2020-14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634, CVE-2020-14641, CVE-2020-14643, CVE-2020-14651, CVE-2020-14654, CVE-2020-14656, CVE-2020-14663, CVE-2020-14678, CVE-2020-14680, CVE-2020-14697, CVE-2020-14702, CVE-2020-14725, CVE-2020-14799, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574, CVE-2020-2577, CVE-2020-2579, CVE-2020-2580, CVE-2020-2584, CVE-2020-2588, CVE-2020-2589, CVE-2020-2627, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2694, CVE-2020-2752, CVE-2020-2759, CVE-2020-2760, CVE-2020-2761, CVE-2020-2762, CVE-2020-2763, CVE-2020-2765, CVE-2020-2770, CVE-2020-2774, CVE-2020-2779, CVE-2020-2780, CVE-2020-2804, CVE-2020-2812, CVE-2020-2814, CVE-2020-2853, CVE-2020-2892, CVE-2020-2893, CVE-2020-2895, CVE-2020-2896, CVE-2020-2897, CVE-2020-2898, CVE-2020-2901, CVE-2020-2903, CVE-2020-2904, CVE-2020-2921, CVE-2020-2922, CVE-2020-2923, CVE-2020-2924, CVE-2020-2925, CVE-2020-2926, CVE-2020-2928, CVE-2020-2930, CVE-2021-1998, CVE-2021-2006, CVE-2021-2007, CVE-2021-2009, CVE-2021-2012, CVE-2021-2016, CVE-2021-2019, CVE-2021-2020, CVE-2021-2144, CVE-2021-2160 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql (8.0.21). Security Fix(es): * mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2020-14663, CVE-2020-14678, CVE-2020-14697, CVE-2020-2761, CVE-2020-2774, CVE-2020-2779, CVE-2020-2853, CVE-2020-14586, CVE-2020-14702) * mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2019-2914, CVE-2019-2957) * mysql: InnoDB multiple unspecified vulnerabilities (CVE-2019-2938, CVE-2019-2963, CVE-2019-2968, CVE-2019-3018, CVE-2020-2577, CVE-2020-2589, CVE-2020-2760, CVE-2020-2762, CVE-2020-2814, CVE-2020-2893, CVE-2020-2895, CVE-2020-14568, CVE-2020-14623, CVE-2020-14633, CVE-2020-14634) * mysql: Server: PS multiple unspecified vulnerabilities (CVE-2019-2946, CVE-2020-2925) * mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2019-2960, CVE-2020-2759, CVE-2020-2763, CVE-2020-14567) * mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2019-2966, CVE-2019-2967, CVE-2019-2974, CVE-2019-2982, CVE-2019-2991, CVE-2019-2998, CVE-2020-2579, CVE-2020-2660, CVE-2020-2679, CVE-2020-2686, CVE-2020-2765, CVE-2020-2892, CVE-2020-2897, CVE-2020-2901, CVE-2020-2904, CVE-2020-2923, CVE-2020-2924, CVE-2020-2928, CVE-2020-14539, CVE-2020-14547, CVE-2020-14597, CVE-2020-14614, CVE-2020-14654, CVE-2020-14680, CVE-2020-14725) * mysql: Server: C API multiple unspecified vulnerabilities (CVE-2019-2993, CVE-2019-3011) * mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2019-2997, CVE-2020-2580) * mysql: Server: Parser multiple unspecified vulnerabilities (CVE-2019-3004, CVE-2020-2627, CVE-2020-2930, CVE-2020-14619) * mysql: Server: Connection unspecified vulnerability (CVE-2019-3009) * mysql: Server: Options multiple unspecified vulnerabilities (CVE-2020-2584, CVE-2020-14632) * mysql: Server: DML multiple unspecified vulnerabilities (CVE-2020-2588, CVE-2020-2780, CVE-2020-14540, CVE-2020-14575, CVE-2020-14620) * mysql: C API multiple unspecified vulnerabilities (CVE-2020-2752, CVE-2020-2922, CVE-2020-14550, CVE-2020-2570, CVE-2020-2573, CVE-2020-2574) * mysql: Server: Logging unspecified vulnerability (CVE-2020-2770) * mysql: Server: Memcached unspecified vulnerability (CVE-2020-2804) * mysql: Server: Stored Procedure unspecified vulnerability (CVE-2020-2812) * mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2020-2896, CVE-2020-14559, CVE-2020-2694) * mysql: Server: Charsets unspecified vulnerability (CVE-2020-2898) * mysql: Server: Connection Handling unspecified vulnerability (CVE-2020-2903) * mysql: Server: Group Replication Plugin unspecified vulnerability (CVE-2020-2921) * mysql: Server: Group Replication GCS unspecified vulnerability (CVE-2020-2926) * mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2020-14553) * mysql: Server: UDF unspecified vulnerability (CVE-2020-14576) * mysql: Server: JSON unspecified vulnerability (CVE-2020-14624) * mysql: Server: Security: Audit unspecified vulnerability (CVE-2020-14631) * mysql: Server: Security: Roles multiple unspecified vulnerabilities (CVE-2020-14641, CVE-2020-14643, CVE-2020-14651) * mysql: Server: Locking unspecified vulnerability (CVE-2020-14656) * mysql: Information Schema unspecified vulnerability (CVE-2019-2911) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3832: firefox security update (Important)oval-com.redhat.rhsa-def-20203832 highRHSA-2020:3832 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678
RHSA-2020:3832: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203832 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3832, CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3835: firefox security update (Important)oval-com.redhat.rhsa-def-20203835 highRHSA-2020:3835 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678
RHSA-2020:3835: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20203835 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:3835, CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:3848: libmspack security update (Low)oval-com.redhat.rhsa-def-20203848 lowRHSA-2020:3848 CVE-2019-1010305
RHSA-2020:3848: libmspack security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203848 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3848, CVE-2019-1010305 |
| Description | The libmspack packages contain a library providing compression and extraction of the Cabinet (CAB) file format used by Microsoft. Security Fix(es): * libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3861: glibc security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20203861 lowRHSA-2020:3861 CVE-2019-19126
RHSA-2020:3861: glibc security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203861 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3861, CVE-2019-19126 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: LD_PREFER_MAP_32BIT_EXEC not ignored in setuid binaries (CVE-2019-19126) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3864: cups security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203864 mediumRHSA-2020:3864 CVE-2017-18190 CVE-2019-8675 CVE-2019-8696
RHSA-2020:3864: cups security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203864 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3864, CVE-2017-18190, CVE-2019-8675, CVE-2019-8696 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: DNS rebinding attacks via incorrect whitelist (CVE-2017-18190) * cups: stack-buffer-overflow in libcups's asn1_get_type function (CVE-2019-8675) * cups: stack-buffer-overflow in libcups's asn1_get_packed function (CVE-2019-8696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3868: SDL security update (Moderate)oval-com.redhat.rhsa-def-20203868 mediumRHSA-2020:3868 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638
RHSA-2020:3868: SDL security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203868 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3868, CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638 |
| Description | Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572) * SDL: heap-based buffer overflow in function MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575) * SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636) * SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637) * SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638) * SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573) * SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574) * SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576) * SDL: buffer over-read in function SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577) * SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578) * SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3869: pcp security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20203869 lowRHSA-2020:3869 CVE-2019-3695 CVE-2019-3696
RHSA-2020:3869: pcp security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203869 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3869, CVE-2019-3695, CVE-2019-3696 |
| Description | Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for acquisition, archiving, and analysis of system-level performance measurements. Its light-weight distributed architecture makes it particularly well-suited to centralized analysis of complex systems. Security Fix(es): * pcp: Local privilege escalation in pcp spec file %post section (CVE-2019-3695) * pcp: Local privilege escalation in pcp spec file through migrate_tempdirs (CVE-2019-3696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3873: libsrtp security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203873 mediumRHSA-2020:3873 CVE-2013-2139 CVE-2015-6360
RHSA-2020:3873: libsrtp security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203873 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3873, CVE-2013-2139, CVE-2015-6360 |
| Description | The libsrtp package provides an implementation of the Secure Real-time Transport Protocol (SRTP), the Universal Security Transform (UST), and a supporting cryptographic kernel. Security Fix(es): * libsrtp: improper handling of CSRC count and extension header length in RTP header (CVE-2015-6360) * libsrtp: buffer overflow in application of crypto profiles (CVE-2013-2139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3875: tigervnc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203875 mediumRHSA-2020:3875 CVE-2019-15691 CVE-2019-15692 CVE-2019-15693 CVE-2019-15694 CVE-2019-15695
RHSA-2020:3875: tigervnc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203875 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3875, CVE-2019-15691, CVE-2019-15692, CVE-2019-15693, CVE-2019-15694, CVE-2019-15695 |
| Description | Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Security Fix(es): * tigervnc: Stack use-after-return due to incorrect usage of stack memory in ZRLEDecoder (CVE-2019-15691) * tigervnc: Heap buffer overflow triggered from CopyRectDecoder due to incorrect value checks (CVE-2019-15692) * tigervnc: Heap buffer overflow in TightDecoder::FilterGradient (CVE-2019-15693) * tigervnc: Heap buffer overflow in DecodeManager::decodeRect (CVE-2019-15694) * tigervnc: Stack buffer overflow in CMsgReader::readSetCursor (CVE-2019-15695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3876: libvpx security update (Moderate)oval-com.redhat.rhsa-def-20203876 mediumRHSA-2020:3876 CVE-2017-0393 CVE-2019-9232 CVE-2019-9433 CVE-2020-0034
RHSA-2020:3876: libvpx security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203876 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3876, CVE-2017-0393, CVE-2019-9232, CVE-2019-9433, CVE-2020-0034 |
| Description | The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Denial of service in mediaserver (CVE-2017-0393) * libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232) * libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433) * libvpx: Out of bounds read in vp8_decode_frame in decodeframe.c (CVE-2020-0034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3877: audiofile security update (Moderate)oval-com.redhat.rhsa-def-20203877 mediumRHSA-2020:3877 CVE-2018-13440 CVE-2018-17095
RHSA-2020:3877: audiofile security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203877 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3877, CVE-2018-13440, CVE-2018-17095 |
| Description | The Audio File library is an implementation of the Audio File Library from SGI, which provides an API for accessing audio file formats like AIFF/AIFF-C, WAVE, and NeXT/Sun .snd/.au files. Security Fix(es): * audiofile: Heap-based buffer overflow in Expand3To4Module::run() when running sfconvert (CVE-2018-17095) * audiofile: NULL pointer dereference in ModuleState::setup() in modules/ModuleState.cpp allows for denial of service via crafted file (CVE-2018-13440) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3878: dnsmasq security and bug fix update (Low)oval-com.redhat.rhsa-def-20203878 lowRHSA-2020:3878 CVE-2019-14834
RHSA-2020:3878: dnsmasq security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203878 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3878, CVE-2019-14834 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: memory leak in the create_helper() function in /src/helper.c (CVE-2019-14834) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3887: python-pillow security update (Moderate)oval-com.redhat.rhsa-def-20203887 mediumRHSA-2020:3887 CVE-2020-5313
RHSA-2020:3887: python-pillow security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203887 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3887, CVE-2020-5313 |
| Description | The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3888: python3 security update (Moderate)oval-com.redhat.rhsa-def-20203888 mediumRHSA-2020:3888 CVE-2019-16935 CVE-2020-8492
RHSA-2020:3888: python3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203888 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3888, CVE-2019-16935, CVE-2020-8492 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935) * python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3898: cloud-init security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20203898 mediumRHSA-2020:3898 CVE-2018-10896 CVE-2020-8631 CVE-2020-8632
RHSA-2020:3898: cloud-init security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203898 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3898, CVE-2018-10896, CVE-2020-8631, CVE-2020-8632 |
| Description | The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. The following packages have been upgraded to a later upstream version: cloud-init (19.4). (BZ#1803094) Security Fix(es): * cloud-init: Use of random.choice when generating random password (CVE-2020-8631) * cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632) * cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3901: libpng security update (Low)oval-com.redhat.rhsa-def-20203901 lowRHSA-2020:3901 CVE-2017-12652
RHSA-2020:3901: libpng security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203901 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3901, CVE-2017-12652 |
| Description | The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files. Security Fix(es): * libpng: does not check length of chunks against user limit (CVE-2017-12652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3902: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20203902 mediumRHSA-2020:3902 CVE-2019-14973 CVE-2019-17546
RHSA-2020:3902: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203902 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3902, CVE-2019-14973, CVE-2019-17546 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: integer overflow in _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c (CVE-2019-14973) * libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c (CVE-2019-17546) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3906: qemu-kvm security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20203906 lowRHSA-2020:3906 CVE-2018-15746 CVE-2019-20382
RHSA-2020:3906: qemu-kvm security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203906 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3906, CVE-2018-15746, CVE-2019-20382 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746) * QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3907: qemu-kvm-ma security update (Low)oval-com.redhat.rhsa-def-20203907 lowRHSA-2020:3907 CVE-2018-15746 CVE-2019-20382
RHSA-2020:3907: qemu-kvm-ma security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203907 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3907, CVE-2018-15746, CVE-2019-20382 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: seccomp: blacklist is not applied to all threads (CVE-2018-15746) * QEMU: vnc: memory leakage upon disconnect (CVE-2019-20382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3908: cpio security update (Moderate)oval-com.redhat.rhsa-def-20203908 mediumRHSA-2020:3908 CVE-2019-14866
RHSA-2020:3908: cpio security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203908 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3908, CVE-2019-14866 |
| Description | The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix(es): * cpio: improper input validation when writing tar header fields leads to unexpect tar generation (CVE-2019-14866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3911: python security update (Moderate)oval-com.redhat.rhsa-def-20203911 mediumRHSA-2020:3911 CVE-2019-16935
RHSA-2020:3911: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203911 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3911, CVE-2019-16935 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3915: libssh2 security update (Moderate)oval-com.redhat.rhsa-def-20203915 mediumRHSA-2020:3915 CVE-2019-17498
RHSA-2020:3915: libssh2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203915 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3915, CVE-2019-17498 |
| Description | The libssh2 packages provide a library that implements the SSH2 protocol. Security Fix(es): * libssh2: integer overflow in SSH_MSG_DISCONNECT logic in packet.c (CVE-2019-17498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3916: curl security update (Moderate)oval-com.redhat.rhsa-def-20203916 mediumRHSA-2020:3916 CVE-2019-5482
RHSA-2020:3916: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203916 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3916, CVE-2019-5482 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: heap buffer overflow in function tftp_receive_packet() (CVE-2019-5482) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3922: libsndfile security update (Low)oval-com.redhat.rhsa-def-20203922 lowRHSA-2020:3922 CVE-2018-19662
RHSA-2020:3922: libsndfile security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203922 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3922, CVE-2018-19662 |
| Description | libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: buffer over-read in the function i2alaw_array in alaw.c (CVE-2018-19662) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3936: ipa security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20203936 mediumRHSA-2020:3936 CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-11358 CVE-2019-8331 CVE-2020-11022 CVE-2020-1722
RHSA-2020:3936: ipa security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203936 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3936, CVE-2015-9251, CVE-2016-10735, CVE-2018-14040, CVE-2018-14042, CVE-2018-20676, CVE-2018-20677, CVE-2019-11358, CVE-2019-8331, CVE-2020-11022, CVE-2020-1722 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa (4.6.8). (BZ#1819725) Security Fix(es): * js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip. (CVE-2018-14042) * bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676) * bootstrap: XSS in the affix configuration target property (CVE-2018-20677) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * ipa: No password length restriction leads to denial of service (CVE-2020-1722) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3940: openwsman security update (Moderate)oval-com.redhat.rhsa-def-20203940 mediumRHSA-2020:3940 CVE-2019-3833
RHSA-2020:3940: openwsman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203940 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3940, CVE-2019-3833 |
| Description | Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es): * openwsman: Infinite loop in process_connection() allows denial of service (CVE-2019-3833) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3943: libwmf security and bug fix update (Low)oval-com.redhat.rhsa-def-20203943 lowRHSA-2020:3943 CVE-2019-6978
RHSA-2020:3943: libwmf security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203943 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3943, CVE-2019-6978 |
| Description | The libwmf packages provide a library for reading and converting Windows Metafile Format (WMF) vector graphics. The library is used by applications such as GIMP and ImageMagick. Security Fix(es): * gd: double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3944: unoconv security update (Moderate)oval-com.redhat.rhsa-def-20203944 mediumRHSA-2020:3944 CVE-2019-17400
RHSA-2020:3944: unoconv security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203944 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3944, CVE-2019-17400 |
| Description | Universal Office Converter (unoconv) is a command line tool to convert any document format that LibreOffice can import to any document format that LibreOffice can export. It makes use of the LibreOffice's UNO bindings for non-interactive conversion of documents. Security Fix(es): * unoconv: mishandling of pathname leads to SSRF and local file inclusion (CVE-2019-17400) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3949: librabbitmq security update (Moderate)oval-com.redhat.rhsa-def-20203949 mediumRHSA-2020:3949 CVE-2019-18609
RHSA-2020:3949: librabbitmq security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203949 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3949, CVE-2019-18609 |
| Description | The librabbitmq packages provide an Advanced Message Queuing Protocol (AMQP) client library that allows you to communicate with AMQP servers using protocol version 0-9-1. Security Fix(es): * librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow (CVE-2019-18609) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3952: expat security update (Moderate)oval-com.redhat.rhsa-def-20203952 mediumRHSA-2020:3952 CVE-2018-20843 CVE-2019-15903
RHSA-2020:3952: expat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203952 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3952, CVE-2018-20843, CVE-2019-15903 |
| Description | Expat is a C library for parsing XML documents. Security Fix(es): * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3958: httpd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20203958 mediumRHSA-2020:3958 CVE-2017-15715 CVE-2018-1283 CVE-2018-1303 CVE-2019-10098 CVE-2020-1927 CVE-2020-1934
RHSA-2020:3958: httpd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203958 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3958, CVE-2017-15715, CVE-2018-1283, CVE-2018-1303, CVE-2019-10098, CVE-2020-1927, CVE-2020-1934 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Improper handling of headers in mod_session can allow a remote user to modify session data for CGI applications (CVE-2018-1283) * httpd: Out of bounds read in mod_cache_socache can allow a remote attacker to cause DoS (CVE-2018-1303) * httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927) * httpd: <FilesMatch> bypass with a trailing newline in the file name (CVE-2017-15715) * httpd: mod_rewrite potential open redirect (CVE-2019-10098) * httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3966: fontforge security update (Moderate)oval-com.redhat.rhsa-def-20203966 mediumRHSA-2020:3966 CVE-2020-5395
RHSA-2020:3966: fontforge security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203966 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3966, CVE-2020-5395 |
| Description | FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): * fontforge: out-of-bounds write in SFD_GetFontMetaData function in sfd.c (CVE-2020-5395) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3970: mod_auth_openidc security update (Low)oval-com.redhat.rhsa-def-20203970 lowRHSA-2020:3970 CVE-2019-14857 CVE-2019-20479
RHSA-2020:3970: mod_auth_openidc security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203970 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3970, CVE-2019-14857, CVE-2019-20479 |
| Description | The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: Open redirect in logout url when using URLs with leading slashes (CVE-2019-14857) * mod_auth_openidc: Open redirect issue exists in URLs with slash and backslash (CVE-2019-20479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3971: hunspell security update (Low)oval-com.redhat.rhsa-def-20203971 lowRHSA-2020:3971 CVE-2019-16707
RHSA-2020:3971: hunspell security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203971 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3971, CVE-2019-16707 |
| Description | Hunspell is a spell checker and morphological analyzer library and program designed for languages with rich morphology and complex word compounding or character encoding. Security Fix(es): * hunspell: out-of-bounds read in SuggestMgr::leftcommonsubstring in suggestmgr.cxx (CVE-2019-16707) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3972: subversion security update (Moderate)oval-com.redhat.rhsa-def-20203972 mediumRHSA-2020:3972 CVE-2018-11782
RHSA-2020:3972: subversion security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203972 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3972, CVE-2018-11782 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev' (CVE-2018-11782) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3973: spamassassin security update (Moderate)oval-com.redhat.rhsa-def-20203973 mediumRHSA-2020:3973 CVE-2019-12420
RHSA-2020:3973: spamassassin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203973 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3973, CVE-2019-12420 |
| Description | The SpamAssassin tool provides a way to reduce unsolicited commercial email (spam) from incoming email. Security Fix(es): * spamassassin: crafted email message can lead to DoS (CVE-2019-12420) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3977: evince and poppler security and bug fix update (Low)oval-com.redhat.rhsa-def-20203977 lowRHSA-2020:3977 CVE-2019-14494
RHSA-2020:3977: evince and poppler security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20203977 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:3977, CVE-2019-14494 |
| Description | The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc (CVE-2019-14494) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3978: glib2 and ibus security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203978 mediumRHSA-2020:3978 CVE-2019-12450 CVE-2019-14822
RHSA-2020:3978: glib2 and ibus security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203978 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3978, CVE-2019-12450, CVE-2019-14822 |
| Description | GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. The Intelligent Input Bus (IBus) is an input method framework for multilingual input in Unix-like operating systems. Security Fix(es): * glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450) * ibus: missing authorization allows local attacker to access the input bus of another user (CVE-2019-14822) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3981: samba security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20203981 mediumRHSA-2020:3981 CVE-2019-14907
RHSA-2020:3981: samba security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203981 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3981, CVE-2019-14907 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.10.16). (BZ#1785121) Security Fix(es): * samba: Crash after failed character conversion at log level 3 or above (CVE-2019-14907) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3984: freeradius security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203984 mediumRHSA-2020:3984 CVE-2019-10143 CVE-2019-13456 CVE-2019-17185
RHSA-2020:3984: freeradius security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203984 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3984, CVE-2019-10143, CVE-2019-13456, CVE-2019-17185 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * freeradius: privilege escalation due to insecure logrotate configuration (CVE-2019-10143) * freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations (CVE-2019-13456) * freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access (CVE-2019-17185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:3996: libxml2 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20203996 mediumRHSA-2020:3996 CVE-2019-19956 CVE-2019-20388 CVE-2020-7595
RHSA-2020:3996: libxml2 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20203996 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:3996, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4000: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204000 mediumRHSA-2020:4000 CVE-2019-20485 CVE-2020-10703
RHSA-2020:4000: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204000 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4000, CVE-2019-20485, CVE-2020-10703 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent (CVE-2019-20485) * libvirt: Potential denial of service via active pool without target path (CVE-2020-10703) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4001: bluez security update (Moderate)oval-com.redhat.rhsa-def-20204001 mediumRHSA-2020:4001 CVE-2020-0556
RHSA-2020:4001: bluez security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204001 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4001, CVE-2020-0556 |
| Description | The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * bluez: Improper access control in subsystem could result in privilege escalation and DoS (CVE-2020-0556) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4003: NetworkManager security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204003 mediumRHSA-2020:4003 CVE-2020-10754
RHSA-2020:4003: NetworkManager security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4003, CVE-2020-10754 |
| Description | NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. Security Fix(es): * NetworkManager: user configuration not honoured leaving the connection unauthenticated via insecure defaults (CVE-2020-10754) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4004: tomcat security and bug fix update (Important)oval-com.redhat.rhsa-def-20204004 highRHSA-2020:4004 CVE-2019-17563 CVE-2020-13935
RHSA-2020:4004: tomcat security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204004 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4004, CVE-2019-17563, CVE-2020-13935 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: multiple requests with invalid payload length in a WebSocket frame could lead to DoS (CVE-2020-13935) * tomcat: session fixation when using FORM authentication (CVE-2019-17563) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4005: libxslt security update (Moderate)oval-com.redhat.rhsa-def-20204005 mediumRHSA-2020:4005 CVE-2019-11068 CVE-2019-18197
RHSA-2020:4005: libxslt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204005 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4005, CVE-2019-11068, CVE-2019-18197 |
| Description | libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. Security Fix(es): * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068) * libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4007: systemd security and bug fix update (Low)oval-com.redhat.rhsa-def-20204007 lowRHSA-2020:4007 CVE-2019-20386
RHSA-2020:4007: systemd security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204007 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4007, CVE-2019-20386 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4011: e2fsprogs security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204011 mediumRHSA-2020:4011 CVE-2019-5094 CVE-2019-5188
RHSA-2020:4011: e2fsprogs security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204011 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4011, CVE-2019-5094, CVE-2019-5188 |
| Description | The e2fsprogs packages provide a number of utilities for creating, checking, modifying, and correcting the ext2, ext3, and ext4 file systems. Security Fix(es): * e2fsprogs: Crafted ext4 partition leads to out-of-bounds write (CVE-2019-5094) * e2fsprogs: Out-of-bounds write in e2fsck/rehash.c (CVE-2019-5188) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4024: okular security update (Moderate)oval-com.redhat.rhsa-def-20204024 mediumRHSA-2020:4024 CVE-2020-9359
RHSA-2020:4024: okular security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204024 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4024, CVE-2020-9359 |
| Description | Okular is a universal document viewer developed by KDE supporting different kinds of documents, like PDF, Postscript, DjVu, CHM, XPS, ePub and others. Security Fix(es): * okular: local binary execution via specially crafted PDF files (CVE-2020-9359) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4025: qt5-qtbase security update (Moderate)oval-com.redhat.rhsa-def-20204025 mediumRHSA-2020:4025 CVE-2020-0569 CVE-2020-0570
RHSA-2020:4025: qt5-qtbase security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204025 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4025, CVE-2020-0569, CVE-2020-0570 |
| Description | Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0569) * qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4026: mariadb security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204026 mediumRHSA-2020:4026 CVE-2019-2974 CVE-2020-2574 CVE-2020-2752 CVE-2020-2780 CVE-2020-2812 CVE-2021-2144
RHSA-2020:4026: mariadb security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204026 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4026, CVE-2019-2974, CVE-2020-2574, CVE-2020-2752, CVE-2020-2780, CVE-2020-2812, CVE-2021-2144 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (5.5.68). (BZ#1769276) Security Fix(es): * mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974) * mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752) * mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780) * mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812) * mysql: C API: unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4030: exiv2 security update (Low)oval-com.redhat.rhsa-def-20204030 lowRHSA-2020:4030 CVE-2019-17402
RHSA-2020:4030: exiv2 security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204030 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4030, CVE-2019-17402 |
| Description | The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. Security Fix(es): * exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check (CVE-2019-17402) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4031: freerdp security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204031 mediumRHSA-2020:4031 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11042 CVE-2020-11043 CVE-2020-11044 CVE-2020-11045 CVE-2020-11046 CVE-2020-11047 CVE-2020-11048 CVE-2020-11049 CVE-2020-11058 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11522 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397
RHSA-2020:4031: freerdp security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204031 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4031, CVE-2020-11018, CVE-2020-11019, CVE-2020-11038, CVE-2020-11039, CVE-2020-11040, CVE-2020-11041, CVE-2020-11042, CVE-2020-11043, CVE-2020-11044, CVE-2020-11045, CVE-2020-11046, CVE-2020-11047, CVE-2020-11048, CVE-2020-11049, CVE-2020-11058, CVE-2020-11085, CVE-2020-11086, CVE-2020-11087, CVE-2020-11088, CVE-2020-11089, CVE-2020-11522, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396, CVE-2020-13397 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp (2.1.1). (BZ#1834286) Security Fix(es): * freerdp: Out of bound read in cliprdr_server_receive_capabilities (CVE-2020-11018) * freerdp: Out of bound read/write in usb redirection channel (CVE-2020-11039) * freerdp: out-of-bounds read in update_read_icon_info function (CVE-2020-11042) * freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results function (CVE-2020-11047) * freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. (CVE-2020-13396) * freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c (CVE-2020-13397) * freerdp: Out of bound read in update_recv could result in a crash (CVE-2020-11019) * freerdp: Integer overflow in VIDEO channel (CVE-2020-11038) * freerdp: Out of bound access in clear_decompress_subcode_rlex (CVE-2020-11040) * freerdp: Unchecked read of array offset in rdpsnd_recv_wave2_pdu (CVE-2020-11041) * freerdp: out of bound read in rfx_process_message_tileset (CVE-2020-11043) * freerdp: double free in update_read_cache_bitmap_v3_order function (CVE-2020-11044) * freerdp: out of bounds read in update_read_bitmap_data function (CVE-2020-11045) * freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read (CVE-2020-11046) * freerdp: out-of-bounds read could result in aborting the session (CVE-2020-11048) * freerdp: out-of-bound read of client memory that is then passed on to the protocol parser (CVE-2020-11049) * freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read (CVE-2020-11058) * freerdp: out-of-bounds read in cliprdr_read_format_list function (CVE-2020-11085) * freerdp: out-of-bounds read in ntlm_read_ntlm_v2_client_challenge function (CVE-2020-11086) * freerdp: out-of-bounds read in ntlm_read_AuthenticateMessage (CVE-2020-11087) * freerdp: out-of-bounds read in ntlm_read_NegotiateMessage (CVE-2020-11088) * freerdp: out-of-bounds read in irp functions (CVE-2020-11089) * freerdp: out-of-bounds read in gdi.c (CVE-2020-11522) * freerdp: out-of-bounds read in bitmap.c (CVE-2020-11525) * freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later (CVE-2020-11526) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4032: dbus security update (Moderate)oval-com.redhat.rhsa-def-20204032 mediumRHSA-2020:4032 CVE-2019-12749
RHSA-2020:4032: dbus security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204032 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4032, CVE-2019-12749 |
| Description | D-Bus is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messaging facility. Security Fix(es): * dbus: DBusServer DBUS_COOKIE_SHA1 authentication bypass (CVE-2019-12749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4035: webkitgtk4 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204035 mediumRHSA-2020:4035 CVE-2019-11070 CVE-2019-6237 CVE-2019-6251 CVE-2019-8506 CVE-2019-8524 CVE-2019-8535 CVE-2019-8536 CVE-2019-8544 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596 CVE-2019-8597 CVE-2019-8601 CVE-2019-8607 CVE-2019-8608 CVE-2019-8609 CVE-2019-8610 CVE-2019-8611 CVE-2019-8615 CVE-2019-8619 CVE-2019-8622 CVE-2019-8623 CVE-2019-8625 CVE-2019-8644 CVE-2019-8649 CVE-2019-8658 CVE-2019-8666 CVE-2019-8669 CVE-2019-8671 CVE-2019-8672 CVE-2019-8673 CVE-2019-8674 CVE-2019-8676 CVE-2019-8677 CVE-2019-8678 CVE-2019-8679 CVE-2019-8680 CVE-2019-8681 CVE-2019-8683 CVE-2019-8684 CVE-2019-8686 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8710 CVE-2019-8719 CVE-2019-8720 CVE-2019-8726 CVE-2019-8733 CVE-2019-8735 CVE-2019-8743 CVE-2019-8763 CVE-2019-8764 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8821 CVE-2019-8822 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762
RHSA-2020:4035: webkitgtk4 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204035 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4035, CVE-2019-11070, CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-10018, CVE-2020-11793, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2021-30666, CVE-2021-30761, CVE-2021-30762 |
| Description | WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. The following packages have been upgraded to a later upstream version: webkitgtk4 (2.28.2). (BZ#1817144) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-6237, CVE-2019-6251, CVE-2019-8506, CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544, CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563, CVE-2019-8571, CVE-2019-8583, CVE-2019-8584, CVE-2019-8586, CVE-2019-8587, CVE-2019-8594, CVE-2019-8595, CVE-2019-8596, CVE-2019-8597, CVE-2019-8601, CVE-2019-8607, CVE-2019-8608, CVE-2019-8609, CVE-2019-8610, CVE-2019-8611, CVE-2019-8615, CVE-2019-8619, CVE-2019-8622, CVE-2019-8623, CVE-2019-8625, CVE-2019-8644, CVE-2019-8649, CVE-2019-8658, CVE-2019-8666, CVE-2019-8669, CVE-2019-8671, CVE-2019-8672, CVE-2019-8673, CVE-2019-8674, CVE-2019-8676, CVE-2019-8677, CVE-2019-8678, CVE-2019-8679, CVE-2019-8680, CVE-2019-8681, CVE-2019-8683, CVE-2019-8684, CVE-2019-8686, CVE-2019-8687, CVE-2019-8688, CVE-2019-8689, CVE-2019-8690, CVE-2019-8707, CVE-2019-8710, CVE-2019-8719, CVE-2019-8720, CVE-2019-8726, CVE-2019-8733, CVE-2019-8735, CVE-2019-8743, CVE-2019-8763, CVE-2019-8764, CVE-2019-8765, CVE-2019-8766, CVE-2019-8768, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8821, CVE-2019-8822, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2019-11070, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-10018, CVE-2020-11793) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4039: OpenEXR security update (Moderate)oval-com.redhat.rhsa-def-20204039 mediumRHSA-2020:4039 CVE-2020-11761 CVE-2020-11763 CVE-2020-11764
RHSA-2020:4039: OpenEXR security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204039 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4039, CVE-2020-11761, CVE-2020-11763, CVE-2020-11764 |
| Description | OpenEXR is a high dynamic-range (HDR) image file format developed by Industrial Light & Magic for use in computer imaging applications. This package contains libraries and sample applications for handling the format. Security Fix(es): * OpenEXR: out-of-bounds read during Huffman uncompression (CVE-2020-11761) * OpenEXR: std::vector out-of-bounds read and write in ImfTileOffsets.cpp (CVE-2020-11763) * OpenEXR: out-of-bounds write in copyIntoFrameBuffer function in ImfMisc.cpp (CVE-2020-11764) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4040: libexif security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204040 mediumRHSA-2020:4040 CVE-2019-9278 CVE-2020-0093 CVE-2020-0182 CVE-2020-12767 CVE-2020-13113 CVE-2020-13114
RHSA-2020:4040: libexif security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204040 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4040, CVE-2019-9278, CVE-2020-0093, CVE-2020-0182, CVE-2020-12767, CVE-2020-13113, CVE-2020-13114 |
| Description | The libexif packages provide a library for extracting extra information from image files. The following packages have been upgraded to a later upstream version: libexif (0.6.22). (BZ#1841316) Security Fix(es): * libexif: out of bound write in exif-data.c (CVE-2019-9278) * libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c (CVE-2020-0093) * libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free (CVE-2020-13113) * libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time (CVE-2020-13114) * libexif: out of bounds read due to a missing bounds check in exif_entry_get_value function in exif-entry.c (CVE-2020-0182) * libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c (CVE-2020-12767) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4041: openldap security update (Moderate)oval-com.redhat.rhsa-def-20204041 mediumRHSA-2020:4041 CVE-2020-12243
RHSA-2020:4041: openldap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204041 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4041, CVE-2020-12243 |
| Description | OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. The openldap packages contain configuration files, libraries, and documentation for OpenLDAP. Security Fix(es): * openldap: denial of service via nested boolean expressions in LDAP search filters (CVE-2020-12243) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4056: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20204056 highRHSA-2020:4056 CVE-2020-14364
RHSA-2020:4056: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204056 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4056, CVE-2020-14364 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4059: virt:rhel security update (Important)oval-com.redhat.rhsa-def-20204059 highRHSA-2020:4059 CVE-2020-10756 CVE-2020-14364
RHSA-2020:4059: virt:rhel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204059 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4059, CVE-2020-10756, CVE-2020-14364 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364) * QEMU: slirp: networking out-of-bounds read information disclosure vulnerability (CVE-2020-10756) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4060: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20204060 highRHSA-2020:4060 CVE-2017-18551 CVE-2018-20836 CVE-2019-12614 CVE-2019-15217 CVE-2019-15807 CVE-2019-15917 CVE-2019-16231 CVE-2019-16233 CVE-2019-16994 CVE-2019-17053 CVE-2019-17055 CVE-2019-18808 CVE-2019-19046 CVE-2019-19055 CVE-2019-19058 CVE-2019-19059 CVE-2019-19062 CVE-2019-19063 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19530 CVE-2019-19534 CVE-2019-19537 CVE-2019-19767 CVE-2019-19807 CVE-2019-20054 CVE-2019-20095 CVE-2019-20636 CVE-2019-9454 CVE-2019-9458 CVE-2020-10690 CVE-2020-10732 CVE-2020-10742 CVE-2020-10751 CVE-2020-10942 CVE-2020-11565 CVE-2020-12770 CVE-2020-12826 CVE-2020-14305 CVE-2020-1749 CVE-2020-2732 CVE-2020-8647 CVE-2020-8649 CVE-2020-9383
RHSA-2020:4060: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204060 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4060, CVE-2017-18551, CVE-2018-20836, CVE-2019-12614, CVE-2019-15217, CVE-2019-15807, CVE-2019-15917, CVE-2019-16231, CVE-2019-16233, CVE-2019-16994, CVE-2019-17053, CVE-2019-17055, CVE-2019-18808, CVE-2019-19046, CVE-2019-19055, CVE-2019-19058, CVE-2019-19059, CVE-2019-19062, CVE-2019-19063, CVE-2019-19332, CVE-2019-19447, CVE-2019-19523, CVE-2019-19524, CVE-2019-19530, CVE-2019-19534, CVE-2019-19537, CVE-2019-19767, CVE-2019-19807, CVE-2019-20054, CVE-2019-20095, CVE-2019-20636, CVE-2019-9454, CVE-2019-9458, CVE-2020-10690, CVE-2020-10732, CVE-2020-10742, CVE-2020-10751, CVE-2020-10942, CVE-2020-11565, CVE-2020-12770, CVE-2020-12826, CVE-2020-14305, CVE-2020-1749, CVE-2020-2732, CVE-2020-8647, CVE-2020-8649, CVE-2020-9383 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in sound/core/timer.c (CVE-2019-19807) * kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551) * kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836) * kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454) * kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458) Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article: https://access.redhat.com/articles/5442421 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4062: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20204062 highRHSA-2020:4062 CVE-2017-18551 CVE-2018-20836 CVE-2019-15217 CVE-2019-15807 CVE-2019-15917 CVE-2019-16231 CVE-2019-16233 CVE-2019-16994 CVE-2019-17053 CVE-2019-17055 CVE-2019-18808 CVE-2019-19046 CVE-2019-19055 CVE-2019-19058 CVE-2019-19059 CVE-2019-19062 CVE-2019-19063 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19530 CVE-2019-19534 CVE-2019-19537 CVE-2019-19767 CVE-2019-19807 CVE-2019-20054 CVE-2019-20095 CVE-2019-20636 CVE-2019-9454 CVE-2019-9458 CVE-2020-10690 CVE-2020-10732 CVE-2020-10742 CVE-2020-10751 CVE-2020-10942 CVE-2020-11565 CVE-2020-12770 CVE-2020-12826 CVE-2020-14305 CVE-2020-1749 CVE-2020-2732 CVE-2020-8647 CVE-2020-8649 CVE-2020-9383
RHSA-2020:4062: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204062 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4062, CVE-2017-18551, CVE-2018-20836, CVE-2019-15217, CVE-2019-15807, CVE-2019-15917, CVE-2019-16231, CVE-2019-16233, CVE-2019-16994, CVE-2019-17053, CVE-2019-17055, CVE-2019-18808, CVE-2019-19046, CVE-2019-19055, CVE-2019-19058, CVE-2019-19059, CVE-2019-19062, CVE-2019-19063, CVE-2019-19332, CVE-2019-19447, CVE-2019-19523, CVE-2019-19524, CVE-2019-19530, CVE-2019-19534, CVE-2019-19537, CVE-2019-19767, CVE-2019-19807, CVE-2019-20054, CVE-2019-20095, CVE-2019-20636, CVE-2019-9454, CVE-2019-9458, CVE-2020-10690, CVE-2020-10732, CVE-2020-10742, CVE-2020-10751, CVE-2020-10942, CVE-2020-11565, CVE-2020-12770, CVE-2020-12826, CVE-2020-14305, CVE-2020-1749, CVE-2020-2732, CVE-2020-8647, CVE-2020-8649, CVE-2020-9383 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in sound/core/timer.c (CVE-2019-19807) * kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551) * kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836) * kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454) * kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458) Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article: https://access.redhat.com/articles/5442481 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. |
RHSA-2020:4072: libcroco security update (Moderate)oval-com.redhat.rhsa-def-20204072 mediumRHSA-2020:4072 CVE-2020-12825
RHSA-2020:4072: libcroco security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204072 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4072, CVE-2020-12825 |
| Description | The libcroco is a standalone Cascading Style Sheet level 2 (CSS2) parsing and manipulation library. Security Fix(es): * libcroco: Stack overflow in function cr_parser_parse_any_core in cr-parser.c (CVE-2020-12825) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4076: nss and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204076 mediumRHSA-2020:4076 CVE-2019-11719 CVE-2019-11727 CVE-2019-11756 CVE-2019-17006 CVE-2019-17023 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402 CVE-2020-12403 CVE-2020-6829
RHSA-2020:4076: nss and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204076 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4076, CVE-2019-11719, CVE-2019-11727, CVE-2019-11756, CVE-2019-17006, CVE-2019-17023, CVE-2020-12400, CVE-2020-12401, CVE-2020-12402, CVE-2020-12403, CVE-2020-6829 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.53.1), nss-softokn (3.53.1), nss-util (3.53.1), nspr (4.25.0). (BZ#1804262, BZ#1804264, BZ#1804271, BZ#1804273) Security Fix(es): * nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719) * nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756) * nss: Check length of inputs for cryptographic primitives (CVE-2019-17006) * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: ECDSA timing attack mitigation bypass (CVE-2020-12401) * nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) * nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727) * nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak: libcurl leaks 120 bytes on each connection (BZ#1688958) * NSS does not set downgrade sentinel in ServerHello.random for TLS 1.0 and TLS 1.1 (BZ#1712924) * Make TLS 1.3 work in FIPS mode (BZ#1724251) * Name Constraints validation: CN treated as DNS name even when syntactically invalid as DNS name (BZ#1737910) * x25519 allowed in FIPS mode (BZ#1754518) * When NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess (BZ#1779325) * Running ipa-backup continuously causes httpd to crash and makes it irrecoverable (BZ#1804015) * nss needs to comply to the new SP800-56A rev 3 requirements (BZ#1857308) * KDF-self-tests-induced changes for nss in RHEL 7.9 (BZ#1870885) |
RHSA-2020:4078: qemu-kvm-ma security update (Important)oval-com.redhat.rhsa-def-20204078 highRHSA-2020:4078 CVE-2020-14364
RHSA-2020:4078: qemu-kvm-ma security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204078 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4078, CVE-2020-14364 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4079: qemu-kvm security update (Important)oval-com.redhat.rhsa-def-20204079 highRHSA-2020:4079 CVE-2020-14364 CVE-2020-1983
RHSA-2020:4079: qemu-kvm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204079 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4079, CVE-2020-14364, CVE-2020-1983 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: usb: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364) * QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4080: firefox security and bug fix update (Important)oval-com.redhat.rhsa-def-20204080 highRHSA-2020:4080 CVE-2020-12422 CVE-2020-12424 CVE-2020-12425 CVE-2020-15648 CVE-2020-15653 CVE-2020-15654 CVE-2020-15656 CVE-2020-15658 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678
RHSA-2020:4080: firefox security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204080 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4080, CVE-2020-12422, CVE-2020-12424, CVE-2020-12425, CVE-2020-15648, CVE-2020-15653, CVE-2020-15654, CVE-2020-15656, CVE-2020-15658, CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (CVE-2020-12422) * Mozilla: X-Frame-Options bypass using object or embed tags (CVE-2020-15648) * Mozilla: Bypassing iframe sandbox when allowing popups (CVE-2020-15653) * Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678) * Mozilla: WebRTC permission prompt could have been bypassed by a compromised content process (CVE-2020-12424) * Mozilla: Out of bound read in Date.parse() (CVE-2020-12425) * Mozilla: Custom cursor can overlay user interface (CVE-2020-15654) * Mozilla: Overriding file type when saving to disk (CVE-2020-15658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Warnings displayed when removing Firefox package (BZ#1868842) |
RHSA-2020:4082: squid security update (Important)oval-com.redhat.rhsa-def-20204082 highRHSA-2020:4082 CVE-2019-12528 CVE-2020-15049 CVE-2020-15810 CVE-2020-15811 CVE-2020-24606 CVE-2020-8449 CVE-2020-8450
RHSA-2020:4082: squid security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204082 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4082, CVE-2019-12528, CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606, CVE-2020-8449, CVE-2020-8450 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: HTTP Request Smuggling could result in cache poisoning (CVE-2020-15810) * squid: HTTP Request Splitting could result in cache poisoning (CVE-2020-15811) * squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528) * squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449) * squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450) * squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049) * squid: Improper input validation could result in a DoS (CVE-2020-24606) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4155: thunderbird security update (Important)oval-com.redhat.rhsa-def-20204155 highRHSA-2020:4155 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678
RHSA-2020:4155: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204155 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4155, CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4158: thunderbird security update (Important)oval-com.redhat.rhsa-def-20204158 highRHSA-2020:4158 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678
RHSA-2020:4158: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204158 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4158, CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4163: thunderbird security update (Important)oval-com.redhat.rhsa-def-20204163 highRHSA-2020:4163 CVE-2020-15673 CVE-2020-15676 CVE-2020-15677 CVE-2020-15678
RHSA-2020:4163: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4163, CVE-2020-15673, CVE-2020-15676, CVE-2020-15677, CVE-2020-15678 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.3.1. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3 (CVE-2020-15673) * Mozilla: XSS when pasting attacker-controlled data into a contenteditable element (CVE-2020-15676) * Mozilla: Download origin spoofing via redirect (CVE-2020-15677) * Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario (CVE-2020-15678) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4182: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20204182 highRHSA-2020:4182 CVE-2019-11487
RHSA-2020:4182: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204182 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4182, CVE-2019-11487 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Count overflow in FUSE request leading to use-after-free issues. (CVE-2019-11487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * NULL sdev dereference race in atapi_qc_complete() (BZ#1876296) |
RHSA-2020:4183: bind security update (Moderate)oval-com.redhat.rhsa-def-20204183 mediumRHSA-2020:4183 CVE-2020-8622
RHSA-2020:4183: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204183 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4183, CVE-2020-8622 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4186: spice and spice-gtk security update (Important)oval-com.redhat.rhsa-def-20204186 highRHSA-2020:4186 CVE-2020-14355
RHSA-2020:4186: spice and spice-gtk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204186 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4186, CVE-2020-14355 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Security Fix(es): * spice: multiple buffer overflow vulnerabilities in QUIC decoding code (CVE-2020-14355) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4187: spice and spice-gtk security update (Important)oval-com.redhat.rhsa-def-20204187 highRHSA-2020:4187 CVE-2020-14355
RHSA-2020:4187: spice and spice-gtk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204187 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4187, CVE-2020-14355 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit (GTK+) widget for Simple Protocol for Independent Computing Environments (SPICE) clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Security Fix(es): * spice: multiple buffer overflow vulnerabilities in QUIC decoding code (CVE-2020-14355) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4272: nodejs:12 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204272 mediumRHSA-2020:4272 CVE-2020-15095 CVE-2020-8116 CVE-2020-8201 CVE-2020-8252
RHSA-2020:4272: nodejs:12 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204272 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4272, CVE-2020-15095, CVE-2020-8116, CVE-2020-8201, CVE-2020-8252 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (12.18.4). Security Fix(es): * nodejs-dot-prop: prototype pollution (CVE-2020-8116) * nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201) * npm: Sensitive information exposure through logs (CVE-2020-15095) * libuv: buffer overflow in realpath (CVE-2020-8252) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The nodejs:12/development module is not installable (BZ#1883966) |
RHSA-2020:4276: kernel security update (Important)oval-com.redhat.rhsa-def-20204276 highRHSA-2020:4276 CVE-2020-12351 CVE-2020-12352
RHSA-2020:4276: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204276 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4276, CVE-2020-12351, CVE-2020-12352 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net: bluetooth: type confusion while processing AMP packets (CVE-2020-12351) * kernel: net: bluetooth: information leak when processing certain AMP packets (CVE-2020-12352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4280: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20204280 highRHSA-2020:4280 CVE-2020-12351 CVE-2020-12352
RHSA-2020:4280: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204280 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4280, CVE-2020-12351, CVE-2020-12352 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: net: bluetooth: type confusion while processing AMP packets (CVE-2020-12351) * kernel: net: bluetooth: information leak when processing certain AMP packets (CVE-2020-12352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4286: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20204286 highRHSA-2020:4286 CVE-2020-12351 CVE-2020-12352 CVE-2020-14331 CVE-2020-14385 CVE-2020-14386
RHSA-2020:4286: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204286 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4286, CVE-2020-12351, CVE-2020-12352, CVE-2020-14331, CVE-2020-14385, CVE-2020-14386 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net: bluetooth: type confusion while processing AMP packets (CVE-2020-12351) * kernel: net: bluetooth: information leak when processing certain AMP packets (CVE-2020-12352) * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386) * kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [mlx5] stale ethtool steering rules remain after moving back to legacy mode (BZ#1857777) * 50% cpu in masked_flow_update with pop to pod TCP_RR (BZ#1859216) * take into account GSO and fragmented packets in execute_check_pkt_len action (BZ#1860169) * RHEL8.1 - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (BZ#1866371) * RHEL8.3 Pre-Beta - smc: SMC connections hang with later-level implementations (BZ#1866390) * Incorrect pinning of IRQ threads on isolated CPUs by drivers that use cpumask_local_spread() (BZ#1867174) * [RHEL8] Fixes for DEADLINE scheduler class (BZ#1867612) * RHEL8.1 - s390/pci: Fix unexpected write combine on resource (BZ#1869276) * dm multipath: fix spurious failures during IO completion [EIOP-8345] (BZ#1869386) * IO on virtio-scsi hangs when running cpu hotplug test (BZ#1869779) * store_rps_map doesn't accept an empty bitmask, which is required for disabling RPS on a queue (BZ#1870181) * Memory registration cache data corruption possible, fix requires backporting (BZ#1872424) * fix another case of wait list corruption for PSM/sdma (BZ#1872766) * [RHEL-8] Segmentation fault (core dumped) when fi_bw -e msg -v -T 1 -p "verbs" (BZ#1872771) * fix mounting and inode number handling on s390x (BZ#1875787) * failure to enter nohz_full mode for non SCHED_FIFO tasks (BZ#1877417) * Secure boot key is not loaded with kernel-4.18.0-232.el8.x86_64 / shim-x64-15-15 (BZ#1877528) * [RHEL-8.3] Kdump failed to start when secure boot enabled: kexec_file_load failed: Required key not available (BZ#1877530) * [RHEL-8.3] Kdump/kexec kernel panicked on EFI boot: general protection fault: 0000 [#1] SMP PTI (BZ#1879988) * Sleeping or scheduling after sched_cpu_dying() led to "scheduling while atomic" and BUG at kernel/cpu.c:907! (BZ#1880081) * [conntrack] udp packet reverse NAT occasionally fail when race condition request combination with the DNAT load balancing rules (BZ#1882095) * [Regression] RHEL8.3 Beta - Do not initiate shutdown for EPOW_SHUTDOWN_ON_UPS event (BZ#1882243) |
RHSA-2020:4289: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20204289 highRHSA-2020:4289 CVE-2020-12351 CVE-2020-12352 CVE-2020-14331 CVE-2020-14385 CVE-2020-14386
RHSA-2020:4289: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204289 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4289, CVE-2020-12351, CVE-2020-12352, CVE-2020-14331, CVE-2020-14385, CVE-2020-14386 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: net: bluetooth: type confusion while processing AMP packets (CVE-2020-12351) * kernel: net: bluetooth: information leak when processing certain AMP packets (CVE-2020-12352) * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386) * kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.2.z Batch#4 source tree (BZ#1877921) |
RHSA-2020:4305: java-11-openjdk security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204305 mediumRHSA-2020:4305 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14803
RHSA-2020:4305: java-11-openjdk security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204305 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4305, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14803 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * "java-11-openjdk-headless" scriptlet failed during RHEL7 > RHEL8 upgrade transaction (BZ#1871709) * java-11-openjdk property java.vendor is "N/A" (BZ#1873390) |
RHSA-2020:4307: java-11-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20204307 mediumRHSA-2020:4307 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14803
RHSA-2020:4307: java-11-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204307 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4307, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14803 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4310: firefox security update (Important)oval-com.redhat.rhsa-def-20204310 highRHSA-2020:4310 CVE-2020-15683 CVE-2020-15969
RHSA-2020:4310: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204310 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4310, CVE-2020-15683, CVE-2020-15969 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4317: firefox security update (Important)oval-com.redhat.rhsa-def-20204317 highRHSA-2020:4317 CVE-2020-15683 CVE-2020-15969
RHSA-2020:4317: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204317 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4317, CVE-2020-15683, CVE-2020-15969 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4330: firefox security update (Important)oval-com.redhat.rhsa-def-20204330 highRHSA-2020:4330 CVE-2020-15683 CVE-2020-15969
RHSA-2020:4330: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204330 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4330, CVE-2020-15683, CVE-2020-15969 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4331: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20204331 highRHSA-2020:4331 CVE-2020-14385 CVE-2020-14386
RHSA-2020:4331: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204331 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4331, CVE-2020-14385, CVE-2020-14386 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4347: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20204347 mediumRHSA-2020:4347 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14803
RHSA-2020:4347: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204347 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4347, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14803 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4348: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20204348 mediumRHSA-2020:4348 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14803
RHSA-2020:4348: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204348 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4348, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14803 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4350: java-1.8.0-openjdk security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204350 mediumRHSA-2020:4350 CVE-2020-14779 CVE-2020-14781 CVE-2020-14782 CVE-2020-14792 CVE-2020-14796 CVE-2020-14797 CVE-2020-14803
RHSA-2020:4350: java-1.8.0-openjdk security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204350 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4350, CVE-2020-14779, CVE-2020-14781, CVE-2020-14782, CVE-2020-14792, CVE-2020-14796, CVE-2020-14797, CVE-2020-14803 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Integer overflow leading to out-of-bounds access (Hotspot, 8241114) (CVE-2020-14792) * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * JDK-8215727: Restore JFR thread sampler loop to old / previous behavior (BZ#1889532) |
RHSA-2020:4431: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204431 mediumRHSA-2020:4431 CVE-2019-12614 CVE-2019-15917 CVE-2019-15925 CVE-2019-16231 CVE-2019-16233 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19602 CVE-2019-19767 CVE-2019-19770 CVE-2019-20054 CVE-2019-20636 CVE-2019-20812 CVE-2019-9455 CVE-2019-9458 CVE-2020-0305 CVE-2020-0444 CVE-2020-10732 CVE-2020-10751 CVE-2020-10773 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-12465 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-14381 CVE-2020-25641 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2021-3715
RHSA-2020:4431: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204431 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4431, CVE-2019-12614, CVE-2019-15917, CVE-2019-15925, CVE-2019-16231, CVE-2019-16233, CVE-2019-18808, CVE-2019-18809, CVE-2019-19046, CVE-2019-19056, CVE-2019-19062, CVE-2019-19063, CVE-2019-19068, CVE-2019-19072, CVE-2019-19319, CVE-2019-19332, CVE-2019-19447, CVE-2019-19524, CVE-2019-19533, CVE-2019-19537, CVE-2019-19543, CVE-2019-19602, CVE-2019-19767, CVE-2019-19770, CVE-2019-20054, CVE-2019-20636, CVE-2019-20812, CVE-2019-9455, CVE-2019-9458, CVE-2020-0305, CVE-2020-0444, CVE-2020-10732, CVE-2020-10751, CVE-2020-10773, CVE-2020-10774, CVE-2020-10942, CVE-2020-11565, CVE-2020-11668, CVE-2020-12465, CVE-2020-12655, CVE-2020-12659, CVE-2020-12770, CVE-2020-12826, CVE-2020-14381, CVE-2020-25641, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, CVE-2021-3715 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use after free in the video driver leads to local privilege escalation (CVE-2019-9458) * kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917) * kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925) * kernel: memory leak in ccp_run_sha_cmd() (CVE-2019-18808) * kernel: Denial Of Service in the __ipmi_bmc_register() (CVE-2019-19046) * kernel: out-of-bounds write in ext4_xattr_set_entry (CVE-2019-19319) * Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332) * kernel: use-after-free in ext4_put_super (CVE-2019-19447) * kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524) * kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537) * kernel: use-after-free in serial_ir_init_module() (CVE-2019-19543) * kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (CVE-2019-19767) * kernel: use-after-free in debugfs_remove (CVE-2019-19770) * kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636) * kernel: possible use-after-free due to a race condition in cdev_get (CVE-2020-0305) * kernel: out-of-bounds read in in vc_do_resize function (CVE-2020-8647) * kernel: use-after-free in n_tty_receive_buf_common function (CVE-2020-8648) * kernel: invalid read location in vgacon_invert_region function (CVE-2020-8649) * kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732) * kernel: SELinux netlink permission check bypass (CVE-2020-10751) * kernel: out-of-bounds write in mpol_parse_str (CVE-2020-11565) * kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668) * kernel: buffer overflow in mt76_add_fragment function (CVE-2020-12465) * kernel: xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write which could result in crash and data coruption (CVE-2020-12659) * kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770) * kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826) * kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381) * kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641) * kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455) * kernel: null pointer dereference in dlpar_parse_cc_property (CVE-2019-12614) * kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231) * kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233) * kernel: memory leak in af9005_identify_state() function (CVE-2019-18809) * kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function (CVE-2019-19056) * kernel: memory leak in the crypto_report() function (CVE-2019-19062) * kernel: Two memory leaks in the rtl_usb_probe() function (CVE-2019-19063) * kernel: A memory leak in the rtl8xxxu_submit_int_urb() function (CVE-2019-19068) * kernel: A memory leak in the predicate_parse() function (CVE-2019-19072) * kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c (CVE-2019-19533) * kernel: Null pointer dereference in drop_sysctl_table() (CVE-2019-20054) * kernel: kernel stack information leak on s390/s390x (CVE-2020-10773) * kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774) * kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942) * kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655) |
RHSA-2020:4432: python-pip security update (Moderate)oval-com.redhat.rhsa-def-20204432 mediumRHSA-2020:4432 CVE-2019-20916
RHSA-2020:4432: python-pip security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204432 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4432, CVE-2019-20916 |
| Description | pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fix(es): * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4433: python3 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204433 mediumRHSA-2020:4433 CVE-2019-16935 CVE-2019-20907 CVE-2020-14422 CVE-2020-8492
RHSA-2020:4433: python3 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204433 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4433, CVE-2019-16935, CVE-2019-20907, CVE-2020-14422, CVE-2020-8492 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: XSS vulnerability in the documentation XML-RPC server in server_title field (CVE-2019-16935)
* python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)
* python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492)
* python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
|
RHSA-2020:4436: gnome-software and fwupd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20204436 lowRHSA-2020:4436 CVE-2020-10759
RHSA-2020:4436: gnome-software and fwupd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204436 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4436, CVE-2020-10759 |
| Description | The gnome-software packages contain an application that makes it easy to add, remove, and update software in the GNOME desktop. The appstream-data package provides the distribution specific AppStream metadata required for the GNOME and KDE software centers. The fwupd packages provide a service that allows session software to update device firmware. The following packages have been upgraded to a later upstream version: gnome-software (3.36.1), fwupd (1.4.2). Security Fix(es): * fwupd: Possible bypass in signature verification (CVE-2020-10759) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4442: sqlite security update (Moderate)oval-com.redhat.rhsa-def-20204442 mediumRHSA-2020:4442 CVE-2019-16168 CVE-2019-20218 CVE-2019-5018 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-6405 CVE-2020-9327
RHSA-2020:4442: sqlite security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204442 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4442, CVE-2019-16168, CVE-2019-20218, CVE-2019-5018, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632, CVE-2020-6405, CVE-2020-9327 |
| Description | SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: Use-after-free in window function leading to remote code execution (CVE-2019-5018) * sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168) * sqlite: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (CVE-2019-20218) * sqlite: Out-of-bounds read in SELECT with ON/USING clause (CVE-2020-6405) * sqlite: NULL pointer dereference and segmentation fault because of generated column optimizations (CVE-2020-9327) * sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630) * sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631) * sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4443: libarchive security update (Moderate)oval-com.redhat.rhsa-def-20204443 mediumRHSA-2020:4443 CVE-2019-19221
RHSA-2020:4443: libarchive security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204443 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4443, CVE-2019-19221 |
| Description | The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c (CVE-2019-19221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204444 mediumRHSA-2020:4444 CVE-2020-10029 CVE-2020-1751 CVE-2020-1752
RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204444 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4444, CVE-2020-10029, CVE-2020-1751, CVE-2020-1752 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: array overflow in backtrace functions for powerpc (CVE-2020-1751) * glibc: use-after-free in glob() function when expanding ~user (CVE-2020-1752) * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4445: librabbitmq security update (Moderate)oval-com.redhat.rhsa-def-20204445 mediumRHSA-2020:4445 CVE-2019-18609
RHSA-2020:4445: librabbitmq security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204445 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4445, CVE-2019-18609 |
| Description | The librabbitmq packages provide an Advanced Message Queuing Protocol (AMQP) client library that allows you to communicate with AMQP servers using protocol version 0-9-1. Security Fix(es): * librabbitmq: integer overflow in amqp_handle_input in amqp_connection.c leads to heap-based buffer overflow (CVE-2019-18609) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4451: GNOME security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204451 mediumRHSA-2020:4451 CVE-2019-8625 CVE-2019-8710 CVE-2019-8720 CVE-2019-8743 CVE-2019-8764 CVE-2019-8766 CVE-2019-8769 CVE-2019-8771 CVE-2019-8782 CVE-2019-8783 CVE-2019-8808 CVE-2019-8811 CVE-2019-8812 CVE-2019-8813 CVE-2019-8814 CVE-2019-8815 CVE-2019-8816 CVE-2019-8819 CVE-2019-8820 CVE-2019-8823 CVE-2019-8835 CVE-2019-8844 CVE-2019-8846 CVE-2020-10018 CVE-2020-11793 CVE-2020-14391 CVE-2020-15503 CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3899 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9806 CVE-2020-9807 CVE-2020-9843 CVE-2020-9850 CVE-2020-9862 CVE-2020-9893 CVE-2020-9894 CVE-2020-9895 CVE-2020-9915 CVE-2020-9925 CVE-2020-9952 CVE-2021-30666 CVE-2021-30761 CVE-2021-30762
RHSA-2020:4451: GNOME security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204451 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4451, CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-10018, CVE-2020-11793, CVE-2020-14391, CVE-2020-15503, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-9952, CVE-2021-30666, CVE-2021-30761, CVE-2021-30762 |
| Description | GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: gnome-remote-desktop (0.1.8), pipewire (0.3.6), vte291 (0.52.4), webkit2gtk3 (2.28.4), xdg-desktop-portal (1.6.0), xdg-desktop-portal-gtk (1.6.0). (BZ#1775345, BZ#1779691, BZ#1817143, BZ#1832347, BZ#1837406) Security Fix(es): * webkitgtk: Multiple security issues (CVE-2019-8625, CVE-2019-8710, CVE-2019-8720, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766, CVE-2019-8769, CVE-2019-8771, CVE-2019-8782, CVE-2019-8783, CVE-2019-8808, CVE-2019-8811, CVE-2019-8812, CVE-2019-8813, CVE-2019-8814, CVE-2019-8815, CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846, CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868, CVE-2020-3885, CVE-2020-3894, CVE-2020-3895, CVE-2020-3897, CVE-2020-3899, CVE-2020-3900, CVE-2020-3901, CVE-2020-3902, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925, CVE-2020-10018, CVE-2020-11793) * gnome-settings-daemon: Red Hat Customer Portal password logged and passed as command line argument when user registers through GNOME control center (CVE-2020-14391) * LibRaw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4453: vim security update (Moderate)oval-com.redhat.rhsa-def-20204453 mediumRHSA-2020:4453 CVE-2019-20807
RHSA-2020:4453: vim security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204453 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4453, CVE-2019-20807 |
| Description | Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: users can execute arbitrary OS commands via scripting interfaces in the rvim restricted mode (CVE-2019-20807) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4464: libxslt security update (Moderate)oval-com.redhat.rhsa-def-20204464 mediumRHSA-2020:4464 CVE-2019-11068 CVE-2019-18197
RHSA-2020:4464: libxslt security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204464 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4464, CVE-2019-11068, CVE-2019-18197 |
| Description | libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. Security Fix(es): * libxslt: xsltCheckRead and xsltCheckWrite routines security bypass by crafted URL (CVE-2019-11068) * libxslt: use after free in xsltCopyText in transform.c could lead to information disclosure (CVE-2019-18197) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4465: binutils security update (Low)oval-com.redhat.rhsa-def-20204465 lowRHSA-2020:4465 CVE-2019-17450
RHSA-2020:4465: binutils security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204465 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4465, CVE-2019-17450 |
| Description | The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: denial of service via crafted ELF file (CVE-2019-17450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4469: cups security and bug fix update (Low)oval-com.redhat.rhsa-def-20204469 lowRHSA-2020:4469 CVE-2020-3898
RHSA-2020:4469: cups security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204469 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4469, CVE-2020-3898 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c (CVE-2020-3898) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4479: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20204479 mediumRHSA-2020:4479 CVE-2019-19956 CVE-2019-20388 CVE-2020-7595
RHSA-2020:4479: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204479 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4479, CVE-2019-19956, CVE-2019-20388, CVE-2020-7595 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c (CVE-2019-19956) * libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c (CVE-2019-20388) * libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations (CVE-2020-7595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4481: bluez security update (Moderate)oval-com.redhat.rhsa-def-20204481 mediumRHSA-2020:4481 CVE-2020-0556
RHSA-2020:4481: bluez security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204481 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4481, CVE-2020-0556 |
| Description | The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * bluez: Improper access control in subsystem could result in privilege escalation and DoS (CVE-2020-0556) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4482: libgcrypt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204482 mediumRHSA-2020:4482 CVE-2019-13627
RHSA-2020:4482: libgcrypt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204482 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4482, CVE-2019-13627 |
| Description | The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. The following packages have been upgraded to a later upstream version: libgcrypt (1.8.5). (BZ#1764918) Security Fix(es): * libgcrypt: ECDSA timing attack allowing private key leak (CVE-2019-13627) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204483 mediumRHSA-2020:4483 CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2019-19481 CVE-2019-20792
RHSA-2020:4483: opensc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204483 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4483, CVE-2019-15945, CVE-2019-15946, CVE-2019-19479, CVE-2019-19481, CVE-2019-20792 |
| Description | The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. The following packages have been upgraded to a later upstream version: opensc (0.20.0). (BZ#1810660) Security Fix(es): * opensc: Out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c (CVE-2019-15945) * opensc: Out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c (CVE-2019-15946) * opensc: Improper handling of buffer limits for CAC certificates (CVE-2019-19481) * opensc: Double free in coolkey_free_private_data in libopensc/card-coolkey.c (CVE-2019-20792) * opensc: Incorrect read operation during parsing of a SETCOS file attribute (CVE-2019-19479) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4484: expat security update (Moderate)oval-com.redhat.rhsa-def-20204484 mediumRHSA-2020:4484 CVE-2018-20843 CVE-2019-15903
RHSA-2020:4484: expat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204484 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4484, CVE-2018-20843, CVE-2019-15903 |
| Description | Expat is a C library for parsing XML documents. Security Fix(es): * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843) * expat: heap-based buffer over-read via crafted XML input (CVE-2019-15903) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4490: gnupg2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204490 mediumRHSA-2020:4490 CVE-2018-1000858 CVE-2019-13050
RHSA-2020:4490: gnupg2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204490 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4490, CVE-2018-1000858, CVE-2019-13050 |
| Description | The GNU Privacy Guard (GnuPG or GPG) is a tool for encrypting data and creating digital signatures, compliant with OpenPGP and S/MIME standards. The following packages have been upgraded to a later upstream version: gnupg2 (2.2.20). (BZ#1663944) Security Fix(es): * GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS (CVE-2019-13050) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4497: cyrus-sasl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204497 mediumRHSA-2020:4497 CVE-2019-19906
RHSA-2020:4497: cyrus-sasl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204497 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4497, CVE-2019-19906 |
| Description | The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer (SASL). SASL is a method for adding authentication support to connection-based protocols. Security Fix(es): * cyrus-sasl: denial of service in _sasl_add_string function (CVE-2019-19906) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204500 mediumRHSA-2020:4500 CVE-2020-8619 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
RHSA-2020:4500: bind security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204500 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4500, CVE-2020-8619, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The following packages have been upgraded to a later upstream version: bind (9.11.20). (BZ#1818785) Security Fix(es): * bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c (CVE-2020-8619) * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) * bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623) * bind: incorrect enforcement of update-policy rules of type "subdomain" (CVE-2020-8624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4508: libsolv security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204508 mediumRHSA-2020:4508 CVE-2019-20387
RHSA-2020:4508: libsolv security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204508 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4508, CVE-2019-20387 |
| Description | The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. The following packages have been upgraded to a later upstream version: libsolv (0.7.11). (BZ#1809106) Security Fix(es): * libsolv: out-of-bounds read in repodata_schema2id in repodata.c (CVE-2019-20387) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4514: openssl security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20204514 lowRHSA-2020:4514 CVE-2019-1551
RHSA-2020:4514: openssl security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204514 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4514, CVE-2019-1551 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The following packages have been upgraded to a later upstream version: openssl (1.1.1g). (BZ#1817593) Security Fix(es): * openssl: Integer overflow in RSAZ modular exponentiation on x86_64 (CVE-2019-1551) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4539: pcre2 security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204539 mediumRHSA-2020:4539 CVE-2019-20454
RHSA-2020:4539: pcre2 security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204539 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4539, CVE-2019-20454 |
| Description | The pcre2 package contains a new generation of the Perl Compatible Regular Expression libraries for implementing regular expression pattern matching using the same syntax and semantics as Perl. Security Fix(es): * pcre: Out of bounds read in JIT mode when \X is used in non-UTF mode (CVE-2019-20454) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4542: cryptsetup security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204542 mediumRHSA-2020:4542 CVE-2020-14382
RHSA-2020:4542: cryptsetup security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204542 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4542, CVE-2020-14382 |
| Description | The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. The following packages have been upgraded to a later upstream version: cryptsetup (2.3.3). (BZ#1796826) Security Fix(es): * cryptsetup: Out-of-bounds write when validating segments (CVE-2020-14382) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204545 mediumRHSA-2020:4545 CVE-2019-14889 CVE-2020-1730
RHSA-2020:4545: libssh security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204545 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4545, CVE-2019-14889, CVE-2020-1730 |
| Description | libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. The following packages have been upgraded to a later upstream version: libssh (0.9.4). (BZ#1804797) Security Fix(es): * libssh: denial of service when handling AES-CTR (or DES) ciphers (CVE-2020-1730) * libssh: unsanitized location in scp could lead to unwanted command execution (CVE-2019-14889) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4547: libpcap security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20204547 lowRHSA-2020:4547 CVE-2019-15165
RHSA-2020:4547: libpcap security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204547 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4547, CVE-2019-15165 |
| Description | The libpcap packages provide a portable framework for low-level network monitoring. The libpcap library provides network statistics collection, security monitoring, and network debugging. The following packages have been upgraded to a later upstream version: libpcap (1.9.1). (BZ#1806422) Security Fix(es): * libpcap: Resource exhaustion during PHB header length validation (CVE-2019-15165) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4553: systemd security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20204553 lowRHSA-2020:4553 CVE-2019-20386
RHSA-2020:4553: systemd security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204553 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4553, CVE-2019-20386 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: memory leak in button_open() in login/logind-button.c when udev events are received (CVE-2019-20386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4568: libldb security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204568 mediumRHSA-2020:4568 CVE-2020-10730
RHSA-2020:4568: libldb security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204568 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4568, CVE-2020-10730 |
| Description | The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. The following packages have been upgraded to a later upstream version: libldb (2.1.3). (BZ#1817567) Security Fix(es): * samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results (CVE-2020-10730) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4599: curl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204599 mediumRHSA-2020:4599 CVE-2020-8177
RHSA-2020:4599: curl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204599 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4599, CVE-2020-8177 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4605: resource-agents security and bug fix update (Low)oval-com.redhat.rhsa-def-20204605 lowRHSA-2020:4605 CVE-2020-11078
RHSA-2020:4605: resource-agents security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204605 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4605, CVE-2020-11078 |
| Description | The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): * python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4609: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204609 mediumRHSA-2020:4609 CVE-2019-15917 CVE-2019-15925 CVE-2019-16231 CVE-2019-16233 CVE-2019-18808 CVE-2019-18809 CVE-2019-19046 CVE-2019-19056 CVE-2019-19062 CVE-2019-19063 CVE-2019-19068 CVE-2019-19072 CVE-2019-19319 CVE-2019-19332 CVE-2019-19447 CVE-2019-19524 CVE-2019-19533 CVE-2019-19537 CVE-2019-19543 CVE-2019-19767 CVE-2019-19770 CVE-2019-20054 CVE-2019-20636 CVE-2019-9455 CVE-2019-9458 CVE-2020-0305 CVE-2020-10732 CVE-2020-10751 CVE-2020-10774 CVE-2020-10942 CVE-2020-11565 CVE-2020-11668 CVE-2020-12655 CVE-2020-12659 CVE-2020-12770 CVE-2020-12826 CVE-2020-14381 CVE-2020-25641 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2021-3715
RHSA-2020:4609: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204609 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4609, CVE-2019-15917, CVE-2019-15925, CVE-2019-16231, CVE-2019-16233, CVE-2019-18808, CVE-2019-18809, CVE-2019-19046, CVE-2019-19056, CVE-2019-19062, CVE-2019-19063, CVE-2019-19068, CVE-2019-19072, CVE-2019-19319, CVE-2019-19332, CVE-2019-19447, CVE-2019-19524, CVE-2019-19533, CVE-2019-19537, CVE-2019-19543, CVE-2019-19767, CVE-2019-19770, CVE-2019-20054, CVE-2019-20636, CVE-2019-9455, CVE-2019-9458, CVE-2020-0305, CVE-2020-10732, CVE-2020-10751, CVE-2020-10774, CVE-2020-10942, CVE-2020-11565, CVE-2020-11668, CVE-2020-12655, CVE-2020-12659, CVE-2020-12770, CVE-2020-12826, CVE-2020-14381, CVE-2020-25641, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, CVE-2021-3715 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458) * kernel: use-after-free in drivers/bluetooth/hci_ldisc.c (CVE-2019-15917) * kernel: out-of-bounds access in function hclge_tm_schd_mode_vnet_base_cfg (CVE-2019-15925) * kernel: memory leak in ccp_run_sha_cmd() (CVE-2019-18808) * kernel: Denial Of Service in the __ipmi_bmc_register() (CVE-2019-19046) * kernel: out-of-bounds write in ext4_xattr_set_entry in fs/ext4/xattr.c (CVE-2019-19319) * Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332) * kernel: use-after-free in ext4_put_super (CVE-2019-19447) * kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free (CVE-2019-19524) * kernel: race condition caused by a malicious USB device in the USB character device driver layer (CVE-2019-19537) * kernel: use-after-free in serial_ir_init_module() (CVE-2019-19543) * kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry (CVE-2019-19767) * kernel: use-after-free in debugfs_remove (CVE-2019-19770) * kernel: out-of-bounds write via crafted keycode table (CVE-2019-20636) * kernel: possible use-after-free due to a race condition in cdev_get of char_dev.c (CVE-2020-0305) * kernel: out-of-bounds read in in vc_do_resize (CVE-2020-8647) * kernel: use-after-free in n_tty_receive_buf_common (CVE-2020-8648) * kernel: invalid read location in vgacon_invert_region (CVE-2020-8649) * kernel: uninitialized kernel data leak in userspace coredumps (CVE-2020-10732) * kernel: SELinux netlink permission check bypass (CVE-2020-10751) * kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c (CVE-2020-11565) * kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668) * kernel: out-of-bounds write in xdp_umem_reg (CVE-2020-12659) * kernel: sg_write function lacks an sg_remove_request call in a certain failure case (CVE-2020-12770) * kernel: possible to send arbitrary signals to a privileged (suidroot) parent process (CVE-2020-12826) * kernel: referencing inode of removed superblock in get_futex_key() causes UAF (CVE-2020-14381) * kernel: soft-lockups in iov_iter_copy_from_user_atomic() could result in DoS (CVE-2020-25641) * kernel: kernel pointer leak due to WARN_ON statement in video driver leads to local information disclosure (CVE-2019-9455) * kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c (CVE-2019-16231) * kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c (CVE-2019-16233) * kernel: memory leak in af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c (CVE-2019-18809) * kernel: A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() (CVE-2019-19056) * kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS (CVE-2019-19062) * kernel: Two memory leaks in the rtl_usb_probe() (CVE-2019-19063) * kernel: A memory leak in the rtl8xxxu_submit_int_urb() (CVE-2019-19068) * kernel: A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c allows for a DoS (CVE-2019-19072) * kernel: information leak bug caused by a malicious USB device in the drivers/media/usb/ttusb-dec/ttusb_dec.c (CVE-2019-19533) * kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c (CVE-2019-20054) * kernel: possibility of memory disclosure when reading the file /proc/sys/kernel/rh_features (CVE-2020-10774) * kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field (CVE-2020-10942) * kernel: sync of excessive duration via an XFS v5 image with crafted metadata (CVE-2020-12655) |
RHSA-2020:4619: frr security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204619 mediumRHSA-2020:4619 CVE-2020-12831
RHSA-2020:4619: frr security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204619 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4619, CVE-2020-12831 |
| Description | FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD. Security Fix(es): * frr: default permission issue eases information leaks (CVE-2020-12831) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4625: spamassassin security update (Moderate)oval-com.redhat.rhsa-def-20204625 mediumRHSA-2020:4625 CVE-2018-11805 CVE-2019-12420 CVE-2020-1930 CVE-2020-1931
RHSA-2020:4625: spamassassin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204625 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4625, CVE-2018-11805, CVE-2019-12420, CVE-2020-1930, CVE-2020-1931 |
| Description | The SpamAssassin tool provides a way to reduce unsolicited commercial email (spam) from incoming email. Security Fix(es): * spamassassin: crafted configuration files can run system commands without any output or errors (CVE-2018-11805) * spamassassin: crafted email message can lead to DoS (CVE-2019-12420) * spamassassin: command injection via crafted configuration file (CVE-2020-1930) * spamassassin: command injection via crafted configuration file (CVE-2020-1931) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4627: SDL security update (Moderate)oval-com.redhat.rhsa-def-20204627 mediumRHSA-2020:4627 CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575 CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635 CVE-2019-7636 CVE-2019-7637 CVE-2019-7638
RHSA-2020:4627: SDL security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204627 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4627, CVE-2019-7572, CVE-2019-7573, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7636, CVE-2019-7637, CVE-2019-7638 |
| Description | Simple DirectMedia Layer (SDL) is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. Security Fix(es): * SDL: buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c (CVE-2019-7572) * SDL: heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7575) * SDL: heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c (CVE-2019-7636) * SDL: heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (CVE-2019-7637) * SDL: heap-based buffer over-read in Map1toN in video/SDL_pixels.c (CVE-2019-7638) * SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7573) * SDL: heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c (CVE-2019-7574) * SDL: heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (CVE-2019-7576) * SDL: buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c (CVE-2019-7577) * SDL: heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c (CVE-2019-7578) * SDL: heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c (CVE-2019-7635) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4628: libreoffice security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20204628 lowRHSA-2020:4628 CVE-2020-12802 CVE-2020-12803
RHSA-2020:4628: libreoffice security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204628 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4628, CVE-2020-12802, CVE-2020-12803 |
| Description | LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. The following packages have been upgraded to a later upstream version: libreoffice (6.3.6.2), libcmis (0.5.2), liborcus (0.14.1). (BZ#1796893) Security Fix(es): * libreoffice: 'stealth mode' remote resource restrictions bypass (CVE-2020-12802) * libreoffice: forms allowed to be submitted to any URI could result in local file overwrite (CVE-2020-12803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4629: libvpx security update (Moderate)oval-com.redhat.rhsa-def-20204629 mediumRHSA-2020:4629 CVE-2019-2126 CVE-2019-9232 CVE-2019-9371 CVE-2019-9433
RHSA-2020:4629: libvpx security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204629 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4629, CVE-2019-2126, CVE-2019-9232, CVE-2019-9371, CVE-2019-9433 |
| Description | The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Double free in ParseContentEncodingEntry() in mkvparser.cc (CVE-2019-2126) * libvpx: Out of bounds read in vp8_norm table (CVE-2019-9232) * libvpx: Resource exhaustion after memory leak in mkvparser.cc (CVE-2019-9371) * libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c (CVE-2019-9433) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4634: libtiff security update (Moderate)oval-com.redhat.rhsa-def-20204634 mediumRHSA-2020:4634 CVE-2019-17546
RHSA-2020:4634: libtiff security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204634 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4634, CVE-2019-17546 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c (CVE-2019-17546) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4638: sysstat security update (Low)oval-com.redhat.rhsa-def-20204638 lowRHSA-2020:4638 CVE-2019-16167
RHSA-2020:4638: sysstat security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204638 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4638, CVE-2019-16167 |
| Description | The sysstat packages provide the sar and iostat commands. These commands enable system monitoring of disk, network, and other I/O activity. Security Fix(es): * sysstat: memory corruption due to an integer overflow in remap_struct in sa_common.c (CVE-2019-16167) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204641 mediumRHSA-2020:4641 CVE-2019-20477 CVE-2019-20907 CVE-2020-14422 CVE-2020-1747 CVE-2020-8492
RHSA-2020:4641: python38:3.8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204641 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4641, CVE-2019-20477, CVE-2019-20907, CVE-2020-14422, CVE-2020-1747, CVE-2020-8492 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
The following packages have been upgraded to a later upstream version: python38 (3.8.3). (BZ#1847416)
Security Fix(es):
* PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)
* python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)
* PyYAML: arbitrary command execution through python/object/new when FullLoader is used (CVE-2020-1747)
* python: wrong backtracking in urllib.request.AbstractBasicAuthHandler allows for a ReDoS (CVE-2020-8492)
* python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.
|
RHSA-2020:4643: poppler security update (Low)oval-com.redhat.rhsa-def-20204643 lowRHSA-2020:4643 CVE-2019-14494
RHSA-2020:4643: poppler security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204643 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4643, CVE-2019-14494 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. Security Fix(es): * poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc (CVE-2019-14494) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204647 mediumRHSA-2020:4647 CVE-2020-11018 CVE-2020-11019 CVE-2020-11038 CVE-2020-11039 CVE-2020-11040 CVE-2020-11041 CVE-2020-11042 CVE-2020-11043 CVE-2020-11044 CVE-2020-11045 CVE-2020-11046 CVE-2020-11047 CVE-2020-11048 CVE-2020-11049 CVE-2020-11058 CVE-2020-11085 CVE-2020-11086 CVE-2020-11087 CVE-2020-11088 CVE-2020-11089 CVE-2020-11522 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396 CVE-2020-13397
RHSA-2020:4647: freerdp and vinagre security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204647 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4647, CVE-2020-11018, CVE-2020-11019, CVE-2020-11038, CVE-2020-11039, CVE-2020-11040, CVE-2020-11041, CVE-2020-11042, CVE-2020-11043, CVE-2020-11044, CVE-2020-11045, CVE-2020-11046, CVE-2020-11047, CVE-2020-11048, CVE-2020-11049, CVE-2020-11058, CVE-2020-11085, CVE-2020-11086, CVE-2020-11087, CVE-2020-11088, CVE-2020-11089, CVE-2020-11522, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396, CVE-2020-13397 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop. The following packages have been upgraded to a later upstream version: freerdp (2.1.1). (BZ#1834287) Security Fix(es): * freerdp: Out of bound read in cliprdr_server_receive_capabilities (CVE-2020-11018) * freerdp: Out of bound read/write in usb redirection channel (CVE-2020-11039) * freerdp: out-of-bounds read in update_read_icon_info function (CVE-2020-11042) * freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results function (CVE-2020-11047) * freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. (CVE-2020-13396) * freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c (CVE-2020-13397) * freerdp: Out of bound read in update_recv could result in a crash (CVE-2020-11019) * freerdp: Integer overflow in VIDEO channel (CVE-2020-11038) * freerdp: Out of bound access in clear_decompress_subcode_rlex (CVE-2020-11040) * freerdp: Unchecked read of array offset in rdpsnd_recv_wave2_pdu (CVE-2020-11041) * freerdp: out of bound read in rfx_process_message_tileset (CVE-2020-11043) * freerdp: double free in update_read_cache_bitmap_v3_order function (CVE-2020-11044) * freerdp: out of bounds read in update_read_bitmap_data function (CVE-2020-11045) * freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read (CVE-2020-11046) * freerdp: out-of-bounds read could result in aborting the session (CVE-2020-11048) * freerdp: out-of-bound read of client memory that is then passed on to the protocol parser (CVE-2020-11049) * freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read (CVE-2020-11058) * freerdp: out-of-bounds read in cliprdr_read_format_list function (CVE-2020-11085) * freerdp: out-of-bounds read in ntlm_read_ntlm_v2_client_challenge function (CVE-2020-11086) * freerdp: out-of-bounds read in ntlm_read_AuthenticateMessage (CVE-2020-11087) * freerdp: out-of-bounds read in ntlm_read_NegotiateMessage (CVE-2020-11088) * freerdp: out-of-bounds read in irp functions (CVE-2020-11089) * freerdp: out-of-bounds read in gdi.c (CVE-2020-11522) * freerdp: out-of-bounds read in bitmap.c (CVE-2020-11525) * freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later (CVE-2020-11526) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4649: evolution security and bug fix update (Low)oval-com.redhat.rhsa-def-20204649 lowRHSA-2020:4649 CVE-2020-14928
RHSA-2020:4649: evolution security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20204649 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:4649, CVE-2020-14928 |
| Description | Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. OpenChange provides libraries to access Microsoft Exchange servers using native protocols. Security Fix(es): * evolution-data-server: Response injection via STARTTLS in SMTP and POP3 (CVE-2020-14928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204650 mediumRHSA-2020:4650 CVE-2020-8631 CVE-2020-8632
RHSA-2020:4650: cloud-init security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204650 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4650, CVE-2020-8631, CVE-2020-8632 |
| Description | The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fix(es): * cloud-init: Use of random.choice when generating random password (CVE-2020-8631) * cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4654: python27:2.7 security update (Moderate)oval-com.redhat.rhsa-def-20204654 mediumRHSA-2020:4654 CVE-2019-20907 CVE-2019-20916
RHSA-2020:4654: python27:2.7 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204654 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4654, CVE-2019-20907, CVE-2019-20916 |
| Description | Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) * python-pip: directory traversal in _download_http_url() function in src/pip/_internal/download.py (CVE-2019-20916) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4655: cyrus-imapd security update (Moderate)oval-com.redhat.rhsa-def-20204655 mediumRHSA-2020:4655 CVE-2019-18928 CVE-2019-19783
RHSA-2020:4655: cyrus-imapd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204655 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4655, CVE-2019-18928, CVE-2019-19783 |
| Description | The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fix(es): * cyrus-imapd: privilege escalation in HTTP request (CVE-2019-18928) * cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks (CVE-2019-19783) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4659: gd security update (Moderate)oval-com.redhat.rhsa-def-20204659 mediumRHSA-2020:4659 CVE-2018-14553 CVE-2019-6977 CVE-2019-6978
RHSA-2020:4659: gd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204659 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4659, CVE-2018-14553, CVE-2019-6977, CVE-2019-6978 |
| Description | GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fix(es): * gd: Heap-based buffer overflow in gdImageColorMatch() in gd_color_match.c (CVE-2019-6977) * gd: NULL pointer dereference in gdImageClone (CVE-2018-14553) * gd: Double free in the gdImage*Ptr in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c (CVE-2019-6978) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4667: mailman:2.1 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204667 mediumRHSA-2020:4667 CVE-2020-12137
RHSA-2020:4667: mailman:2.1 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204667 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4667, CVE-2020-12137 |
| Description | Mailman is a program used to help manage e-mail discussion lists. Security Fix(es): * mailman: XSS via file attachments in list archives (CVE-2020-12137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204670 mediumRHSA-2020:4670 CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2018-20676 CVE-2018-20677 CVE-2019-11358 CVE-2019-8331 CVE-2020-11022 CVE-2020-1722
RHSA-2020:4670: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204670 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4670, CVE-2015-9251, CVE-2016-10735, CVE-2018-14040, CVE-2018-14042, CVE-2018-20676, CVE-2018-20677, CVE-2019-11358, CVE-2019-8331, CVE-2020-11022, CVE-2020-1722 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. The following packages have been upgraded to a later upstream version: ipa (4.8.7), softhsm (2.6.0), opendnssec (2.1.6). (BZ#1759888, BZ#1818765, BZ#1818877) Security Fix(es): * js-jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676) * bootstrap: XSS in the affix configuration target property (CVE-2018-20677) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * js-jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * ipa: No password length restriction leads to denial of service (CVE-2020-1722) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204676 mediumRHSA-2020:4676 CVE-2019-15890 CVE-2019-20485 CVE-2020-10703 CVE-2020-14301 CVE-2020-14339 CVE-2020-1983
RHSA-2020:4676: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204676 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4676, CVE-2019-15890, CVE-2019-20485, CVE-2020-10703, CVE-2020-14301, CVE-2020-14339, CVE-2020-1983 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. The following packages have been upgraded to a later upstream version: hivex (1.3.18), libguestfs (1.40.2), libguestfs-winsupport (8.2), libvirt (6.0.0), libvirt-dbus (1.3.0), libvirt-python (6.0.0), nbdkit (1.16.2), perl-Sys-Virt (6.0.0), qemu-kvm (4.2.0), seabios (1.13.0), SLOF (20191022). (BZ#1810193, BZ#1844296) Security Fix(es): * libvirt: leak of /dev/mapper/control into QEMU guests (CVE-2020-14339) * QEMU: Slirp: use-after-free during packet reassembly (CVE-2019-15890) * libvirt: Potential DoS by holding a monitor job while querying QEMU guest-agent (CVE-2019-20485) * QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983) * libvirt: Potential denial of service via active pool without target path (CVE-2020-10703) * libvirt: leak of sensitive cookie information via dumpxml (CVE-2020-14301) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204682 mediumRHSA-2020:4682 CVE-2018-18624 CVE-2019-19499 CVE-2020-11110 CVE-2020-12052 CVE-2020-12245 CVE-2020-12458 CVE-2020-12459 CVE-2020-13430
RHSA-2020:4682: grafana security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204682 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4682, CVE-2018-18624, CVE-2019-19499, CVE-2020-11110, CVE-2020-12052, CVE-2020-12245, CVE-2020-12458, CVE-2020-12459, CVE-2020-13430 |
| Description | Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (6.7.4). (BZ#1807323) Security Fix(es): * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * grafana: arbitrary file read via MySQL data source (CVE-2019-19499) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * grafana: information disclosure through world-readable /var/lib/grafana/grafana.db (CVE-2020-12458) * grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459) * grafana: XSS via the OpenTSDB datasource (CVE-2020-13430) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4685: kernel security update (Important)oval-com.redhat.rhsa-def-20204685 highRHSA-2020:4685 CVE-2020-24490 CVE-2020-25661 CVE-2020-25662
RHSA-2020:4685: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204685 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4685, CVE-2020-24490, CVE-2020-25661, CVE-2020-25662 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events (CVE-2020-24490) * kernel: Red Hat only CVE-2020-12351 regression (CVE-2020-25661) * kernel: Red Hat only CVE-2020-12352 regression (CVE-2020-25662) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4686: kernel-rt security update (Important)oval-com.redhat.rhsa-def-20204686 highRHSA-2020:4686 CVE-2020-24490 CVE-2020-25661 CVE-2020-25662
RHSA-2020:4686: kernel-rt security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204686 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4686, CVE-2020-24490, CVE-2020-25661, CVE-2020-25662 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: net: bluetooth: heap buffer overflow when processing extended advertising report events (CVE-2020-24490) * kernel: Red Hat only CVE-2020-12351 regression (CVE-2020-25661) * kernel: Red Hat only CVE-2020-12352 regression (CVE-2020-25662) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4687: oddjob security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204687 mediumRHSA-2020:4687 CVE-2020-10737
RHSA-2020:4687: oddjob security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204687 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4687, CVE-2020-10737 |
| Description | The oddjob packages contain a D-Bus service which performs particular tasks for clients which connect to it and issue requests using the system-wide message bus. The following packages have been upgraded to a later upstream version: oddjob (0.34.5). (BZ#1833289) Security Fix(es): * oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack (CVE-2020-10737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4689: openwsman security update (Moderate)oval-com.redhat.rhsa-def-20204689 mediumRHSA-2020:4689 CVE-2019-3833
RHSA-2020:4689: openwsman security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204689 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4689, CVE-2019-3833 |
| Description | Openwsman is a project intended to provide an open source implementation of the Web Services Management specification (WS-Management) and to expose system management information on the Linux operating system using the WS-Management protocol. WS-Management is based on a suite of web services specifications and usage requirements that cover all system management aspects. Security Fix(es): * openwsman: Infinite loop in process_connection() allows denial of service (CVE-2019-3833) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204690 mediumRHSA-2020:4690 CVE-2015-9541 CVE-2018-21035 CVE-2020-0569 CVE-2020-0570 CVE-2020-13962
RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204690 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4690, CVE-2015-9541, CVE-2018-21035, CVE-2020-0569, CVE-2020-0570, CVE-2020-13962 |
| Description | Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qt: XML entity expansion vulnerability (CVE-2015-9541) * qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS (CVE-2018-21035) * qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0569) * qt: files placed by attacker can influence the working directory and lead to malicious code execution (CVE-2020-0570) * qt5: incorrectly calls SSL_shutdown() in OpenSSL mid-handshake causing denial of service in TLS applications (CVE-2020-13962) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4694: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204694 mediumRHSA-2020:4694 CVE-2020-10749 CVE-2020-10756 CVE-2020-14040
RHSA-2020:4694: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204694 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4694, CVE-2020-10749, CVE-2020-10756, CVE-2020-14040 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * containernetworking/plugins: IPv6 router advertisements allow for MitM attacks on IPv4 clusters (CVE-2020-10749) * QEMU: slirp: networking out-of-bounds read information disclosure vulnerability (CVE-2020-10756) * golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4697: targetcli security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204697 mediumRHSA-2020:4697 CVE-2020-13867
RHSA-2020:4697: targetcli security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204697 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4697, CVE-2020-13867 |
| Description | The targetcli package contains an administration shell for configuring Internet Small Computer System Interface (iSCSI), Fibre Channel over Ethernet (FCoE), and other SCSI targets, using the Target Core Mod/Linux-IO (TCM/LIO) kernel target subsystem. FCoE users also need to install and use the fcoe-utils package. The following packages have been upgraded to a later upstream version: targetcli (2.1.53). (BZ#1845167) Security Fix(es): * targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4709: librsvg2 security update (Moderate)oval-com.redhat.rhsa-def-20204709 mediumRHSA-2020:4709 CVE-2019-20446
RHSA-2020:4709: librsvg2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204709 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4709, CVE-2019-20446 |
| Description | The librsvg2 packages provide a Scalable Vector Graphics (SVG) library based on the libart library. Security Fix(es): * librsvg: Resource exhaustion via crafted SVG file with nested patterns (CVE-2019-20446) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4712: subversion:1.10 security update (Moderate)oval-com.redhat.rhsa-def-20204712 mediumRHSA-2020:4712 CVE-2018-11782
RHSA-2020:4712: subversion:1.10 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204712 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4712, CVE-2018-11782 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: remotely triggerable DoS vulnerability in svnserve 'get-deleted-rev' (CVE-2018-11782) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204743 mediumRHSA-2020:4743 CVE-2019-12520 CVE-2019-12521 CVE-2019-12523 CVE-2019-12524 CVE-2019-12526 CVE-2019-12528 CVE-2019-12529 CVE-2019-12854 CVE-2019-18676 CVE-2019-18677 CVE-2019-18678 CVE-2019-18679 CVE-2019-18860 CVE-2020-14058 CVE-2020-15049 CVE-2020-24606 CVE-2020-8449 CVE-2020-8450
RHSA-2020:4743: squid:4 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204743 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4743, CVE-2019-12520, CVE-2019-12521, CVE-2019-12523, CVE-2019-12524, CVE-2019-12526, CVE-2019-12528, CVE-2019-12529, CVE-2019-12854, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678, CVE-2019-18679, CVE-2019-18860, CVE-2020-14058, CVE-2020-15049, CVE-2020-24606, CVE-2020-8449, CVE-2020-8450 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid (4.11). (BZ#1829467) Security Fix(es): * squid: Improper input validation in request allows for proxy manipulation (CVE-2019-12520) * squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash (CVE-2019-12521) * squid: Improper input validation in URI processor (CVE-2019-12523) * squid: Improper access restriction in url_regex may lead to security bypass (CVE-2019-12524) * squid: Heap overflow issue in URN processing (CVE-2019-12526) * squid: Information Disclosure issue in FTP Gateway (CVE-2019-12528) * squid: Out of bounds read in Proxy-Authorization header causes DoS (CVE-2019-12529) * squid: Denial of service in cachemgr.cgi (CVE-2019-12854) * squid: Buffer overflow in URI processor (CVE-2019-18676) * squid: Cross-Site Request Forgery issue in HTTP Request processing (CVE-2019-18677) * squid: HTTP Request Splitting issue in HTTP message processing (CVE-2019-18678) * squid: Information Disclosure issue in HTTP Digest Authentication (CVE-2019-18679) * squid: Mishandled HTML in the host parameter to cachemgr.cgi results in insecure behaviour (CVE-2019-18860) * squid: Improper input validation issues in HTTP Request processing (CVE-2020-8449) * squid: Buffer overflow in reverse-proxy configurations (CVE-2020-8450) * squid: DoS in TLS handshake (CVE-2020-14058) * squid: Request smuggling and poisoning attack against the HTTP cache (CVE-2020-15049) * squid: Improper input validation could result in a DoS (CVE-2020-24606) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4751: httpd:2.4 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204751 mediumRHSA-2020:4751 CVE-2018-17189 CVE-2019-0196 CVE-2019-0197 CVE-2019-10081 CVE-2019-10082 CVE-2019-10092 CVE-2019-10097 CVE-2019-10098 CVE-2020-1927 CVE-2020-1934
RHSA-2020:4751: httpd:2.4 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204751 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4751, CVE-2018-17189, CVE-2019-0196, CVE-2019-0197, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098, CVE-2020-1927, CVE-2020-1934 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). (BZ#1814236) Security Fix(es): * httpd: memory corruption on early pushes (CVE-2019-10081) * httpd: read-after-free in h2 connection shutdown (CVE-2019-10082) * httpd: null-pointer dereference in mod_remoteip (CVE-2019-10097) * httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927) * httpd: mod_http2: DoS via slow, unneeded request bodies (CVE-2018-17189) * httpd: mod_http2: read-after-free on a string compare (CVE-2019-0196) * httpd: mod_http2: possible crash on late upgrade (CVE-2019-0197) * httpd: limited cross-site scripting in mod_proxy error page (CVE-2019-10092) * httpd: mod_rewrite potential open redirect (CVE-2019-10098) * httpd: mod_proxy_ftp use of uninitialized value (CVE-2020-1934) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4756: varnish:6 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204756 mediumRHSA-2020:4756 CVE-2019-15892 CVE-2019-20637 CVE-2020-11653
RHSA-2020:4756: varnish:6 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204756 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4756, CVE-2019-15892, CVE-2019-20637, CVE-2020-11653 |
| Description | Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. The following packages have been upgraded to a later upstream version: varnish (6.0.6). (BZ#1795673) Security Fix(es): * varnish: denial of service handling certain crafted HTTP/1 requests (CVE-2019-15892) * varnish: remote clients may cause Varnish to assert and restart which could result in DoS (CVE-2020-11653) * varnish: not clearing pointer between two client requests leads to information disclosure (CVE-2019-20637) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204760 mediumRHSA-2020:4760 CVE-2018-10103 CVE-2018-10105 CVE-2018-14461 CVE-2018-14462 CVE-2018-14463 CVE-2018-14464 CVE-2018-14465 CVE-2018-14466 CVE-2018-14467 CVE-2018-14468 CVE-2018-14469 CVE-2018-14470 CVE-2018-14879 CVE-2018-14880 CVE-2018-14881 CVE-2018-14882 CVE-2018-16227 CVE-2018-16228 CVE-2018-16229 CVE-2018-16230 CVE-2018-16300 CVE-2018-16451 CVE-2018-16452 CVE-2019-15166
RHSA-2020:4760: tcpdump security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204760 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4760, CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452, CVE-2019-15166 |
| Description | The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. The following packages have been upgraded to a later upstream version: tcpdump (4.9.3). (BZ#1804063) Security Fix(es): * tcpdump: SMB data printing mishandled (CVE-2018-10103) * tcpdump: SMB data printing mishandled (CVE-2018-10105) * tcpdump: Out of bounds read/write in get_next_file() in tcpdump.c (CVE-2018-14879) * tcpdump: Buffer over-read in ldp_tlv_print() function in print-ldp.c (CVE-2018-14461) * tcpdump: Buffer over-read in icmp_print() function in print-icmp.c (CVE-2018-14462) * tcpdump: Buffer over-read in vrrp_print() function in print-vrrp.c (CVE-2018-14463) * tcpdump: Buffer over-read in lmp_print_data_link_subobjs() function in print-lmp.c (CVE-2018-14464) * tcpdump: Buffer over-read in rsvp_obj_print() function in print-rsvp.c (CVE-2018-14465) * tcpdump: Buffer over-read in print-icmp6.c (CVE-2018-14466) * tcpdump: Buffer over-read in bgp_capabilities_print() in print-bgp.c (CVE-2018-14467) * tcpdump: Buffer over-read in mfr_print() function in print-fr.c (CVE-2018-14468) * tcpdump: Buffer over-read in ikev1_n_print() function in print-isakmp.c (CVE-2018-14469) * tcpdump: Buffer over-read in babel_print_v2() in print-babel.c (CVE-2018-14470) * tcpdump: Buffer over-read in ospf6_print_lshdr() function in print-ospf6.c (CVE-2018-14880) * tcpdump: Buffer over-read in bgp_capabilities_print() function in print-bgp.c (CVE-2018-14881) * tcpdump: Buffer over-read in function rpl_dio_printopt in print-icmp6.c (CVE-2018-14882) * tcpdump: Buffer over-read in print-802_11.c (CVE-2018-16227) * tcpdump: Access to uninitialized buffer in print_prefix() function in print-hncp.c (CVE-2018-16228) * tcpdump: Buffer over-read in dccp_print_option() function in print-dccp.c (CVE-2018-16229) * tcpdump: Buffer over-read in bgp_attr_print() function in print-bgp.c (CVE-2018-16230) * tcpdump: Resource exhaustion in bgp_attr_print() function in print-bgp.c (CVE-2018-16300) * tcpdump: Buffer over-read in print_trans() function in print-smb.c (CVE-2018-16451) * tcpdump: Resource exhaustion in smb_fdata() funtion in smbutil.c (CVE-2018-16452) * tcpdump: Buffer overflow in lmp_print_data_link_subobjs() in print-lmp.c (CVE-2019-15166) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4763: dovecot security update (Moderate)oval-com.redhat.rhsa-def-20204763 mediumRHSA-2020:4763 CVE-2020-10958 CVE-2020-10967
RHSA-2020:4763: dovecot security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204763 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4763, CVE-2020-10958, CVE-2020-10967 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: command followed by sufficient number of newlines leads to use-after-free (CVE-2020-10958) * dovecot: sending mail with empty quoted localpart leads to DoS (CVE-2020-10967) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204766 mediumRHSA-2020:4766 CVE-2019-9278 CVE-2020-0093 CVE-2020-0181 CVE-2020-0182 CVE-2020-0198 CVE-2020-12767 CVE-2020-13113 CVE-2020-13114
RHSA-2020:4766: libexif security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204766 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4766, CVE-2019-9278, CVE-2020-0093, CVE-2020-0181, CVE-2020-0182, CVE-2020-0198, CVE-2020-12767, CVE-2020-13113, CVE-2020-13114 |
| Description | The libexif packages provide a library for extracting extra information from image files. The following packages have been upgraded to a later upstream version: libexif (0.6.22). (BZ#1841320) Security Fix(es): * libexif: out of bounds write in exif-data.c (CVE-2019-9278) * libexif: out of bounds read due to a missing bounds check in exif_data_save_data_entry function in exif-data.c (CVE-2020-0093) * libexif: integer overflow in exif_data_load_data_thumbnail function in exif-data.c (CVE-2020-0181) * libexif: integer overflow in exif_data_load_data_content function in exif-data.c (CVE-2020-0198) * libexif: use of uninitialized memory in EXIF Makernote handling can lead to crashes and use-after-free (CVE-2020-13113) * libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time (CVE-2020-13114) * libexif: out of bounds read due to a missing bounds check in exif_entry_get_value function in exif-entry.c (CVE-2020-0182) * libexif: divide-by-zero in exif_entry_get_value function in exif-entry.c (CVE-2020-12767) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4799: freeradius:3.0 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20204799 mediumRHSA-2020:4799 CVE-2019-17185
RHSA-2020:4799: freeradius:3.0 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204799 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4799, CVE-2019-17185 |
| Description | FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network. Security Fix(es): * freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access (CVE-2019-17185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4805: edk2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204805 mediumRHSA-2020:4805 CVE-2019-14559
RHSA-2020:4805: edk2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204805 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4805, CVE-2019-14559 |
| Description | EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: memory leak in ArpOnFrameRcvdDpc (CVE-2019-14559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4806: dpdk security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20204806 highRHSA-2020:4806 CVE-2020-10722 CVE-2020-10723 CVE-2020-10725 CVE-2020-10726
RHSA-2020:4806: dpdk security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204806 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4806, CVE-2020-10722, CVE-2020-10723, CVE-2020-10725, CVE-2020-10726 |
| Description | The dpdk packages provide the Data Plane Development Kit, which is a set of libraries and drivers for fast packet processing in the user space. The following packages have been upgraded to a later upstream version: dpdk (19.11.3). (BZ#1824905) Security Fix(es): * dpdk: librte_vhost Malicious guest could cause segfault by sending invalid Virtio descriptor (CVE-2020-10725) * dpdk: librte_vhost Integer overflow in vhost_user_set_log_base() (CVE-2020-10722) * dpdk: librte_vhost Integer truncation in vhost_user_check_and_alloc_queue_pair() (CVE-2020-10723) * dpdk: librte_vhost VHOST_USER_GET_INFLIGHT_FD message flooding to result in a DoS (CVE-2020-10726) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4807: prometheus-jmx-exporter security update (Moderate)oval-com.redhat.rhsa-def-20204807 mediumRHSA-2020:4807 CVE-2017-18640
RHSA-2020:4807: prometheus-jmx-exporter security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204807 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4807, CVE-2017-18640 |
| Description | Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fix(es): * snakeyaml: Billion laughs attack via alias feature (CVE-2017-18640) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4820: file-roller security update (Moderate)oval-com.redhat.rhsa-def-20204820 mediumRHSA-2020:4820 CVE-2019-16680 CVE-2020-11736
RHSA-2020:4820: file-roller security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204820 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4820, CVE-2019-16680, CVE-2020-11736 |
| Description | File Roller is an application for creating and viewing archives files, such as tar or zip files. Security Fix(es): * file-roller: path traversal vulnerability via a specially crafted filename contained in malicious archive (CVE-2019-16680) * file-roller: directory traversal via directory symlink pointing outside of the target directory (CVE-2020-11736) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4827: oniguruma security update (Moderate)oval-com.redhat.rhsa-def-20204827 mediumRHSA-2020:4827 CVE-2019-13225
RHSA-2020:4827: oniguruma security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204827 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4827, CVE-2019-13225 |
| Description | Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fix(es): * oniguruma: NULL pointer dereference in match_at() in regexec.c (CVE-2019-13225) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4844: fontforge security update (Moderate)oval-com.redhat.rhsa-def-20204844 mediumRHSA-2020:4844 CVE-2020-25690
RHSA-2020:4844: fontforge security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204844 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4844, CVE-2020-25690 |
| Description | FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): * fontforge: SFD_GetFontMetaData() insufficient CVE-2020-5395 backport (CVE-2020-25690) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4846: mingw-expat security update (Moderate)oval-com.redhat.rhsa-def-20204846 mediumRHSA-2020:4846 CVE-2018-20843
RHSA-2020:4846: mingw-expat security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204846 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4846, CVE-2018-20843 |
| Description | Expat is a C library for parsing XML documents. The mingw-expat packages provide a port of the Expat library for MinGW. Security Fix(es): * expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20204847 mediumRHSA-2020:4847 CVE-2015-9251 CVE-2016-10735 CVE-2018-14040 CVE-2018-14042 CVE-2019-10146 CVE-2019-10179 CVE-2019-10221 CVE-2019-11358 CVE-2019-8331 CVE-2020-11022 CVE-2020-11023 CVE-2020-15720 CVE-2020-1721 CVE-2020-1935 CVE-2020-25715
RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20204847 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:4847, CVE-2015-9251, CVE-2016-10735, CVE-2018-14040, CVE-2018-14042, CVE-2019-10146, CVE-2019-10179, CVE-2019-10221, CVE-2019-11358, CVE-2019-8331, CVE-2020-11022, CVE-2020-11023, CVE-2020-15720, CVE-2020-1721, CVE-2020-1935, CVE-2020-25715 |
| Description | The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * jquery: Cross-site scripting via cross-domain ajax requests (CVE-2015-9251) * bootstrap: XSS in the data-target attribute (CVE-2016-10735) * bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040) * bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042) * bootstrap: XSS in the tooltip or popover data-template attribute (CVE-2019-8331) * jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358) * jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022) * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) * pki: Dogtag's python client does not validate certificates (CVE-2020-15720) * pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221) * pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2020:4907: freetype security update (Important)oval-com.redhat.rhsa-def-20204907 highRHSA-2020:4907 CVE-2020-15999
RHSA-2020:4907: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204907 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4907, CVE-2020-15999 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fix(es): * freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4908: libX11 security update (Important)oval-com.redhat.rhsa-def-20204908 highRHSA-2020:4908 CVE-2020-14363
RHSA-2020:4908: libX11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204908 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4908, CVE-2020-14363 |
| Description | The libX11 packages contain the core X11 protocol client library. Security Fix(es): * libX11: integer overflow leads to double free in locale handling (CVE-2020-14363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4909: thunderbird security update (Important)oval-com.redhat.rhsa-def-20204909 highRHSA-2020:4909 CVE-2020-15683 CVE-2020-15969
RHSA-2020:4909: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204909 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4909, CVE-2020-15683, CVE-2020-15969 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4910: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20204910 highRHSA-2020:4910 CVE-2020-14345 CVE-2020-14346 CVE-2020-14361 CVE-2020-14362
RHSA-2020:4910: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204910 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4910, CVE-2020-14345, CVE-2020-14346, CVE-2020-14361, CVE-2020-14362 |
| Description | X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345) * xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346) * xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361) * xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4913: thunderbird security update (Important)oval-com.redhat.rhsa-def-20204913 highRHSA-2020:4913 CVE-2020-15683 CVE-2020-15969
RHSA-2020:4913: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204913 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4913, CVE-2020-15683, CVE-2020-15969 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4946: libX11 security update (Important)oval-com.redhat.rhsa-def-20204946 highRHSA-2020:4946 CVE-2020-14363
RHSA-2020:4946: libX11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204946 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4946, CVE-2020-14363 |
| Description | The libX11 packages contain the core X11 protocol client library. Security Fix(es): * libX11: integer overflow leads to double free in locale handling (CVE-2020-14363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4947: thunderbird security update (Important)oval-com.redhat.rhsa-def-20204947 highRHSA-2020:4947 CVE-2020-15683 CVE-2020-15969
RHSA-2020:4947: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204947 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4947, CVE-2020-15683, CVE-2020-15969 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683) * chromium-browser: Use after free in WebRTC (CVE-2020-15969) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4952: freetype security update (Important)oval-com.redhat.rhsa-def-20204952 highRHSA-2020:4952 CVE-2020-15999
RHSA-2020:4952: freetype security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204952 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4952, CVE-2020-15999 |
| Description | FreeType is a free, high-quality, portable font engine that can open and manage font files. FreeType loads, hints, and renders individual glyphs efficiently. Security Fix(es): * freetype: Heap-based buffer overflow due to integer truncation in Load_SBit_Png (CVE-2020-15999) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:4953: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20204953 highRHSA-2020:4953 CVE-2020-14345 CVE-2020-14346 CVE-2020-14361 CVE-2020-14362
RHSA-2020:4953: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20204953 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:4953, CVE-2020-14345, CVE-2020-14346, CVE-2020-14361, CVE-2020-14362 |
| Description | X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345) * xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346) * xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361) * xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5002: curl security update (Moderate)oval-com.redhat.rhsa-def-20205002 mediumRHSA-2020:5002 CVE-2020-8177
RHSA-2020:5002: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205002 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5002, CVE-2020-8177 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Incorrect argument check can allow remote servers to overwrite local files (CVE-2020-8177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5003: fence-agents security and bug fix update (Low)oval-com.redhat.rhsa-def-20205003 lowRHSA-2020:5003 CVE-2020-11078
RHSA-2020:5003: fence-agents security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20205003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:5003, CVE-2020-11078 |
| Description | The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): * python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * fence_lpar: Long username, HMC hostname, or managed system name causes failures [RHEL 7] (BZ#1860545) * InstanceHA does not evacuate instances created with private flavor in tenant project (RHEL7) (BZ#1862024) |
RHSA-2020:5004: resource-agents security and bug fix update (Low)oval-com.redhat.rhsa-def-20205004 lowRHSA-2020:5004 CVE-2020-11078
RHSA-2020:5004: resource-agents security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20205004 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:5004, CVE-2020-11078 |
| Description | The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): * python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * gcp-vpc-move-vip: An existing alias IP range is removed when a second alias IP range is added (BZ#1846732) * sybaseASE: Resource fails to complete a probe operation without access to $sybase_home [RHEL 7] (BZ#1848673) * azure-lb: Resource fails intermittently due to nc output redirection to pidfile (BZ#1850779) * azure-events: handle exceptions in urlopen (RHEL7) (BZ#1862121) |
RHSA-2020:5009: python security update (Moderate)oval-com.redhat.rhsa-def-20205009 mediumRHSA-2020:5009 CVE-2019-20907
RHSA-2020:5009: python security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205009 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5009, CVE-2019-20907 |
| Description | Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. Security Fix(es): * python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5010: python3 security update (Moderate)oval-com.redhat.rhsa-def-20205010 mediumRHSA-2020:5010 CVE-2019-20907 CVE-2020-14422
RHSA-2020:5010: python3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205010 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5010, CVE-2019-20907, CVE-2020-14422 |
| Description | Python is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries.
Security Fix(es):
* python: infinite loop in the tarfile module via crafted TAR archive (CVE-2019-20907)
* python: DoS via inefficiency in IPv{4,6}Interface classes (CVE-2020-14422)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
|
RHSA-2020:5011: bind security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20205011 mediumRHSA-2020:5011 CVE-2020-8622 CVE-2020-8623 CVE-2020-8624
RHSA-2020:5011: bind security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205011 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5011, CVE-2020-8622, CVE-2020-8623, CVE-2020-8624 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: truncated TSIG response can lead to an assertion failure (CVE-2020-8622) * bind: remotely triggerable assertion failure in pk11.c (CVE-2020-8623) * bind: incorrect enforcement of update-policy rules of type "subdomain" (CVE-2020-8624) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported algorithm is found first [RHEL7] (BZ#1884530) |
RHSA-2020:5012: librepo security update (Moderate)oval-com.redhat.rhsa-def-20205012 mediumRHSA-2020:5012 CVE-2020-14352
RHSA-2020:5012: librepo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205012 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5012, CVE-2020-14352 |
| Description | The librepo library provides a C and Python API to download repository metadata. Security Fix(es): * librepo: missing path validation in repomd.xml may lead to directory traversal (CVE-2020-14352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5020: tomcat security update (Low)oval-com.redhat.rhsa-def-20205020 lowRHSA-2020:5020 CVE-2020-1935
RHSA-2020:5020: tomcat security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20205020 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2020:5020, CVE-2020-1935 |
| Description | Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling (CVE-2020-1935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5021: qt and qt5-qtbase security update (Moderate)oval-com.redhat.rhsa-def-20205021 mediumRHSA-2020:5021 CVE-2020-17507
RHSA-2020:5021: qt and qt5-qtbase security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205021 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5021, CVE-2020-17507 |
| Description | The qt packages contain a software toolkit that simplifies the task of writing and maintaining Graphical User Interface (GUI) applications for the X Window System. Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp (CVE-2020-17507) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5023: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20205023 mediumRHSA-2020:5023 CVE-2019-20811 CVE-2020-14331
RHSA-2020:5023: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205023 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5023, CVE-2019-20811, CVE-2020-14331 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: buffer over write in vgacon_scroll (CVE-2020-14331) * kernel: net-sysfs: *_queue_add_kobject refcount issue (CVE-2019-20811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [OSP13,mlx5] SRIOV VF still sending traffic when PF is down (BZ#1733181) * gpf panic in virtio_check_driver_offered_fxature+6 when running sg_inq on a dm map for a lost virtio_blk (BZ#1811893) * GPF panic in qlt_free_session_done+626 (BZ#1826127) * [ Brazos ] "Core(s) per socket" and "Socket" values are interchanged in lscpu output. (kernel) (BZ#1826306) * megaraid Aero: call trace observed during reboots (BZ#1828312) * Crash in mptscsih_io_done() due to buffer overrun in sense_buf_pool (BZ#1829803) * The qedf driver fails to re-establish the online F/C port state when the downstream F/C port is toggled unless a LIP is forced (BZ#1836443) * tcp_fragment() limit causes packet drop under normal TCP load (BZ#1847765) * ip link command shows state as UNKNOWN for MACVLAN interface (BZ#1848950) * Lenovo TS 7Z60 Cooper Lake: PCI BAR firmware bug (BZ#1849223) * [RHEL-7/mlx4] ipoib_flush ipoib_ib_dev_flush_light [ib_ipoib] (BZ#1858707) * Uprobes crashes processes under GDB - SIGTRAP and SIGSEGV (BZ#1861396) * kernel-3.10.0-1127.19.1.el7.x86_64 crashes after an SSH connection attempt when running as a Xen PV guest on AMD Epyc Rome (BZ#1882468) * Null ptr deref after nf_reinject->nf_queue_entry_release_refs hits Attempt to release error doing inet_sock_destruct() (BZ#1885682) Users of kernel are advised to upgrade to these updated packages, which fix these bugs. |
RHSA-2020:5026: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20205026 mediumRHSA-2020:5026 CVE-2019-20811 CVE-2020-14331
RHSA-2020:5026: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205026 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5026, CVE-2019-20811, CVE-2020-14331 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331) * kernel: net-sysfs: *_queue_add_kobject refcount issue (CVE-2019-20811) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL-7.9] net/ipv6/ip6_flowlabel.c:85 suspicious rcu_dereference_check() usage! (kernel-rt-debug) (BZ#1836846) * md/raid: sleeping function called from invalid context triggered by CKI storage/swraid/trim test (BZ#1857872) * Infinite looping when trying to acquire eventpoll->mtx during eventpoll_release_file, 2nd try (BZ#1877695) * kernel-rt: update to the latest RHEL7.9.z1 source tree (BZ#1883995) |
RHSA-2020:5040: libvirt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20205040 mediumRHSA-2020:5040 CVE-2020-25637
RHSA-2020:5040: libvirt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205040 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5040, CVE-2020-25637 |
| Description | The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix(es): * libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c (CVE-2020-25637) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * libvirt destroying macvtap device of running VM after a failed incoming migration of another VM with same macvtap "target device" (BZ#1868549) |
RHSA-2020:5050: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20205050 highRHSA-2020:5050 CVE-2020-14385
RHSA-2020:5050: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205050 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5050, CVE-2020-14385 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5083: microcode_ctl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20205083 mediumRHSA-2020:5083 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698
RHSA-2020:5083: microcode_ctl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205083 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5083, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 |
| Description | Security Fix(es):
* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)
* hw: Vector Register Leakage-Active (CVE-2020-8696)
* hw: Fast forward store predictor (CVE-2020-8698)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Bug Fix(es) and Enhancement(s):
* Update Intel CPU microcode to microcode-20201027 release, addresses:
- Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;
- Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;
- Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;
- Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;
- Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;
- Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision
0xe0;
- Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up
to 0x2006a08;
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up
to 0xde;
- Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up
to 0xde;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up
to 0xe0;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up
to 0xde;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
revision 0xd6 up to 0xde;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up
to 0xde;
- Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode
from revision 0x43 up to 0x44;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157
up to 0x1000159;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01
up to 0x4003003;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x5002f01 up to 0x5003003;
- Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up
to 0x40;
- Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up
to 0x1e;
- Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up
to 0x18;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78
up to 0xa0;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca
up to 0xe0.
* Add README file to the documentation directory.
* Add publicly-sourced codenames list to supply to gen_provides.sh; update the latter to handle the somewhat different format.
* Add SUMMARY.intel-ucode file containing metadata information from the microcode file headers.
|
RHSA-2020:5084: microcode_ctl security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20205084 mediumRHSA-2020:5084 CVE-2020-8696 CVE-2020-8698
RHSA-2020:5084: microcode_ctl security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205084 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5084, CVE-2020-8696, CVE-2020-8698 |
| Description | Security Fix(es):
* hw: Vector Register Leakage-Active (CVE-2020-8696)
* hw: Fast forward store predictor (CVE-2020-8698)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Bug Fix(es) and Enhancement(s):
* Update Intel CPU microcode to microcode-20201027 release, addresses:
- Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;
- Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;
- Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;
- Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;
- Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;
- Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision
0xe0;
- Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up
to 0x2006a08;
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up
to 0xde;
- Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up
to 0xde;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up
to 0xe0;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up
to 0xde;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
revision 0xd6 up to 0xde;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up
to 0xde;
- Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode
from revision 0x43 up to 0x44;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157
up to 0x1000159;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01
up to 0x4003003;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x5002f01 up to 0x5003003;
- Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up
to 0x40;
- Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up
to 0x1e;
- Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up
to 0x18;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78
up to 0xa0;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca
up to 0xe0.
* Add README file to the documentation directory.
* Add publicly-sourced codenames list to supply to gen_provides.sh; update
the latter to handle the somewhat different format.
* Add SUMMARY.intel-ucode file containing metadata information from
the microcode file headers.
|
RHSA-2020:5085: microcode_ctl security, bug fix and enhancement update (Moderate)oval-com.redhat.rhsa-def-20205085 mediumRHSA-2020:5085 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698
RHSA-2020:5085: microcode_ctl security, bug fix and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205085 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5085, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 |
| Description | Security Fix(es):
* hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695)
* hw: Vector Register Leakage-Active (CVE-2020-8696)
* hw: Fast forward store predictor (CVE-2020-8698)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es) and Enhancement(s):
* Update Intel CPU microcode to microcode-20201027 release, addresses:
- Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;
- Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;
- Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;
- Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;
- Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;
- Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision
0xe0;
- Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in
intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;
- Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in
intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up
to 0x2006a08;
- Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in
intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;
- Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up
to 0xde;
- Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up
to 0xde;
- Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up
to 0xe0;
- Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up
to 0xde;
- Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)
microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from
revision 0xd6 up to 0xde;
- Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up
to 0xde;
- Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in
intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up
to 0xde;
- Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode
from revision 0x43 up to 0x44;
- Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157
up to 0x1000159;
- Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01
up to 0x4003003;
- Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision
0x5002f01 up to 0x5003003;
- Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up
to 0x40;
- Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up
to 0x1e;
- Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up
to 0x18;
- Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78
up to 0xa0;
- Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca
up to 0xe0.
* Add README file to the documentation directory.
* Add publicly-sourced codenames list to supply to gen_provides.sh; update
the latter to handle the somewhat different format.
* Add SUMMARY.intel-ucode file containing metadata information from
the microcode file headers.
|
RHSA-2020:5099: firefox security update (Critical)oval-com.redhat.rhsa-def-20205099 highRHSA-2020:5099 CVE-2020-26950
RHSA-2020:5099: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20205099 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5099, CVE-2020-26950 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR. Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5100: firefox security update (Critical)oval-com.redhat.rhsa-def-20205100 highRHSA-2020:5100 CVE-2020-26950
RHSA-2020:5100: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20205100 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5100, CVE-2020-26950 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR. Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5104: firefox security update (Critical)oval-com.redhat.rhsa-def-20205104 highRHSA-2020:5104 CVE-2020-26950
RHSA-2020:5104: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20205104 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5104, CVE-2020-26950 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.1 ESR. Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5129: net-snmp security update (Important)oval-com.redhat.rhsa-def-20205129 highRHSA-2020:5129 CVE-2020-15862
RHSA-2020:5129: net-snmp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205129 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5129, CVE-2020-15862 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. Security Fix(es): * net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5146: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205146 highRHSA-2020:5146 CVE-2020-26950
RHSA-2020:5146: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205146 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5146, CVE-2020-26950 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3. Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5163: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205163 highRHSA-2020:5163 CVE-2020-26950
RHSA-2020:5163: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205163 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5163, CVE-2020-26950 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3. Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5164: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205164 highRHSA-2020:5164 CVE-2020-26950
RHSA-2020:5164: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205164 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5164, CVE-2020-26950 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.4.3. Security Fix(es): * Mozilla: Write side effects in MCallGetProperty opcode not accounted for (CVE-2020-26950) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5235: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205235 highRHSA-2020:5235 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968
RHSA-2020:5235: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205235 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5235, CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5236: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205236 highRHSA-2020:5236 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968
RHSA-2020:5236: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205236 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5236, CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5237: firefox security update (Important)oval-com.redhat.rhsa-def-20205237 highRHSA-2020:5237 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968
RHSA-2020:5237: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205237 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5237, CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5238: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205238 highRHSA-2020:5238 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968
RHSA-2020:5238: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205238 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5238, CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5239: firefox security update (Important)oval-com.redhat.rhsa-def-20205239 highRHSA-2020:5239 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968
RHSA-2020:5239: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205239 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5239, CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5257: firefox security update (Important)oval-com.redhat.rhsa-def-20205257 highRHSA-2020:5257 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26968
RHSA-2020:5257: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205257 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5257, CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Security Fix(es): * Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code (CVE-2020-26951) * Mozilla: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 (CVE-2020-26968) * Mozilla: Variable time processing of cross-origin images during drawImage calls (CVE-2020-16012) * Mozilla: Fullscreen could be enabled without displaying the security UI (CVE-2020-26953) * Mozilla: XSS through paste (manual and clipboard API) (CVE-2020-26956) * Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions (CVE-2020-26958) * Mozilla: Use-after-free in WebRequestService (CVE-2020-26959) * Mozilla: Potential use-after-free in uses of nsTArray (CVE-2020-26960) * Mozilla: DoH did not filter IPv4 mapped IP Addresses (CVE-2020-26961) * Mozilla: Software keyboards may have remembered typed passwords (CVE-2020-26965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5350: net-snmp security update (Important)oval-com.redhat.rhsa-def-20205350 highRHSA-2020:5350 CVE-2020-15862
RHSA-2020:5350: net-snmp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205350 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5350, CVE-2020-15862 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. Security Fix(es): * net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5393: libexif security update (Important)oval-com.redhat.rhsa-def-20205393 highRHSA-2020:5393 CVE-2020-0452
RHSA-2020:5393: libexif security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205393 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5393, CVE-2020-0452 |
| Description | The libexif packages provide a library for extracting extra information from image files. Security Fix(es): * libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5398: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205398 highRHSA-2020:5398 CVE-2020-26970
RHSA-2020:5398: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205398 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5398, CVE-2020-26970 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.1. Security Fix(es): * Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5400: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205400 highRHSA-2020:5400 CVE-2020-26970
RHSA-2020:5400: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205400 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5400, CVE-2020-26970 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.1. Security Fix(es): * Mozilla: Stack overflow due to incorrect parsing of SMTP server response codes (CVE-2020-26970) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5401: libpq security update (Important)oval-com.redhat.rhsa-def-20205401 highRHSA-2020:5401 CVE-2020-25694 CVE-2020-25696
RHSA-2020:5401: libpq security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205401 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5401, CVE-2020-25694, CVE-2020-25696 |
| Description | The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. The following packages have been upgraded to a later upstream version: libpq (12.5). (BZ#1898228, BZ#1901558) Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5402: libexif security update (Important)oval-com.redhat.rhsa-def-20205402 highRHSA-2020:5402 CVE-2020-0452
RHSA-2020:5402: libexif security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205402 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5402, CVE-2020-0452 |
| Description | The libexif packages provide a library for extracting extra information from image files. Security Fix(es): * libexif: out of bounds write due to an integer overflow in exif-entry.c (CVE-2020-0452) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5408: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20205408 highRHSA-2020:5408 CVE-2020-14347 CVE-2020-14360 CVE-2020-25712
RHSA-2020:5408: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205408 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5408, CVE-2020-14347, CVE-2020-14360, CVE-2020-25712 |
| Description | X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360) * xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability (CVE-2020-25712) * xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c (CVE-2020-14347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5434: targetcli security update (Moderate)oval-com.redhat.rhsa-def-20205434 mediumRHSA-2020:5434 CVE-2020-13867
RHSA-2020:5434: targetcli security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205434 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5434, CVE-2020-13867 |
| Description | The targetcli package contains an administration shell for configuring Internet Small Computer System Interface (iSCSI), Fibre Channel over Ethernet (FCoE), and other SCSI targets, using the Target Core Mod/Linux-IO (TCM/LIO) kernel target subsystem. FCoE users also need to install and use the fcoe-utils package. The following packages have been upgraded to a later upstream version: targetcli (2.1.53). (BZ#1853645) Security Fix(es): * targetcli: weak permissions for /etc/target and backup files (CVE-2020-13867) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5435: python-rtslib security update (Moderate)oval-com.redhat.rhsa-def-20205435 mediumRHSA-2020:5435 CVE-2020-14019
RHSA-2020:5435: python-rtslib security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205435 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5435, CVE-2020-14019 |
| Description | The python-rtslib package provides a Python library to configure the kernel target subsystem, using the configfs file system. The following packages have been upgraded to a later upstream version: python-rtslib (2.1.74). (BZ#1855171) Security Fix(es): * python-rtslib: weak permissions for /etc/target/saveconfig.json (CVE-2020-14019) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5437: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20205437 highRHSA-2020:5437 CVE-2019-18282 CVE-2020-10769 CVE-2020-14314 CVE-2020-14385 CVE-2020-24394 CVE-2020-25212 CVE-2020-25643
RHSA-2020:5437: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205437 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5437, CVE-2019-18282, CVE-2020-10769, CVE-2020-14314, CVE-2020-14385, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: The flow_dissector feature allows device tracking (CVE-2019-18282) * kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769) * kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314) * kernel: umask not applied on filesystem without ACL support (CVE-2020-24394) * kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212) * kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * WARNING in set_restore_sigmask at ./arch/x86/include/asm/thread_info.h:298 sigsuspend+0x6d/0x70 (BZ#1704650) * [i40e] VFs see other VF's outgoing traffic (BZ#1845677) * [Hyper-V][RHEL7] Two fixes for kdump over network (BZ#1846667) * Loop in __run_timers() because base->timer_jiffies is very far behind causes a lockup condition. (BZ#1849716) * XFS transaction overrun when running docker on VMWARE (overlay fs) (BZ#1857203) * RHEL 7.9 NVMe/IB - Host crash encountered during array upgrade (BZ#1857397) * False positive hard lockup detected while disabling the hard lockup detector via sysctl -w kernel.watchdog=0 (BZ#1860661) * [Hyper-V][RHEL-7] Only notify Hyper-V for die events that are oops (BZ#1868130) * Linux kernel crash due to openvswitch module (BZ#1869190) * 'nodfs' option not working when using SMB2+ (BZ#1873033) * RHEL7.7 zstream - ESS - kernel panic triggered by freelist pointer corruption (BZ#1873189) * destroy_cfs_bandwidth() is called by free_fair_sched_group() without calling init_cfs_bandwidth() (BZ#1878000) * NULL pointer at nvme_rdma_setup_ctrl+0x1c2/0x8d0 [nvme_rdma] when discover E5700 (BZ#1878950) * IB Infiniband RDMA mlx5_ib is freeing a kmalloc-512 cache that it does not own causing memory corruption. (BZ#1880184) * [Azure][RHEL7] Two Patches Needed To Enable Azure Host Time-syncing in VMs (BZ#1884735) * connect AF_UNSPEC on a connecting AF_INET6 socket returns an error (BZ#1886305) * Rebuilding the grub with the CPU flag 'avx' disabled (clearcpuid=156) triggers kernel panic in xor_avx_2() (BZ#1886792) * nf_conntrack_sctp.h is not usable due to a missing commit (BZ#1887975) * Starting pvmove on top of physical volumes on MD devices causes IO error on ongoing IO (BZ#1890059) |
RHSA-2020:5439: samba security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20205439 mediumRHSA-2020:5439 CVE-2020-14318 CVE-2020-14323 CVE-2020-1472
RHSA-2020:5439: samba security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205439 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5439, CVE-2020-14318, CVE-2020-14323, CVE-2020-1472 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472) * samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318) * samba: Unprivileged user can crash winbind (CVE-2020-14323) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The 'require_membership_of' documentation in pam_winbind manpage is incorrect (BZ#1853272) * Malfunctioning %U substitution in valid users option (BZ#1868917) * Regression: smbd and nmbd are restarted when samba-winbind package is upgraded (BZ#1878205) * winbindd memory leak on wbinfo -u with security=ADS (BZ#1892313) |
RHSA-2020:5441: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20205441 highRHSA-2020:5441 CVE-2019-18282 CVE-2020-10769 CVE-2020-14314 CVE-2020-14385 CVE-2020-24394 CVE-2020-25212 CVE-2020-25643
RHSA-2020:5441: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205441 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5441, CVE-2019-18282, CVE-2020-10769, CVE-2020-14314, CVE-2020-14385, CVE-2020-24394, CVE-2020-25212, CVE-2020-25643 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385) * kernel: The flow_dissector feature allows device tracking (CVE-2019-18282) * kernel: Buffer over-read in crypto_authenc_extractkeys() when a payload longer than 4 bytes is not aligned. (CVE-2020-10769) * kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314) * kernel: umask not applied on filesystem without ACL support (CVE-2020-24394) * kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212) * kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the latest RHEL7.9.z2 source tree (BZ#1873318) * deadlock between handle_mm_fault() and ptep_clear_flush() (BZ#1888872) |
RHSA-2020:5443: gd security update (Moderate)oval-com.redhat.rhsa-def-20205443 mediumRHSA-2020:5443 CVE-2016-5766
RHSA-2020:5443: gd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205443 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5443, CVE-2016-5766 |
| Description | GD is an open source code library for the dynamic creation of images by programmers. GD creates PNG, JPEG, GIF, WebP, XPM, BMP images, among other formats. Security Fix(es): * gd: Integer overflow in _gd2GetHeader() resulting in heap overflow (CVE-2016-5766) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5453: pacemaker security update (Moderate)oval-com.redhat.rhsa-def-20205453 mediumRHSA-2020:5453 CVE-2020-25654
RHSA-2020:5453: pacemaker security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205453 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5453, CVE-2020-25654 |
| Description | The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Security Fix(es): * pacemaker: ACL restrictions bypass (CVE-2020-25654) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5473: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20205473 mediumRHSA-2020:5473 CVE-2020-16166
RHSA-2020:5473: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205473 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5473, CVE-2020-16166 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: information exposure in drivers/char/random.c and kernel/time/timer.c (CVE-2020-16166) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Backport upstream OVS performance patch fix (BZ#1879935) * Sleeping or scheduling after sched_cpu_dying() led to "scheduling while atomic" and BUG at kernel/cpu.c:907! (BZ#1880080) * [conntrack] udp packet reverse NAT occasionally fail when race condition request combination with the DNAT load balancing rules (BZ#1882094) * Unexpected fragmentation needed error, OpenShift 4, OVS, VXLAN, GSO, Azure (BZ#1885766) * Unable to attach VLAN-based logical networks to a bond (BZ#1886017) * NFS server with krb5p fails in FIPS mode: context_derive_keys_new: Error 22 deriving initiator_seal key (BZ#1886189) * XFS: reflinked file data corruption (BZ#1886895) * [HPE 8.3 Bug] Kdump bootup failure caused by an amd iommu commit for Rhel8.3 BetaOS on DL325Gen10 (BZ#1888113) * dm: fix bio splitting and its bio completion order for regular IO (BZ#1890233) * geneve: add transport ports in route lookup for geneve (BZ#1891818) * HRTICK not armed in specific cases with SCHED_DEADLINE (BZ#1894073) * PM/swap Speed up hibernation by batching requests (BZ#1894629) * RHEL8.1 - ibmveth is producing TX errors over VXLAN when large send (TSO) is enabled (-> related to Red Hat bug 1816254 - OCP 4.3 - Authentication clusteroperator is in unknown state on POWER 9 servers") (BZ#1896299) * RHEL8.2 - mm/gup: fix gup_fast with dynamic page table folding (BZ#1896351) * [Azure][RHEL-8]TX/RX packets stop increasing after hibernation/resume in VM with CX4 VF NIC (BZ#1896433) * [Azure][RHEL-8]VM hangs after hibernation/resume if the VM has SRIOV NIC and has been deallocated (BZ#1896434) * [Azure] hv_irq_unmask() failed: 0x5 after resume from hibernation in NV6 size (BZ#1896435) * block layer: update to upstream v5.8 (BZ#1896787) * [Regression] RHEL8.2 zstream - Undetected Data corruption in MPI workloads that use VSX for reductions on POWER9 DD2.1 systems (BZ#1897278) * Incorrect system time reported through the CPU Accounting statistics (BZ#1897716) * debug kernel reports BUG: sleeping function called from invalid context at mm/slab.h:496 in aws t4g instances (BZ#1898758) * ARO: excessive pod memory allocation causes node lockup (BZ#1901547) |
RHSA-2020:5476: openssl security and bug fix update (Important)oval-com.redhat.rhsa-def-20205476 highRHSA-2020:5476 CVE-2020-1971
RHSA-2020:5476: openssl security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205476 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5476, CVE-2020-1971 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Reject certificates with explicit EC parameters in strict mode (BZ#1891541) * Add FIPS selftest for HKDF, SSKDF, SSHKDF, and TLS12PRF; add DH_compute_key KAT to DH selftest (BZ#1891542) |
RHSA-2020:5479: linux-firmware security and enhancement update (Important)oval-com.redhat.rhsa-def-20205479 highRHSA-2020:5479 CVE-2020-12321
RHSA-2020:5479: linux-firmware security and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205479 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5479, CVE-2020-12321 |
| Description | The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hardware: buffer overflow in bluetooth firmware (CVE-2020-12321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Enhancement(s): * [Intel 8.3 FEAT] ice: Update to the Default OS DDP Package for ice driver (BZ#1896597) * [Intel 8.3 FEAT] ice: Pull Comms Market Segment Package into RHEL 8.3 (BZ#1896598) |
RHSA-2020:5480: net-snmp security and bug fix update (Important)oval-com.redhat.rhsa-def-20205480 highRHSA-2020:5480 CVE-2020-15862
RHSA-2020:5480: net-snmp security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205480 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5480, CVE-2020-15862 |
| Description | The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. Security Fix(es): * net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution (CVE-2020-15862) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * In RHEL 8, snmpd using v3 is unable to send out default 60 maxGetbulkResponses when invalid PID specified. (BZ#1896760) * AVC denied for snmpd / snmptrapd (BZ#1902662) |
RHSA-2020:5483: gnutls security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20205483 mediumRHSA-2020:5483 CVE-2020-24659
RHSA-2020:5483: gnutls security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205483 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5483, CVE-2020-24659 |
| Description | The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * gnutls: Add self-tests for implemented KDF algorithms and CMAC (BZ#1903037) |
RHSA-2020:5487: pacemaker security update (Moderate)oval-com.redhat.rhsa-def-20205487 mediumRHSA-2020:5487 CVE-2020-25654
RHSA-2020:5487: pacemaker security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205487 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5487, CVE-2020-25654 |
| Description | The Pacemaker cluster resource manager is a collection of technologies working together to maintain data integrity and application availability in the event of failures. Security Fix(es): * pacemaker: ACL restrictions bypass (CVE-2020-25654) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5493: go-toolset:rhel8 security update (Moderate)oval-com.redhat.rhsa-def-20205493 mediumRHSA-2020:5493 CVE-2020-24553 CVE-2020-28362 CVE-2020-28366 CVE-2020-28367
RHSA-2020:5493: go-toolset:rhel8 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205493 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5493, CVE-2020-24553, CVE-2020-28362, CVE-2020-28366, CVE-2020-28367 |
| Description | Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: default Content-Type setting in net/http/cgi and net/http/fcgi could cause XSS (CVE-2020-24553) * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) * golang: malicious symbol names can lead to code execution at build time (CVE-2020-28366) * golang: improper validation of cgo flags can lead to code execution at build time (CVE-2020-28367) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5495: nginx:1.16 security update (Moderate)oval-com.redhat.rhsa-def-20205495 mediumRHSA-2020:5495 CVE-2019-20372
RHSA-2020:5495: nginx:1.16 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205495 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5495, CVE-2019-20372 |
| Description | nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: HTTP request smuggling in configurations with URL redirect used as error_page (CVE-2019-20372) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5499: nodejs:12 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20205499 mediumRHSA-2020:5499 CVE-2020-15366 CVE-2020-7608 CVE-2020-7774 CVE-2020-8277
RHSA-2020:5499: nodejs:12 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205499 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5499, CVE-2020-15366, CVE-2020-7608, CVE-2020-7774, CVE-2020-8277 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS (CVE-2020-8277)
* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* yarn install crashes with nodejs:12 on aarch64 (BZ#1901045)
|
RHSA-2020:5500: mariadb:10.3 security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20205500 highRHSA-2020:5500 CVE-2019-2938 CVE-2019-2974 CVE-2020-13249 CVE-2020-14765 CVE-2020-14776 CVE-2020-14789 CVE-2020-14812 CVE-2020-15180 CVE-2020-2574 CVE-2020-2752 CVE-2020-2760 CVE-2020-2780 CVE-2020-2812 CVE-2020-2814 CVE-2021-2022 CVE-2021-2144 CVE-2021-2194
RHSA-2020:5500: mariadb:10.3 security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205500 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5500, CVE-2019-2938, CVE-2019-2974, CVE-2020-13249, CVE-2020-14765, CVE-2020-14776, CVE-2020-14789, CVE-2020-14812, CVE-2020-15180, CVE-2020-2574, CVE-2020-2752, CVE-2020-2760, CVE-2020-2780, CVE-2020-2812, CVE-2020-2814, CVE-2021-2022, CVE-2021-2144, CVE-2021-2194 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
The following packages have been upgraded to a later upstream version: mariadb (10.3.27), galera (25.3.31). (BZ#1899082, BZ#1899086)
Security Fix(es):
* mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep (CVE-2020-15180)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2019) (CVE-2019-2938)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2019) (CVE-2019-2974)
* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2760)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2020) (CVE-2020-2780)
* mysql: Server: Stored Procedure unspecified vulnerability (CPU Apr 2020) (CVE-2020-2812)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2020) (CVE-2020-2814)
* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14765)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2020) (CVE-2020-14776)
* mysql: Server: FTS unspecified vulnerability (CPU Oct 2020) (CVE-2020-14789)
* mysql: Server: Locking unspecified vulnerability (CPU Oct 2020) (CVE-2020-14812)
* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* FTBFS: -D_GLIBCXX_ASSERTIONS (BZ#1899009)
* Queries with entity_id IN ('1', '2', …, '70000') run much slower in MariaDB 10.3 than on MariaDB 10.1 (BZ#1899017)
* Cleanup race with wsrep_rsync_sst_tunnel may prevent full galera cluster bootstrap (BZ#1899021)
* There are undeclared file conflicts in several mariadb and mysql packages (BZ#1899077)
|
RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20205503 mediumRHSA-2020:5503 CVE-2020-13249 CVE-2020-2574 CVE-2020-2752 CVE-2020-2922 CVE-2021-2007
RHSA-2020:5503: mariadb-connector-c security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205503 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5503, CVE-2020-13249, CVE-2020-2574, CVE-2020-2752, CVE-2020-2922, CVE-2021-2007 |
| Description | The MariaDB Native Client library (C driver) is used to connect applications developed in C/C++ to MariaDB and MySQL databases.
The following packages have been upgraded to a later upstream version: mariadb-connector-c (3.1.11). (BZ#1898993)
Security Fix(es):
* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2752)
* mysql: C API unspecified vulnerability (CPU Apr 2020) (CVE-2020-2922)
* mariadb-connector-c: Improper validation of content in a OK packet received from server (CVE-2020-13249)
* mysql: C API unspecified vulnerability (CPU Jan 2020) (CVE-2020-2574)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Code utilizing plugins can't be compiled properly (BZ#1899001)
* Add "zlib-devel" requirement in "-devel" subpackage (BZ#1899005)
* Replace hard-coded /usr with %{_prefix} (BZ#1899099)
|
RHSA-2020:5506: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20205506 mediumRHSA-2020:5506 CVE-2020-16166
RHSA-2020:5506: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20205506 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2020:5506, CVE-2020-16166 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: information exposure in drivers/char/random.c and kernel/time/timer.c (CVE-2020-16166) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.3.z2 source tree (BZ#1894706) |
RHSA-2020:5561: firefox security update (Important)oval-com.redhat.rhsa-def-20205561 highRHSA-2020:5561 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113
RHSA-2020:5561: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205561 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5561, CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.0 ESR. Security Fix(es): * chromium-browser: Uninitialized Use in V8 (CVE-2020-16042) * Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971) * Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973) * Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974) * Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978) * Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5562: firefox security update (Important)oval-com.redhat.rhsa-def-20205562 highRHSA-2020:5562 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113
RHSA-2020:5562: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205562 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5562, CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.0 ESR. Security Fix(es): * chromium-browser: Uninitialized Use in V8 (CVE-2020-16042) * Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971) * Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973) * Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974) * Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978) * Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5566: openssl security update (Important)oval-com.redhat.rhsa-def-20205566 highRHSA-2020:5566 CVE-2020-1971
RHSA-2020:5566: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205566 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5566, CVE-2020-1971 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5567: postgresql:10 security update (Important)oval-com.redhat.rhsa-def-20205567 highRHSA-2020:5567 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696
RHSA-2020:5567: postgresql:10 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205567 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5567, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (10.15). Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5618: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205618 highRHSA-2020:5618 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113
RHSA-2020:5618: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205618 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5618, CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Security Fix(es): * chromium-browser: Uninitialized Use in V8 (CVE-2020-16042) * Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971) * Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973) * Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974) * Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978) * Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5619: postgresql:9.6 security update (Important)oval-com.redhat.rhsa-def-20205619 highRHSA-2020:5619 CVE-2019-10130 CVE-2019-10208 CVE-2020-14350 CVE-2020-1720 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696
RHSA-2020:5619: postgresql:9.6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205619 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5619, CVE-2019-10130, CVE-2019-10208, CVE-2020-14350, CVE-2020-1720, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.6.20). Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208) * postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350) * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) * postgresql: Selectivity estimators bypass row security policies (CVE-2019-10130) * postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5620: postgresql:12 security update (Important)oval-com.redhat.rhsa-def-20205620 highRHSA-2020:5620 CVE-2020-14349 CVE-2020-14350 CVE-2020-1720 CVE-2020-25694 CVE-2020-25695 CVE-2020-25696
RHSA-2020:5620: postgresql:12 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205620 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5620, CVE-2020-14349, CVE-2020-14350, CVE-2020-1720, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (12.5). Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: Uncontrolled search path element in logical replication (CVE-2020-14349) * postgresql: Uncontrolled search path element in CREATE EXTENSION (CVE-2020-14350) * postgresql: psql's \gset allows overwriting specially treated variables (CVE-2020-25696) * postgresql: ALTER ... DEPENDS ON EXTENSION is missing authorization checks (CVE-2020-1720) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2020:5624: thunderbird security update (Important)oval-com.redhat.rhsa-def-20205624 highRHSA-2020:5624 CVE-2020-16042 CVE-2020-26971 CVE-2020-26973 CVE-2020-26974 CVE-2020-26978 CVE-2020-35111 CVE-2020-35113
RHSA-2020:5624: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20205624 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2020:5624, CVE-2020-16042, CVE-2020-26971, CVE-2020-26973, CVE-2020-26974, CVE-2020-26978, CVE-2020-35111, CVE-2020-35113 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.0. Security Fix(es): * chromium-browser: Uninitialized Use in V8 (CVE-2020-16042) * Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971) * Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973) * Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974) * Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978) * Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0003: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20210003 highRHSA-2021:0003 CVE-2020-25211
RHSA-2021:0003: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210003 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0003, CVE-2020-25211 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * avoid flush_backlog IPI for isolated CPUs by configuring RPS cpumask (BZ#1883314) * rngd consumes 100% cpu on rhel-8.3 system in fips mode (BZ#1886192) * RHEL8.1 - Random memory corruption may occur due to incorrect tlbflush (BZ#1899208) * fips mode boot is broken after adding extrng (BZ#1899584) * pmtu of 1280 for vxlan as bridge port won't work (BZ#1902082) * rpc task loop with kworker spinning at 100% CPU for 10 minutes when umount an NFS 4.x share with sec=krb5 triggered by unmount of the NFS share (BZ#1907667) |
RHSA-2021:0004: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20210004 highRHSA-2021:0004 CVE-2020-25211
RHSA-2021:0004: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210004 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0004, CVE-2020-25211 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.3.z source tree (BZ#1906140) |
RHSA-2021:0024: ImageMagick security update (Important)oval-com.redhat.rhsa-def-20210024 highRHSA-2021:0024 CVE-2020-29599
RHSA-2021:0024: ImageMagick security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210024 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0024, CVE-2020-29599 |
| Description | ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fix(es): * ImageMagick: Shell injection via PDF password could result in arbitrary code execution (CVE-2020-29599) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0052: firefox security update (Critical)oval-com.redhat.rhsa-def-20210052 highRHSA-2021:0052 CVE-2020-16044
RHSA-2021:0052: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20210052 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0052, CVE-2020-16044 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.1 ESR. Security Fix(es): * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0053: firefox security update (Critical)oval-com.redhat.rhsa-def-20210053 highRHSA-2021:0053 CVE-2020-16044
RHSA-2021:0053: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20210053 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0053, CVE-2020-16044 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.6.1 ESR. Security Fix(es): * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0056: openssl security update (Important)oval-com.redhat.rhsa-def-20210056 highRHSA-2021:0056 CVE-2020-1971
RHSA-2021:0056: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210056 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0056, CVE-2020-1971 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: EDIPARTYNAME NULL pointer de-reference (CVE-2020-1971) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0087: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20210087 highRHSA-2021:0087 CVE-2020-16044
RHSA-2021:0087: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20210087 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0087, CVE-2020-16044 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.1. Security Fix(es): * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0089: thunderbird security update (Critical)oval-com.redhat.rhsa-def-20210089 highRHSA-2021:0089 CVE-2020-16044
RHSA-2021:0089: thunderbird security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20210089 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0089, CVE-2020-16044 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.6.1. Security Fix(es): * Mozilla: Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk (CVE-2020-16044) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0094: dotnet5.0 security and bugfix update (Important)oval-com.redhat.rhsa-def-20210094 highRHSA-2021:0094 CVE-2021-1723
RHSA-2021:0094: dotnet5.0 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210094 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0094, CVE-2021-1723 |
| Description | .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.102 and .NET Runtime 5.0.2. Security Fix(es): * dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0095: dotnet3.1 security and bugfix update (Important)oval-com.redhat.rhsa-def-20210095 highRHSA-2021:0095 CVE-2021-1723
RHSA-2021:0095: dotnet3.1 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210095 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0095, CVE-2021-1723 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.111 and .NET Core Runtime 3.1.11. Security Fix(es): * dotnet: ASP.NET Core Callbacks outside of locks cause Krestel deadlock when using HTTP2 (CVE-2021-1723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0150: dnsmasq security update (Important)oval-com.redhat.rhsa-def-20210150 highRHSA-2021:0150 CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687
RHSA-2021:0150: dnsmasq security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210150 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0150, CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled (CVE-2020-25681) * dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled (CVE-2020-25682) * dnsmasq: heap-based buffer overflow with large memcpy in get_rdata() when DNSSEC is enabled (CVE-2020-25683) * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) * dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled (CVE-2020-25687) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0153: dnsmasq security update (Moderate)oval-com.redhat.rhsa-def-20210153 mediumRHSA-2021:0153 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686
RHSA-2021:0153: dnsmasq security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210153 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0153, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684) * dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685) * dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0162: xstream security update (Important)oval-com.redhat.rhsa-def-20210162 highRHSA-2021:0162 CVE-2020-26217
RHSA-2021:0162: xstream security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210162 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0162, CVE-2020-26217 |
| Description | XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix(es): * XStream: remote code execution due to insecure XML deserialization when relying on blocklists (CVE-2020-26217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0181: kernel security update (Moderate)oval-com.redhat.rhsa-def-20210181 mediumRHSA-2021:0181 CVE-2014-4508
RHSA-2021:0181: kernel security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210181 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0181, CVE-2014-4508 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: x86_32: BUG in syscall auditing (CVE-2014-4508) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0218: sudo security update (Important)oval-com.redhat.rhsa-def-20210218 highRHSA-2021:0218 CVE-2021-3156
RHSA-2021:0218: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210218 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0218, CVE-2021-3156 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0221: sudo security update (Important)oval-com.redhat.rhsa-def-20210221 highRHSA-2021:0221 CVE-2021-3156
RHSA-2021:0221: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210221 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0221, CVE-2021-3156 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0227: sudo security update (Important)oval-com.redhat.rhsa-def-20210227 highRHSA-2021:0227 CVE-2021-3156
RHSA-2021:0227: sudo security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210227 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0227, CVE-2021-3156 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0288: firefox security update (Important)oval-com.redhat.rhsa-def-20210288 highRHSA-2021:0288 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964
RHSA-2021:0288: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210288 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0288, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Security Fix(es): * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964) * Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976) * Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0290: firefox security update (Important)oval-com.redhat.rhsa-def-20210290 highRHSA-2021:0290 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964
RHSA-2021:0290: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210290 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0290, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Security Fix(es): * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964) * Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976) * Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0297: thunderbird security update (Important)oval-com.redhat.rhsa-def-20210297 highRHSA-2021:0297 CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964
RHSA-2021:0297: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210297 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0297, CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Security Fix(es): * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964) * Mozilla: IMAP Response Injection when using STARTTLS (CVE-2020-15685) * Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976) * Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0298: thunderbird security update (Important)oval-com.redhat.rhsa-def-20210298 highRHSA-2021:0298 CVE-2020-15685 CVE-2020-26976 CVE-2021-23953 CVE-2021-23954 CVE-2021-23960 CVE-2021-23964
RHSA-2021:0298: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210298 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0298, CVE-2020-15685, CVE-2020-26976, CVE-2021-23953, CVE-2021-23954, CVE-2021-23960, CVE-2021-23964 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.7.0. Security Fix(es): * Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953) * Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954) * Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964) * Mozilla: IMAP Response Injection when using STARTTLS (CVE-2020-15685) * Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976) * Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0304: flatpak security update (Important)oval-com.redhat.rhsa-def-20210304 highRHSA-2021:0304 CVE-2021-21261
RHSA-2021:0304: flatpak security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210304 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0304, CVE-2021-21261 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via spawn portal (CVE-2021-21261) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0336: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20210336 mediumRHSA-2021:0336 CVE-2020-15436 CVE-2020-35513
RHSA-2021:0336: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210336 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0336, CVE-2020-15436, CVE-2020-35513 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in fs/block_dev.c (CVE-2020-15436) * kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * double free issue in filelayout_alloc_commit_info (BZ#1679980) * Regression: Plantronics Device SHS2355-11 PTT button does not work after update to 7.7 (BZ#1769502) * Openstack network node reports unregister_netdevice: waiting for qr-3cec0c92-9a to become free. Usage count = 1 (BZ#1809519) * dlm: add ability to interrupt waiting for acquire POSIX lock (BZ#1826858) * [Azure][RHEL7] soft lockups and performance loss occurring during final fsync with parallel dd writes to xfs filesystem in azure instance (BZ#1859364) * Guest crashed when hotplug vcpus on booting kernel stage (BZ#1866138) * soft lockup occurs while a thread group leader is waiting on tasklist_waiters in mm_update_next_owner() where a huge number of the thread group members are exiting and trying to take the tasklist_lock. (BZ#1872110) * [DELL EMC 7.6 BUG] Kioxia CM6 NVMe drive fails to enumerate (BZ#1883403) * [Hyper-V][RHEL7] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1888979) * Unable to discover the LUNs from new storage port (BZ#1889311) * RHEL 7.9 Kernel panic at ceph_put_snap_realm+0x21 (BZ#1890386) * A hard lockup occurrs where one task is looping in an sk_lock spinlock that has been taken by another task running timespec64_add_ns(). (BZ#1890911) * ethtool/mlx5_core provides incorrect SFP module info (BZ#1896756) * RHEL7.7 - zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (BZ#1896826) * RHEL7.7 - s390/dasd: Fix zero write for FBA devices (BZ#1896839) * [Azure]IP forwarding issue in netvsc[7.9.z] (BZ#1898280) * Security patch for CVE-2020-25212 breaks directory listings via 'ls' on NFS V4.2 shares mounted with selinux enabled labels (BZ#1917504) Enhancement(s): * RFE : handle better ERRbaduid on SMB1 (BZ#1847041) |
RHSA-2021:0338: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20210338 mediumRHSA-2021:0338 CVE-2020-15436 CVE-2020-35513
RHSA-2021:0338: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210338 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0338, CVE-2020-15436, CVE-2020-35513 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in fs/block_dev.c (CVE-2020-15436) * kernel: Nfsd failure to clear umask after processing an open or create (CVE-2020-35513) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the latest RHEL7.9.z3 source tree (BZ#1906133) * [kernel-rt] WARNING: CPU: 8 PID: 586 at kernel/sched/core.c:3644 migrate_enable+0x15f/0x210 (BZ#1916123) * [kernel-rt-debug] [ BUG: bad unlock balance detected! ] [RHEL-7.9.z] (BZ#1916130) |
RHSA-2021:0339: linux-firmware security update (Important)oval-com.redhat.rhsa-def-20210339 highRHSA-2021:0339 CVE-2020-12321
RHSA-2021:0339: linux-firmware security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210339 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0339, CVE-2020-12321 |
| Description | The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * hardware: buffer overflow in bluetooth firmware (CVE-2020-12321) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0343: perl security update (Moderate)oval-com.redhat.rhsa-def-20210343 mediumRHSA-2021:0343 CVE-2020-10543 CVE-2020-10878 CVE-2020-12723
RHSA-2021:0343: perl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210343 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0343, CVE-2020-10543, CVE-2020-10878, CVE-2020-12723 |
| Description | Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543) * perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878) * perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0346: qemu-kvm-ma security update (Moderate)oval-com.redhat.rhsa-def-20210346 mediumRHSA-2021:0346 CVE-2020-16092 CVE-2020-1983
RHSA-2021:0346: qemu-kvm-ma security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210346 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0346, CVE-2020-16092, CVE-2020-1983 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Security Fix(es): * QEMU: slirp: use-after-free in ip_reass() function in ip_input.c (CVE-2020-1983) * QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c (CVE-2020-16092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0347: qemu-kvm security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20210347 mediumRHSA-2021:0347 CVE-2020-13765 CVE-2020-16092
RHSA-2021:0347: qemu-kvm security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210347 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0347, CVE-2020-13765, CVE-2020-16092 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: loader: OOB access while loading registered ROM may lead to code execution (CVE-2020-13765) * QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c (CVE-2020-16092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * qemu-kvm FTBFS on rhel7.9 (BZ#1884997) |
RHSA-2021:0348: glibc security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20210348 mediumRHSA-2021:0348 CVE-2019-25013 CVE-2020-10029 CVE-2020-29573
RHSA-2021:0348: glibc security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210348 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0348, CVE-2019-25013, CVE-2020-10029, CVE-2020-29573 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) * glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern (CVE-2020-29573) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers (BZ#1883162) * glibc: Performance regression in ebizzy benchmark (BZ#1889977) |
RHSA-2021:0411: flatpak security update (Important)oval-com.redhat.rhsa-def-20210411 highRHSA-2021:0411 CVE-2021-21261
RHSA-2021:0411: flatpak security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210411 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0411, CVE-2021-21261 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: sandbox escape via spawn portal (CVE-2021-21261) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0471: dotnet3.1 security and bugfix update (Important)oval-com.redhat.rhsa-def-20210471 highRHSA-2021:0471 CVE-2021-1721
RHSA-2021:0471: dotnet3.1 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210471 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0471, CVE-2021-1721 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.112 and .NET Core Runtime 3.1.12. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0474: dotnet security and bugfix update (Important)oval-com.redhat.rhsa-def-20210474 highRHSA-2021:0474 CVE-2021-1721
RHSA-2021:0474: dotnet security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210474 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0474, CVE-2021-1721 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.521 and .NET Core Runtime 2.1.25. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0476: dotnet5.0 security and bugfix update (Important)oval-com.redhat.rhsa-def-20210476 highRHSA-2021:0476 CVE-2021-1721
RHSA-2021:0476: dotnet5.0 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210476 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0476, CVE-2021-1721 |
| Description | .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.103 and .NET Runtime 5.0.3. Security Fix(es): * dotnet: certificate chain building recursion Denial of Service (CVE-2021-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0507: subversion:1.10 security update (Important)oval-com.redhat.rhsa-def-20210507 highRHSA-2021:0507 CVE-2020-17525
RHSA-2021:0507: subversion:1.10 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210507 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0507, CVE-2020-17525 |
| Description | Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Security Fix(es): * subversion: Remote unauthenticated denial of service in mod_authz_svn (CVE-2020-17525) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0530: java-1.8.0-ibm security update (Moderate)oval-com.redhat.rhsa-def-20210530 mediumRHSA-2021:0530 CVE-2020-14779 CVE-2020-14796 CVE-2020-14797
RHSA-2021:0530: java-1.8.0-ibm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210530 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0530, CVE-2020-14779, CVE-2020-14796, CVE-2020-14797 |
| Description | IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP20. Security Fix(es): * OpenJDK: Incomplete check for invalid characters in URI to path conversion (Libraries, 8242685) (CVE-2020-14797) * OpenJDK: High memory usage during deserialization of Proxy class with many interfaces (Serialization, 8236862) (CVE-2020-14779) * OpenJDK: Missing permission check in path to URI conversion (Libraries, 8242680) (CVE-2020-14796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0531: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20210531 mediumRHSA-2021:0531 CVE-2020-14370
RHSA-2021:0531: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210531 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0531, CVE-2020-14370 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * podman: environment variables leak between containers when started via Varlink or Docker-compatible REST API (CVE-2020-14370) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section. |
RHSA-2021:0537: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20210537 highRHSA-2021:0537 CVE-2020-14351 CVE-2020-25705 CVE-2020-29661
RHSA-2021:0537: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210537 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0537, CVE-2020-14351, CVE-2020-25705, CVE-2020-29661 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.3.z2 source tree (BZ#1908433) |
RHSA-2021:0538: nss security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20210538 mediumRHSA-2021:0538 CVE-2020-12400 CVE-2020-12403 CVE-2020-6829
RHSA-2021:0538: nss security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210538 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0538, CVE-2020-12400, CVE-2020-12403, CVE-2020-6829 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: Side channel attack on ECDSA signature generation (CVE-2020-6829) * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400) * nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Support key wrap/unwrap with RSA-OAEP (BZ#1896431) * 1536bit group from RFC3526 is allowed in FIPS mode when in policy DH-MIN is set to be lower than 1536 (BZ#1896432) * when NSS_SDB_USE_CACHE not set, after curl access https, dentry increase but never released - consider alternative algorithm for benchmarking ACCESS call in sdb_measureAccess [rhel-8] (BZ#1896933) * Policy should allow overriding library defaults (BZ#1898702) * KDF-self-tests-induced changes for nss in RHEL 8.4 (BZ#1898953) * nss: non-blocksize requests to IKEv1 KDF returns bogus output (BZ#1904408) |
RHSA-2021:0548: nodejs:10 security update (Moderate)oval-com.redhat.rhsa-def-20210548 mediumRHSA-2021:0548 CVE-2020-15095 CVE-2020-15366 CVE-2020-7608 CVE-2020-7754 CVE-2020-7774 CVE-2020-7788 CVE-2020-8116 CVE-2020-8252 CVE-2020-8265 CVE-2020-8287
RHSA-2021:0548: nodejs:10 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210548 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0548, CVE-2020-15095, CVE-2020-15366, CVE-2020-7608, CVE-2020-7754, CVE-2020-7774, CVE-2020-7788, CVE-2020-8116, CVE-2020-8252, CVE-2020-8265, CVE-2020-8287 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.23.1). Security Fix(es): * libuv: buffer overflow in realpath (CVE-2020-8252) * nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS (CVE-2020-7754) * nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774) * nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788) * nodejs-dot-prop: prototype pollution (CVE-2020-8116) * nodejs: use-after-free in the TLS implementation (CVE-2020-8265) * npm: sensitive information exposure through logs (CVE-2020-15095) * nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366) * nodejs-yargs-parser: prototype pollution vulnerability (CVE-2020-7608) * nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0549: nodejs:12 security update (Moderate)oval-com.redhat.rhsa-def-20210549 mediumRHSA-2021:0549 CVE-2018-3750 CVE-2019-10746 CVE-2019-10747 CVE-2020-7754 CVE-2020-7788 CVE-2020-8265 CVE-2020-8287
RHSA-2021:0549: nodejs:12 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210549 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0549, CVE-2018-3750, CVE-2019-10746, CVE-2019-10747, CVE-2020-7754, CVE-2020-7788, CVE-2020-8265, CVE-2020-8287 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (12.20.1), nodejs-nodemon (2.0.3). Security Fix(es): * nodejs-mixin-deep: prototype pollution in function mixin-deep (CVE-2019-10746) * nodejs-set-value: prototype pollution in function set-value (CVE-2019-10747) * nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS (CVE-2020-7754) * nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788) * nodejs: use-after-free in the TLS implementation (CVE-2020-8265) * nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20210551 mediumRHSA-2021:0551 CVE-2020-15366 CVE-2020-7754 CVE-2020-7774 CVE-2020-7788 CVE-2020-8265 CVE-2020-8277 CVE-2020-8287
RHSA-2021:0551: nodejs:14 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210551 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0551, CVE-2020-15366, CVE-2020-7754, CVE-2020-7774, CVE-2020-7788, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (14.15.4).
Security Fix(es):
* nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS (CVE-2020-7754)
* nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)
* nodejs-ini: prototype pollution via malicious INI file (CVE-2020-7788)
* nodejs: use-after-free in the TLS implementation (CVE-2020-8265)
* c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS (CVE-2020-8277)
* nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)
* nodejs: HTTP request smuggling via two copies of a header field in an http request (CVE-2020-8287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* yarn install crashes with nodejs:14 on aarch64 (BZ#1916465)
|
RHSA-2021:0557: perl security update (Moderate)oval-com.redhat.rhsa-def-20210557 mediumRHSA-2021:0557 CVE-2020-12723
RHSA-2021:0557: perl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210557 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0557, CVE-2020-12723 |
| Description | Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0558: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20210558 highRHSA-2021:0558 CVE-2020-14351 CVE-2020-25705 CVE-2020-29661
RHSA-2021:0558: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210558 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0558, CVE-2020-14351, CVE-2020-25705, CVE-2020-29661 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Final fixes + drop alpha_support flag requirement for Tigerlake (BZ#1882620) * OVS complains Invalid Argument on TCP packets going into conntrack (BZ#1892744) * BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 (BZ#1893281) * Icelake performance - add intel_idle: Customize IceLake server support to RHEL-8 (BZ#1897183) * [mlx5] IPV6 TOS rewrite flows are not getting offloaded in HW (BZ#1897688) * RHEL 8.3 SAS - multipathd fails to re-establish paths during controller random reset (BZ#1900112) * RHEL8.3 Beta - RHEL8.3 hangs on dbginfo.sh execution, crash dump generated (mm-) (BZ#1903019) * Win10 guest automatic reboot after migration in Win10 and WSL2 on AMD hosts (BZ#1905084) * block, dm: fix IO splitting for stacked devices (BZ#1905136) * Failed to hotplug scsi-hd disks (BZ#1905214) * PCI quirk needed to prevent GPU hang (BZ#1906516) * RHEL8.2 - various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907301) * pmtu not working with tunnels as bridge ports and br_netfilter loaded (BZ#1907576) * [ThinkPad X13/T14/T14s AMD]: Kdump failed (BZ#1907775) * NFSv4 client improperly handles interrupted slots (BZ#1908312) * NFSv4.1 client ignores ERR_DELAY during LOCK recovery, could lead to data corruption (BZ#1908313) * [Regression] RHEL8.2 - [kernel 148.el8] cpu (sys) time regression in SAP HANA 2.0 benchmark benchInsertSubSelectPerformance (BZ#1908519) * RHEL8: kernel-rt: kernel BUG at kernel/sched/deadline.c:1462! (BZ#1908731) * SEV VM hang at efi_mokvar_sysfs_init+0xa9/0x19d during boot (BZ#1909243) * C6gn support requires "Ensure dirty bit is preserved across pte_wrprotect" patch (BZ#1909577) * [Lenovo 8.3 & 8.4 Bug] [Regression] No response from keyboard and mouse when boot from tboot kernel (BZ#1911555) * Kernel crash with krb5p (BZ#1912478) * [RHEL8] Need additional backports for FIPS 800-90A DRBG entropy seeding source (BZ#1912872) * [Hyper-V][RHEL-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913528) * Host becomes unresponsive during stress-ng --cyclic test rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (BZ#1913964) * RHEL8.4: Backport upstream RCU patches up to v5.6 (BZ#1915638) * Missing mm backport to fix regression introduced by another mm backport (BZ#1915814) * [Hyper-V][RHEL-8]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1917711) * ionic 0000:39:00.0 ens2: IONIC_CMD_Q_INIT (40) failed: IONIC_RC_ERROR (-5) (BZ#1918372) * [certification] mlx5_core depends on tls triggering TAINT_TECH_PREVIEW even if no ConnectX-6 card is present (BZ#1918743) * kvm-rhel8.3 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1919885) Enhancement(s): * [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892344) |
RHSA-2021:0611: xterm security update (Important)oval-com.redhat.rhsa-def-20210611 highRHSA-2021:0611 CVE-2021-27135
RHSA-2021:0611: xterm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210611 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0611, CVE-2021-27135 |
| Description | The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fix(es): * xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0617: xterm security update (Important)oval-com.redhat.rhsa-def-20210617 highRHSA-2021:0617 CVE-2021-27135
RHSA-2021:0617: xterm security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210617 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0617, CVE-2021-27135 |
| Description | The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly. Security Fix(es): * xterm: crash when processing combining characters (CVE-2021-27135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0618: stunnel security update (Important)oval-com.redhat.rhsa-def-20210618 highRHSA-2021:0618 CVE-2021-20230
RHSA-2021:0618: stunnel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210618 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0618, CVE-2021-20230 |
| Description | Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection (encrypted using SSL or TLS) or to provide an encrypted means of connecting to services that do not natively support encryption. Security Fix(es): * stunnel: client certificate not correctly verified when redirect and verifyChain options are used (CVE-2021-20230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0655: firefox security update (Critical)oval-com.redhat.rhsa-def-20210655 highRHSA-2021:0655 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978
RHSA-2021:0655: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20210655 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0655, CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR. Security Fix(es): * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0656: firefox security update (Critical)oval-com.redhat.rhsa-def-20210656 highRHSA-2021:0656 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978
RHSA-2021:0656: firefox security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20210656 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0656, CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.8.0 ESR. Security Fix(es): * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0657: thunderbird security update (Important)oval-com.redhat.rhsa-def-20210657 highRHSA-2021:0657 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978
RHSA-2021:0657: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210657 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0657, CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0. Security Fix(es): * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0661: thunderbird security update (Important)oval-com.redhat.rhsa-def-20210661 highRHSA-2021:0661 CVE-2021-23968 CVE-2021-23969 CVE-2021-23973 CVE-2021-23978
RHSA-2021:0661: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210661 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0661, CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.8.0. Security Fix(es): * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23968) * Mozilla: Content Security Policy violation report could have contained the destination of a redirect (CVE-2021-23969) * Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978) * Mozilla: MediaError message property could have leaked information about cross-origin resources (CVE-2021-23973) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0670: bind security update (Important)oval-com.redhat.rhsa-def-20210670 highRHSA-2021:0670 CVE-2020-8625
RHSA-2021:0670: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210670 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0670, CVE-2020-8625 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0671: bind security update (Important)oval-com.redhat.rhsa-def-20210671 highRHSA-2021:0671 CVE-2020-8625
RHSA-2021:0671: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210671 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0671, CVE-2020-8625 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0672: bind security update (Important)oval-com.redhat.rhsa-def-20210672 highRHSA-2021:0672 CVE-2020-8625
RHSA-2021:0672: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210672 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0672, CVE-2020-8625 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation (CVE-2020-8625) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0696: grub2 security update (Moderate)oval-com.redhat.rhsa-def-20210696 mediumRHSA-2021:0696 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233
RHSA-2021:0696: grub2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210696 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0696, CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 |
| Description | The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2: Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0699: grub2 security update (Moderate)oval-com.redhat.rhsa-def-20210699 mediumRHSA-2021:0699 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233
RHSA-2021:0699: grub2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210699 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0699, CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 |
| Description | The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2: Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0705: container-tools:1.0 security update (Important)oval-com.redhat.rhsa-def-20210705 highRHSA-2021:0705 CVE-2021-20188
RHSA-2021:0705: container-tools:1.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210705 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0705, CVE-2021-20188 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * podman: container users permissions are not respected in privileged containers (CVE-2021-20188) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0706: container-tools:2.0 security update (Important)oval-com.redhat.rhsa-def-20210706 highRHSA-2021:0706 CVE-2021-20188
RHSA-2021:0706: container-tools:2.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210706 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0706, CVE-2021-20188 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * podman: container users permissions are not respected in privileged containers (CVE-2021-20188) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0711: virt:rhel and virt-devel:rhel security update (Important)oval-com.redhat.rhsa-def-20210711 highRHSA-2021:0711 CVE-2020-35517
RHSA-2021:0711: virt:rhel and virt-devel:rhel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210711 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0711, CVE-2020-35517 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * QEMU: virtiofsd: potential privileged host device access from guest (CVE-2020-35517) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0734: nodejs:12 security update (Important)oval-com.redhat.rhsa-def-20210734 highRHSA-2021:0734 CVE-2021-22883 CVE-2021-22884
RHSA-2021:0734: nodejs:12 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210734 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0734, CVE-2021-22883, CVE-2021-22884 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (12.21.0). Security Fix(es): * nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883) * nodejs: DNS rebinding in --inspect (CVE-2021-22884) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0735: nodejs:10 security update (Important)oval-com.redhat.rhsa-def-20210735 highRHSA-2021:0735 CVE-2021-22883 CVE-2021-22884
RHSA-2021:0735: nodejs:10 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210735 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0735, CVE-2021-22883, CVE-2021-22884 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.24.0). Security Fix(es): * nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883) * nodejs: DNS rebinding in --inspect (CVE-2021-22884) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0736: java-1.8.0-ibm security update (Critical)oval-com.redhat.rhsa-def-20210736 highRHSA-2021:0736 CVE-2020-14781 CVE-2020-14782 CVE-2020-14803 CVE-2020-27221 CVE-2020-2773
RHSA-2021:0736: java-1.8.0-ibm security update (Critical)
| Rule ID | oval-com.redhat.rhsa-def-20210736 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0736, CVE-2020-14781, CVE-2020-14782, CVE-2020-14803, CVE-2020-27221, CVE-2020-2773 |
| Description | IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP25. Security Fix(es): * IBM JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding (CVE-2020-27221) * OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415) (CVE-2020-2773) * OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781) * OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995) (CVE-2020-14782) * OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0742: screen security update (Important)oval-com.redhat.rhsa-def-20210742 highRHSA-2021:0742 CVE-2021-26937
RHSA-2021:0742: screen security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210742 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0742, CVE-2021-26937 |
| Description | The screen utility allows users to have multiple logins on a single terminal. Security Fix(es): * screen: crash when processing combining chars (CVE-2021-26937) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0744: nodejs:14 security and bug fix update (Important)oval-com.redhat.rhsa-def-20210744 highRHSA-2021:0744 CVE-2021-22883 CVE-2021-22884
RHSA-2021:0744: nodejs:14 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210744 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0744, CVE-2021-22883, CVE-2021-22884 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (14.16.0). Security Fix(es): * nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883) * nodejs: DNS rebinding in --inspect (CVE-2021-22884) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Node.js should not be built with "--debug-nghttp2" (BZ#1932427) |
RHSA-2021:0788: dotnet security and bugfix update (Important)oval-com.redhat.rhsa-def-20210788 highRHSA-2021:0788 CVE-2021-26701
RHSA-2021:0788: dotnet security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210788 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0788, CVE-2021-26701 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.522 and .NET Core Runtime 2.1.26. Security Fix(es): * dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0790: dotnet3.1 security and bugfix update (Important)oval-com.redhat.rhsa-def-20210790 highRHSA-2021:0790 CVE-2021-26701
RHSA-2021:0790: dotnet3.1 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210790 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0790, CVE-2021-26701 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.113 and .NET Core Runtime 3.1.13. Security Fix(es): * dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0793: .NET Core on RHEL 8 security and bugfix update (Important)oval-com.redhat.rhsa-def-20210793 highRHSA-2021:0793 CVE-2021-26701
RHSA-2021:0793: .NET Core on RHEL 8 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210793 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0793, CVE-2021-26701 |
| Description | .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.104 and .NET Runtime 5.0.4. Security Fix(es): * dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0808: wpa_supplicant security update (Important)oval-com.redhat.rhsa-def-20210808 highRHSA-2021:0808 CVE-2021-27803
RHSA-2021:0808: wpa_supplicant security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210808 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0808, CVE-2021-27803 |
| Description | The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es): * wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0809: wpa_supplicant security update (Important)oval-com.redhat.rhsa-def-20210809 highRHSA-2021:0809 CVE-2021-27803
RHSA-2021:0809: wpa_supplicant security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210809 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0809, CVE-2021-27803 |
| Description | The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es): * wpa_supplicant: Use-after-free in P2P provision discovery processing (CVE-2021-27803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0851: pki-core security and bug fix update (Important)oval-com.redhat.rhsa-def-20210851 highRHSA-2021:0851 CVE-2019-10146 CVE-2019-10179 CVE-2019-10221 CVE-2020-1721 CVE-2020-25715 CVE-2021-20179
RHSA-2021:0851: pki-core security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210851 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0851, CVE-2019-10146, CVE-2019-10179, CVE-2019-10221, CVE-2020-1721, CVE-2020-25715, CVE-2021-20179 |
| Description | The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * pki-core: Unprivileged users can renew any certificate (CVE-2021-20179) * pki-core: XSS in the certificate search results (CVE-2020-25715) * pki-core: Reflected XSS in 'path length' constraint field in CA's Agent page (CVE-2019-10146) * pki-core/pki-kra: Reflected XSS in recoveryID search field at KRA's DRM agent page in authorize recovery tab (CVE-2019-10179) * pki-core: Reflected XSS in getcookies?url= endpoint in CA (CVE-2019-10221) * pki-core: KRA vulnerable to reflected XSS via the getPk12 page (CVE-2020-1721) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Add KRA Transport and Storage Certificates profiles, audit for IPA (BZ#1883639) |
RHSA-2021:0856: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20210856 highRHSA-2021:0856 CVE-2019-19532 CVE-2020-0427 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2020-7053 CVE-2021-20265
RHSA-2021:0856: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210856 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0856, CVE-2019-19532, CVE-2020-0427, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, CVE-2020-7053, CVE-2021-20265 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532) * kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) * kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645) * kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) * kernel: increase slab leak leads to DoS (CVE-2021-20265) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * BUG: scheduling while atomic: memory allocation under spinlock in scsi_register_device_handler() (BZ#1619147) * WARNING in __iscsit_free_cmd during recovery Abort (BZ#1784540) * lpfc does not issue adisc to fcp-2 devices, does not respond to nvme targer that send an adisc. (BZ#1875961) * Panic in semctl_nolock.constprop.15+0x25b (BZ#1877264) * [RHEL 7.7][md]Crash due to invalid pool workqueue pointer, work queue race (BZ#1889372) * Guest crash on intel CPU with -cpu host,-spec-ctrl,+ibpb (BZ#1890669) * RHEL7.9 - kernel/uv: handle length extension properly (BZ#1899172) * Commit b144f013fc16a06d7a4b9a4be668a3583fafeda2 'i40e: don't report link up for a VF who hasn't enabled queues' introducing issues with VM using DPDK (BZ#1901064) * writing to /sys/devices/(...)/net/eno49/queues/tx-16/xps_cpus triggers kernel panic (BZ#1903819) * [Hyper-V][RHEL-7.9]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1908896) * kvm-rhel7.9 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1909036) * kernel: nvme nvme7: Connect command failed, error wo/DNR bit: 2 (BZ#1910817) * dm-mirror crashes from assuming underlying storage will have a non-NULL merge_bvec_fn (BZ#1916407) * watchdog: use nmi registers snapshot in hardlockup handler (BZ#1916589) * [DELL EMC 7.9 BUG] - Intel E810 NIC interfaces are not functional in RHEL 7.9 on system with AMD Rome CPUs (BZ#1918273) * [DELL EMC BUG] RHEL system log shows AMD-Vi error when system connected with Gen 4 NVMe drives. (BZ#1921187) |
RHSA-2021:0857: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20210857 highRHSA-2021:0857 CVE-2019-19532 CVE-2020-0427 CVE-2020-14351 CVE-2020-25211 CVE-2020-25645 CVE-2020-25656 CVE-2020-25705 CVE-2020-28374 CVE-2020-29661 CVE-2020-7053 CVE-2021-20265
RHSA-2021:0857: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210857 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0857, CVE-2019-19532, CVE-2020-0427, CVE-2020-14351, CVE-2020-25211, CVE-2020-25645, CVE-2020-25656, CVE-2020-25705, CVE-2020-28374, CVE-2020-29661, CVE-2020-7053, CVE-2021-20265 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211) * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: malicious USB devices can lead to multiple out-of-bounds write (CVE-2019-19532) * kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) * kernel: use-after-free in i915_ppgtt_close in drivers/gpu/drm/i915/i915_gem_gtt.c (CVE-2020-7053) * kernel: performance counters race condition use-after-free (CVE-2020-14351) * kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints (CVE-2020-25645) * kernel: use-after-free in read in vt_do_kdgkb_ioctl (CVE-2020-25656) * kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705) * kernel: increase slab leak leads to DoS (CVE-2021-20265) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the latest RHEL7.9.z4 source tree (BZ#1917909) |
RHSA-2021:0860: ipa security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20210860 mediumRHSA-2021:0860 CVE-2020-11023
RHSA-2021:0860: ipa security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20210860 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:0860, CVE-2020-11023 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * cannot issue certs with multiple IP addresses corresponding to different hosts (BZ#1846349) * CA-less install does not set required permissions on KDC certificate (BZ#1863619) * IdM Web UI shows users as disabled (BZ#1884819) * Authentication and login times are over several seconds due to unindexed ipaExternalMember (BZ#1892793) * improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find (BZ#1895197) * IPA WebUI inaccessible after upgrading to RHEL 8.3 - idoverride-memberof.js missing (BZ#1897253) |
RHSA-2021:0862: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20210862 highRHSA-2021:0862 CVE-2020-28374 CVE-2020-29661
RHSA-2021:0862: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210862 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0862, CVE-2020-28374, CVE-2020-29661 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0966: pki-core:10.6 security update (Important)oval-com.redhat.rhsa-def-20210966 highRHSA-2021:0966 CVE-2021-20179
RHSA-2021:0966: pki-core:10.6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210966 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0966, CVE-2021-20179 |
| Description | The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * pki-core: Unprivileged users can renew any certificate (CVE-2021-20179) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0990: firefox security update (Important)oval-com.redhat.rhsa-def-20210990 highRHSA-2021:0990 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987
RHSA-2021:0990: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210990 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0990, CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Security Fix(es): * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0992: firefox security update (Important)oval-com.redhat.rhsa-def-20210992 highRHSA-2021:0992 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987
RHSA-2021:0992: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210992 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0992, CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Security Fix(es): * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0993: thunderbird security update (Important)oval-com.redhat.rhsa-def-20210993 highRHSA-2021:0993 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987
RHSA-2021:0993: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210993 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0993, CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Security Fix(es): * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:0996: thunderbird security update (Important)oval-com.redhat.rhsa-def-20210996 highRHSA-2021:0996 CVE-2021-23981 CVE-2021-23982 CVE-2021-23984 CVE-2021-23987
RHSA-2021:0996: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20210996 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:0996, CVE-2021-23981, CVE-2021-23982, CVE-2021-23984, CVE-2021-23987 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.0. Security Fix(es): * Mozilla: Texture upload into an unbound backing buffer resulted in an out-of-bound read (CVE-2021-23981) * Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9 (CVE-2021-23987) * Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2021-23982) * Mozilla: Malicious extensions could have spoofed popup information (CVE-2021-23984) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1002: flatpak security update (Important)oval-com.redhat.rhsa-def-20211002 highRHSA-2021:1002 CVE-2021-21381
RHSA-2021:1002: flatpak security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211002 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1002, CVE-2021-21381 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: "file forwarding" feature can be used to gain unprivileged access to files (CVE-2021-21381) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1024: openssl security update (Important)oval-com.redhat.rhsa-def-20211024 highRHSA-2021:1024 CVE-2021-3449 CVE-2021-3450
RHSA-2021:1024: openssl security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211024 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1024, CVE-2021-3449, CVE-2021-3450 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449) * openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1064: virt:rhel and virt-devel:rhel security update (Moderate)oval-com.redhat.rhsa-def-20211064 mediumRHSA-2021:1064 CVE-2021-20295
RHSA-2021:1064: virt:rhel and virt-devel:rhel security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211064 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1064, CVE-2021-20295 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * QEMU: Regression of CVE-2020-10756 fix in virt:rhel/qemu-kvm in Red Hat Enterprise Linux 8.3 (CVE-2021-20295) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1068: flatpak security update (Important)oval-com.redhat.rhsa-def-20211068 highRHSA-2021:1068 CVE-2021-21381
RHSA-2021:1068: flatpak security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211068 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1068, CVE-2021-21381 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: "file forwarding" feature can be used to gain unprivileged access to files (CVE-2021-21381) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1069: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20211069 highRHSA-2021:1069 CVE-2021-27364 CVE-2021-27365
RHSA-2021:1069: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211069 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1069, CVE-2021-27364, CVE-2021-27365 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1070: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20211070 highRHSA-2021:1070 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365
RHSA-2021:1070: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211070 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1070, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL7.9 Realtime crashes due to a blocked task detection. The blocked task is stuck in unregister_shrinker() where multiple tasks have taken the shrinker_rwsem and are fighting on a dentry's d_lockref lock rt_mutex. [kernel-rt] (BZ#1935557) * kernel-rt: update to the latest RHEL7.9.z5 source tree (BZ#1939220) |
RHSA-2021:1071: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20211071 highRHSA-2021:1071 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365
RHSA-2021:1071: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211071 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1071, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Customer testing eMMC sees and intermittent boot problem on 7.8+, was not seen on 7.3 (BZ#1918916) * tcm loopback driver causes double-start of scsi command when work is delayed (BZ#1925652) * [Azure][RHEL-7]Mellanox Patches To Prevent Kernel Hang In MLX4 (BZ#1925691) * A patch from upstream c365c292d059 causes us to end up leaving rt_nr_boosted in an inconsistent state, which causes a hard lockup. (BZ#1928082) * [RHEL7.9.z] Add fix to update snd_wl1 in bulk receiver fast path (BZ#1929804) |
RHSA-2021:1072: libldb security update (Important)oval-com.redhat.rhsa-def-20211072 highRHSA-2021:1072 CVE-2021-20277
RHSA-2021:1072: libldb security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211072 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1072, CVE-2021-20277 |
| Description | The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Security Fix(es): * samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1081: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20211081 highRHSA-2021:1081 CVE-2020-0466 CVE-2020-27152 CVE-2020-28374 CVE-2021-26708 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-3347
RHSA-2021:1081: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211081 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1081, CVE-2020-0466, CVE-2020-27152, CVE-2020-28374, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466) * kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708) * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * Kernel: KVM: host stack overflow due to lazy update IOAPIC (CVE-2020-27152) * kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt possible livelock: WARNING: CPU: 28 PID: 3109 at kernel/ptrace.c:242 ptrace_check_attach+0xdd/0x1a0 (BZ#1925308) * kernel-rt: update RT source tree to the RHEL-8.3.z3 source tree (BZ#1926369) |
RHSA-2021:1086: 389-ds:1.4 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211086 mediumRHSA-2021:1086 CVE-2020-35518
RHSA-2021:1086: 389-ds:1.4 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211086 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1086, CVE-2020-35518 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: information disclosure during the binding of a DN (CVE-2020-35518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * dscreate would not always set the correct hostname for the self-signed certificate database (BZ#1912481) * Indexing a heavily nested database could fail and it would corrupt the database (BZ#1936461) |
RHSA-2021:1093: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20211093 highRHSA-2021:1093 CVE-2020-0466 CVE-2020-27152 CVE-2020-28374 CVE-2021-26708 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-3347
RHSA-2021:1093: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211093 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1093, CVE-2020-0466, CVE-2020-27152, CVE-2020-28374, CVE-2021-26708, CVE-2021-27363, CVE-2021-27364, CVE-2021-27365, CVE-2021-3347 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)
* kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)
* kernel: Use after free via PI futex state (CVE-2021-3347)
* kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708)
* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)
* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)
* Kernel: KVM: host stack overflow due to lazy update IOAPIC (CVE-2020-27152)
* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* race condition when creating child sockets from syncookies (BZ#1915529)
* On System Z, a hash needs state randomized for entropy extraction (BZ#1915816)
* scsi: target: core_tmr_abort_task() reporting multiple aborts for the same se_cmd->tag (BZ#1918354)
* [mlx5] VF interface stats are not reflected in "ip -s link show" / "ifconfig <vf>" commands (BZ#1921060)
* Win10 guest automatic reboot after migration in Win10 and WSL2 on Intel hosts (BZ#1923281)
* [RHEL 8.3] Repeated messages - Unable to burst-read optrom segment (BZ#1924222)
* Backport bug fix RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz (BZ#1924691)
* [Cisco 8.3] RHEL/Cent 8.2 fNIC driver needs a patch fix that addresses crash (BZ#1925186)
* RHEL8.3 - The kernel misdetects zCX with z/VM (BZ#1925508)
* Backport 22e4663e91 ("mm/slub: fix panic in slab_alloc_node()") (BZ#1925511)
* SCTP "Address already in use" when no active endpoints from RHEL 8.2 onwards (BZ#1927521)
* lpfc: Fix initial FLOGI failure due to BBSCN not supported (BZ#1927921)
* [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929738)
* Unexpected thread movement with AMD Milan compared to Rome (BZ#1929740)
* rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929910)
* [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930168)
* Configuring the system with non-RT kernel will hang the system (BZ#1930735)
* Upstream Patch for Gracefully handle DMAR units with no supported address widthsx86/vt-d (BZ#1932199)
* gfs2: Deadlock between gfs2_{create_inode,inode_lookup} and delete_work_func (BZ#1937109)
* Failing on tsx-ctrl when the flag doesn't change anything (BZ#1939013)
Enhancement(s):
* RFE: Backport all Audit enhancements and fixes up to version 5.10-rc1 (BZ#1907520)
* RHEL8.4: Update the target driver (BZ#1918363)
* [Mellanox 8.4 FEAT] mlx5: Hairpin Support in Switch Mode (BZ#1924689)
|
RHSA-2021:1135: squid security update (Important)oval-com.redhat.rhsa-def-20211135 highRHSA-2021:1135 CVE-2020-25097
RHSA-2021:1135: squid security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1135, CVE-2020-25097 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: improper input validation may allow a trusted client to perform HTTP request smuggling (CVE-2020-25097) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1145: nettle security update (Important)oval-com.redhat.rhsa-def-20211145 highRHSA-2021:1145 CVE-2021-20305
RHSA-2021:1145: nettle security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211145 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1145, CVE-2021-20305 |
| Description | Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1192: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20211192 mediumRHSA-2021:1192 CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 CVE-2021-29949 CVE-2021-29950
RHSA-2021:1192: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211192 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1192, CVE-2021-23991, CVE-2021-23992, CVE-2021-23993, CVE-2021-29949, CVE-2021-29950 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.1. Security Fix(es): * Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991) * Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992) * Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1193: thunderbird security update (Moderate)oval-com.redhat.rhsa-def-20211193 mediumRHSA-2021:1193 CVE-2021-23991 CVE-2021-23992 CVE-2021-23993 CVE-2021-29949 CVE-2021-29950
RHSA-2021:1193: thunderbird security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211193 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1193, CVE-2021-23991, CVE-2021-23992, CVE-2021-23993, CVE-2021-29949, CVE-2021-29950 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.9.1. Security Fix(es): * Mozilla: An attacker may use Thunderbird's OpenPGP key refresh mechanism to poison an existing key (CVE-2021-23991) * Mozilla: A crafted OpenPGP key with an invalid user ID could be used to confuse the user (CVE-2021-23992) * Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key (CVE-2021-23993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1197: libldb security update (Important)oval-com.redhat.rhsa-def-20211197 highRHSA-2021:1197 CVE-2021-20277
RHSA-2021:1197: libldb security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211197 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1197, CVE-2021-20277 |
| Description | The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Security Fix(es): * samba: Out of bounds read in AD DC LDAP server (CVE-2021-20277) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1206: gnutls and nettle security update (Important)oval-com.redhat.rhsa-def-20211206 highRHSA-2021:1206 CVE-2021-20305
RHSA-2021:1206: gnutls and nettle security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1206, CVE-2021-20305 |
| Description | The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. Security Fix(es): * nettle: Out of bounds memory access in signature verification (CVE-2021-20305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1242: mariadb:10.3 and mariadb-devel:10.3 security update (Important)oval-com.redhat.rhsa-def-20211242 highRHSA-2021:1242 CVE-2021-27928
RHSA-2021:1242: mariadb:10.3 and mariadb-devel:10.3 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211242 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1242, CVE-2021-27928 |
| Description | MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded to a later upstream version: mariadb (10.3.28), galera (25.3.32). Security Fix(es): * mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user (CVE-2021-27928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1288: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20211288 highRHSA-2021:1288 CVE-2020-29661 CVE-2021-20265 CVE-2021-27364 CVE-2021-27365
RHSA-2021:1288: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211288 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1288, CVE-2020-29661, CVE-2021-20265, CVE-2021-27364, CVE-2021-27365 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661) * kernel: out-of-bounds read in libiscsi module (CVE-2021-27364) * kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365) * kernel: increase slab leak leads to DoS (CVE-2021-20265) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Enable CI and changelog for GitLab workflow (BZ#1930523) |
RHSA-2021:1297: java-11-openjdk security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211297 mediumRHSA-2021:1297 CVE-2021-2163
RHSA-2021:1297: java-11-openjdk security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211297 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1297, CVE-2021-2163 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (8249906) (CVE-2021-2163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * JNI local refs exceeds capacity warning in NetworkInterface::getAll (BZ#1937736) |
RHSA-2021:1298: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20211298 mediumRHSA-2021:1298 CVE-2021-2163
RHSA-2021:1298: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211298 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1298, CVE-2021-2163 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (8249906) (CVE-2021-2163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1301: java-1.8.0-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20211301 mediumRHSA-2021:1301 CVE-2021-2163
RHSA-2021:1301: java-1.8.0-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211301 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1301, CVE-2021-2163 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (8249906) (CVE-2021-2163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1307: java-11-openjdk security update (Moderate)oval-com.redhat.rhsa-def-20211307 mediumRHSA-2021:1307 CVE-2021-2163
RHSA-2021:1307: java-11-openjdk security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211307 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1307, CVE-2021-2163 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incomplete enforcement of JAR signing disabled algorithms (8249906) (CVE-2021-2163) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1350: thunderbird security update (Important)oval-com.redhat.rhsa-def-20211350 highRHSA-2021:1350 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948
RHSA-2021:1350: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211350 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1350, CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) * Mozilla: Race condition when reading from disk while verifying signatures (CVE-2021-29948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1353: thunderbird security update (Important)oval-com.redhat.rhsa-def-20211353 highRHSA-2021:1353 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946 CVE-2021-29948
RHSA-2021:1353: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211353 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1353, CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.10.0. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) * Mozilla: Race condition when reading from disk while verifying signatures (CVE-2021-29948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1354: xstream security update (Important)oval-com.redhat.rhsa-def-20211354 highRHSA-2021:1354 CVE-2021-21344 CVE-2021-21345 CVE-2021-21346 CVE-2021-21347 CVE-2021-21350
RHSA-2021:1354: xstream security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211354 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1354, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21350 |
| Description | XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix(es): * XStream: Unsafe deserizaliation of javax.sql.rowset.BaseRowSet (CVE-2021-21344) * XStream: Unsafe deserizaliation of com.sun.corba.se.impl.activation.ServerTableEntry (CVE-2021-21345) * XStream: Unsafe deserizaliation of sun.swing.SwingLazyValue (CVE-2021-21346) * XStream: Unsafe deserizaliation of com.sun.tools.javac.processing.JavacProcessingEnvironment NameProcessIterator (CVE-2021-21347) * XStream: Unsafe deserizaliation of com.sun.org.apache.bcel.internal.util.ClassLoader (CVE-2021-21350) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1360: firefox security update (Important)oval-com.redhat.rhsa-def-20211360 highRHSA-2021:1360 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946
RHSA-2021:1360: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211360 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1360, CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1363: firefox security update (Important)oval-com.redhat.rhsa-def-20211363 highRHSA-2021:1363 CVE-2021-23961 CVE-2021-23994 CVE-2021-23995 CVE-2021-23998 CVE-2021-23999 CVE-2021-24002 CVE-2021-29945 CVE-2021-29946
RHSA-2021:1363: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211363 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1363, CVE-2021-23961, CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.10.0 ESR. Security Fix(es): * Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994) * Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995) * Mozilla: More internal network hosts could have been probed by a malicious webpage (CVE-2021-23961) * Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998) * Mozilla: Blob URLs may have been granted additional privileges (CVE-2021-23999) * Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL (CVE-2021-24002) * Mozilla: Incorrect size computation in WebAssembly JIT could lead to null-reads (CVE-2021-29945) * Mozilla: Port blocking could be bypassed (CVE-2021-29946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1384: nss security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211384 mediumRHSA-2021:1384 CVE-2020-25648
RHSA-2021:1384: nss security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211384 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1384, CVE-2020-25648 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FTBFS: Paypal Cert expired (BZ#1883973) * FTBFS: IKE CLASS_1563 fails gtest (BZ#1884793) * Cannot compile code with nss headers and -Werror=strict-prototypes (BZ#1885321) * CA HSM ncipher token disabled after RHEL-7.9 update (BZ#1932193) |
RHSA-2021:1389: openldap security update (Moderate)oval-com.redhat.rhsa-def-20211389 mediumRHSA-2021:1389 CVE-2020-25692
RHSA-2021:1389: openldap security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211389 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1389, CVE-2020-25692 |
| Description | OpenLDAP is an open-source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Security Fix(es): * openldap: NULL pointer dereference for unauthenticated packet in slapd (CVE-2020-25692) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1468: bind security update (Important)oval-com.redhat.rhsa-def-20211468 highRHSA-2021:1468 CVE-2021-25215
RHSA-2021:1468: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211468 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1468, CVE-2021-25215 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1469: bind security update (Important)oval-com.redhat.rhsa-def-20211469 highRHSA-2021:1469 CVE-2021-25215
RHSA-2021:1469: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211469 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1469, CVE-2021-25215 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1512: postgresql security update (Important)oval-com.redhat.rhsa-def-20211512 highRHSA-2021:1512 CVE-2019-10208 CVE-2020-25694 CVE-2020-25695
RHSA-2021:1512: postgresql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211512 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1512, CVE-2019-10208, CVE-2020-25694, CVE-2020-25695 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: Reconnection can downgrade connection security settings (CVE-2020-25694) * postgresql: Multiple features escape "security restricted operation" sandbox (CVE-2020-25695) * postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (CVE-2019-10208) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1574: NetworkManager and libnma security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211574 mediumRHSA-2021:1574 CVE-2021-20297
RHSA-2021:1574: NetworkManager and libnma security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211574 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1574, CVE-2021-20297 |
| Description | NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The following packages have been upgraded to a later upstream version: NetworkManager (1.30.0). (BZ#1878783) Security Fix(es): * NetworkManager: Profile with match.path setting triggers crash (CVE-2021-20297) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1578: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20211578 highRHSA-2021:1578 CVE-2019-18811 CVE-2019-19523 CVE-2019-19528 CVE-2020-0431 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12464 CVE-2020-14314 CVE-2020-14356 CVE-2020-15437 CVE-2020-24394 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25704 CVE-2020-27786 CVE-2020-27835 CVE-2020-28974 CVE-2020-35508 CVE-2020-36322 CVE-2021-0342 CVE-2021-0605
RHSA-2021:1578: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211578 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1578, CVE-2019-18811, CVE-2019-19523, CVE-2019-19528, CVE-2020-0431, CVE-2020-11608, CVE-2020-12114, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-12464, CVE-2020-14314, CVE-2020-14356, CVE-2020-15437, CVE-2020-24394, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25643, CVE-2020-25704, CVE-2020-27786, CVE-2020-27835, CVE-2020-28974, CVE-2020-35508, CVE-2020-36322, CVE-2021-0342, CVE-2021-0605 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811) * kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523) * kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528) * kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431) * kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114) * kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464) * kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314) * kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356) * kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437) * kernel: umask not applied on filesystem without ACL support (CVE-2020-24394) * kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212) * kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284) * kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285) * kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643) * kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: use-after-free in kernel midi subsystem (CVE-2020-27786) * kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835) * kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974) * kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508) * kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322) * kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342) * kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1581: sqlite security update (Moderate)oval-com.redhat.rhsa-def-20211581 mediumRHSA-2021:1581 CVE-2020-13434 CVE-2020-15358
RHSA-2021:1581: sqlite security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211581 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1581, CVE-2020-13434, CVE-2020-15358 |
| Description | SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434) * sqlite: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization in select.c (CVE-2020-15358) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1582: cpio security update (Moderate)oval-com.redhat.rhsa-def-20211582 mediumRHSA-2021:1582 CVE-2019-14866
RHSA-2021:1582: cpio security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211582 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1582, CVE-2019-14866 |
| Description | The cpio packages provide the GNU cpio utility for creating and extracting archives, or copying files from one place to another. Security Fix(es): * cpio: improper input validation when writing tar header fields leads to unexpected tar generation (CVE-2019-14866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211585 mediumRHSA-2021:1585 CVE-2016-10228 CVE-2019-25013 CVE-2019-9169 CVE-2020-27618 CVE-2021-3326
RHSA-2021:1585: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211585 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1585, CVE-2016-10228, CVE-2019-25013, CVE-2019-9169, CVE-2020-27618, CVE-2021-3326 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding (CVE-2019-25013) * glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read (CVE-2019-9169) * glibc: assertion failure in ISO-2022-JP-3 gconv module related to combining characters (CVE-2021-3326) * glibc: iconv program can hang when invoked with the -c option (CVE-2016-10228) * glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop (CVE-2020-27618) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211586 mediumRHSA-2021:1586 CVE-2019-13012 CVE-2020-13543 CVE-2020-13584 CVE-2020-16125 CVE-2020-9948 CVE-2020-9951 CVE-2020-9983 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-30661
RHSA-2021:1586: GNOME security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211586 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1586, CVE-2019-13012, CVE-2020-13543, CVE-2020-13584, CVE-2020-16125, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983, CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826, CVE-2021-30661 |
| Description | GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: accountsservice (0.6.55), webkit2gtk3 (2.30.4). (BZ#1846376, BZ#1883304) Security Fix(es): * webkitgtk: type confusion may lead to arbitrary code execution (CVE-2020-9948) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-9951) * webkitgtk: out-of-bounds write may lead to code execution (CVE-2020-9983) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13543) * webkitgtk: use-after-free may lead to arbitrary code execution (CVE-2020-13584) * glib2: insecure permissions for files and directories (CVE-2019-13012) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1593: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20211593 mediumRHSA-2021:1593 CVE-2020-28196
RHSA-2021:1593: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211593 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1593, CVE-2020-28196 |
| Description | Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1_encode.c may lead to DoS (CVE-2020-28196) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1597: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20211597 mediumRHSA-2021:1597 CVE-2020-24977
RHSA-2021:1597: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211597 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1597, CVE-2020-24977 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Buffer overflow vulnerability in xmlEncodeEntitiesInternal() in entities.c (CVE-2020-24977) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1598: bluez security update (Moderate)oval-com.redhat.rhsa-def-20211598 mediumRHSA-2021:1598 CVE-2020-27153
RHSA-2021:1598: bluez security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211598 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1598, CVE-2020-27153 |
| Description | The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * bluez: double free in gatttool client disconnect callback handler in src/shared/att.c could lead to DoS or RCE (CVE-2020-27153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211600 mediumRHSA-2021:1600 CVE-2020-26570 CVE-2020-26571 CVE-2020-26572
RHSA-2021:1600: opensc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211600 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1600, CVE-2020-26570, CVE-2020-26571, CVE-2020-26572 |
| Description | The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fix(es): * opensc: heap-based buffer overflow in sc_oberthur_read_file (CVE-2020-26570) * opensc: stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init (CVE-2020-26571) * opensc: stack-based buffer overflow in tcos_decipher (CVE-2020-26572) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1608: python-cryptography security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211608 mediumRHSA-2021:1608 CVE-2020-25659 CVE-2020-36242
RHSA-2021:1608: python-cryptography security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211608 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1608, CVE-2020-25659, CVE-2020-36242 |
| Description | The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers. The following packages have been upgraded to a later upstream version: python-cryptography (3.2.1). (BZ#1873581, BZ#1891947) Security Fix(es): * python-cryptography: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25659) * python-cryptography: certain sequences of update() calls when symmetrically encrypting very large payloads could result in an integer overflow and lead to buffer overflows (CVE-2020-36242) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211609 mediumRHSA-2021:1609 CVE-2020-29361 CVE-2020-29362 CVE-2020-29363
RHSA-2021:1609: p11-kit security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211609 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1609, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363 |
| Description | The p11-kit packages provide a mechanism to manage PKCS#11 modules. The p11-kit-trust subpackage includes a PKCS#11 trust module that provides certificate anchors and black lists based on configuration files. The following packages have been upgraded to a later upstream version: p11-kit (0.23.22). (BZ#1887853) Security Fix(es): * p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers (CVE-2020-29361) * p11-kit: out-of-bounds read in p11_rpc_buffer_get_byte_array function in rpc-message.c (CVE-2020-29362) * p11-kit: out-of-bounds write in p11_rpc_buffer_get_byte_array_value function in rpc-message.c (CVE-2020-29363) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1610: curl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211610 mediumRHSA-2021:1610 CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286
RHSA-2021:1610: curl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211610 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1610, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284) * curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285) * curl: Inferior OCSP verification (CVE-2020-8286) * curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (CVE-2020-8231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1611: systemd security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211611 mediumRHSA-2021:1611 CVE-2019-3842 CVE-2020-13776
RHSA-2021:1611: systemd security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211611 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1611, CVE-2019-3842, CVE-2020-13776 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842) * systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1620: linux-firmware security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20211620 highRHSA-2021:1620 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364
RHSA-2021:1620: linux-firmware security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211620 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1620, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364 |
| Description | The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211627 mediumRHSA-2021:1627 CVE-2020-24330 CVE-2020-24331 CVE-2020-24332
RHSA-2021:1627: trousers security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211627 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1627, CVE-2020-24330, CVE-2020-24331, CVE-2020-24332 |
| Description | TrouSerS is an implementation of the Trusted Computing Group's Software Stack (TSS) specification. TrouSerS enables the user to write applications that make use of the Trusted Platform Module (TPM) hardware. The following packages have been upgraded to a later upstream version: trousers (0.3.15). (BZ#1725782) Security Fix(es): * trousers: tss user still has read and write access to the /etc/tcsd.conf file if tcsd is started as root (CVE-2020-24331) * trousers: tss user can be used to create or corrupt existing files, this could lead to DoS (CVE-2020-24332) * trousers: fails to drop the root gid privilege when no longer needed (CVE-2020-24330) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1631: python-urllib3 security update (Moderate)oval-com.redhat.rhsa-def-20211631 mediumRHSA-2021:1631 CVE-2020-26137
RHSA-2021:1631: python-urllib3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211631 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1631, CVE-2020-26137 |
| Description | The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Security Fix(es): * python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1633: python3 security update (Moderate)oval-com.redhat.rhsa-def-20211633 mediumRHSA-2021:1633 CVE-2020-26116 CVE-2020-27619 CVE-2021-23336 CVE-2021-3177
RHSA-2021:1633: python3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211633 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1633, CVE-2020-26116, CVE-2020-27619, CVE-2021-23336, CVE-2021-3177 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116) * python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619) * python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) * python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1647: samba security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211647 mediumRHSA-2021:1647 CVE-2020-14318 CVE-2020-14323 CVE-2020-1472
RHSA-2021:1647: samba security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211647 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1647, CVE-2020-14318, CVE-2020-14323, CVE-2020-1472 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. The following packages have been upgraded to a later upstream version: samba (4.13.3). (BZ#1878109) Security Fix(es): * samba: Netlogon elevation of privilege vulnerability (Zerologon) (CVE-2020-1472) * samba: Missing handle permissions check in SMB1/2/3 ChangeNotify (CVE-2020-14318) * samba: Unprivileged user can crash winbind (CVE-2020-14323) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1675: libdb security update (Low)oval-com.redhat.rhsa-def-20211675 lowRHSA-2021:1675 CVE-2019-2708
RHSA-2021:1675: libdb security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20211675 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:1675, CVE-2019-2708 |
| Description | The libdb packages provide the Berkeley Database, an embedded database supporting both traditional and client/server applications. Security Fix(es): * libdb: Denial of service in the Data Store component (CVE-2019-2708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1678: perl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211678 mediumRHSA-2021:1678 CVE-2020-10543 CVE-2020-10878
RHSA-2021:1678: perl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211678 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1678, CVE-2020-10543, CVE-2020-10878 |
| Description | Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543) * perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1679: bash security and bug fix update (Low)oval-com.redhat.rhsa-def-20211679 lowRHSA-2021:1679 CVE-2019-18276
RHSA-2021:1679: bash security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20211679 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:1679, CVE-2019-18276 |
| Description | The bash packages provide Bash (Bourne-again shell), which is the default shell for Red Hat Enterprise Linux. Security Fix(es): * bash: when effective UID is not equal to its real UID the saved UID is not dropped (CVE-2019-18276) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1686: wpa_supplicant security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211686 mediumRHSA-2021:1686 CVE-2021-0326
RHSA-2021:1686: wpa_supplicant security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211686 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1686, CVE-2021-0326 |
| Description | The wpa_supplicant packages contain an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. They implement key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. Security Fix(es): * wpa_supplicant: P2P group information processing vulnerability (CVE-2021-0326) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1702: brotli security update (Moderate)oval-com.redhat.rhsa-def-20211702 mediumRHSA-2021:1702 CVE-2020-8927
RHSA-2021:1702: brotli security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211702 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1702, CVE-2020-8927 |
| Description | Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression. Security Fix(es): * brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1723: sudo security and bug fix update (Low)oval-com.redhat.rhsa-def-20211723 lowRHSA-2021:1723 CVE-2021-23239 CVE-2021-23240
RHSA-2021:1723: sudo security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20211723 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:1723, CVE-2021-23239, CVE-2021-23240 |
| Description | The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: symbolic link attack in SELinux-enabled sudoedit (CVE-2021-23240) * sudo: possible directory existence test due to race condition in sudoedit (CVE-2021-23239) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1734: shim security update (Moderate)oval-com.redhat.rhsa-def-20211734 mediumRHSA-2021:1734 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233
RHSA-2021:1734: shim security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211734 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1734, CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 |
| Description | The shim package contains a first-stage UEFI boot loader that handles chaining to a trusted full boot loader under secure boot environments. Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2: Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1739: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20211739 highRHSA-2021:1739 CVE-2019-19523 CVE-2019-19528 CVE-2020-0431 CVE-2020-11608 CVE-2020-12114 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-12464 CVE-2020-14314 CVE-2020-14356 CVE-2020-15437 CVE-2020-24394 CVE-2020-25212 CVE-2020-25284 CVE-2020-25285 CVE-2020-25643 CVE-2020-25704 CVE-2020-27786 CVE-2020-27835 CVE-2020-28974 CVE-2020-35508 CVE-2021-0342 CVE-2021-0605
RHSA-2021:1739: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211739 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1739, CVE-2019-19523, CVE-2019-19528, CVE-2020-0431, CVE-2020-11608, CVE-2020-12114, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-12464, CVE-2020-14314, CVE-2020-14356, CVE-2020-15437, CVE-2020-24394, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25643, CVE-2020-25704, CVE-2020-27786, CVE-2020-27835, CVE-2020-28974, CVE-2020-35508, CVE-2021-0342, CVE-2021-0605 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523) * kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528) * kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431) * kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114) * kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464) * kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314) * kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356) * kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437) * kernel: umask not applied on filesystem without ACL support (CVE-2020-24394) * kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212) * kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284) * kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285) * kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643) * kernel: perf_event_parse_addr_filter memory (CVE-2020-25704) * kernel: use-after-free in kernel midi subsystem (CVE-2020-27786) * kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835) * kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974) * kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508) * kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342) * kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1744: sane-backends security update (Moderate)oval-com.redhat.rhsa-def-20211744 mediumRHSA-2021:1744 CVE-2020-12867
RHSA-2021:1744: sane-backends security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211744 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1744, CVE-2020-12867 |
| Description | Scanner Access Now Easy (SANE) is a universal scanner interface. The SANE application programming interface (API) provides standardized access to any raster image scanner hardware (for example, flatbed scanners, hand-held scanners, video and still cameras, and frame-grabbers). Security Fix(es): * sane-backends: NULL pointer dereference in sanei_epson_net_read function (CVE-2020-12867) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1746: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211746 mediumRHSA-2021:1746 CVE-2021-3114 CVE-2021-3115
RHSA-2021:1746: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211746 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1746, CVE-2021-3114, CVE-2021-3115 |
| Description | Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang (1.15.7), delve (1.5.0). (BZ#1870531) Security Fix(es): * golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) * golang: cmd/go: packages using cgo can cause arbitrary code execution at build time (CVE-2021-3115) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1751: mailman:2.1 security update (Moderate)oval-com.redhat.rhsa-def-20211751 mediumRHSA-2021:1751 CVE-2020-12108 CVE-2020-15011
RHSA-2021:1751: mailman:2.1 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211751 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1751, CVE-2020-12108, CVE-2020-15011 |
| Description | Mailman is a program used to help manage e-mail discussion lists. Security Fix(es): * mailman: arbitrary content injection via the options login page (CVE-2020-12108) * mailman: arbitrary content injection via the private archive login page (CVE-2020-15011) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1752: evolution security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20211752 lowRHSA-2021:1752 CVE-2020-16117
RHSA-2021:1752: evolution security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20211752 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:1752, CVE-2020-16117 |
| Description | Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Security Fix(es): * evolution-data-server: NULL pointer dereference related to imapx_free_capability and imapx_connect_to_server (CVE-2020-16117) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1756: qt5-qtbase security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211756 mediumRHSA-2021:1756 CVE-2020-17507
RHSA-2021:1756: qt5-qtbase security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211756 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1756, CVE-2020-17507 |
| Description | Qt is a software toolkit for developing applications. The qt5-base packages contain base tools for string, xml, and network handling in Qt. Security Fix(es): * qt: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp (CVE-2020-17507) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1758: exiv2 security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20211758 lowRHSA-2021:1758 CVE-2019-17402
RHSA-2021:1758: exiv2 security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20211758 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:1758, CVE-2019-17402 |
| Description | The exiv2 packages provide a command line utility which can display and manipulate image metadata such as EXIF, LPTC, and JPEG comments. The following packages have been upgraded to a later upstream version: exiv2 (0.27.3). (BZ#1880984) Security Fix(es): * exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check (CVE-2019-17402) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1761: python27:2.7 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211761 mediumRHSA-2021:1761 CVE-2020-26116 CVE-2020-26137 CVE-2020-27783 CVE-2021-3177
RHSA-2021:1761: python27:2.7 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211761 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1761, CVE-2020-26116, CVE-2020-26137, CVE-2020-27783, CVE-2021-3177 |
| Description | Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 packages provide a stable release of Python 2.7 with a number of additional utilities and database connectors for MySQL and PostgreSQL. Security Fix(es): * python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116) * python-urllib3: CRLF injection via HTTP request method (CVE-2020-26137) * python-lxml: mXSS due to the use of improper parser (CVE-2020-27783) * python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1762: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211762 mediumRHSA-2021:1762 CVE-2020-11947 CVE-2020-16092 CVE-2020-25637 CVE-2020-25707 CVE-2020-25723 CVE-2020-27821 CVE-2020-28916 CVE-2020-29129 CVE-2020-29130 CVE-2020-29443
RHSA-2021:1762: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211762 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1762, CVE-2020-11947, CVE-2020-16092, CVE-2020-25637, CVE-2020-25707, CVE-2020-25723, CVE-2020-27821, CVE-2020-28916, CVE-2020-29129, CVE-2020-29130, CVE-2020-29443 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * libvirt: double free in qemuAgentGetInterfaces() in qemu_agent.c (CVE-2020-25637) * QEMU: heap buffer overflow in msix_table_mmio_write() in hw/pci/msix.c (CVE-2020-27821) * QEMU: ide: atapi: OOB access while processing read commands (CVE-2020-29443) * QEMU: heap buffer overflow in iscsi_aio_ioctl_cb() in block/iscsi.c may lead to information disclosure (CVE-2020-11947) * QEMU: reachable assertion failure in net_tx_pkt_add_raw_fragment() in hw/net/net_tx_pkt.c (CVE-2020-16092) * QEMU: infinite loop in e1000e_write_packet_to_guest() in hw/net/e1000e_core.c (CVE-2020-25707) * QEMU: assertion failure through usb_packet_unmap() in hw/usb/hcd-ehci.c (CVE-2020-25723) * QEMU: e1000e: infinite loop scenario in case of null packet descriptor (CVE-2020-28916) * QEMU: slirp: out-of-bounds access while processing ARP/NCSI packets (CVE-2020-29129, CVE-2020-29130) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1775: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211775 mediumRHSA-2021:1775 CVE-2020-1695
RHSA-2021:1775: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211775 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1775, CVE-2020-1695 |
| Description | The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1783: tigervnc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211783 mediumRHSA-2021:1783 CVE-2020-26117
RHSA-2021:1783: tigervnc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211783 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1783, CVE-2020-26117 |
| Description | Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. The following packages have been upgraded to a later upstream version: tigervnc (1.11.0). (BZ#1880985) Security Fix(es): * tigervnc: certificate exceptions stored as authorities (CVE-2020-26117) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1789: gssdp and gupnp security update (Moderate)oval-com.redhat.rhsa-def-20211789 mediumRHSA-2021:1789 CVE-2020-12695
RHSA-2021:1789: gssdp and gupnp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211789 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1789, CVE-2020-12695 |
| Description | GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. GSSDP implements resource discovery and announcement over SSDP and is part of gUPnP. The following packages have been upgraded to a later upstream version: gssdp (1.0.5), gupnp (1.0.6). (BZ#1846589, BZ#1861928) Security Fix(es): * hostapd: UPnP SUBSCRIBE misbehavior in WPS AP (CVE-2020-12695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1791: spice-vdagent security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211791 mediumRHSA-2021:1791 CVE-2020-25650 CVE-2020-25651 CVE-2020-25652 CVE-2020-25653
RHSA-2021:1791: spice-vdagent security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211791 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1791, CVE-2020-25650, CVE-2020-25651, CVE-2020-25652, CVE-2020-25653 |
| Description | The spice-vdagent packages provide a SPICE agent for Linux guests. Security Fix(es): * spice-vdagent: possible file transfer DoS and information leak via active_xfers hash map (CVE-2020-25651) * spice-vdagent: UNIX domain socket peer PID retrieved via SO_PEERCRED is subject to race condition (CVE-2020-25653) * spice-vdagent: memory DoS via arbitrary entries in active_xfers hash table (CVE-2020-25650) * spice-vdagent: possibility to exhaust file descriptors in vdagentd (CVE-2020-25652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1796: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211796 mediumRHSA-2021:1796 CVE-2020-29652 CVE-2021-20199
RHSA-2021:1796: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211796 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1796, CVE-2020-29652, CVE-2021-20199 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652) * podman: Remote traffic to rootless containers is seen as orginating from localhost (CVE-2021-20199) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1804: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211804 mediumRHSA-2021:1804 CVE-2020-14344 CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 CVE-2020-14360 CVE-2020-14361 CVE-2020-14362 CVE-2020-14363 CVE-2020-25712
RHSA-2021:1804: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211804 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1804, CVE-2020-14344, CVE-2020-14345, CVE-2020-14346, CVE-2020-14347, CVE-2020-14360, CVE-2020-14361, CVE-2020-14362, CVE-2020-14363, CVE-2020-25712 |
| Description | X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated drivers for many popular graphics chips. The following packages have been upgraded to a later upstream version: egl-wayland (1.1.5), libdrm (2.4.103), libglvnd (1.3.2), libinput (1.16.3), libwacom (1.6), mesa (20.3.3), xorg-x11-server (1.20.10). (BZ#1878160, BZ#1886648, BZ#1887654, BZ#1887655) Security Fix(es): * xorg-x11-server: Out-of-bounds access in XkbSetNames function (CVE-2020-14345) * xorg-x11-server: Integer underflow in the X input extension protocol (CVE-2020-14346) * xorg-x11-server: Out-of-bounds access in XkbSetMap function (CVE-2020-14360) * xorg-x11-server: XkbSelectEvents integer underflow privilege escalation vulnerability (CVE-2020-14361) * xorg-x11-server: XRecordRegisterClients integer underflow privilege escalation vulnerability (CVE-2020-14362) * libX11: Integer overflow leads to double free in locale handling (CVE-2020-14363) * xorg-x11-server: XkbSetDeviceInfo heap-based buffer overflow privilege escalation vulnerability (CVE-2020-25712) * libX11: Heap overflow in the X input method client (CVE-2020-14344) * xorg-x11-server: Leak of uninitialized heap memory from the X server to clients in AllocatePixmap of dix/pixmap.c (CVE-2020-14347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1809: httpd:2.4 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211809 mediumRHSA-2021:1809 CVE-2018-17199 CVE-2020-11984 CVE-2020-11993
RHSA-2021:1809: httpd:2.4 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211809 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1809, CVE-2018-17199, CVE-2020-11984, CVE-2020-11993 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_session_cookie does not respect expiry time (CVE-2018-17199) * httpd: mod_proxy_uwsgi buffer overflow (CVE-2020-11984) * httpd: mod_http2 concurrent pool usage (CVE-2020-11993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1811: libvncserver security update (Moderate)oval-com.redhat.rhsa-def-20211811 mediumRHSA-2021:1811 CVE-2018-21247 CVE-2019-20839 CVE-2020-14397 CVE-2020-14405 CVE-2020-25708
RHSA-2021:1811: libvncserver security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211811 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1811, CVE-2018-21247, CVE-2019-20839, CVE-2020-14397, CVE-2020-14405, CVE-2020-25708 |
| Description | LibVNCServer is a C library that enables you to implement VNC server functionality into own programs. Security Fix(es): * libvncserver: uninitialized memory contents are vulnerable to Information Leak (CVE-2018-21247) * libvncserver: buffer overflow in ConnectClientToUnixSock() (CVE-2019-20839) * libvncserver: libvncserver/rfbregion.c has a NULL pointer dereference (CVE-2020-14397) * libvncserver: libvncclient/rfbproto.c does not limit TextChat size (CVE-2020-14405) * libvncserver: libvncserver/rfbserver.c has a divide by zero which could result in DoS (CVE-2020-25708) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1842: raptor2 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211842 mediumRHSA-2021:1842 CVE-2017-18926 CVE-2020-25713
RHSA-2021:1842: raptor2 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211842 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1842, CVE-2017-18926, CVE-2020-25713 |
| Description | Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fix(es): * raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer (CVE-2017-18926) * raptor2: malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common (CVE-2020-25713) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1846: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211846 mediumRHSA-2021:1846 CVE-2020-11023
RHSA-2021:1846: idm:DL1 and idm:client security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211846 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1846, CVE-2020-11023 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211849 mediumRHSA-2021:1849 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 CVE-2020-15103 CVE-2020-4030 CVE-2020-4033
RHSA-2021:1849: freerdp security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211849 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1849, CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098, CVE-2020-11099, CVE-2020-15103, CVE-2020-4030, CVE-2020-4033 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp (2.2.0). (BZ#1881971) Security Fix(es): * freerdp: out of bounds read in TrioParse (CVE-2020-4030) * freerdp: out of bound reads resulting in accessing memory location outside of static array PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11095) * freerdp: out of bounds read in PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11097) * freerdp: out of bounds read in license_read_new_or_upgrade_license_packet (CVE-2020-11099) * freerdp: integer overflow due to missing input sanitation in rdpegfx channel (CVE-2020-15103) * freerdp: out-of-bounds read in RLEDECOMPRESS (CVE-2020-4033) * freerdp: out-of-bound read in update_read_cache_bitmap_v3_order (CVE-2020-11096) * freerdp: out-of-bound read in glyph_cache_put (CVE-2020-11098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211852 mediumRHSA-2021:1852 CVE-2020-14373 CVE-2020-16287 CVE-2020-16288 CVE-2020-16289 CVE-2020-16290 CVE-2020-16291 CVE-2020-16292 CVE-2020-16293 CVE-2020-16294 CVE-2020-16295 CVE-2020-16296 CVE-2020-16297 CVE-2020-16298 CVE-2020-16299 CVE-2020-16300 CVE-2020-16301 CVE-2020-16302 CVE-2020-16303 CVE-2020-16304 CVE-2020-16305 CVE-2020-16306 CVE-2020-16307 CVE-2020-16308 CVE-2020-16309 CVE-2020-16310 CVE-2020-17538
RHSA-2021:1852: ghostscript security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211852 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1852, CVE-2020-14373, CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306, CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310, CVE-2020-17538 |
| Description | The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. The following packages have been upgraded to a later upstream version: ghostscript (9.27). (BZ#1874523) Security Fix(es): * ghostscript: use-after-free vulnerability in igc_reloc_struct_ptr() could result in DoS (CVE-2020-14373) * ghostscript: buffer overflow in lprn_is_black() in contrib/lips4/gdevlprn.c could result in a DoS (CVE-2020-16287) * ghostscript: buffer overflow in pj_common_print_page() in devices/gdevpjet.c could result in a DoS (CVE-2020-16288) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a DoS (CVE-2020-16290) * ghostscript: buffer overflow in contrib/gdevdj9.c could result in a DoS (CVE-2020-16291) * ghostscript: buffer overflow in mj_raster_cmd() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16292) * ghostscript: NULL pointer dereference in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c could result in a DoS (CVE-2020-16293) * ghostscript: buffer overflow in epsc_print_page() in devices/gdevepsc.c could result in a DoS (CVE-2020-16294) * ghostscript: NULL pointer dereference in clj_media_size() in devices/gdevclj.c could result in a DoS (CVE-2020-16295) * ghostscript: buffer overflow in GetNumWrongData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-16296) * ghostscript: buffer overflow in FloydSteinbergDitheringC() in contrib/gdevbjca.c could result in a DoS (CVE-2020-16297) * ghostscript: buffer overflow in mj_color_correct() in contrib/japanese/gdevmjc.c could result in a DoS (CVE-2020-16298) * ghostscript: division by zero in bj10v_print_page() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16299) * ghostscript: buffer overflow in tiff12_print_page() in devices/gdevtfnx.c could result in a DoS (CVE-2020-16300) * ghostscript: buffer overflow in okiibm_print_page1() in devices/gdevokii.c could result in a DoS (CVE-2020-16301) * ghostscript: buffer overflow in jetp3852_print_page() in devices/gdev3852.c could result in a privilege escalation (CVE-2020-16302) * ghostscript: use-after-free in xps_finish_image_path() in devices/vector/gdevxps.c could result in a privilege escalation (CVE-2020-16303) * ghostscript: buffer overflow in image_render_color_thresh() in base/gxicolor.c could result in a DoS (CVE-2020-16304) * ghostscript: NULL pointer dereference in devices/gdevtsep.c could result in a DoS (CVE-2020-16306) * ghostscript: NULL pointer dereference in devices/vector/gdevtxtw.c and psi/zbfont.c could result in a DoS (CVE-2020-16307) * ghostscript: buffer overflow in p_print_image() in devices/gdevcdj.c could result in a DoS (CVE-2020-16308) * ghostscript: buffer overflow in lxm5700m_print_page() in devices/gdevlxm.c could result in a DoS (CVE-2020-16309) * ghostscript: division by zero in dot24_print_page() in devices/gdevdm24.c could result in a DoS (CVE-2020-16310) * ghostscript: buffer overflow in GetNumSameData() in contrib/lips4/gdevlips.c could result in a DoS (CVE-2020-17538) * ghostscript: buffer overflow in cif_print_page() in devices/gdevcif.c could result in a DoS (CVE-2020-16289) * ghostscript: buffer overflow in pcx_write_rle() in contrib/japanese/gdev10v.c could result in a DoS (CVE-2020-16305) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211853 mediumRHSA-2021:1853 CVE-2019-25032 CVE-2019-25034 CVE-2019-25035 CVE-2019-25036 CVE-2019-25037 CVE-2019-25038 CVE-2019-25039 CVE-2019-25040 CVE-2019-25041 CVE-2019-25042 CVE-2020-28935
RHSA-2021:1853: unbound security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211853 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1853, CVE-2019-25032, CVE-2019-25034, CVE-2019-25035, CVE-2019-25036, CVE-2019-25037, CVE-2019-25038, CVE-2019-25039, CVE-2019-25040, CVE-2019-25041, CVE-2019-25042, CVE-2020-28935 |
| Description | The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: integer overflow in the regional allocator via regional_alloc (CVE-2019-25032) * unbound: integer overflow in sldns_str2wire_dname_buf_origin can lead to an out-of-bounds write (CVE-2019-25034) * unbound: out-of-bounds write in sldns_bget_token_par (CVE-2019-25035) * unbound: assertion failure and denial of service in synth_cname (CVE-2019-25036) * unbound: assertion failure and denial of service in dname_pkt_copy via an invalid packet (CVE-2019-25037) * unbound: integer overflow in a size calculation in dnscrypt/dnscrypt.c (CVE-2019-25038) * unbound: integer overflow in a size calculation in respip/respip.c (CVE-2019-25039) * unbound: infinite loop via a compressed name in dname_pkt_copy (CVE-2019-25040) * unbound: assertion failure via a compressed name in dname_pkt_copy (CVE-2019-25041) * unbound: out-of-bounds write via a compressed name in rdata_copy (CVE-2019-25042) * unbound: symbolic link traversal when writing PID file (CVE-2020-28935) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1859: grafana security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211859 mediumRHSA-2021:1859 CVE-2020-24303 CVE-2020-27846
RHSA-2021:1859: grafana security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211859 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1859, CVE-2020-24303, CVE-2020-27846 |
| Description | Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (7.3.6). (BZ#1850471) Security Fix(es): * crewjam/saml: authentication bypass in saml authentication (CVE-2020-27846) * grafana: XSS via a query alias for the Elasticsearch and Testdata datasource (CVE-2020-24303) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1879: python38:3.8 security update (Moderate)oval-com.redhat.rhsa-def-20211879 mediumRHSA-2021:1879 CVE-2020-26116 CVE-2020-27783 CVE-2021-3177
RHSA-2021:1879: python38:3.8 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211879 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1879, CVE-2020-26116, CVE-2020-27783, CVE-2021-3177 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: CRLF injection via HTTP request method in httplib/http.client (CVE-2020-26116) * python-lxml: mXSS due to the use of improper parser (CVE-2020-27783) * python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c (CVE-2021-3177) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1881: poppler and evince security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20211881 mediumRHSA-2021:1881 CVE-2020-27778
RHSA-2021:1881: poppler and evince security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211881 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1881, CVE-2020-27778 |
| Description | Poppler is a Portable Document Format (PDF) rendering library, used by applications such as Evince. The evince packages provide a simple multi-page document viewer for Portable Document Format (PDF), PostScript (PS), Encapsulated PostScript (EPS) files, and, with additional back-ends, also the Device Independent File format (DVI) files. The following packages have been upgraded to a later upstream version: poppler (20.11.0). (BZ#1644423) Security Fix(es): * poppler: pdftohtml: access to uninitialized pointer could lead to DoS (CVE-2020-27778) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1887: dovecot security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211887 mediumRHSA-2021:1887 CVE-2020-24386 CVE-2020-25275
RHSA-2021:1887: dovecot security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211887 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1887, CVE-2020-24386, CVE-2020-25275 |
| Description | Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): * dovecot: IMAP hibernation function allows mail access (CVE-2020-24386) * dovecot: Denial of service via mail MIME parsing (CVE-2020-25275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1898: python-lxml security update (Moderate)oval-com.redhat.rhsa-def-20211898 mediumRHSA-2021:1898 CVE-2020-27783
RHSA-2021:1898: python-lxml security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211898 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1898, CVE-2020-27783 |
| Description | lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fix(es): * python-lxml: mXSS due to the use of improper parser (CVE-2020-27783) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1924: spice security update (Low)oval-com.redhat.rhsa-def-20211924 lowRHSA-2021:1924 CVE-2021-20201
RHSA-2021:1924: spice security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20211924 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:1924, CVE-2021-20201 |
| Description | The Simple Protocol for Independent Computing Environments (SPICE) is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. Security Fix(es): * spice: Client initiated renegotiation denial of service (CVE-2021-20201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1935: rust-toolset:rhel8 security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20211935 lowRHSA-2021:1935 CVE-2020-36317 CVE-2020-36318
RHSA-2021:1935: rust-toolset:rhel8 security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20211935 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:1935, CVE-2020-36317, CVE-2020-36318 |
| Description | Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. The following packages have been upgraded to a later upstream version: rust (1.49.0). (BZ#1896712) Security Fix(es): * rust: use-after-free or double free in VecDeque::make_contiguous (CVE-2020-36318) * rust: memory safety violation in String::retain() (CVE-2020-36317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1968: mingw packages security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20211968 mediumRHSA-2021:1968 CVE-2019-16168 CVE-2020-13434 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632
RHSA-2021:1968: mingw packages security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211968 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1968, CVE-2019-16168, CVE-2020-13434, CVE-2020-13630, CVE-2020-13631, CVE-2020-13632 |
| Description | MinGW is a free and open source software development environment to create Microsoft Windows applications. The following packages have been upgraded to a later upstream version: mingw-sqlite (3.26.0.0). (BZ#1845475) Security Fix(es): * sqlite: Division by zero in whereLoopAddBtreeIndex in sqlite3.c (CVE-2019-16168) * sqlite: Integer overflow in sqlite3_str_vappendf function in printf.c (CVE-2020-13434) * sqlite: Use-after-free in fts3EvalNextRow in ext/fts3/fts3.c (CVE-2020-13630) * sqlite: Virtual table can be renamed into the name of one of its shadow tables (CVE-2020-13631) * sqlite: NULL pointer dereference in ext/fts3/fts3_snippet.c via a crafted matchinfo() query (CVE-2020-13632) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1972: pandoc security update (Moderate)oval-com.redhat.rhsa-def-20211972 mediumRHSA-2021:1972 CVE-2020-5238
RHSA-2021:1972: pandoc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20211972 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:1972, CVE-2020-5238 |
| Description | Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Security Fix(es): * cmark-gfm: Exponential time to parse certain inputs could lead to DoS (CVE-2020-5238) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. |
RHSA-2021:1979: squid:4 security update (Important)oval-com.redhat.rhsa-def-20211979 highRHSA-2021:1979 CVE-2020-25097
RHSA-2021:1979: squid:4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211979 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1979, CVE-2020-25097 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Security Fix(es): * squid: improper input validation may allow a trusted client to perform HTTP request smuggling (CVE-2020-25097) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1983: idm:DL1 security update (Important)oval-com.redhat.rhsa-def-20211983 highRHSA-2021:1983 CVE-2021-3480
RHSA-2021:1983: idm:DL1 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211983 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1983, CVE-2021-3480 |
| Description | Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:1989: bind security update (Important)oval-com.redhat.rhsa-def-20211989 highRHSA-2021:1989 CVE-2021-25215
RHSA-2021:1989: bind security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20211989 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:1989, CVE-2021-25215 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself (CVE-2021-25215) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2032: slapi-nis security and bug fix update (Important)oval-com.redhat.rhsa-def-20212032 highRHSA-2021:2032 CVE-2021-3480
RHSA-2021:2032: slapi-nis security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212032 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2032, CVE-2021-3480 |
| Description | The slapi-nis packages contain the NIS server plug-in and the Schema Compatibility plug-in for use with the 389 Directory Server. Security Fix(es): * slapi-nis: NULL dereference (DoS) with specially crafted Binding DN (CVE-2021-3480) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2033: xorg-x11-server security update (Important)oval-com.redhat.rhsa-def-20212033 highRHSA-2021:2033 CVE-2021-3472
RHSA-2021:2033: xorg-x11-server security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212033 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2033, CVE-2021-3472 |
| Description | X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fix(es): * xorg-x11-server: XChangeFeedbackControl integer underflow leads to privilege escalation (CVE-2021-3472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2034: redis:6 security update (Important)oval-com.redhat.rhsa-def-20212034 highRHSA-2021:2034 CVE-2021-29477
RHSA-2021:2034: redis:6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212034 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2034, CVE-2021-29477 |
| Description | Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix(es): * redis: Integer overflow via STRALGO LCS command (CVE-2021-29477) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2036: dotnet5.0 security and bugfix update (Important)oval-com.redhat.rhsa-def-20212036 highRHSA-2021:2036 CVE-2021-31204
RHSA-2021:2036: dotnet5.0 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212036 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2036, CVE-2021-31204 |
| Description | .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6. Security Fix(es): * dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204) In order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2037: dotnet3.1 security and bugfix update (Important)oval-com.redhat.rhsa-def-20212037 highRHSA-2021:2037 CVE-2021-31204
RHSA-2021:2037: dotnet3.1 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212037 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2037, CVE-2021-31204 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15. Security Fix(es): * dotnet: .NET Core single-file application privilege escalation (CVE-2021-31204) In order for the update to be complete, self-contained applications deployed using previous versions need to be recompiled and redeployed. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2147: glib2 security update (Important)oval-com.redhat.rhsa-def-20212147 highRHSA-2021:2147 CVE-2021-27219
RHSA-2021:2147: glib2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212147 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2147, CVE-2021-27219 |
| Description | GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2165: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20212165 highRHSA-2021:2165 CVE-2021-3501
RHSA-2021:2165: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212165 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2165, CVE-2021-3501 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2168: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20212168 highRHSA-2021:2168 CVE-2021-3501 CVE-2021-3543
RHSA-2021:2168: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212168 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2168, CVE-2021-3501, CVE-2021-3543 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501) * kernel: nitro_enclaves stale file descriptors on failed usercopy (CVE-2021-3543) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944667) * Selinux: The task calling security_set_bools() deadlocks with itself when it later calls selinux_audit_rule_match(). (BZ#1945123) * [mlx5] tc flower mpls match options does not work (BZ#1952061) * mlx5: missing patches for ct.rel (BZ#1952062) * CT HWOL: with OVN/OVS, intermittently, load balancer hairpin TCP packets get dropped for seconds in a row (BZ#1952065) * [Lenovo 8.3 bug] Blackscreen after clicking on "Settings" icon from top-right corner. (BZ#1952900) * RHEL 8.x missing uio upstream fix. (BZ#1952952) * Turbostat doesn't show any measured data on AMD Milan (BZ#1952987) * P620 no sound from front headset jack (BZ#1954545) * RHEL kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1955188) * [net/sched] connection failed with DNAT + SNAT by tc action ct (BZ#1956458) |
RHSA-2021:2169: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20212169 highRHSA-2021:2169 CVE-2021-3501 CVE-2021-3543
RHSA-2021:2169: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212169 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2169, CVE-2021-3501, CVE-2021-3543 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501) * kernel: nitro_enclaves stale file descriptors on failed usercopy (CVE-2021-3543) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.4.z0 source tree (BZ#1957489) |
RHSA-2021:2170: glib2 security and bug fix update (Important)oval-com.redhat.rhsa-def-20212170 highRHSA-2021:2170 CVE-2021-27219
RHSA-2021:2170: glib2 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212170 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2170, CVE-2021-27219 |
| Description | GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Refcounting issue causes crashes and slow workarounds (BZ#1953553) |
RHSA-2021:2206: firefox security update (Important)oval-com.redhat.rhsa-def-20212206 highRHSA-2021:2206 CVE-2021-29967
RHSA-2021:2206: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212206 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2206, CVE-2021-29967 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 (CVE-2021-29967) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2233: firefox security update (Important)oval-com.redhat.rhsa-def-20212233 highRHSA-2021:2233 CVE-2021-29967
RHSA-2021:2233: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212233 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2233, CVE-2021-29967 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 (CVE-2021-29967) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2235: pki-core:10.6 security update (Important)oval-com.redhat.rhsa-def-20212235 highRHSA-2021:2235 CVE-2021-3551
RHSA-2021:2235: pki-core:10.6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212235 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2235, CVE-2021-3551 |
| Description | The Public Key Infrastructure (PKI) Core contains fundamental packages required by Red Hat Certificate System. Security Fix(es): * pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file (CVE-2021-3551) The PKI installer "pkispawn" logs admin credentials into a world-readable log file. It also looks like the installer is passing the password as an insecure command line argument. The credentials are the 389-DS LDAP server's Directory Manager credentials. The Directory Manager is 389-DS' equivalent of unrestricted root account. The user bypasses permission checks and grants full access to data. In an IdM / FreeIPA installation the DM user is able to read and manipulate Kerberos KDC master password, Kerberos keytabs, hashed user passwords, and more. Any and all IdM and FreeIPA installations with PKI 10.10 should be considered compromised. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2238: polkit security update (Important)oval-com.redhat.rhsa-def-20212238 highRHSA-2021:2238 CVE-2021-3560
RHSA-2021:2238: polkit security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212238 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2238, CVE-2021-3560 |
| Description | The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() (CVE-2021-3560) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2259: nginx:1.18 security update (Important)oval-com.redhat.rhsa-def-20212259 highRHSA-2021:2259 CVE-2021-23017
RHSA-2021:2259: nginx:1.18 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212259 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2259, CVE-2021-23017 |
| Description | nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2260: libwebp security update (Important)oval-com.redhat.rhsa-def-20212260 highRHSA-2021:2260 CVE-2018-25011 CVE-2020-36328 CVE-2020-36329
RHSA-2021:2260: libwebp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212260 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2260, CVE-2018-25011, CVE-2020-36328, CVE-2020-36329 |
| Description | The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Security Fix(es): * libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2263: thunderbird security update (Important)oval-com.redhat.rhsa-def-20212263 highRHSA-2021:2263 CVE-2021-29956 CVE-2021-29957 CVE-2021-29967
RHSA-2021:2263: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212263 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2263, CVE-2021-29956, CVE-2021-29957, CVE-2021-29967 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 (CVE-2021-29967) * Mozilla: Thunderbird stored OpenPGP secret keys without master password protection (CVE-2021-29956) * Mozilla: Partial protection of inline OpenPGP message not indicated (CVE-2021-29957) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2264: thunderbird security update (Important)oval-com.redhat.rhsa-def-20212264 highRHSA-2021:2264 CVE-2021-29956 CVE-2021-29957 CVE-2021-29967
RHSA-2021:2264: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212264 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2264, CVE-2021-29956, CVE-2021-29957, CVE-2021-29967 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.11.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 (CVE-2021-29967) * Mozilla: Thunderbird stored OpenPGP secret keys without master password protection (CVE-2021-29956) * Mozilla: Partial protection of inline OpenPGP message not indicated (CVE-2021-29957) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2285: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20212285 highRHSA-2021:2285 CVE-2021-3347
RHSA-2021:2285: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212285 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2285, CVE-2021-3347 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: Use after free via PI futex state (CVE-2021-3347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2290: nginx:1.16 security update (Important)oval-com.redhat.rhsa-def-20212290 highRHSA-2021:2290 CVE-2021-23017
RHSA-2021:2290: nginx:1.16 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212290 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2290, CVE-2021-23017 |
| Description | nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fix(es): * nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2291: container-tools:2.0 security update (Important)oval-com.redhat.rhsa-def-20212291 highRHSA-2021:2291 CVE-2021-30465
RHSA-2021:2291: container-tools:2.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212291 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2291, CVE-2021-30465 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * runc: vulnerable to symlink exchange attack (CVE-2021-30465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2299: microcode_ctl security, bug fix and enhancement update (Important)oval-com.redhat.rhsa-def-20212299 highRHSA-2021:2299 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513
RHSA-2021:2299: microcode_ctl security, bug fix and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212299 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2299, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-24513 |
| Description | The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: information disclosure on some Intel Atom processors (CVE-2020-24513) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20210525 release * Do not use "grep -q" in a pipe in check_caveats. |
RHSA-2021:2305: microcode_ctl security, bug fix and enhancement update (Important)oval-com.redhat.rhsa-def-20212305 highRHSA-2021:2305 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513
RHSA-2021:2305: microcode_ctl security, bug fix and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212305 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2305, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-24513 |
| Description | The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: information disclosure on some Intel Atom processors (CVE-2020-24513) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20210525 release |
RHSA-2021:2308: microcode_ctl security, bug fix and enhancement update (Important)oval-com.redhat.rhsa-def-20212308 highRHSA-2021:2308 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-24513
RHSA-2021:2308: microcode_ctl security, bug fix and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212308 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2308, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-24513 |
| Description | The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: information disclosure on some Intel Atom processors (CVE-2020-24513) Bug Fix(es) and Enhancement(s): * Update Intel CPU microcode to microcode-20210525 release |
RHSA-2021:2313: samba security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20212313 mediumRHSA-2021:2313 CVE-2021-20254
RHSA-2021:2313: samba security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212313 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2313, CVE-2021-20254 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token (CVE-2021-20254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * smb.service stops when samba rpms are updated (BZ#1930747) * samba printing dumps core (BZ#1937867) |
RHSA-2021:2314: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20212314 highRHSA-2021:2314 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-27170 CVE-2020-8648 CVE-2021-3347
RHSA-2021:2314: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212314 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2314, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-27170, CVE-2020-8648, CVE-2021-3347 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648) * kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363) * kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364) * kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel crash when call the timer function (sctp_generate_proto_unreach_event) of sctp module (BZ#1707184) * SCSI error handling process on HP P440ar controller gets stuck indefinitely in device reset operation (BZ#1830268) * netfilter: reproducible deadlock on nft_log module autoload (BZ#1858329) * netfilter: NULL pointer dereference in nf_tables_set_lookup() (BZ#1873171) * [DELL EMC 7.9 Bug]: No acpi_pad threads on top command for "power cap policy equal to 0 watts" (BZ#1883174) * A race between i40e_ndo_set_vf_mac() and i40e_vsi_clear() in the i40e driver causes a use after free condition of the kmalloc-4096 slab cache. (BZ#1886003) * netxen driver performs poorly with RT kernel (BZ#1894274) * gendisk->disk_part_tbl->last_lookup retains pointer after partition deletion (BZ#1898596) * Kernel experiences panic in update_group_power() due to division error even with Bug 1701115 fix (BZ#1910763) * RHEL7.9 - zfcp: fix handling of FCP_RESID_OVER bit in fcp ingress path (BZ#1917839) * RHEL7.9 - mm/THP: do not access vma->vm_mm after calling handle_userfault (BZ#1917840) * raid: wrong raid io account (BZ#1927106) * qla2x00_status_cont_entry() missing upstream patch that prevents unnecessary ABRT/warnings (BZ#1933784) * RHEL 7.9.z - System hang caused by workqueue stall in qla2xxx driver (BZ#1937945) * selinux: setsebool can trigger a deadlock (BZ#1939091) * [Hyper-V][RHEL-7] Cannot boot kernel 3.10.0-1160.21.1.el7.x86_64 on Hyper-V (BZ#1941841) |
RHSA-2021:2316: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20212316 highRHSA-2021:2316 CVE-2020-12362 CVE-2020-12363 CVE-2020-12364 CVE-2020-27170 CVE-2020-8648 CVE-2021-3347
RHSA-2021:2316: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212316 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2316, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-27170, CVE-2020-8648, CVE-2021-3347 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: Use after free via PI futex state (CVE-2021-3347) * kernel: use-after-free in n_tty_receive_buf_common function in drivers/tty/n_tty.c (CVE-2020-8648) * kernel: Improper input validation in some Intel(R) Graphics Drivers (CVE-2020-12363) * kernel: Null pointer dereference in some Intel(R) Graphics Drivers (CVE-2020-12364) * kernel: Speculation on pointer arithmetic against bpf_context pointer (CVE-2020-27170) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * lru-add-drain workqueue on RT is allocated without being used (BZ#1894587) * kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1953118) |
RHSA-2021:2318: hivex security update (Moderate)oval-com.redhat.rhsa-def-20212318 mediumRHSA-2021:2318 CVE-2021-3504
RHSA-2021:2318: hivex security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212318 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2318, CVE-2021-3504 |
| Description | Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk. Security Fix(es): * hivex: Buffer overflow when provided invalid node key length (CVE-2021-3504) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2322: qemu-kvm security update (Moderate)oval-com.redhat.rhsa-def-20212322 mediumRHSA-2021:2322 CVE-2020-29443
RHSA-2021:2322: qemu-kvm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212322 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2322, CVE-2020-29443 |
| Description | Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fix(es): * QEMU: ide: atapi: OOB access while processing read commands (CVE-2020-29443) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2323: 389-ds-base security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20212323 mediumRHSA-2021:2323 CVE-2020-35518
RHSA-2021:2323: 389-ds-base security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212323 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2323, CVE-2020-35518 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: information disclosure during the binding of a DN (CVE-2020-35518) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Add new access log keywords for time spent in work queue and actual operation time (BZ#1953673) |
RHSA-2021:2328: qt5-qtimageformats security update (Important)oval-com.redhat.rhsa-def-20212328 highRHSA-2021:2328 CVE-2018-25011 CVE-2018-25014 CVE-2020-36328 CVE-2020-36329
RHSA-2021:2328: qt5-qtimageformats security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212328 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2328, CVE-2018-25011, CVE-2018-25014, CVE-2020-36328, CVE-2020-36329 |
| Description | The Qt Image Formats in an add-on module for the core Qt Gui library that provides support for additional image formats including MNG, TGA, TIFF, WBMP, and WebP. Security Fix(es): * libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014) * libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2352: .NET Core 3.1 security and bugfix update (Important)oval-com.redhat.rhsa-def-20212352 highRHSA-2021:2352 CVE-2021-31957
RHSA-2021:2352: .NET Core 3.1 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212352 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2352, CVE-2021-31957 |
| Description | .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.116 and .NET Runtime 3.1.16. Security Fix(es): * dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2353: .NET 5.0 security and bugfix update (Important)oval-com.redhat.rhsa-def-20212353 highRHSA-2021:2353 CVE-2021-31957
RHSA-2021:2353: .NET 5.0 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212353 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2353, CVE-2021-31957 |
| Description | .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.204 and .NET Runtime 5.0.7. Security Fix(es): * dotnet: ASP.NET Core Client Disconnect Denial of Service (CVE-2021-31957) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2354: libwebp security update (Important)oval-com.redhat.rhsa-def-20212354 highRHSA-2021:2354 CVE-2018-25011 CVE-2020-36328 CVE-2020-36329
RHSA-2021:2354: libwebp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212354 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2354, CVE-2018-25011, CVE-2020-36328, CVE-2020-36329 |
| Description | The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Security Fix(es): * libwebp: heap-based buffer overflow in PutLE16() (CVE-2018-25011) * libwebp: heap-based buffer overflow in WebPDecode*Into functions (CVE-2020-36328) * libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c (CVE-2020-36329) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2357: dhcp security update (Important)oval-com.redhat.rhsa-def-20212357 highRHSA-2021:2357 CVE-2021-25217
RHSA-2021:2357: dhcp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212357 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2357, CVE-2021-25217 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2359: dhcp security update (Important)oval-com.redhat.rhsa-def-20212359 highRHSA-2021:2359 CVE-2021-25217
RHSA-2021:2359: dhcp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212359 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2359, CVE-2021-25217 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2360: postgresql:9.6 security update (Important)oval-com.redhat.rhsa-def-20212360 highRHSA-2021:2360 CVE-2021-32027 CVE-2021-32028
RHSA-2021:2360: postgresql:9.6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212360 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2360, CVE-2021-32027, CVE-2021-32028 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (9.6.22) Security Fix(es): * postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027) * postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE (CVE-2021-32028) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2361: postgresql:10 security update (Important)oval-com.redhat.rhsa-def-20212361 highRHSA-2021:2361 CVE-2021-32027 CVE-2021-32028
RHSA-2021:2361: postgresql:10 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212361 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2361, CVE-2021-32027, CVE-2021-32028 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (10.17). Security Fix(es): * postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027) * postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE (CVE-2021-32028) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2363: gupnp security update (Important)oval-com.redhat.rhsa-def-20212363 highRHSA-2021:2363 CVE-2021-33516
RHSA-2021:2363: gupnp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212363 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2363, CVE-2021-33516 |
| Description | GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. Security Fix(es): * gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2370: container-tools:3.0 security update (Important)oval-com.redhat.rhsa-def-20212370 highRHSA-2021:2370 CVE-2021-30465
RHSA-2021:2370: container-tools:3.0 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212370 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2370, CVE-2021-30465 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * runc: vulnerable to symlink exchange attack (CVE-2021-30465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2371: container-tools:rhel8 security update (Important)oval-com.redhat.rhsa-def-20212371 highRHSA-2021:2371 CVE-2021-30465
RHSA-2021:2371: container-tools:rhel8 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212371 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2371, CVE-2021-30465 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * runc: vulnerable to symlink exchange attack (CVE-2021-30465) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2372: postgresql:12 security update (Important)oval-com.redhat.rhsa-def-20212372 highRHSA-2021:2372 CVE-2021-32027 CVE-2021-32028 CVE-2021-32029 CVE-2021-3393
RHSA-2021:2372: postgresql:12 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212372 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2372, CVE-2021-32027, CVE-2021-32028, CVE-2021-32029, CVE-2021-3393 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (12.7) Security Fix(es): * postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027) * postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE (CVE-2021-32028) * postgresql: Memory disclosure in partitioned-table UPDATE ... RETURNING (CVE-2021-32029) * postgresql: Partition constraint violation errors leak values of denied columns (CVE-2021-3393) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2375: postgresql:13 security update (Important)oval-com.redhat.rhsa-def-20212375 highRHSA-2021:2375 CVE-2021-32027 CVE-2021-32028 CVE-2021-32029
RHSA-2021:2375: postgresql:13 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212375 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2375, CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). The following packages have been upgraded to a later upstream version: postgresql (13.3). Security Fix(es): * postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027) * postgresql: Memory disclosure in INSERT ... ON CONFLICT ... DO UPDATE (CVE-2021-32028) * postgresql: Memory disclosure in partitioned-table UPDATE ... RETURNING (CVE-2021-32029) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2397: postgresql security update (Important)oval-com.redhat.rhsa-def-20212397 highRHSA-2021:2397 CVE-2021-32027
RHSA-2021:2397: postgresql security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212397 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2397, CVE-2021-32027 |
| Description | PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: Buffer overrun from integer overflow in array subscripting calculations (CVE-2021-32027) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2417: gupnp security update (Important)oval-com.redhat.rhsa-def-20212417 highRHSA-2021:2417 CVE-2021-33516
RHSA-2021:2417: gupnp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212417 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2417, CVE-2021-33516 |
| Description | GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible. Security Fix(es): * gupnp: allows DNS rebinding which could result in tricking browser into triggering actions against local UPnP services (CVE-2021-33516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2419: dhcp security update (Important)oval-com.redhat.rhsa-def-20212419 highRHSA-2021:2419 CVE-2021-25217
RHSA-2021:2419: dhcp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212419 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2419, CVE-2021-25217 |
| Description | The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Security Fix(es): * dhcp: stack-based buffer overflow when parsing statements with colon-separated hex digits in config or lease files in dhcpd and dhclient (CVE-2021-25217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2467: glib2 security update (Important)oval-com.redhat.rhsa-def-20212467 highRHSA-2021:2467 CVE-2021-27219
RHSA-2021:2467: glib2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212467 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2467, CVE-2021-27219 |
| Description | GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2563: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20212563 highRHSA-2021:2563 CVE-2021-33034
RHSA-2021:2563: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212563 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2563, CVE-2021-33034 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2566: fwupd security update (Moderate)oval-com.redhat.rhsa-def-20212566 mediumRHSA-2021:2566 CVE-2020-14372 CVE-2020-25632 CVE-2020-25647 CVE-2020-27749 CVE-2020-27779 CVE-2021-20225 CVE-2021-20233
RHSA-2021:2566: fwupd security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212566 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2566, CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233 |
| Description | The fwupd packages provide a service that allows session software to update device firmware. Security Fix(es): * grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled (CVE-2020-14372) * grub2: Use-after-free in rmmod command (CVE-2020-25632) * grub2: Out-of-bounds write in grub_usb_device_initialize() (CVE-2020-25647) * grub2: Stack buffer overflow in grub_parser_split_cmdline() (CVE-2020-27749) * grub2: cutmem command allows privileged user to remove memory regions when Secure Boot is enabled (CVE-2020-27779) * grub2: Heap out-of-bounds write in short form option parser (CVE-2021-20225) * grub2: Heap out-of-bounds write due to miscalculation of space required for quoting (CVE-2021-20233) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2569: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20212569 mediumRHSA-2021:2569 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3537 CVE-2021-3541
RHSA-2021:2569: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212569 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2569, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use-after-free in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3516) * libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c (CVE-2021-3517) * libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c (CVE-2021-3518) * libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode (CVE-2021-3537) * libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms (CVE-2021-3541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2570: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20212570 highRHSA-2021:2570 CVE-2020-26541 CVE-2021-33034
RHSA-2021:2570: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212570 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2570, CVE-2020-26541, CVE-2021-33034 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) * kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [ESXi][RHEL-8] VMXNET3 v4 causes invalid checksums of inner packets of VXLAN tunnel (BZ#1960702) * fnic crash from invalid request pointer (BZ#1961705) * GFS2: Failed FS thaw call makes the entire snapshot failed. (BZ#1961849) * dm writecache: fix performance degradation in ssd mode (BZ#1962241) * Kernel BUG with act_ct and IP fragments (BZ#1963940) * core: backports from upstream (BZ#1963952) * Hibernate resume on RHEL fails in Amazon EC2 C5.18xlarge instance (BZ#1964930) * [SanityOnly] panic caused by i40e_msix_clean_rings (BZ#1964962) * tc reclassification limit is too low for OVN (BZ#1965148) * tc action ct nat src addr does not work while used with ct nat dst addr together (BZ#1965150) * CNB: Rebase/update TC subsystem for RHEL 8.5 (BZ#1965457) * sctp: crash due to use after free of sctp_transport structure (BZ#1965632) |
RHSA-2021:2574: rpm security update (Moderate)oval-com.redhat.rhsa-def-20212574 mediumRHSA-2021:2574 CVE-2021-20271 CVE-2021-3421
RHSA-2021:2574: rpm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212574 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2574, CVE-2021-20271, CVE-2021-3421 |
| Description | The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix(es): * rpm: Signature checks bypass via corrupted rpm package (CVE-2021-20271) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2575: lz4 security update (Moderate)oval-com.redhat.rhsa-def-20212575 mediumRHSA-2021:2575 CVE-2021-3520
RHSA-2021:2575: lz4 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212575 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2575, CVE-2021-3520 |
| Description | The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems. Security Fix(es): * lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate)oval-com.redhat.rhsa-def-20212583 mediumRHSA-2021:2583 CVE-2020-14343
RHSA-2021:2583: python38:3.8 and python38-devel:3.8 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212583 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2583, CVE-2020-14343 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * PyYAML: incomplete fix for CVE-2020-1747 (CVE-2020-14343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2584: ruby:2.7 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20212584 mediumRHSA-2021:2584 CVE-2020-25613 CVE-2021-28965
RHSA-2021:2584: ruby:2.7 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212584 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2584, CVE-2020-25613, CVE-2021-28965 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.7.3). (BZ#1951999) Security Fix(es): * ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) * ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Resolv::DNS: ruby:2.7/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhel-8] (BZ#1952000) |
RHSA-2021:2587: ruby:2.5 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20212587 mediumRHSA-2021:2587 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2020-10663 CVE-2020-10933 CVE-2020-25613 CVE-2021-28965
RHSA-2021:2587: ruby:2.5 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212587 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2587, CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2021-28965 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626) Security Fix(es): * ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) * ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201) * ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255) * rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663) * ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933) * ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) * ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) * ruby: HTTP response splitting in WEBrick (CVE-2019-16254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20212588 mediumRHSA-2021:2588 CVE-2019-15845 CVE-2019-16201 CVE-2019-16254 CVE-2019-16255 CVE-2019-3881 CVE-2020-10663 CVE-2020-10933 CVE-2020-25613 CVE-2021-28965
RHSA-2021:2588: ruby:2.6 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212588 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2588, CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2019-3881, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2021-28965 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby (2.6.7). (BZ#1952627) Security Fix(es): * rubygem-bundler: Insecure permissions on directory in /tmp/ allows for execution of malicious code (CVE-2019-3881) * ruby: NUL injection vulnerability of File.fnmatch and File.fnmatch? (CVE-2019-15845) * ruby: Regular expression denial of service vulnerability of WEBrick's Digest authentication (CVE-2019-16201) * ruby: Code injection via command argument of Shell#test / Shell#[] (CVE-2019-16255) * rubygem-json: Unsafe object creation vulnerability in JSON (CVE-2020-10663) * ruby: BasicSocket#read_nonblock method leads to information disclosure (CVE-2020-10933) * ruby: Potential HTTP request smuggling in WEBrick (CVE-2020-25613) * ruby: XML round-trip vulnerability in REXML (CVE-2021-28965) * ruby: HTTP response splitting in WEBrick (CVE-2019-16254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Resolv::DNS: ruby:2.6/ruby: timeouts if multiple IPv6 name servers are given and address contains leading zero [rhel-8] (BZ#1954968) |
RHSA-2021:2591: edk2 security update (Moderate)oval-com.redhat.rhsa-def-20212591 mediumRHSA-2021:2591 CVE-2021-28211
RHSA-2021:2591: edk2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212591 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2591, CVE-2021-28211 |
| Description | EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: possible heap corruption with LzmaUefiDecompressGetInfo (CVE-2021-28211) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2595: 389-ds:1.4 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20212595 mediumRHSA-2021:2595 CVE-2021-3514
RHSA-2021:2595: 389-ds:1.4 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20212595 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:2595, CVE-2021-3514 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control() (CVE-2021-3514) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * ACIs are being evaluated against the Replication Manager account in a replication context. (BZ#1968588) * A connection can be erroneously flagged as replication conn during evaluation of an aci with ip bind rule (BZ#1970791) * Large updates can reset the CLcache to the beginning of the changelog (BZ#1972721) * Changelog cache can upload updates from a wrong starting point (CSN) (BZ#1972738) |
RHSA-2021:2599: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20212599 highRHSA-2021:2599 CVE-2020-26541 CVE-2021-33034
RHSA-2021:2599: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212599 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2599, CVE-2020-26541, CVE-2021-33034 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) * kernel: security bypass in certs/blacklist.c and certs/system_keyring.c (CVE-2020-26541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.4.z1 source tree (BZ#1965378) * panic caused by i40e_msix_clean_rings [rhel-rt] (BZ#1965970) |
RHSA-2021:2658: linuxptp security update (Important)oval-com.redhat.rhsa-def-20212658 highRHSA-2021:2658 CVE-2021-3570
RHSA-2021:2658: linuxptp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212658 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2658, CVE-2021-3570 |
| Description | The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2660: linuxptp security update (Important)oval-com.redhat.rhsa-def-20212660 highRHSA-2021:2660 CVE-2021-3570
RHSA-2021:2660: linuxptp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212660 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2660, CVE-2021-3570 |
| Description | The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. Security Fix(es): * linuxptp: missing length check of forwarded messages (CVE-2021-3570) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2683: xstream security update (Important)oval-com.redhat.rhsa-def-20212683 highRHSA-2021:2683 CVE-2021-29505
RHSA-2021:2683: xstream security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212683 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2683, CVE-2021-29505 |
| Description | XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix(es): * XStream: remote command execution attack by manipulating the processed input stream (CVE-2021-29505) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2714: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20212714 highRHSA-2021:2714 CVE-2021-32399 CVE-2021-33909
RHSA-2021:2714: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212714 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2714, CVE-2021-32399, CVE-2021-33909 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * pinctrl_emmitsburg: improper configuration (BZ#1963984) * [Ampere] locking/qrwlock: Fix ordering in queued_write_lock_slowpath (BZ#1964419) * RHEL8.4 - [P10] [NPIV Multi queue Test kernel- 4.18.0-283.el8.ibmvfc_11022021.ppc64le] DLPAR operation fails for ibmvfc on Denali (ibmvfc/dlpar/RHEL8.4) (BZ#1964697) * Every server is displaying the same power levels for all of our i40e 25G interfaces. 10G interfaces seem to be correct. Ethtool version is 5.0 (BZ#1967099) * backport fixes for Connection Tracking offload (BZ#1968679) * fm10k: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969910) * ixgbevf: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969911) * ena: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969913) * b44, bnx2, bnx2x, bnxt, tg3: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969914) * e1000, e1000e: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969915) * ice: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969917) * igb: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969919) * igbvf: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969920) * igc: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969921) * ixgbe: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969922) * i40e: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969923) * iavf: removal of MODULE_VERSION deemed improper for y-stream release (BZ#1969925) * Backport netlink extack tracepoint (BZ#1972938) * [RHEL8.4] kernel panic when create NPIV port on qedf driver (BZ#1974968) |
RHSA-2021:2715: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20212715 highRHSA-2021:2715 CVE-2021-32399 CVE-2021-33909
RHSA-2021:2715: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212715 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2715, CVE-2021-32399, CVE-2021-33909 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.4.z2 source tree (BZ#1975405) |
RHSA-2021:2716: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20212716 highRHSA-2021:2716 CVE-2021-32399 CVE-2021-33909
RHSA-2021:2716: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212716 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2716, CVE-2021-32399, CVE-2021-33909 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2717: systemd security update (Important)oval-com.redhat.rhsa-def-20212717 highRHSA-2021:2717 CVE-2021-33910
RHSA-2021:2717: systemd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212717 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2717, CVE-2021-33910 |
| Description | The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: uncontrolled allocation on the stack in function unit_name_path_escape leads to crash (CVE-2021-33910) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2725: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20212725 highRHSA-2021:2725 CVE-2019-20934 CVE-2020-11668 CVE-2021-33033 CVE-2021-33034 CVE-2021-33909
RHSA-2021:2725: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212725 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2725, CVE-2019-20934, CVE-2020-11668, CVE-2021-33033, CVE-2021-33034, CVE-2021-33909 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) * kernel: use-after-free in show_numa_stats function (CVE-2019-20934) * kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668) * kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL7.9.z] n_tty_open: "BUG: unable to handle kernel paging request" (BZ#1872778) * [ESXi][RHEL7.8]"qp_alloc_hypercall result = -20" / "Could not attach to queue pair with -20" with vSphere Fault Tolerance enabled (BZ#1892237) * [RHEL7.9][s390x][Regression] Sino Nomine swapgen IBM z/VM emulated DASD with DIAG driver returns EOPNOTSUPP (BZ#1910395) * False-positive hard lockup detected while processing the thread state information (SysRq-T) (BZ#1912221) * RHEL7.9 zstream - s390x LPAR with NVMe SSD will panic when it has 32 or more IFL (pci) (BZ#1917943) * The NMI watchdog detected a hard lockup while printing RCU CPU stall warning messages to the serial console (BZ#1924688) * nvme hangs when trying to allocate reserved tag (BZ#1926825) * [REGRESSION] "call into AER handling regardless of severity" triggers do_recovery() unnecessarily on correctable PCIe errors (BZ#1933663) * Module nvme_core: A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page(). (BZ#1946793) * sctp - SCTP_CMD_TIMER_START queues active timer kernel BUG at kernel/timer.c:1000! (BZ#1953052) * [Hyper-V][RHEL-7]When CONFIG_NET_POLL_CONTROLLER is set, mainline commit 2a7f8c3b1d3fee is needed (BZ#1953075) * Kernel panic at cgroup_is_descendant (BZ#1957719) * [Hyper-V][RHEL-7]Commits To Fix Kdump Failures (BZ#1957803) * IGMPv2 JOIN packets incorrectly routed to loopback (BZ#1958339) * [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1960193) * mlx4: Fix memory allocation in mlx4_buddy_init needed (BZ#1962406) * incorrect assertion on pi_state->pi_mutex.wait_lock from pi_state_update_owner() (BZ#1965495) |
RHSA-2021:2726: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20212726 highRHSA-2021:2726 CVE-2019-20934 CVE-2020-11668 CVE-2021-33033 CVE-2021-33034 CVE-2021-33909
RHSA-2021:2726: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212726 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2726, CVE-2019-20934, CVE-2020-11668, CVE-2021-33033, CVE-2021-33034, CVE-2021-33909 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) * kernel: use-after-free in show_numa_stats function (CVE-2019-20934) * kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668) * kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the latest RHEL7.9.z7 source tree (BZ#1967333) |
RHSA-2021:2727: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20212727 highRHSA-2021:2727 CVE-2021-33034 CVE-2021-33909
RHSA-2021:2727: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212727 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2727, CVE-2021-33034, CVE-2021-33909 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2735: kernel security update (Important)oval-com.redhat.rhsa-def-20212735 highRHSA-2021:2735 CVE-2020-12362 CVE-2021-3347 CVE-2021-33909
RHSA-2021:2735: kernel security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212735 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2735, CVE-2020-12362, CVE-2021-3347, CVE-2021-33909 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909) * kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362) * kernel: Use after free via PI futex state (CVE-2021-3347) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2741: firefox security update (Important)oval-com.redhat.rhsa-def-20212741 highRHSA-2021:2741 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547
RHSA-2021:2741: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212741 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2741, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.12.0 ESR. Security Fix(es): * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976) * chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2743: firefox security update (Important)oval-com.redhat.rhsa-def-20212743 highRHSA-2021:2743 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547
RHSA-2021:2743: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212743 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2743, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.12.0 ESR. Security Fix(es): * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976) * chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2776: java-1.8.0-openjdk security update (Important)oval-com.redhat.rhsa-def-20212776 highRHSA-2021:2776 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388
RHSA-2021:2776: java-1.8.0-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212776 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2776, CVE-2021-2341, CVE-2021-2369, CVE-2021-2388 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2781: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20212781 highRHSA-2021:2781 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388
RHSA-2021:2781: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212781 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2781, CVE-2021-2341, CVE-2021-2369, CVE-2021-2388 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2784: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20212784 highRHSA-2021:2784 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388
RHSA-2021:2784: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212784 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2784, CVE-2021-2341, CVE-2021-2369, CVE-2021-2388 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2845: java-1.8.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20212845 highRHSA-2021:2845 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388
RHSA-2021:2845: java-1.8.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212845 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2845, CVE-2021-2341, CVE-2021-2369, CVE-2021-2388 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect comparison during range check elimination (Hotspot, 8264066) (CVE-2021-2388) * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * JDK-8266279: 8u292 NoSuchAlgorithmException unrecognized algorithm name: PBEWithSHA1AndDESede (BZ#1960024) |
RHSA-2021:2881: thunderbird security update (Important)oval-com.redhat.rhsa-def-20212881 highRHSA-2021:2881 CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547
RHSA-2021:2881: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212881 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2881, CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Security Fix(es): * Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969) * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976) * chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2883: thunderbird security update (Important)oval-com.redhat.rhsa-def-20212883 highRHSA-2021:2883 CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547
RHSA-2021:2883: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212883 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2883, CVE-2021-29969, CVE-2021-29970, CVE-2021-29976, CVE-2021-30547 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Security Fix(es): * Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed (CVE-2021-29969) * Mozilla: Use-after-free in accessibility features of a document (CVE-2021-29970) * Mozilla: Memory safety bugs fixed in Firefox 90 and Firefox ESR 78.12 (CVE-2021-29976) * chromium-browser: Out of bounds write in ANGLE (CVE-2021-30547) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2988: varnish:6 security update (Important)oval-com.redhat.rhsa-def-20212988 highRHSA-2021:2988 CVE-2021-36740
RHSA-2021:2988: varnish:6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212988 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2988, CVE-2021-36740 |
| Description | Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): * varnish: HTTP/2 request smuggling attack via a large Content-Length header for a POST request (CVE-2021-36740) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:2989: lasso security update (Important)oval-com.redhat.rhsa-def-20212989 highRHSA-2021:2989 CVE-2021-28091
RHSA-2021:2989: lasso security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20212989 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:2989, CVE-2021-28091 |
| Description | The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fix(es): * lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3020: ruby:2.7 security update (Important)oval-com.redhat.rhsa-def-20213020 highRHSA-2021:3020 CVE-2020-36327 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066
RHSA-2021:3020: ruby:2.7 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213020 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3020, CVE-2020-36327, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066 |
| Description | Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source (CVE-2020-36327) * rubygem-rdoc: Command injection vulnerability in RDoc (CVE-2021-31799) * ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host (CVE-2021-31810) * ruby: StartTLS stripping vulnerability in Net::IMAP (CVE-2021-32066) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important)oval-com.redhat.rhsa-def-20213027 highRHSA-2021:3027 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698
RHSA-2021:3027: microcode_ctl security, bug fix and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213027 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3027, CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 |
| Description | The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: Vector Register Data Sampling (CVE-2020-0548) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695) * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698) |
RHSA-2021:3028: microcode_ctl security, bug fix and enhancement update (Important)oval-com.redhat.rhsa-def-20213028 highRHSA-2021:3028 CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 CVE-2020-24489 CVE-2020-24511 CVE-2020-24512 CVE-2020-8695 CVE-2020-8696 CVE-2020-8698
RHSA-2021:3028: microcode_ctl security, bug fix and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213028 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3028, CVE-2020-0543, CVE-2020-0548, CVE-2020-0549, CVE-2020-24489, CVE-2020-24511, CVE-2020-24512, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698 |
| Description | The microcode_ctl packages provide microcode updates for Intel. Security Fix(es): * hw: Special Register Buffer Data Sampling (SRBDS) (CVE-2020-0543) * hw: Vector Register Data Sampling (CVE-2020-0548) * hw: L1D Cache Eviction Sampling (CVE-2020-0549) * hw: vt-d related privilege escalation (CVE-2020-24489) * hw: improper isolation of shared resources in some Intel Processors (CVE-2020-24511) * hw: observable timing discrepancy in some Intel Processors (CVE-2020-24512) * hw: Information disclosure issue in Intel SGX via RAPL interface (CVE-2020-8695) * hw: Vector Register Leakage-Active (CVE-2020-8696) * hw: Fast forward store predictor (CVE-2020-8698) |
RHSA-2021:3044: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20213044 highRHSA-2021:3044 CVE-2021-22543 CVE-2021-22555 CVE-2021-3609
RHSA-2021:3044: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213044 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3044, CVE-2021-22543, CVE-2021-22555, CVE-2021-3609 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3057: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20213057 highRHSA-2021:3057 CVE-2021-22543 CVE-2021-22555 CVE-2021-3609
RHSA-2021:3057: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213057 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3057, CVE-2021-22543, CVE-2021-22555, CVE-2021-3609 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Urgent: Missing dptf_power.ko module in RHEL8 (BZ#1968381) * [mlx5] kdump over NFS fails: mlx5 driver gives error "Stop room 95 is bigger than the SQ size 64" (BZ#1969909) * BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 in bluetooth hci_error_reset on intel-tigerlake-h01 (BZ#1972564) * Update CIFS to kernel 5.10 (BZ#1973637) * Backport "tick/nohz: Conditionally restart tick on idle exit" to RHEL 8.5 (BZ#1978710) * Significant performance drop starting on kernel-4.18.0-277 visible on mmap benchmark (BZ#1980314) * Inaccessible NFS server overloads clients (native_queued_spin_lock_slowpath connotation?) (BZ#1980613) * [RHEL8.4 BUG],RialtoMLK, I915 graphic driver failed to boot with one new 120HZ panel (BZ#1981250) * act_ct: subject to DNAT tuple collision (BZ#1982494) Enhancement(s): * [Lenovo 8.5 FEAT] drivers/nvme - Update to the latest upstream (BZ#1965415) |
RHSA-2021:3058: glib2 security update (Moderate)oval-com.redhat.rhsa-def-20213058 mediumRHSA-2021:3058 CVE-2021-27218
RHSA-2021:3058: glib2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213058 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3058, CVE-2021-27218 |
| Description | GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform (CVE-2021-27218) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3061: virt:rhel and virt-devel:rhel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20213061 mediumRHSA-2021:3061 CVE-2020-13754 CVE-2020-27617 CVE-2021-20221 CVE-2021-3416 CVE-2021-3504
RHSA-2021:3061: virt:rhel and virt-devel:rhel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213061 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3061, CVE-2020-13754, CVE-2020-27617, CVE-2021-20221, CVE-2021-3416, CVE-2021-3504 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * QEMU: msix: OOB access during mmio operations may lead to DoS (CVE-2020-13754) * hivex: Buffer overflow when provided invalid node key length (CVE-2021-3504) * QEMU: net: an assert failure via eth_get_gso_type (CVE-2020-27617) * QEMU: net: infinite loop in loopback mode may lead to stack overflow (CVE-2021-3416) * qemu: out-of-bound heap buffer access via an interrupt ID field (CVE-2021-20221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * cannot restart default network and firewalld: iptables: No chain/target/match by that name. (BZ#1958301) * RHEL8.4 Nightly[0322] - KVM guest fails to find zipl boot menu index (qemu-kvm) (BZ#1975679) |
RHSA-2021:3063: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20213063 mediumRHSA-2021:3063 CVE-2020-36323 CVE-2021-28875 CVE-2021-28876 CVE-2021-28877 CVE-2021-28878 CVE-2021-28879 CVE-2021-31162
RHSA-2021:3063: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213063 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3063, CVE-2020-36323, CVE-2021-28875, CVE-2021-28876, CVE-2021-28877, CVE-2021-28878, CVE-2021-28879, CVE-2021-31162 |
| Description | Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. The following packages have been upgraded to a later upstream version: rust (1.52.1). (BZ#1953002) Security Fix(es): * rust: optimization for joining strings can cause uninitialized bytes to be exposed (CVE-2020-36323) * rust: heap-based buffer overflow in read_to_end() because it does not validate the return value from Read in an unsafe context (CVE-2021-28875) * rust: panic safety issue in Zip implementation (CVE-2021-28876) * rust: memory safety violation in Zip implementation for nested iter::Zips (CVE-2021-28877) * rust: memory safety violation in Zip implementation when next_back() and next() are used together (CVE-2021-28878) * rust: integer overflow in the Zip implementation can lead to a buffer overflow (CVE-2021-28879) * rust: double free in Vec::from_iter function if freeing the element panics (CVE-2021-31162) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. For information on usage, see Using Rust Toolset linked in the References section. |
RHSA-2021:3066: edk2 security update (Important)oval-com.redhat.rhsa-def-20213066 highRHSA-2021:3066 CVE-2021-38575
RHSA-2021:3066: edk2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213066 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3066, CVE-2021-38575 |
| Description | EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fix(es): * edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe (BZ#1956284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3073: nodejs:12 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20213073 mediumRHSA-2021:3073 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290
RHSA-2021:3073: nodejs:12 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213073 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3073, CVE-2021-22918, CVE-2021-23362, CVE-2021-27290 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (12.22.3). (BZ#1978201) Security Fix(es): * nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362) * nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode (CVE-2021-27290) * libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3074: nodejs:14 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20213074 mediumRHSA-2021:3074 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290
RHSA-2021:3074: nodejs:14 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213074 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3074, CVE-2021-22918, CVE-2021-23362, CVE-2021-27290 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (14.17.3). (BZ#1978203) Security Fix(es): * nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362) * nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode (CVE-2021-27290) * libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3075: libuv security update (Low)oval-com.redhat.rhsa-def-20213075 lowRHSA-2021:3075 CVE-2021-22918
RHSA-2021:3075: libuv security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20213075 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:3075, CVE-2021-22918 |
| Description | libuv is a multi-platform support library with a focus on asynchronous I/O. Security Fix(es): * libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3076: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20213076 mediumRHSA-2021:3076 CVE-2021-27918 CVE-2021-31525 CVE-2021-33196 CVE-2021-34558
RHSA-2021:3076: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213076 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3076, CVE-2021-27918, CVE-2021-31525, CVE-2021-33196, CVE-2021-34558 |
| Description | Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang (1.15.14). (BZ#1982287) Security Fix(es): * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * FIPS mode AES CBC CryptBlocks incorrectly re-initializes IV in file crypto/internal/boring/aes.go (BZ#1978567) * FIPS mode AES CBC Decrypter produces incorrect result (BZ#1983976) |
RHSA-2021:3079: 389-ds:1.4 security and bug fix update (Low)oval-com.redhat.rhsa-def-20213079 lowRHSA-2021:3079 CVE-2021-3652
RHSA-2021:3079: 389-ds:1.4 security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20213079 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:3079, CVE-2021-3652 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * A plugin can create an index. Even if the index can be used immediately (for searches) the index remains offline until further reindex (BZ#1983095) * On big endian machine, the server fails to identify the operation type (BZ#1980063) |
RHSA-2021:3081: cloud-init security update (Moderate)oval-com.redhat.rhsa-def-20213081 mediumRHSA-2021:3081 CVE-2021-3429
RHSA-2021:3081: cloud-init security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213081 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3081, CVE-2021-3429 |
| Description | The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts. Security Fix(es): * cloud-init: randomly generated passwords logged in clear-text to world-readable file (CVE-2021-3429) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3088: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20213088 highRHSA-2021:3088 CVE-2021-22543 CVE-2021-22555 CVE-2021-3609
RHSA-2021:3088: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213088 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3088, CVE-2021-22543, CVE-2021-22555, CVE-2021-3609 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609) * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.4.z source tree (BZ#1985050) * kernel-rt: Merge mm/memcg: Fix kmem_cache_alloc() performance regression (BZ#1987102) |
RHSA-2021:3142: .NET Core 3.1 security and bugfix update (Important)oval-com.redhat.rhsa-def-20213142 highRHSA-2021:3142 CVE-2021-26423 CVE-2021-34485 CVE-2021-34532
RHSA-2021:3142: .NET Core 3.1 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213142 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3142, CVE-2021-26423, CVE-2021-34485, CVE-2021-34532 |
| Description | .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.118 and .NET Runtime 3.1.18. Security Fix(es): * dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423) * dotnet: Dump file created world-readable (CVE-2021-34485) * dotnet: ASP.NET Core JWT token logging (CVE-2021-34532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3145: .NET Core 2.1 security and bugfix update (Low)oval-com.redhat.rhsa-def-20213145 lowRHSA-2021:3145 CVE-2021-34485
RHSA-2021:3145: .NET Core 2.1 security and bugfix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20213145 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:3145, CVE-2021-34485 |
| Description | .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 2.1.525 and .NET Core Runtime 2.1.29. Security Fix(es): * dotnet: Dump file created world-readable (CVE-2021-34485) Default inclusions for applications built with .NET Core have been updated to reference the newest versions and their security fixes. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3148: .NET 5.0 security and bugfix update (Important)oval-com.redhat.rhsa-def-20213148 highRHSA-2021:3148 CVE-2021-26423 CVE-2021-34485 CVE-2021-34532
RHSA-2021:3148: .NET 5.0 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213148 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3148, CVE-2021-26423, CVE-2021-34485, CVE-2021-34532 |
| Description | .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Security Fix(es): * dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423) * dotnet: Dump file created world-readable (CVE-2021-34485) * dotnet: ASP.NET Core JWT token logging (CVE-2021-34532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3151: sssd security update (Important)oval-com.redhat.rhsa-def-20213151 highRHSA-2021:3151 CVE-2021-3621
RHSA-2021:3151: sssd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213151 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3151, CVE-2021-3621 |
| Description | The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: shell command injection in sssctl (CVE-2021-3621) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3152: exiv2 security update (Important)oval-com.redhat.rhsa-def-20213152 highRHSA-2021:3152 CVE-2021-31291
RHSA-2021:3152: exiv2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213152 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3152, CVE-2021-31291 |
| Description | Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp (CVE-2021-31291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3153: compat-exiv2-026 security update (Important)oval-com.redhat.rhsa-def-20213153 highRHSA-2021:3153 CVE-2021-31291
RHSA-2021:3153: compat-exiv2-026 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213153 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3153, CVE-2021-31291 |
| Description | Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp (CVE-2021-31291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3154: firefox security update (Important)oval-com.redhat.rhsa-def-20213154 highRHSA-2021:3154 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989
RHSA-2021:3154: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213154 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3154, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. Security Fix(es): * Mozilla: Uninitialized memory in a canvas object could have led to memory corruption (CVE-2021-29980) * Mozilla: Incorrect instruction reordering during JIT optimization (CVE-2021-29984) * Mozilla: Race condition when resolving DNS names could have led to memory corruption (CVE-2021-29986) * Mozilla: Memory corruption as a result of incorrect style treatment (CVE-2021-29988) * Mozilla: Memory safety bugs fixed in Thunderbird 78.13 (CVE-2021-29989) * Mozilla: Use-after-free media channels (CVE-2021-29985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3155: thunderbird security update (Important)oval-com.redhat.rhsa-def-20213155 highRHSA-2021:3155 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989
RHSA-2021:3155: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213155 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3155, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.13.0. Security Fix(es): * Mozilla: Uninitialized memory in a canvas object could have led to memory corruption (CVE-2021-29980) * Mozilla: Incorrect instruction reordering during JIT optimization (CVE-2021-29984) * Mozilla: Race condition when resolving DNS names could have led to memory corruption (CVE-2021-29986) * Mozilla: Memory corruption as a result of incorrect style treatment (CVE-2021-29988) * Mozilla: Memory safety bugs fixed in Thunderbird 78.13 (CVE-2021-29989) * Mozilla: Use-after-free media channels (CVE-2021-29985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3157: firefox security update (Important)oval-com.redhat.rhsa-def-20213157 highRHSA-2021:3157 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989
RHSA-2021:3157: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213157 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3157, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. Security Fix(es): * Mozilla: Uninitialized memory in a canvas object could have led to memory corruption (CVE-2021-29980) * Mozilla: Incorrect instruction reordering during JIT optimization (CVE-2021-29984) * Mozilla: Race condition when resolving DNS names could have led to memory corruption (CVE-2021-29986) * Mozilla: Memory corruption as a result of incorrect style treatment (CVE-2021-29988) * Mozilla: Memory safety bugs fixed in Thunderbird 78.13 (CVE-2021-29989) * Mozilla: Use-after-free media channels (CVE-2021-29985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3158: exiv2 security update (Important)oval-com.redhat.rhsa-def-20213158 highRHSA-2021:3158 CVE-2021-31291
RHSA-2021:3158: exiv2 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213158 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3158, CVE-2021-31291 |
| Description | Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp (CVE-2021-31291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3160: thunderbird security update (Important)oval-com.redhat.rhsa-def-20213160 highRHSA-2021:3160 CVE-2021-29980 CVE-2021-29984 CVE-2021-29985 CVE-2021-29986 CVE-2021-29988 CVE-2021-29989
RHSA-2021:3160: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213160 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3160, CVE-2021-29980, CVE-2021-29984, CVE-2021-29985, CVE-2021-29986, CVE-2021-29988, CVE-2021-29989 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.13.0. Security Fix(es): * Mozilla: Uninitialized memory in a canvas object could have led to memory corruption (CVE-2021-29980) * Mozilla: Incorrect instruction reordering during JIT optimization (CVE-2021-29984) * Mozilla: Race condition when resolving DNS names could have led to memory corruption (CVE-2021-29986) * Mozilla: Memory corruption as a result of incorrect style treatment (CVE-2021-29988) * Mozilla: Memory safety bugs fixed in Thunderbird 78.13 (CVE-2021-29989) * Mozilla: Use-after-free media channels (CVE-2021-29985) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3233: compat-exiv2-026 security update (Important)oval-com.redhat.rhsa-def-20213233 highRHSA-2021:3233 CVE-2021-31291
RHSA-2021:3233: compat-exiv2-026 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213233 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3233, CVE-2021-31291 |
| Description | Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp (CVE-2021-31291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3234: compat-exiv2-023 security update (Important)oval-com.redhat.rhsa-def-20213234 highRHSA-2021:3234 CVE-2021-31291
RHSA-2021:3234: compat-exiv2-023 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213234 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3234, CVE-2021-31291 |
| Description | Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Heap-based buffer overflow vulnerability in jp2image.cpp (CVE-2021-31291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3253: libsndfile security update (Important)oval-com.redhat.rhsa-def-20213253 highRHSA-2021:3253 CVE-2021-3246
RHSA-2021:3253: libsndfile security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213253 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3253, CVE-2021-3246 |
| Description | libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution (CVE-2021-3246) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3295: libsndfile security update (Important)oval-com.redhat.rhsa-def-20213295 highRHSA-2021:3295 CVE-2021-3246
RHSA-2021:3295: libsndfile security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213295 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3295, CVE-2021-3246 |
| Description | libsndfile is a C library for reading and writing files containing sampled sound, such as AIFF, AU, or WAV. Security Fix(es): * libsndfile: Heap buffer overflow via crafted WAV file allows arbitrary code execution (CVE-2021-3246) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3296: libX11 security update (Important)oval-com.redhat.rhsa-def-20213296 highRHSA-2021:3296 CVE-2021-31535
RHSA-2021:3296: libX11 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213296 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3296, CVE-2021-31535 |
| Description | The libX11 packages contain the core X11 protocol client library. Security Fix(es): * libX11: missing request length checks (CVE-2021-31535) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3325: bind security update (Moderate)oval-com.redhat.rhsa-def-20213325 mediumRHSA-2021:3325 CVE-2021-25214
RHSA-2021:3325: bind security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213325 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3325, CVE-2021-25214 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly (CVE-2021-25214) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3327: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20213327 highRHSA-2021:3327 CVE-2020-27777 CVE-2021-22555 CVE-2021-29154 CVE-2021-29650 CVE-2021-32399
RHSA-2021:3327: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213327 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3327, CVE-2020-27777, CVE-2021-22555, CVE-2021-29154, CVE-2021-29650, CVE-2021-32399 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) * kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777) * kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154) * kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * SAN Switch rebooted and caused (?) OpenStack compute node to reboot (BZ#1897576) * sysfs: cannot create duplicate filename '/class/mdio_bus/ixgbe-8100 (BZ#1915449) * XFS: read-only recovery does not update free space accounting in superblock (BZ#1921551) * The memcg_params field of kmem_cache struct contains an old slab address that is to small for the current size of memcg_limited_groups_array_size. (BZ#1951810) * Backport of upstream patch "net: Update window_clamp if SOCK_RCVBUF is set " into rhel-7 (BZ#1962196) * Kernel panic in init_cq_frag_buf (BZ#1962499) * futex: futex_requeue can potentially free the pi_state structure twice (BZ#1966856) * be_poll lockup doing ifenslave when netconsole using bond (BZ#1971744) * OCP4.7 nodes panic at BUG_ON in nf_nat_setup_info() (BZ#1972970) |
RHSA-2021:3328: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20213328 highRHSA-2021:3328 CVE-2021-22555 CVE-2021-29154 CVE-2021-29650 CVE-2021-32399
RHSA-2021:3328: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213328 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3328, CVE-2021-22555, CVE-2021-29154, CVE-2021-29650, CVE-2021-32399 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) * kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154) * kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS (CVE-2021-29650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the latest RHEL7.9.z8 source tree (BZ#1982927) |
RHSA-2021:3336: sssd security and bug fix update (Important)oval-com.redhat.rhsa-def-20213336 highRHSA-2021:3336 CVE-2021-3621
RHSA-2021:3336: sssd security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213336 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3336, CVE-2021-3621 |
| Description | The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: shell command injection in sssctl (CVE-2021-3621) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Memory leak in the simple access provider (BZ#1964415) * id lookup is failing intermittently (BZ#1968330) * SSSD is NOT able to contact the Global Catalog when local site is down (BZ#1973796) * Missing search index for `originalADgidNumber` (BZ#1988463) |
RHSA-2021:3338: hivex security update (Low)oval-com.redhat.rhsa-def-20213338 lowRHSA-2021:3338 CVE-2021-3622
RHSA-2021:3338: hivex security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20213338 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:3338, CVE-2021-3622 |
| Description | Hivex is a library that can read and write Hive files, undocumented binary files that Windows uses to store the Windows Registry on disk. Security Fix(es): * hivex: stack overflow due to recursive call of _get_children() (CVE-2021-3622) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3381: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20213381 highRHSA-2021:3381 CVE-2021-22555 CVE-2021-32399
RHSA-2021:3381: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213381 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3381, CVE-2021-22555, CVE-2021-32399 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555) * kernel: race condition for removal of the HCI controller (CVE-2021-32399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3436: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20213436 highRHSA-2021:3436 CVE-2021-37576
RHSA-2021:3436: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213436 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3436, CVE-2021-37576 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3438: kernel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20213438 mediumRHSA-2021:3438 CVE-2021-3715
RHSA-2021:3438: kernel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213438 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3438, CVE-2021-3715 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [RHEL 7.8][s390x][DASD]Crash in __list_del_entry, alias_pav_group list corrupt when running dasd_alias_remove_device() (BZ#1889418) * EMBARGOED CVE-2021-3715 kernel: use-after-free in route4_change() in net/sched/cls_route.c (BZ#1992926) |
RHSA-2021:3439: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20213439 mediumRHSA-2021:3439 CVE-2021-3715
RHSA-2021:3439: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213439 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3439, CVE-2021-3715 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update to the latest RHEL7.9.z source tree (BZ#1995878) |
RHSA-2021:3440: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20213440 mediumRHSA-2021:3440 CVE-2021-38201
RHSA-2021:3440: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213440 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3440, CVE-2021-38201 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: slab-out-of-bounds access in xdr_set_page_base() in net/sunrpc/xdr.c (CVE-2021-38201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * OSLAT spikes on subset of cpus (BZ#1986063) * kernel-rt: update RT source tree to the RHEL-8.4.z source tree (BZ#1990013) * Failure to enter full_nohz due to needless SCHED softirqs (BZ#1990272) * kernel-rt: Make rcu_normal_after_boot writable (BZ#1995431) |
RHSA-2021:3441: kpatch-patch security update (Moderate)oval-com.redhat.rhsa-def-20213441 mediumRHSA-2021:3441 CVE-2021-3715
RHSA-2021:3441: kpatch-patch security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213441 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3441, CVE-2021-3715 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3447: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20213447 highRHSA-2021:3447 CVE-2021-37576 CVE-2021-38201
RHSA-2021:3447: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213447 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3447, CVE-2021-37576, CVE-2021-38201 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) * kernel: slab-out-of-bounds access in xdr_set_page_base() in net/sunrpc/xdr.c (CVE-2021-38201) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Update Broadcom Emulex lpfc driver for RHEL8.5 with bug fixes (BZ#1948608) * cyclictest shows >50us latency when guest enters idle (RT guest with 18 RT vCPUs) (BZ#1981336) * xfrm: backports from upstream (BZ#1981840) * A task is stuck waiting for the completion of the vmci_resouce releasing upon the balloon reset. (BZ#1982042) * [mlx5] backport driver bits of net: zero-initialize tc skb extension on allocation (BZ#1982220) * Kernel cannot kill a process doing compaction for hugepage allocation (BZ#1984085) * RHEL8.4 Nightly[0108] - [P10] [Regression] Kdump failed on RHEL8.4 on SAN disk via flavafish adapter (qla2xxx/HPT/Radix) (BZ#1986156) * [RHEL8.5] scheduler updates and fixes (BZ#1987296) * RHEL 8.3 using FCOE via a FastLinQ QL45000 card will not manually scan in LUN from Target_id's over 8 (BZ#1989097) * fixes for oopses in security mitigation runtime code patching (BZ#1989174) * act mirred doesn't scrub packets when sending them to ingress (BZ#1992226) * HPE: Cannot install 8.4 using the DVD presented to the iLO (BZ#1993894) * NFS client hangs on share listing when server side readdir verifiers are implemented (BZ#1993895) * SNO: The load is extremely high (~870) when pao is added and a profile is applied. (BZ#1994879) * timeout value of conntrack entry with TCP ESTABLISHED status is too short (BZ#1995554) * Increase the default value for flowtable offload timeouts (BZ#1995555) * ice/iavf driver stop responding (BZ#1997534) * [FJ8.4 Bug]: [REG] Some files in /proc/sys/user show wrong data (BZ#1998002) |
RHSA-2021:3492: cyrus-imapd security update (Important)oval-com.redhat.rhsa-def-20213492 highRHSA-2021:3492 CVE-2021-33582
RHSA-2021:3492: cyrus-imapd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213492 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3492, CVE-2021-33582 |
| Description | The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Security Fix(es): * cyrus-imapd: Denial of service via string hashing algorithm collisions (CVE-2021-33582) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3494: thunderbird security update (Important)oval-com.redhat.rhsa-def-20213494 highRHSA-2021:3494 CVE-2021-38493
RHSA-2021:3494: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213494 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3494, CVE-2021-38493 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.14.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 (CVE-2021-38493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3497: firefox security update (Important)oval-com.redhat.rhsa-def-20213497 highRHSA-2021:3497 CVE-2021-38493
RHSA-2021:3497: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213497 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3497, CVE-2021-38493 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.14.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 (CVE-2021-38493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3498: firefox security update (Important)oval-com.redhat.rhsa-def-20213498 highRHSA-2021:3498 CVE-2021-38493
RHSA-2021:3498: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213498 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3498, CVE-2021-38493 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.14.0 ESR. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 (CVE-2021-38493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3499: thunderbird security update (Important)oval-com.redhat.rhsa-def-20213499 highRHSA-2021:3499 CVE-2021-38493
RHSA-2021:3499: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213499 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3499, CVE-2021-38493 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.14.0. Security Fix(es): * Mozilla: Memory safety bugs fixed in Firefox 92, Firefox ESR 78.14 and Firefox ESR 91.1 (CVE-2021-38493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3547: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20213547 mediumRHSA-2021:3547 CVE-2021-3653
RHSA-2021:3547: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213547 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3547, CVE-2021-3653 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.4.z source tree (BZ#2001131) |
RHSA-2021:3548: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20213548 mediumRHSA-2021:3548 CVE-2021-3653
RHSA-2021:3548: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213548 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3548, CVE-2021-3653 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * RHEL8.4 Nightly[0308] - HST:STC950:Fleetwood: LPAR crashed during LPM: BUG at lib/locks.c:34! (using ibmvfc) (BZ#1969792) * RHEL8.2 - s390/vtime: fix increased steal time accounting (BZ#1988386) * [FJ8.4 Bug]: Installation of RHEL8.4 hang up on a Tatlow platform while loading intel_lpss_pci module. (BZ#1989560) * kernel panic in drm_fb_helper_dirty_work() caused by a race condition qxl driver (BZ#1992839) * [RHEL8.4] TIOCGSERIAL ioctl fails on serial device (BZ#1993872) * RHEL8.4 Nightly[0208] - kernel panic when executing test case for persistent device configuration (using DASD) (BZ#1995206) * Killing ceph daemon leaving an unhealthy ocs/ocp cluster (worker node/s NotReady) (BZ#1995862) * ceph: potential data corruption in cephfs write_begin codepath (BZ#1996680) * libceph: allow addrvecs with a single NONE/blank address (BZ#1996682) * [iavf] traffic stops after host sets vf trust on (BZ#1997536) * [ice][iavf] hit some call trace and system panic when create-remove-vfs in loop (BZ#1997538) * Missing backport of IMA boot aggregate calculation in rhel 8.4 kernel (BZ#1997766) * XArray tests broken for single processor (BZ#1997997) * [RHEL-8.4] mlock() end up returning -EINVAL instead of -ENOMEM in rewriting the upper address bits. (BZ#1997998) * Kernel panic at n_tty_set_termios+0x30 (BZ#1997999) * [ice]BUG: scheduling while atomic: ifenslave/270215/0x00000200 (BZ#2000129) * [ice]port lost connectivity after removing from bonding (BZ#2000130) Enhancement(s): * [Mellanox 8.5 FEAT] mlx5: drivers update upto Linux v5.12 (BZ#1983681) |
RHSA-2021:3572: nss and nspr security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20213572 mediumRHSA-2021:3572 CVE-2020-25648
RHSA-2021:3572: nss and nspr security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213572 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3572, CVE-2020-25648 |
| Description | Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a later upstream version: nss (3.67.0), nspr (4.32.0). (BZ#1967980) Security Fix(es): * nss: TLS 1.3 CCS flood remote DoS Attack (CVE-2020-25648) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * 8025 error code when creating subCAs (BZ#1977412) * NSS cannot use SQL databases created by specific versions of NSS (BZ#1978443) * Inconsistent handling of malformed CertificateRequest messages (BZ#1980050) Enhancement(s): * [IBM 8.5 FEAT] [P10] POWER10 performance enhancements for cryptography: NSS FreeBL (BZ#1978257) |
RHSA-2021:3576: krb5 security update (Moderate)oval-com.redhat.rhsa-def-20213576 mediumRHSA-2021:3576 CVE-2021-36222 CVE-2021-37750
RHSA-2021:3576: krb5 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213576 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3576, CVE-2021-36222, CVE-2021-37750 |
| Description | Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS (CVE-2021-36222) * krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field (CVE-2021-37750) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3582: curl security update (Moderate)oval-com.redhat.rhsa-def-20213582 mediumRHSA-2021:3582 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924
RHSA-2021:3582: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213582 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3582, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Content not matching hash in Metalink is not being discarded (CVE-2021-22922) * curl: Metalink download sends credentials (CVE-2021-22923) * curl: Bad connection reuse due to flawed path name checks (CVE-2021-22924) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3585: go-toolset:rhel8 security update (Moderate)oval-com.redhat.rhsa-def-20213585 mediumRHSA-2021:3585 CVE-2021-29923
RHSA-2021:3585: go-toolset:rhel8 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213585 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3585, CVE-2021-29923 |
| Description | Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fix(es): * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20213590 mediumRHSA-2021:3590 CVE-2020-14672 CVE-2020-14765 CVE-2020-14769 CVE-2020-14773 CVE-2020-14775 CVE-2020-14776 CVE-2020-14777 CVE-2020-14785 CVE-2020-14786 CVE-2020-14789 CVE-2020-14790 CVE-2020-14791 CVE-2020-14793 CVE-2020-14794 CVE-2020-14800 CVE-2020-14804 CVE-2020-14809 CVE-2020-14812 CVE-2020-14814 CVE-2020-14821 CVE-2020-14828 CVE-2020-14829 CVE-2020-14830 CVE-2020-14836 CVE-2020-14837 CVE-2020-14838 CVE-2020-14839 CVE-2020-14844 CVE-2020-14845 CVE-2020-14846 CVE-2020-14848 CVE-2020-14852 CVE-2020-14860 CVE-2020-14861 CVE-2020-14866 CVE-2020-14867 CVE-2020-14868 CVE-2020-14870 CVE-2020-14873 CVE-2020-14888 CVE-2020-14891 CVE-2020-14893 CVE-2021-2001 CVE-2021-2002 CVE-2021-2010 CVE-2021-2011 CVE-2021-2021 CVE-2021-2022 CVE-2021-2024 CVE-2021-2028 CVE-2021-2030 CVE-2021-2031 CVE-2021-2032 CVE-2021-2036 CVE-2021-2038 CVE-2021-2042 CVE-2021-2046 CVE-2021-2048 CVE-2021-2055 CVE-2021-2056 CVE-2021-2058 CVE-2021-2060 CVE-2021-2061 CVE-2021-2065 CVE-2021-2070 CVE-2021-2072 CVE-2021-2076 CVE-2021-2081 CVE-2021-2087 CVE-2021-2088 CVE-2021-2122 CVE-2021-2146 CVE-2021-2164 CVE-2021-2166 CVE-2021-2169 CVE-2021-2170 CVE-2021-2171 CVE-2021-2172 CVE-2021-2174 CVE-2021-2178 CVE-2021-2179 CVE-2021-2180 CVE-2021-2193 CVE-2021-2194 CVE-2021-2196 CVE-2021-2201 CVE-2021-2202 CVE-2021-2203 CVE-2021-2208 CVE-2021-2212 CVE-2021-2213 CVE-2021-2215 CVE-2021-2217 CVE-2021-2226 CVE-2021-2230 CVE-2021-2232 CVE-2021-2278 CVE-2021-2293 CVE-2021-2298 CVE-2021-2299 CVE-2021-2300 CVE-2021-2301 CVE-2021-2304 CVE-2021-2305 CVE-2021-2307 CVE-2021-2308 CVE-2021-2339 CVE-2021-2340 CVE-2021-2342 CVE-2021-2352 CVE-2021-2354 CVE-2021-2356 CVE-2021-2357 CVE-2021-2367 CVE-2021-2370 CVE-2021-2372 CVE-2021-2374 CVE-2021-2383 CVE-2021-2384 CVE-2021-2385 CVE-2021-2387 CVE-2021-2389 CVE-2021-2390 CVE-2021-2399 CVE-2021-2402 CVE-2021-2410 CVE-2021-2412 CVE-2021-2417 CVE-2021-2418 CVE-2021-2422 CVE-2021-2424 CVE-2021-2425 CVE-2021-2426 CVE-2021-2427 CVE-2021-2429 CVE-2021-2437 CVE-2021-2440 CVE-2021-2441 CVE-2021-2444 CVE-2021-35537 CVE-2021-35629
RHSA-2021:3590: mysql:8.0 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213590 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3590, CVE-2020-14672, CVE-2020-14765, CVE-2020-14769, CVE-2020-14773, CVE-2020-14775, CVE-2020-14776, CVE-2020-14777, CVE-2020-14785, CVE-2020-14786, CVE-2020-14789, CVE-2020-14790, CVE-2020-14791, CVE-2020-14793, CVE-2020-14794, CVE-2020-14800, CVE-2020-14804, CVE-2020-14809, CVE-2020-14812, CVE-2020-14814, CVE-2020-14821, CVE-2020-14828, CVE-2020-14829, CVE-2020-14830, CVE-2020-14836, CVE-2020-14837, CVE-2020-14838, CVE-2020-14839, CVE-2020-14844, CVE-2020-14845, CVE-2020-14846, CVE-2020-14848, CVE-2020-14852, CVE-2020-14860, CVE-2020-14861, CVE-2020-14866, CVE-2020-14867, CVE-2020-14868, CVE-2020-14870, CVE-2020-14873, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893, CVE-2021-2001, CVE-2021-2002, CVE-2021-2010, CVE-2021-2011, CVE-2021-2021, CVE-2021-2022, CVE-2021-2024, CVE-2021-2028, CVE-2021-2030, CVE-2021-2031, CVE-2021-2032, CVE-2021-2036, CVE-2021-2038, CVE-2021-2042, CVE-2021-2046, CVE-2021-2048, CVE-2021-2055, CVE-2021-2056, CVE-2021-2058, CVE-2021-2060, CVE-2021-2061, CVE-2021-2065, CVE-2021-2070, CVE-2021-2072, CVE-2021-2076, CVE-2021-2081, CVE-2021-2087, CVE-2021-2088, CVE-2021-2122, CVE-2021-2146, CVE-2021-2164, CVE-2021-2166, CVE-2021-2169, CVE-2021-2170, CVE-2021-2171, CVE-2021-2172, CVE-2021-2174, CVE-2021-2178, CVE-2021-2179, CVE-2021-2180, CVE-2021-2193, CVE-2021-2194, CVE-2021-2196, CVE-2021-2201, CVE-2021-2202, CVE-2021-2203, CVE-2021-2208, CVE-2021-2212, CVE-2021-2213, CVE-2021-2215, CVE-2021-2217, CVE-2021-2226, CVE-2021-2230, CVE-2021-2232, CVE-2021-2278, CVE-2021-2293, CVE-2021-2298, CVE-2021-2299, CVE-2021-2300, CVE-2021-2301, CVE-2021-2304, CVE-2021-2305, CVE-2021-2307, CVE-2021-2308, CVE-2021-2339, CVE-2021-2340, CVE-2021-2342, CVE-2021-2352, CVE-2021-2354, CVE-2021-2356, CVE-2021-2357, CVE-2021-2367, CVE-2021-2370, CVE-2021-2372, CVE-2021-2374, CVE-2021-2383, CVE-2021-2384, CVE-2021-2385, CVE-2021-2387, CVE-2021-2389, CVE-2021-2390, CVE-2021-2399, CVE-2021-2402, CVE-2021-2410, CVE-2021-2412, CVE-2021-2417, CVE-2021-2418, CVE-2021-2422, CVE-2021-2424, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2429, CVE-2021-2437, CVE-2021-2440, CVE-2021-2441, CVE-2021-2444, CVE-2021-35537, CVE-2021-35629 |
| Description | MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries. The following packages have been upgraded to a later upstream version: mysql (8.0.26). (BZ#1996693) Security Fix(es): * mysql: Server: Stored Procedure multiple vulnerabilities (CVE-2020-14672, CVE-2021-2046, CVE-2021-2072, CVE-2021-2081, CVE-2021-2215, CVE-2021-2217, CVE-2021-2293, CVE-2021-2304, CVE-2021-2424) * mysql: Server: FTS multiple vulnerabilities (CVE-2020-14765, CVE-2020-14789, CVE-2020-14804) * mysql: Server: Optimizer multiple vulnerabilities (CVE-2020-14769, CVE-2020-14773, CVE-2020-14777, CVE-2020-14785, CVE-2020-14793, CVE-2020-14794, CVE-2020-14809, CVE-2020-14830, CVE-2020-14836, CVE-2020-14837, CVE-2020-14839, CVE-2020-14845, CVE-2020-14846, CVE-2020-14861, CVE-2020-14866, CVE-2020-14868, CVE-2020-14888, CVE-2020-14891, CVE-2020-14893, CVE-2021-2001, CVE-2021-2021, CVE-2021-2024, CVE-2021-2030, CVE-2021-2031, CVE-2021-2036, CVE-2021-2055, CVE-2021-2060, CVE-2021-2065, CVE-2021-2070, CVE-2021-2076, CVE-2021-2164, CVE-2021-2169, CVE-2021-2170, CVE-2021-2193, CVE-2021-2203, CVE-2021-2212, CVE-2021-2213, CVE-2021-2230, CVE-2021-2278, CVE-2021-2298, CVE-2021-2299, CVE-2021-2342, CVE-2021-2357, CVE-2021-2367, CVE-2021-2383, CVE-2021-2384, CVE-2021-2387, CVE-2021-2410, CVE-2021-2412, CVE-2021-2418, CVE-2021-2425, CVE-2021-2426, CVE-2021-2427, CVE-2021-2437, CVE-2021-2441, CVE-2021-2444) * mysql: InnoDB multiple vulnerabilities (CVE-2020-14775, CVE-2020-14776, CVE-2020-14821, CVE-2020-14829, CVE-2020-14848, CVE-2021-2022, CVE-2021-2028, CVE-2021-2048, CVE-2021-2174, CVE-2021-2180, CVE-2021-2194, CVE-2021-2372, CVE-2021-2374, CVE-2021-2389, CVE-2021-2390, CVE-2021-2429, CVE-2020-14791, CVE-2021-2042) * mysql: Server: PS multiple vulnerabilities (CVE-2020-14786, CVE-2020-14790, CVE-2020-14844, CVE-2021-2422) * mysql: Server: Security multiple vulnerabilities (CVE-2020-14800, CVE-2020-14838, CVE-2020-14860) * mysql: Server: Locking multiple vulnerabilities (CVE-2020-14812, CVE-2021-2058, CVE-2021-2402) * mysql: Server: DML multiple vulnerabilities (CVE-2020-14814, CVE-2020-14828, CVE-2021-2056, CVE-2021-2087, CVE-2021-2088, CVE-2021-2166, CVE-2021-2172, CVE-2021-2196, CVE-2021-2300, CVE-2021-2305, CVE-2021-2370, CVE-2021-2440) * mysql: Server: Charsets unspecified vulnerability (CVE-2020-14852) * mysql: Server: DDL multiple vulnerabilities (CVE-2020-14867, CVE-2021-2061, CVE-2021-2122, CVE-2021-2339, CVE-2021-2352, CVE-2021-2399) * mysql: Server: X Plugin unspecified vulnerability (CVE-2020-14870) * mysql: Server: Logging unspecified vulnerability (CVE-2020-14873) * mysql: Server: Replication multiple vulnerabilities (CVE-2021-2002, CVE-2021-2171, CVE-2021-2178, CVE-2021-2202, CVE-2021-2356, CVE-2021-2385) * mysql: C API multiple vulnerabilities (CVE-2021-2010, CVE-2021-2011) * mysql: Server: Components Services unspecified vulnerability (CVE-2021-2038) * mysql: Server: Options unspecified vulnerability (CVE-2021-2146) * mysql: Server: Group Replication Plugin multiple vulnerabilities (CVE-2021-2179, CVE-2021-2232) * mysql: Server: Partition multiple vulnerabilities (CVE-2021-2201, CVE-2021-2208) * mysql: Server: Information Schema multiple vulnerabilities (CVE-2021-2032, CVE-2021-2226, CVE-2021-2301, CVE-2021-2308) * mysql: Server: Packaging unspecified vulnerability (CVE-2021-2307) * mysql: Server: Federated unspecified vulnerability (CVE-2021-2354) * mysql: Server: GIS unspecified vulnerability (CVE-2021-2417) * mysql: Server: Memcached unspecified vulnerability (CVE-2021-2340) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Segfault and possible DoS with a crafted query (BZ#1996699) |
RHSA-2021:3623: nodejs:12 security and bug fix update (Important)oval-com.redhat.rhsa-def-20213623 highRHSA-2021:3623 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3672
RHSA-2021:3623: nodejs:12 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213623 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3623, CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930) * nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22940) * c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672) * nodejs: Improper handling of untypical characters in domain names (CVE-2021-22931) * nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803) * nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804) * nodejs: Incomplete validation of tls rejectUnauthorized parameter (CVE-2021-22939) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs:12/nodejs: Make FIPS options always available (BZ#1993927) |
RHSA-2021:3666: nodejs:14 security and bug fix update (Important)oval-com.redhat.rhsa-def-20213666 highRHSA-2021:3666 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3672
RHSA-2021:3666: nodejs:14 security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213666 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3666, CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940, CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672 |
| Description | Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930) * nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22940) * c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672) * nodejs: Improper handling of untypical characters in domain names (CVE-2021-22931) * nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803) * nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804) * nodejs: Incomplete validation of tls rejectUnauthorized parameter (CVE-2021-22939) * nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs:14/nodejs: Make FIPS options always available (BZ#1993924) |
RHSA-2021:3755: firefox security update (Important)oval-com.redhat.rhsa-def-20213755 highRHSA-2021:3755 CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501
RHSA-2021:3755: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213755 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3755, CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3768: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20213768 highRHSA-2021:3768 CVE-2021-22543 CVE-2021-37576
RHSA-2021:3768: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213768 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3768, CVE-2021-22543, CVE-2021-37576 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3771: grafana security update (Important)oval-com.redhat.rhsa-def-20213771 highRHSA-2021:3771 CVE-2021-39226
RHSA-2021:3771: grafana security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213771 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3771, CVE-2021-39226 |
| Description | Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: Snapshot authentication bypass (CVE-2021-39226) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3791: firefox security update (Important)oval-com.redhat.rhsa-def-20213791 highRHSA-2021:3791 CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501
RHSA-2021:3791: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213791 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3791, CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.2.0 ESR. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3798: openssl security update (Moderate)oval-com.redhat.rhsa-def-20213798 mediumRHSA-2021:3798 CVE-2021-23840 CVE-2021-23841
RHSA-2021:3798: openssl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213798 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3798, CVE-2021-23840, CVE-2021-23841 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3801: kernel security and bug fix update (Important)oval-com.redhat.rhsa-def-20213801 highRHSA-2021:3801 CVE-2021-22543 CVE-2021-3653 CVE-2021-3656 CVE-2021-37576
RHSA-2021:3801: kernel security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213801 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3801, CVE-2021-22543, CVE-2021-3653, CVE-2021-3656, CVE-2021-37576 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576) * kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653) * kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Kernel panic due to double fault with DLM reporting for socket error "sk_err=32/0" (BZ#1834878) * "MFW indication via attention" message getting logged frequently after every 5 minutes (BZ#1854544) * lpfc fails to discovery in pt2pt with "2754 PRLI failure DID:0000EF Status:x9/x91e00, data: x0" (BZ#1922479) * pcpu_get_vm_areas using most memory from VmallocUsed (BZ#1970618) * RHEL 7.9.z [qedf driver] Racing condition between qedf_cleanup_fcport and releasing command after timeout (BZ#1982702) * [Azure] RHEL 7.9 reports GPU/IB topology incorrectly on some Azure SKUs (BZ#1984128) * [stable guest ABI]Hot add CPU after migration cause guest hang (BZ#1991856) * i40e driver crash at RIP: i40e_config_vf_promiscuous_mode+0x165 (BZ#1993850) * [nfs] Performance issue since commit 5a4f6f11951e (BZ#1995649) * [kernel] Indefinite waiting for RCU callback while removing cgroup (BZ#2000973) |
RHSA-2021:3802: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20213802 highRHSA-2021:3802 CVE-2021-22543 CVE-2021-3653 CVE-2021-3656
RHSA-2021:3802: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213802 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3802, CVE-2021-22543, CVE-2021-3653, CVE-2021-3656 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543) * kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653) * kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Indefinite waiting for RCU callback while removing cgroup (BZ#1967844) * kernel-rt: update to the latest RHEL7.9.z9 source tree (BZ#2002994) |
RHSA-2021:3807: 389-ds-base security and bug fix update (Low)oval-com.redhat.rhsa-def-20213807 lowRHSA-2021:3807 CVE-2021-3652
RHSA-2021:3807: 389-ds-base security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20213807 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:3807, CVE-2021-3652 |
| Description | 389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. Security Fix(es): * 389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed (CVE-2021-3652) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * A plugin can create an index. Even if the index can be used immediately (for searches) the index remains offline until further reindex (BZ#2005399) * In some rare case, a replication connection may be treated as a regular connection and ACIs evaluated even if they should not. (BZ#2005434) * A regular connection can be erroneously flagged replication connection (BZ#2005435) |
RHSA-2021:3810: libxml2 security update (Moderate)oval-com.redhat.rhsa-def-20213810 mediumRHSA-2021:3810 CVE-2016-4658
RHSA-2021:3810: libxml2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20213810 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:3810, CVE-2016-4658 |
| Description | The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Use after free via namespace node in XPointer ranges (CVE-2016-4658) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3816: httpd:2.4 security update (Important)oval-com.redhat.rhsa-def-20213816 highRHSA-2021:3816 CVE-2021-26691 CVE-2021-40438
RHSA-2021:3816: httpd:2.4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213816 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3816, CVE-2021-26691, CVE-2021-40438 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438) * httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3819: .NET 5.0 security and bugfix update (Important)oval-com.redhat.rhsa-def-20213819 highRHSA-2021:3819 CVE-2021-41355
RHSA-2021:3819: .NET 5.0 security and bugfix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213819 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3819, CVE-2021-41355 |
| Description | .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.208 and .NET Runtime 5.0.11. Security Fix(es): * dotnet: System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if TLS handshake fails (CVE-2021-41355) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3838: thunderbird security update (Important)oval-com.redhat.rhsa-def-20213838 highRHSA-2021:3838 CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502
RHSA-2021:3838: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213838 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3838, CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3841: thunderbird security update (Important)oval-com.redhat.rhsa-def-20213841 highRHSA-2021:3841 CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 CVE-2021-38502
RHSA-2021:3841: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213841 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3841, CVE-2021-32810, CVE-2021-38496, CVE-2021-38497, CVE-2021-38498, CVE-2021-38500, CVE-2021-38501, CVE-2021-38502 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * Mozilla: Downgrade attack on SMTP STARTTLS connections (CVE-2021-38502) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3856: httpd security update (Important)oval-com.redhat.rhsa-def-20213856 highRHSA-2021:3856 CVE-2021-40438
RHSA-2021:3856: httpd security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213856 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3856, CVE-2021-40438 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3889: java-1.8.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20213889 highRHSA-2021:3889 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603
RHSA-2021:3889: java-1.8.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213889 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3889, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * A defensive security change in an earlier OpenJDK update led to a performance degradation when using the Scanner class. This was due to the change being applied to many common cases that did not need this protection. With this update, we provide the original behaviour for these cases. (RHBZ#1862929) |
RHSA-2021:3891: java-11-openjdk security update (Important)oval-com.redhat.rhsa-def-20213891 highRHSA-2021:3891 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603
RHSA-2021:3891: java-11-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213891 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3891, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3892: java-11-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20213892 highRHSA-2021:3892 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603
RHSA-2021:3892: java-11-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213892 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3892, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603 |
| Description | The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, uninstalling the OpenJDK RPMs attempted to remove a client directory that did not exist. This directory is no longer used in java-11-openjdk and all references to it have now been removed. (RHBZ#1698873) |
RHSA-2021:3893: java-1.8.0-openjdk security and bug fix update (Important)oval-com.redhat.rhsa-def-20213893 highRHSA-2021:3893 CVE-2021-35550 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35565 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-35603
RHSA-2021:3893: java-1.8.0-openjdk security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213893 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3893, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603 |
| Description | The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Loop in HttpsServer triggered during TLS session close (JSSE, 8254967) (CVE-2021-35565) * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Weak ciphers preferred over stronger ones for TLS (JSSE, 8264210) (CVE-2021-35550) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Incomplete validation of inner class references in ClassFileParser (Hotspot, 8268071) (CVE-2021-35588) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, OpenJDK's FIPS mode would be enabled if it detected that the system crypto policy was set to FIPS. This meant that containers running on a FIPS mode kernel would not enable FIPS mode without the crypto policy being changed. With this update, OpenJDK queries the NSS library as to whether FIPS mode is active or not. (RHBZ#2014201) * The use of the NSS FIPS mode by OpenJDK requires the JDK to login to the NSS software token. Previously, this happened indirectly as part of some crypto operations, but not others. With this update, the JDK logs in to the token on initialisation. (RHBZ#2014204) * While in FIPS mode, the NSS Software Token does not allow the import of private or secret plain keys. This caused the OpenJDK keytool application to fail when used with OpenJDK in FIPS mode. With this update, OpenJDK will now import such keys into the NSS database. This behaviour may be disabled using -Dcom.redhat.fips.plainKeySupport=false. (RHBZ#2014193) |
RHSA-2021:3918: redis:5 security update (Important)oval-com.redhat.rhsa-def-20213918 highRHSA-2021:3918 CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32675 CVE-2021-32687 CVE-2021-41099
RHSA-2021:3918: redis:5 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213918 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3918, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32675, CVE-2021-32687, CVE-2021-41099 |
| Description | Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix(es): * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3945: redis:6 security update (Important)oval-com.redhat.rhsa-def-20213945 highRHSA-2021:3945 CVE-2021-32626 CVE-2021-32627 CVE-2021-32628 CVE-2021-32675 CVE-2021-32687 CVE-2021-41099
RHSA-2021:3945: redis:6 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213945 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3945, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32675, CVE-2021-32687, CVE-2021-41099 |
| Description | Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix(es): * redis: Lua scripts can overflow the heap-based Lua stack (CVE-2021-32626) * redis: Integer overflow issue with Streams (CVE-2021-32627) * redis: Integer overflow bug in the ziplist data structure (CVE-2021-32628) * redis: Denial of service via Redis Standard Protocol (RESP) request (CVE-2021-32675) * redis: Integer overflow issue with intsets (CVE-2021-32687) * redis: Integer overflow issue with strings (CVE-2021-41099) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:3956: xstream security update (Important)oval-com.redhat.rhsa-def-20213956 highRHSA-2021:3956 CVE-2021-39139 CVE-2021-39140 CVE-2021-39141 CVE-2021-39144 CVE-2021-39145 CVE-2021-39146 CVE-2021-39147 CVE-2021-39148 CVE-2021-39149 CVE-2021-39150 CVE-2021-39151 CVE-2021-39152 CVE-2021-39153 CVE-2021-39154
RHSA-2021:3956: xstream security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20213956 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:3956, CVE-2021-39139, CVE-2021-39140, CVE-2021-39141, CVE-2021-39144, CVE-2021-39145, CVE-2021-39146, CVE-2021-39147, CVE-2021-39148, CVE-2021-39149, CVE-2021-39150, CVE-2021-39151, CVE-2021-39152, CVE-2021-39153, CVE-2021-39154 |
| Description | XStream is a Java XML serialization library to serialize objects to and deserialize object from XML. Security Fix(es): * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39139) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39141) * xstream: Arbitrary code execution via unsafe deserialization of sun.tracing.* (CVE-2021-39144) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39145) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39146) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapSearchEnumeration (CVE-2021-39147) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.toolkit.dir.ContextEnumerator (CVE-2021-39148) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.corba.* (CVE-2021-39149) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of com.sun.xml.internal.ws.client.sei.* (CVE-2021-39150) * xstream: Arbitrary code execution via unsafe deserialization of com.sun.jndi.ldap.LdapBindingEnumeration (CVE-2021-39151) * xstream: Server-side request forgery (SSRF) via unsafe deserialization of jdk.nashorn.internal.runtime.Source$URLData (CVE-2021-39152) * xstream: Arbitrary code execution via unsafe deserialization of Xalan xsltc.trax.TemplatesImpl (CVE-2021-39153) * xstream: Arbitrary code execution via unsafe deserialization of javax.swing.UIDefaults$ProxyLazyValue (CVE-2021-39154) * xstream: Infinite loop DoS via unsafe deserialization of sun.reflect.annotation.AnnotationInvocationHandler (CVE-2021-39140) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4033: binutils security update (Moderate)oval-com.redhat.rhsa-def-20214033 mediumRHSA-2021:4033 CVE-2021-42574
RHSA-2021:4033: binutils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214033 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4033, CVE-2021-42574 |
| Description | The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4042: flatpak security update (Important)oval-com.redhat.rhsa-def-20214042 highRHSA-2021:4042 CVE-2021-41133
RHSA-2021:4042: flatpak security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214042 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4042, CVE-2021-41133 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: Sandbox bypass via recent VFS-manipulating syscalls (CVE-2021-41133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4044: flatpak security update (Important)oval-com.redhat.rhsa-def-20214044 highRHSA-2021:4044 CVE-2021-41133
RHSA-2021:4044: flatpak security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214044 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4044, CVE-2021-41133 |
| Description | Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fix(es): * flatpak: Sandbox bypass via recent VFS-manipulating syscalls (CVE-2021-41133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4056: kernel security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20214056 highRHSA-2021:4056 CVE-2020-36385 CVE-2021-0512 CVE-2021-3656
RHSA-2021:4056: kernel security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214056 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4056, CVE-2020-36385, CVE-2021-0512, CVE-2021-3656 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385) * kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c (CVE-2021-0512) * kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [HPE 8.3 bug] No EDAC MC0 message with one-DIMM two-processor configuration under RHEL8.3 (BZ#1982182) * mlx: devlink port function shows all zero hw_addr (BZ#1986837) * net/sched: act_mirred: allow saving the last chain processed on xmit path (BZ#1992230) * RHEL8.3 - System hang and / or r/o fs during SVC/v5k/v7k maintenance with ibmvfc (BZ#1993892) * RHEL8.1 Snapshot3 - PVT:940:virt:4TB:LPM operation failed by returning HSCLA2CF, HSCL365C SRC's - Linux partition suspend timeout (-> documentation/Linux Alert through LTC bug 182549) (BZ#1993952) * RHEL8.4 - benchTableRepDMLAsyncBarrier regresses by 34% on RHEL8.4 on POWER9 compared to RHEL8.2 (performance) (BZ#1997431) * [panic] call trace: ice_probe+0x238/0x10f0 [ice] (BZ#1997539) * [ice, PTP] ice: fix GPIO 1PPS signal (BZ#1997572) * Fix locality handling in the tpm_tis driver (BZ#1998219) * [ice, PTP]: fix Tx queue iteration for Tx timestamp enablement (BZ#2000128) * PCI passthrough with NVidia GPU "Invalid device 0003:01:00.0 iommu_group file /sys/bus/pci/devices/0003:01:00.0/iommu_group is not a symlink" (BZ#2000602) * [DELL 8.4 BUG] - System Hangs at Dell Logo When Boot to OS(e1000e with wrong GbE checksum) (BZ#2002335) * RHEL8.4 - kernel: Fix hanging ioctl caused by wrong msg counter (BZ#2002635) * kernel: get_timespec64 does not ignore padding in compat syscalls (BZ#2003569) * [mlx5] eth0: hw csum failure (BZ#2005980) * xlog_grant_head_wait() does not return and system hangs (BZ#2007413) * panic while breaking a lease/delegation after user mode helper invocation (BZ#2010331) * Lockd invalid cast to nlm_lockowner (BZ#2010820) * [xfstests generic/388] XFS: Assertion failed: 0, file: fs/xfs/xfs_mount.c, line: 1218 (BZ#2011919) Enhancement(s): * [Intel 8.5 FEAT] ice: Enable PTP Support (BZ#1998220) * [Intel 8.5 FEAT] ice: Enable GPIO/SDP Support (BZ#1998221) |
RHSA-2021:4057: python3 security update (Moderate)oval-com.redhat.rhsa-def-20214057 mediumRHSA-2021:4057 CVE-2021-3733
RHSA-2021:4057: python3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214057 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4057, CVE-2021-3733 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4058: samba security update (Moderate)oval-com.redhat.rhsa-def-20214058 mediumRHSA-2021:4058 CVE-2021-20254
RHSA-2021:4058: samba security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214058 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4058, CVE-2021-20254 |
| Description | Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fix(es): * samba: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token (CVE-2021-20254) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4059: curl security update (Moderate)oval-com.redhat.rhsa-def-20214059 mediumRHSA-2021:4059 CVE-2021-22946 CVE-2021-22947
RHSA-2021:4059: curl security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214059 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4059, CVE-2021-22946, CVE-2021-22947 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols (CVE-2021-22946) * curl: Server responses received before STARTTLS processed after TLS handshake (CVE-2021-22947) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4060: libsolv security update (Moderate)oval-com.redhat.rhsa-def-20214060 mediumRHSA-2021:4060 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938
RHSA-2021:4060: libsolv security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214060 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4060, CVE-2021-33928, CVE-2021-33929, CVE-2021-33930, CVE-2021-33938 |
| Description | The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fix(es): * libsolv: heap-based buffer overflow in pool_installable() in src/repo.h (CVE-2021-33928) * libsolv: heap-based buffer overflow in pool_disabled_solvable() in src/repo.h (CVE-2021-33929) * libsolv: heap-based buffer overflow in pool_installable_whatprovides() in src/repo.h (CVE-2021-33930) * libsolv: heap-based buffer overflow in prune_to_recommended() in src/policy.c (CVE-2021-33938) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4088: kernel-rt security and bug fix update (Important)oval-com.redhat.rhsa-def-20214088 highRHSA-2021:4088 CVE-2020-36385 CVE-2021-0512 CVE-2021-3656
RHSA-2021:4088: kernel-rt security and bug fix update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214088 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4088, CVE-2020-36385, CVE-2021-0512, CVE-2021-3656 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385) * kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c (CVE-2021-0512) * kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * kernel-rt: update RT source tree to the RHEL-8.4.z source tree (BZ#2004117) |
RHSA-2021:4089: java-1.8.0-ibm security update (Moderate)oval-com.redhat.rhsa-def-20214089 mediumRHSA-2021:4089 CVE-2021-2341 CVE-2021-2369
RHSA-2021:4089: java-1.8.0-ibm security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214089 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4089, CVE-2021-2341, CVE-2021-2369 |
| Description | IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP35. Security Fix(es): * OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432) (CVE-2021-2341) * OpenJDK: Incorrect verification of JAR files with multiple MANIFEST.MF files (Library, 8260967) (CVE-2021-2369) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4097: webkit2gtk3 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214097 mediumRHSA-2021:4097 CVE-2021-30858
RHSA-2021:4097: webkit2gtk3 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214097 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4097, CVE-2021-30858 |
| Description | WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fix(es): * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30858) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * WebProcess::initializeWebProcess crashing on aarch64 (BZ#2010825) |
RHSA-2021:4116: firefox security update (Important)oval-com.redhat.rhsa-def-20214116 highRHSA-2021:4116 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509
RHSA-2021:4116: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214116 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4116, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38507) * Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing (CVE-2021-38508) * Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain (CVE-2021-38509) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4122: kpatch-patch security update (Important)oval-com.redhat.rhsa-def-20214122 highRHSA-2021:4122 CVE-2020-36385 CVE-2021-0512
RHSA-2021:4122: kpatch-patch security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214122 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4122, CVE-2020-36385, CVE-2021-0512 |
| Description | This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Security Fix(es): * kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385) * kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c (CVE-2021-0512) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4123: firefox security update (Important)oval-com.redhat.rhsa-def-20214123 highRHSA-2021:4123 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509
RHSA-2021:4123: firefox security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214123 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4123, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509 |
| Description | Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38507) * Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing (CVE-2021-38508) * Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain (CVE-2021-38509) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4130: thunderbird security update (Important)oval-com.redhat.rhsa-def-20214130 highRHSA-2021:4130 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509
RHSA-2021:4130: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214130 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4130, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38507) * Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing (CVE-2021-38508) * Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain (CVE-2021-38509) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4134: thunderbird security update (Important)oval-com.redhat.rhsa-def-20214134 highRHSA-2021:4134 CVE-2021-38503 CVE-2021-38504 CVE-2021-38506 CVE-2021-38507 CVE-2021-38508 CVE-2021-38509
RHSA-2021:4134: thunderbird security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214134 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4134, CVE-2021-38503, CVE-2021-38504, CVE-2021-38506, CVE-2021-38507, CVE-2021-38508, CVE-2021-38509 |
| Description | Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.3.0. Security Fix(es): * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets (CVE-2021-38503) * Mozilla: Use-after-free in file picker dialog (CVE-2021-38504) * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning (CVE-2021-38506) * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports (CVE-2021-38507) * Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing (CVE-2021-38508) * Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain (CVE-2021-38509) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4135: java-17-openjdk security update (Important)oval-com.redhat.rhsa-def-20214135 highRHSA-2021:4135 CVE-2021-35556 CVE-2021-35559 CVE-2021-35561 CVE-2021-35564 CVE-2021-35567 CVE-2021-35578 CVE-2021-35586 CVE-2021-35603
RHSA-2021:4135: java-17-openjdk security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214135 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4135, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603 |
| Description | The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fix(es): * OpenJDK: Incorrect principal selection when using Kerberos Constrained Delegation (Libraries, 8266689) (CVE-2021-35567) * OpenJDK: Excessive memory allocation in RTFParser (Swing, 8265167) (CVE-2021-35556) * OpenJDK: Excessive memory allocation in RTFReader (Swing, 8265580) (CVE-2021-35559) * OpenJDK: Excessive memory allocation in HashMap and HashSet (Utility, 8266097) (CVE-2021-35561) * OpenJDK: Certificates with end dates too far in the future can corrupt keystore (Keytool, 8266137) (CVE-2021-35564) * OpenJDK: Unexpected exception raised during TLS handshake (JSSE, 8267729) (CVE-2021-35578) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8267735) (CVE-2021-35586) * OpenJDK: Non-constant comparison during TLS handshakes (JSSE, 8269618) (CVE-2021-35603) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4139: resource-agents security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214139 mediumRHSA-2021:4139 CVE-2021-20270 CVE-2021-27291
RHSA-2021:4139: resource-agents security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214139 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4139, CVE-2021-20270, CVE-2021-27291 |
| Description | The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): * python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270) * python-pygments: ReDoS in multiple lexers (CVE-2021-27291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4140: kernel-rt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214140 mediumRHSA-2021:4140 CVE-2019-14615 CVE-2020-0427 CVE-2020-24502 CVE-2020-24503 CVE-2020-24504 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 CVE-2020-26141 CVE-2020-26143 CVE-2020-26144 CVE-2020-26145 CVE-2020-26146 CVE-2020-26147 CVE-2020-29368 CVE-2020-29660 CVE-2020-36158 CVE-2020-36312 CVE-2020-36386 CVE-2021-0129 CVE-2021-20194 CVE-2021-20239 CVE-2021-23133 CVE-2021-28950 CVE-2021-28971 CVE-2021-29155 CVE-2021-29646 CVE-2021-29650 CVE-2021-31440 CVE-2021-31829 CVE-2021-31916 CVE-2021-33033 CVE-2021-33200 CVE-2021-3348 CVE-2021-3489 CVE-2021-3564 CVE-2021-3573 CVE-2021-3600 CVE-2021-3635 CVE-2021-3659 CVE-2021-3679 CVE-2021-3732
RHSA-2021:4140: kernel-rt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214140 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4140, CVE-2019-14615, CVE-2020-0427, CVE-2020-24502, CVE-2020-24503, CVE-2020-24504, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2020-29368, CVE-2020-29660, CVE-2020-36158, CVE-2020-36312, CVE-2020-36386, CVE-2021-0129, CVE-2021-20194, CVE-2021-20239, CVE-2021-23133, CVE-2021-28950, CVE-2021-28971, CVE-2021-29155, CVE-2021-29646, CVE-2021-29650, CVE-2021-31440, CVE-2021-31829, CVE-2021-31916, CVE-2021-33033, CVE-2021-33200, CVE-2021-3348, CVE-2021-3489, CVE-2021-3564, CVE-2021-3573, CVE-2021-3600, CVE-2021-3635, CVE-2021-3659, CVE-2021-3679, CVE-2021-3732 |
| Description | The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem. (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503) * kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504) * kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586) * kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587) * kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588) * kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139) * kernel: accepting plaintext data frames in protected networks (CVE-2020-26140) * kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141) * kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143) * kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144) * kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145) * kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660) * kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158) * kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386) * kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129) * kernel: Use-after-free in ndb_queue_rq() (CVE-2021-3348) * kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489) * kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564) * kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573) * kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600) * kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679) * kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732) * kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194) * kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133) * kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950) * kernel: System crash in intel_pmu_drain_pebs_nhm (CVE-2021-28971) * kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory (CVE-2021-29155) * kernel: improper input validation in tipc_nl_retrieve_key function (CVE-2021-29646) * kernel: lack a full memory barrier upon the assignment of a new table value in x_tables.h may lead to DoS (CVE-2021-29650) * kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440) * kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829) * kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200) * kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146) * kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147) * kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368) * kernel: flowtable list del corruption with kernel BUG (CVE-2021-3635) * kernel: NULL pointer dereference in llsec_key_alloc() (CVE-2021-3659) * kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239) * kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916) |
RHSA-2021:4142: pcs security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20214142 lowRHSA-2021:4142 CVE-2020-11023 CVE-2020-7656
RHSA-2021:4142: pcs security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214142 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4142, CVE-2020-11023, CVE-2020-7656 |
| Description | The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a later upstream version: pcs (0.10.10). (BZ#1935594) Security Fix(es): * jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces (CVE-2020-7656) * jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4149: python-pillow security update (Moderate)oval-com.redhat.rhsa-def-20214149 mediumRHSA-2021:4149 CVE-2020-35653 CVE-2020-35655 CVE-2021-25287 CVE-2021-25288 CVE-2021-25290 CVE-2021-25292 CVE-2021-25293 CVE-2021-27921 CVE-2021-27922 CVE-2021-27923 CVE-2021-28675 CVE-2021-28676 CVE-2021-28677 CVE-2021-28678 CVE-2021-34552
RHSA-2021:4149: python-pillow security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214149 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4149, CVE-2020-35653, CVE-2020-35655, CVE-2021-25287, CVE-2021-25288, CVE-2021-25290, CVE-2021-25292, CVE-2021-25293, CVE-2021-27921, CVE-2021-27922, CVE-2021-27923, CVE-2021-28675, CVE-2021-28676, CVE-2021-28677, CVE-2021-28678, CVE-2021-34552 |
| Description | The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Security Fix(es): * python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25287) * python-pillow: Out-of-bounds read in J2K image reader (CVE-2021-25288) * python-pillow: Negative-offset memcpy in TIFF image reader (CVE-2021-25290) * python-pillow: Regular expression DoS in PDF format parser (CVE-2021-25292) * python-pillow: Out-of-bounds read in SGI RLE image reader (CVE-2021-25293) * python-pillow: Excessive memory allocation in BLP image reader (CVE-2021-27921) * python-pillow: Excessive memory allocation in ICNS image reader (CVE-2021-27922) * python-pillow: Excessive memory allocation in ICO image reader (CVE-2021-27923) * python-pillow: Excessive memory allocation in PSD image reader (CVE-2021-28675) * python-pillow: Infinite loop in FLI image reader (CVE-2021-28676) * python-pillow: Excessive CPU use in EPS image reader (CVE-2021-28677) * python-pillow: Excessive looping in BLP image reader (CVE-2021-28678) * python-pillow: Buffer overflow in image convert function (CVE-2021-34552) * python-pillow: Buffer over-read in PCX image reader (CVE-2020-35653) * python-pillow: Buffer over-read in SGI RLE image reader (CVE-2020-35655) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4150: python36:3.6 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214150 mediumRHSA-2021:4150 CVE-2021-20270 CVE-2021-27291
RHSA-2021:4150: python36:3.6 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214150 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4150, CVE-2021-20270, CVE-2021-27291 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270) * python-pygments: ReDoS in multiple lexers (CVE-2021-27291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4151: python27:2.7 security update (Moderate)oval-com.redhat.rhsa-def-20214151 mediumRHSA-2021:4151 CVE-2020-27619 CVE-2020-28493 CVE-2021-20095 CVE-2021-20270 CVE-2021-23336 CVE-2021-27291 CVE-2021-28957 CVE-2021-42771
RHSA-2021:4151: python27:2.7 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214151 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4151, CVE-2020-27619, CVE-2020-28493, CVE-2021-20095, CVE-2021-20270, CVE-2021-23336, CVE-2021-27291, CVE-2021-28957, CVE-2021-42771 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Unsafe use of eval() on data retrieved via HTTP in the test suite (CVE-2020-27619) * python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493) * python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771) * python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270) * python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336) * python-pygments: ReDoS in multiple lexers (CVE-2021-27291) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4153: dnsmasq security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214153 mediumRHSA-2021:4153 CVE-2021-3448
RHSA-2021:4153: dnsmasq security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214153 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4153, CVE-2021-3448 |
| Description | The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server. Security Fix(es): * dnsmasq: fixed outgoing port used when --server is used with an interface name (CVE-2021-3448) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4154: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214154 mediumRHSA-2021:4154 CVE-2021-20291 CVE-2021-3602
RHSA-2021:4154: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214154 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4154, CVE-2021-20291, CVE-2021-3602 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * buildah: Host environment variables leaked in build container when using chroot isolation (CVE-2021-3602) * containers/storage: DoS via malicious image (CVE-2021-20291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4156: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214156 mediumRHSA-2021:4156 CVE-2021-33195 CVE-2021-33197 CVE-2021-33198 CVE-2021-36221
RHSA-2021:4156: go-toolset:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214156 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4156, CVE-2021-33195, CVE-2021-33197, CVE-2021-33198, CVE-2021-36221 |
| Description | Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The following packages have been upgraded to a later upstream version: golang (1.16.7). (BZ#1938071) Security Fix(es): * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4158: python-lxml security update (Moderate)oval-com.redhat.rhsa-def-20214158 mediumRHSA-2021:4158 CVE-2021-28957
RHSA-2021:4158: python-lxml security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214158 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4158, CVE-2021-28957 |
| Description | lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fix(es): * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4160: python39:3.9 and python39-devel:3.9 security update (Moderate)oval-com.redhat.rhsa-def-20214160 mediumRHSA-2021:4160 CVE-2021-28957 CVE-2021-29921 CVE-2021-33503 CVE-2021-3426 CVE-2021-3572 CVE-2021-3733 CVE-2021-3737
RHSA-2021:4160: python39:3.9 and python39-devel:3.9 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214160 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4160, CVE-2021-28957, CVE-2021-29921, CVE-2021-33503, CVE-2021-3426, CVE-2021-3572, CVE-2021-3733, CVE-2021-3737 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information disclosure via pydoc (CVE-2021-3426) * python: urllib: Regular expression DoS in AbstractBasicAuthHandler (CVE-2021-3733) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) * python: urllib: HTTP client possible infinite loop on a 100 Continue response (CVE-2021-3737) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4161: python-jinja2 security update (Moderate)oval-com.redhat.rhsa-def-20214161 mediumRHSA-2021:4161 CVE-2020-28493
RHSA-2021:4161: python-jinja2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214161 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4161, CVE-2020-28493 |
| Description | The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fix(es): * python-jinja2: ReDoS vulnerability due to the sub-pattern (CVE-2020-28493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate)oval-com.redhat.rhsa-def-20214162 mediumRHSA-2021:4162 CVE-2019-18874 CVE-2020-28493 CVE-2021-20095 CVE-2021-23336 CVE-2021-28957 CVE-2021-29921 CVE-2021-33503 CVE-2021-3426 CVE-2021-3572 CVE-2021-42771
RHSA-2021:4162: python38:3.8 and python38-devel:3.8 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214162 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4162, CVE-2019-18874, CVE-2020-28493, CVE-2021-20095, CVE-2021-23336, CVE-2021-28957, CVE-2021-29921, CVE-2021-33503, CVE-2021-3426, CVE-2021-3572, CVE-2021-42771 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-psutil: Double free because of refcount mishandling (CVE-2019-18874) * python-jinja2: ReDoS vulnerability in the urlize filter (CVE-2020-28493) * python: Information disclosure via pydoc (CVE-2021-3426) * python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771) * python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters (CVE-2021-23336) * python-lxml: Missing input sanitization for formaction HTML5 attributes may lead to XSS (CVE-2021-28957) * python-ipaddress: Improper input validation of octal strings (CVE-2021-29921) * python-urllib3: ReDoS in the parsing of authority part of URL (CVE-2021-33503) * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4172: qt5 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214172 mediumRHSA-2021:4172 CVE-2021-3481
RHSA-2021:4172: qt5 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214172 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4172, CVE-2021-3481 |
| Description | Qt is a software toolkit for developing applications. The following packages have been upgraded to a later upstream version: adwaita-qt (1.2.1), python-qt5 (5.15.0), qgnomeplatform (0.7.1), qt5 (5.15.2), qt5-qt3d (5.15.2), qt5-qtbase (5.15.2), qt5-qtconnectivity (5.15.2), qt5-qtdeclarative (5.15.2), qt5-qtdoc (5.15.2), qt5-qtgraphicaleffects (5.15.2), qt5-qtimageformats (5.15.2), qt5-qtlocation (5.15.2), qt5-qtmultimedia (5.15.2), qt5-qtquickcontrols (5.15.2), qt5-qtquickcontrols2 (5.15.2), qt5-qtscript (5.15.2), qt5-qtsensors (5.15.2), qt5-qtserialbus (5.15.2), qt5-qtserialport (5.15.2), qt5-qtsvg (5.15.2), qt5-qttools (5.15.2), qt5-qttranslations (5.15.2), qt5-qtwayland (5.15.2), qt5-qtwebchannel (5.15.2), qt5-qtwebsockets (5.15.2), qt5-qtx11extras (5.15.2), qt5-qtxmlpatterns (5.15.2), sip (4.19.24). (BZ#1928156) Security Fix(es): * qt: Out of bounds read in function QRadialFetchSimd from crafted svg file (CVE-2021-3481) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4173: exiv2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214173 mediumRHSA-2021:4173 CVE-2021-29457 CVE-2021-29458 CVE-2021-29463 CVE-2021-29464 CVE-2021-29470 CVE-2021-29473 CVE-2021-29623 CVE-2021-31292 CVE-2021-32617 CVE-2021-3482 CVE-2021-37618 CVE-2021-37619
RHSA-2021:4173: exiv2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214173 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4173, CVE-2021-29457, CVE-2021-29458, CVE-2021-29463, CVE-2021-29464, CVE-2021-29470, CVE-2021-29473, CVE-2021-29623, CVE-2021-31292, CVE-2021-32617, CVE-2021-3482, CVE-2021-37618, CVE-2021-37619 |
| Description | Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. The following packages have been upgraded to a later upstream version: exiv2 (0.27.4). (BZ#1989860) Security Fix(es): * exiv2: Heap-based buffer overflow in Jp2Image::readMetadata() (CVE-2021-3482) * exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata (CVE-2021-29457) * exiv2: Out-of-bounds read in Exiv2::Internal::CrwMap::encode (CVE-2021-29458) * exiv2: Heap-based buffer overflow in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-29464) * exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-29470) * exiv2: Out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata (CVE-2021-29473) * exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS (CVE-2021-31292) * exiv2: Out-of-bounds read in Exiv2::WebPImage::doWriteMetadata (CVE-2021-29463) * exiv2: Use of uninitialized memory in isWebPType() may lead to information leak (CVE-2021-29623) * exiv2: DoS due to quadratic complexity in ProcessUTF8Portion (CVE-2021-32617) * exiv2: Out-of-bounds read in Exiv2::Jp2Image::printStructure (CVE-2021-37618) * exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-37619) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4179: file-roller security update (Low)oval-com.redhat.rhsa-def-20214179 lowRHSA-2021:4179 CVE-2020-36314
RHSA-2021:4179: file-roller security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214179 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4179, CVE-2020-36314 |
| Description | File Roller is an application for creating and viewing archives files, such as tar or zip files. Security Fix(es): * file-roller: directory traversal via directory symlink pointing outside of the target directory (incomplete fix for CVE-2020-11736) (CVE-2020-36314) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4181: mutt security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214181 mediumRHSA-2021:4181 CVE-2020-28896 CVE-2021-3181
RHSA-2021:4181: mutt security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214181 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4181, CVE-2020-28896, CVE-2021-3181 |
| Description | Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. The following packages have been upgraded to a later upstream version: mutt (2.0.7). (BZ#1912614) Security Fix(es): * mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection (CVE-2020-28896) * mutt: Memory leak when parsing rfc822 group addresses (CVE-2021-3181) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4191: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214191 mediumRHSA-2021:4191 CVE-2020-15859 CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 CVE-2021-3631 CVE-2021-3667
RHSA-2021:4191: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214191 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4191, CVE-2020-15859, CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595, CVE-2021-3631, CVE-2021-3667 |
| Description | Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Security Fix(es): * QEMU: net: e1000e: use-after-free while sending packets (CVE-2020-15859) * QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp) (CVE-2021-3592) * QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6) (CVE-2021-3593) * QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp) (CVE-2021-3594) * QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp) (CVE-2021-3595) * libvirt: Insecure sVirt label generation (CVE-2021-3631) * libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API (CVE-2021-3667) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4198: edk2 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214198 mediumRHSA-2021:4198 CVE-2021-23840 CVE-2021-23841
RHSA-2021:4198: edk2 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214198 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4198, CVE-2021-23840, CVE-2021-23841 |
| Description | EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. The following packages have been upgraded to a later upstream version: edk2 (20210527gite1999b264f1f). (BZ#1846481, BZ#1938238) Security Fix(es): * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4201: babel security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214201 mediumRHSA-2021:4201 CVE-2021-20095 CVE-2021-42771
RHSA-2021:4201: babel security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214201 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4201, CVE-2021-20095, CVE-2021-42771 |
| Description | Babel provides tools to build and work with gettext message catalogs, and a Python interface to the CLDR (Common Locale Data Repository), providing access to various locale display names, localized number and date formatting, etc. Security Fix(es): * python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4213: php:7.4 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214213 mediumRHSA-2021:4213 CVE-2020-7068 CVE-2020-7069 CVE-2020-7070 CVE-2020-7071 CVE-2021-21702
RHSA-2021:4213: php:7.4 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214213 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4213, CVE-2020-7068, CVE-2020-7069, CVE-2020-7070, CVE-2020-7071, CVE-2021-21702 |
| Description | PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php (7.4.19). (BZ#1944110) Security Fix(es): * php: Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV (CVE-2020-7069) * php: FILTER_VALIDATE_URL accepts URLs with invalid userinfo (CVE-2020-7071) * php: Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068) * php: URL decoding of cookie names can lead to different interpretation of cookies between browser and server (CVE-2020-7070) * php: NULL pointer dereference in SoapClient (CVE-2021-21702) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4221: container-tools:2.0 security update (Moderate)oval-com.redhat.rhsa-def-20214221 mediumRHSA-2021:4221 CVE-2021-3602
RHSA-2021:4221: container-tools:2.0 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214221 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4221, CVE-2021-3602 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * buildah: Host environment variables leaked in build container when using chroot isolation (CVE-2021-3602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4222: container-tools:3.0 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214222 mediumRHSA-2021:4222 CVE-2021-3602
RHSA-2021:4222: container-tools:3.0 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214222 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4222, CVE-2021-3602 |
| Description | The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * buildah: Host environment variables leaked in build container when using chroot isolation (CVE-2021-3602) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214226 mediumRHSA-2021:4226 CVE-2021-27358 CVE-2021-3114 CVE-2021-33195 CVE-2021-33197 CVE-2021-34558
RHSA-2021:4226: grafana security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214226 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4226, CVE-2021-27358, CVE-2021-3114, CVE-2021-33195, CVE-2021-33197, CVE-2021-34558 |
| Description | Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (7.5.9). (BZ#1921191) Security Fix(es): * golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) * grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4231: libwebp security update (Moderate)oval-com.redhat.rhsa-def-20214231 mediumRHSA-2021:4231 CVE-2018-25009 CVE-2018-25010 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332
RHSA-2021:4231: libwebp security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214231 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4231, CVE-2018-25009, CVE-2018-25010, CVE-2018-25012, CVE-2018-25013, CVE-2018-25014, CVE-2020-36330, CVE-2020-36331, CVE-2020-36332 |
| Description | The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Security Fix(es): * libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009) * libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010) * libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012) * libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013) * libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014) * libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330) * libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331) * libwebp: excessive memory allocation when reading a file (CVE-2020-36332) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4235: jasper security update (Moderate)oval-com.redhat.rhsa-def-20214235 mediumRHSA-2021:4235 CVE-2020-27828 CVE-2021-26926 CVE-2021-26927 CVE-2021-3272
RHSA-2021:4235: jasper security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214235 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4235, CVE-2020-27828, CVE-2021-26926, CVE-2021-26927, CVE-2021-3272 |
| Description | JasPer is an implementation of Part 1 of the JPEG 2000 image compression standard. Security Fix(es): * jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c (CVE-2020-27828) * jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c (CVE-2021-3272) * jasper: Out of bounds read in jp2_decode() in jp2_dec.c (CVE-2021-26926) * jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c (CVE-2021-26927) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4236: tcpdump security and bug fix update (Low)oval-com.redhat.rhsa-def-20214236 lowRHSA-2021:4236 CVE-2020-8037
RHSA-2021:4236: tcpdump security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214236 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4236, CVE-2020-8037 |
| Description | The tcpdump packages contain the tcpdump utility for monitoring network traffic. The tcpdump utility can capture and display the packet headers on a particular network interface or on all interfaces. Security Fix(es): * tcpdump: ppp decapsulator can be convinced to allocate a large amount of memory (CVE-2020-8037) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4241: libtiff security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214241 mediumRHSA-2021:4241 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524
RHSA-2021:4241: libtiff security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214241 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4241, CVE-2020-35521, CVE-2020-35522, CVE-2020-35523, CVE-2020-35524 |
| Description | The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. Security Fix(es): * libtiff: Integer overflow in tif_getimage.c (CVE-2020-35523) * libtiff: Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524) * libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35521) * libtiff: Memory allocation failure in tiff2rgba (CVE-2020-35522) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4251: openjpeg2 security update (Moderate)oval-com.redhat.rhsa-def-20214251 mediumRHSA-2021:4251 CVE-2018-20845 CVE-2018-20847 CVE-2018-5727 CVE-2018-5785 CVE-2019-12973 CVE-2020-15389 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVE-2021-29338 CVE-2021-3575
RHSA-2021:4251: openjpeg2 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214251 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4251, CVE-2018-20845, CVE-2018-20847, CVE-2018-5727, CVE-2018-5785, CVE-2019-12973, CVE-2020-15389, CVE-2020-27814, CVE-2020-27823, CVE-2020-27824, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845, CVE-2021-29338, CVE-2021-3575 |
| Description | OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. The following packages have been upgraded to a later upstream version: openjpeg2 (2.4.0). Security Fix(es): * openjpeg: use-after-free and double-free via a mix of valid and invalid files in a directory operated on by the decompressor (CVE-2020-15389) * openjpeg: heap-buffer-overflow in lib/openjp2/mqc.c could result in DoS (CVE-2020-27814) * openjpeg: heap-buffer-overflow write in opj_tcd_dc_level_shift_encode() (CVE-2020-27823) * openjpeg: heap-buffer-overflow in color.c may lead to DoS or arbitrary code execution (CVE-2021-3575) * openjpeg: integer overflow in opj_t1_encode_cblks in src/lib/openjp2/t1.c (CVE-2018-5727) * openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785) * openjpeg: division-by-zero in functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (CVE-2018-20845) * openjpeg: integer overflow in function opj_get_encoding_parameters in openjp2/pi.c (CVE-2018-20847) * openjpeg: denial of service in function opj_t1_encode_cblks in openjp2/t1.c (CVE-2019-12973) * openjpeg: global-buffer-overflow read in opj_dwt_calc_explicit_stepsizes() (CVE-2020-27824) * openjpeg: null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (CVE-2020-27842) * openjpeg: out-of-bounds read in opj_t2_encode_packet function in openjp2/t2.c (CVE-2020-27843) * openjpeg: heap-based buffer overflow in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (CVE-2020-27845) * openjpeg: out-of-bounds write due to an integer overflow in opj_compress.c (CVE-2021-29338) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4256: graphviz security update (Moderate)oval-com.redhat.rhsa-def-20214256 mediumRHSA-2021:4256 CVE-2020-18032
RHSA-2021:4256: graphviz security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214256 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4256, CVE-2020-18032 |
| Description | Graphviz is open-source graph-visualization software. Graph visualization is a way of representing structural information as diagrams of abstract graphs and networks. It has important applications in networking, bioinformatics, software engineering, database and web design, machine learning, and in visual interfaces for other technical domains. Security Fix(es): * graphviz: off-by-one in parse_reclbl() in lib/common/shapes.c (CVE-2020-18032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4257: httpd:2.4 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214257 mediumRHSA-2021:4257 CVE-2021-26690 CVE-2021-30641
RHSA-2021:4257: httpd:2.4 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214257 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4257, CVE-2021-26690, CVE-2021-30641 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_session: NULL pointer dereference when parsing Cookie header (CVE-2021-26690) * httpd: Unexpected URL matching with 'MergeSlashes OFF' (CVE-2021-30641) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4270: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214270 mediumRHSA-2021:4270 CVE-2021-29922
RHSA-2021:4270: rust-toolset:rhel8 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214270 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4270, CVE-2021-29922 |
| Description | Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. The following packages have been upgraded to a later upstream version: rust (1.54.0). (BZ#1945805) Security Fix(es): * rust: incorrect parsing of extraneous zero characters at the beginning of an IP address string (CVE-2021-29922) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4288: libjpeg-turbo security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214288 mediumRHSA-2021:4288 CVE-2020-17541
RHSA-2021:4288: libjpeg-turbo security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214288 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4288, CVE-2020-17541 |
| Description | The libjpeg-turbo packages contain a library of functions for manipulating JPEG images. They also contain simple client programs for accessing the libjpeg functions. These packages provide the same functionality and API as libjpeg but with better performance. Security Fix(es): * libjpeg-turbo: Stack-based buffer overflow in the "transform" component (CVE-2020-17541) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4292: squid:4 security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214292 mediumRHSA-2021:4292 CVE-2021-28651 CVE-2021-28652 CVE-2021-28662 CVE-2021-31806 CVE-2021-31807 CVE-2021-31808 CVE-2021-33620
RHSA-2021:4292: squid:4 security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214292 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4292, CVE-2021-28651, CVE-2021-28652, CVE-2021-28662, CVE-2021-31806, CVE-2021-31807, CVE-2021-31808, CVE-2021-33620 |
| Description | Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. The following packages have been upgraded to a later upstream version: squid (4.15). (BZ#1964384) Security Fix(es): * squid: denial of service in URN processing (CVE-2021-28651) * squid: denial of service issue in Cache Manager (CVE-2021-28652) * squid: denial of service in HTTP response processing (CVE-2021-28662) * squid: improper input validation in HTTP Range header (CVE-2021-31806) * squid: incorrect memory management in HTTP Range header (CVE-2021-31807) * squid: integer overflow in HTTP Range header (CVE-2021-31808) * squid: denial of service in HTTP response processing (CVE-2021-33620) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4315: spamassassin security update (Moderate)oval-com.redhat.rhsa-def-20214315 mediumRHSA-2021:4315 CVE-2020-1946
RHSA-2021:4315: spamassassin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214315 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4315, CVE-2020-1946 |
| Description | The SpamAssassin tool provides a way to reduce unsolicited commercial email (spam) from incoming email. Security Fix(es): * spamassassin: Malicious rule configuration files can be configured to run system commands (CVE-2020-1946) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4316: zziplib security update (Low)oval-com.redhat.rhsa-def-20214316 lowRHSA-2021:4316 CVE-2020-18442
RHSA-2021:4316: zziplib security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214316 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4316, CVE-2020-18442 |
| Description | The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: infinite loop via the return value of zzip_file_read() as used in unzzip_cat_file() (CVE-2020-18442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4319: compat-exiv2-026 security update (Moderate)oval-com.redhat.rhsa-def-20214319 mediumRHSA-2021:4319 CVE-2021-31292 CVE-2021-37618 CVE-2021-37619
RHSA-2021:4319: compat-exiv2-026 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214319 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4319, CVE-2021-31292, CVE-2021-37618, CVE-2021-37619 |
| Description | Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS (CVE-2021-31292) * exiv2: Out-of-bounds read in Exiv2::Jp2Image::printStructure (CVE-2021-37618) * exiv2: Out-of-bounds read in Exiv2::Jp2Image::encodeJp2Header (CVE-2021-37619) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4321: linuxptp security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214321 mediumRHSA-2021:4321 CVE-2021-3571
RHSA-2021:4321: linuxptp security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214321 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4321, CVE-2021-3571 |
| Description | The linuxptp packages provide Precision Time Protocol (PTP) implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces (API) offered by the Linux kernel. The following packages have been upgraded to a later upstream version: linuxptp (3.1.1). (BZ#1895005) Security Fix(es): * linuxptp: wrong length of one-step follow-up in transparent clock (CVE-2021-3571) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4324: python-psutil security update (Moderate)oval-com.redhat.rhsa-def-20214324 mediumRHSA-2021:4324 CVE-2019-18874
RHSA-2021:4324: python-psutil security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214324 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4324, CVE-2019-18874 |
| Description | psutil is a module providing an interface for retrieving information on all running processes and system utilization (CPU, memory, disks, network, users) in a portable way by using Python. Security Fix(es): * python-psutil: double free because of refcount mishandling (CVE-2019-18874) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4325: lasso security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214325 mediumRHSA-2021:4325 CVE-2021-28091
RHSA-2021:4325: lasso security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214325 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4325, CVE-2021-28091 |
| Description | The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages. Security Fix(es): * lasso: XML signature wrapping vulnerability when parsing SAML responses (CVE-2021-28091) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4326: libX11 security update (Moderate)oval-com.redhat.rhsa-def-20214326 mediumRHSA-2021:4326 CVE-2021-31535
RHSA-2021:4326: libX11 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214326 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4326, CVE-2021-31535 |
| Description | The libX11 packages contain the core X11 protocol client library. Security Fix(es): * libX11: missing request length checks (CVE-2021-31535) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4339: grilo security update (Moderate)oval-com.redhat.rhsa-def-20214339 mediumRHSA-2021:4339 CVE-2021-39365
RHSA-2021:4339: grilo security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214339 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4339, CVE-2021-39365 |
| Description | Grilo is a framework that provides access to different sources of multimedia content, using a pluggable system. The grilo package contains the core library and elements. Security Fix(es): * grilo: missing TLS certificate verification (CVE-2021-39365) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214356 mediumRHSA-2021:4356 CVE-2019-14615 CVE-2020-0427 CVE-2020-24502 CVE-2020-24503 CVE-2020-24504 CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 CVE-2020-26141 CVE-2020-26143 CVE-2020-26144 CVE-2020-26145 CVE-2020-26146 CVE-2020-26147 CVE-2020-27777 CVE-2020-29368 CVE-2020-29660 CVE-2020-36158 CVE-2020-36312 CVE-2020-36386 CVE-2021-0129 CVE-2021-20194 CVE-2021-20239 CVE-2021-23133 CVE-2021-28950 CVE-2021-28971 CVE-2021-29155 CVE-2021-29646 CVE-2021-29650 CVE-2021-31440 CVE-2021-31829 CVE-2021-31916 CVE-2021-33033 CVE-2021-33200 CVE-2021-3348 CVE-2021-3489 CVE-2021-3564 CVE-2021-3573 CVE-2021-3600 CVE-2021-3635 CVE-2021-3659 CVE-2021-3679 CVE-2021-3732
RHSA-2021:4356: kernel security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214356 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4356, CVE-2019-14615, CVE-2020-0427, CVE-2020-24502, CVE-2020-24503, CVE-2020-24504, CVE-2020-24586, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147, CVE-2020-27777, CVE-2020-29368, CVE-2020-29660, CVE-2020-36158, CVE-2020-36312, CVE-2020-36386, CVE-2021-0129, CVE-2021-20194, CVE-2021-20239, CVE-2021-23133, CVE-2021-28950, CVE-2021-28971, CVE-2021-29155, CVE-2021-29646, CVE-2021-29650, CVE-2021-31440, CVE-2021-31829, CVE-2021-31916, CVE-2021-33033, CVE-2021-33200, CVE-2021-3348, CVE-2021-3489, CVE-2021-3564, CVE-2021-3573, CVE-2021-3600, CVE-2021-3635, CVE-2021-3659, CVE-2021-3679, CVE-2021-3732 |
| Description | The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: out-of-bounds reads in pinctrl subsystem (CVE-2020-0427) * kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24502) * kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24503) * kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers (CVE-2020-24504) * kernel: Fragmentation cache not cleared on reconnection (CVE-2020-24586) * kernel: Reassembling fragments encrypted under different keys (CVE-2020-24587) * kernel: wifi frame payload being parsed incorrectly as an L2 frame (CVE-2020-24588) * kernel: Forwarding EAPOL from unauthenticated wifi client (CVE-2020-26139) * kernel: accepting plaintext data frames in protected networks (CVE-2020-26140) * kernel: not verifying TKIP MIC of fragmented frames (CVE-2020-26141) * kernel: accepting fragmented plaintext frames in protected networks (CVE-2020-26143) * kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header (CVE-2020-26144) * kernel: accepting plaintext broadcast fragments as full frames (CVE-2020-26145) * kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777) * kernel: locking inconsistency in tty_io.c and tty_jobctrl.c can lead to a read-after-free (CVE-2020-29660) * kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function via a long SSID value (CVE-2020-36158) * kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() (CVE-2020-36386) * kernel: Improper access control in BlueZ may allow information disclosure vulnerability. (CVE-2021-0129) * kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c (CVE-2021-3348) * kernel: Linux kernel eBPF RINGBUF map oversized allocation (CVE-2021-3489) * kernel: double free in bluetooth subsystem when the HCI device initialization fails (CVE-2021-3564) * kernel: use-after-free in function hci_sock_bound_ioctl() (CVE-2021-3573) * kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600) * kernel: DoS in rb_per_cpu_empty() (CVE-2021-3679) * kernel: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732) * kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt() (CVE-2021-20194) * kernel: Race condition in sctp_destroy_sock list_del (CVE-2021-23133) * kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode (CVE-2021-28950) * kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c (CVE-2021-28971) * kernel: protection can be bypassed to leak content of kernel memory (CVE-2021-29155) * kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c (CVE-2021-29646) * kernel: lack a full memory barrier may lead to DoS (CVE-2021-29650) * kernel: local escalation of privileges in handling of eBPF programs (CVE-2021-31440) * kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory (CVE-2021-31829) * kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier (CVE-2021-33200) * kernel: reassembling encrypted fragments with non-consecutive packet numbers (CVE-2020-26146) * kernel: reassembling mixed encrypted/plaintext fragments (CVE-2020-26147) * kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368) * kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50 (CVE-2021-3635) * kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659) * kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure (CVE-2021-20239) * kernel: out of bounds array access in drivers/md/dm-ioctl.c (CVE-2021-31916) |
RHSA-2021:4358: glibc security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214358 mediumRHSA-2021:4358 CVE-2021-27645 CVE-2021-33574 CVE-2021-35942
RHSA-2021:4358: glibc security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214358 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4358, CVE-2021-27645, CVE-2021-33574, CVE-2021-35942 |
| Description | The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Arbitrary read in wordexp() (CVE-2021-35942) * glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c (CVE-2021-27645) * glibc: mq_notify does not handle separately allocated thread attributes (CVE-2021-33574) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4361: NetworkManager security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214361 mediumRHSA-2021:4361 CVE-2020-13529
RHSA-2021:4361: NetworkManager security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214361 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4361, CVE-2020-13529 |
| Description | NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The following packages have been upgraded to a later upstream version: NetworkManager (1.32.10). (BZ#1934465) Security Fix(es): * systemd: DHCP FORCERENEW authentication not implemented can cause a system running the DHCP client to have its network reconfigured (CVE-2020-13529) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4364: binutils security update (Moderate)oval-com.redhat.rhsa-def-20214364 mediumRHSA-2021:4364 CVE-2020-35448 CVE-2021-20197 CVE-2021-20284 CVE-2021-3487
RHSA-2021:4364: binutils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214364 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4364, CVE-2020-35448, CVE-2021-20197, CVE-2021-20284, CVE-2021-3487 |
| Description | The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (CVE-2021-3487) * binutils: Race window allows users to own arbitrary files (CVE-2021-20197) * binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448) * binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4368: openssh security update (Moderate)oval-com.redhat.rhsa-def-20214368 mediumRHSA-2021:4368 CVE-2020-14145
RHSA-2021:4368: openssh security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214368 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4368, CVE-2020-14145 |
| Description | OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fix(es): * openssh: Observable discrepancy leading to an information leak in the algorithm negotiation (CVE-2020-14145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4373: pcre security update (Low)oval-com.redhat.rhsa-def-20214373 lowRHSA-2021:4373 CVE-2019-20838 CVE-2020-14155
RHSA-2021:4373: pcre security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214373 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4373, CVE-2019-20838, CVE-2020-14155 |
| Description | PCRE is a Perl-compatible regular expression library. Security Fix(es): * pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 (CVE-2019-20838) * pcre: Integer overflow when parsing callout numeric arguments (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4374: file security update (Moderate)oval-com.redhat.rhsa-def-20214374 mediumRHSA-2021:4374 CVE-2019-18218
RHSA-2021:4374: file security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214374 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4374, CVE-2019-18218 |
| Description | The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format (ELF) binary files, system libraries, RPM packages, and different graphics formats. Security Fix(es): * file: heap-based buffer overflow in cdf_read_property_info in cdf.c (CVE-2019-18218) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214381 mediumRHSA-2021:4381 CVE-2020-13558 CVE-2020-24870 CVE-2020-27918 CVE-2020-29623 CVE-2020-36241 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-28650 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799
RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214381 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4381, CVE-2020-13558, CVE-2020-24870, CVE-2020-27918, CVE-2020-29623, CVE-2020-36241, CVE-2021-1765, CVE-2021-1788, CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1844, CVE-2021-1870, CVE-2021-1871, CVE-2021-21775, CVE-2021-21779, CVE-2021-21806, CVE-2021-28650, CVE-2021-30663, CVE-2021-30665, CVE-2021-30682, CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, CVE-2021-30749, CVE-2021-30758, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799 |
| Description | GNOME is the default desktop environment of Red Hat Enterprise Linux. The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300) Security Fix(es): * webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558) * LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788) * webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789) * webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871) * webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775) * webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779) * webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806) * webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663) * webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665) * webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682) * webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689) * webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734) * webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749) * webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795) * webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799) * webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4382: json-c security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214382 mediumRHSA-2021:4382 CVE-2020-12762
RHSA-2021:4382: json-c security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214382 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4382, CVE-2020-12762 |
| Description | JSON-C implements a reference counting object model that allows users to easily construct JavaScript Object Notation (JSON) objects in C, output them as JSON formatted strings, and parse JSON formatted strings back into the C representation of JSON objects. Security Fix(es): * json-c: integer overflow and out-of-bounds write via a large JSON file (CVE-2020-12762) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4384: bind security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214384 mediumRHSA-2021:4384 CVE-2021-25214
RHSA-2021:4384: bind security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214384 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4384, CVE-2021-25214 |
| Description | The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly (CVE-2021-25214) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4385: glib2 security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214385 mediumRHSA-2021:4385 CVE-2021-28153 CVE-2021-3800
RHSA-2021:4385: glib2 security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214385 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4385, CVE-2021-28153, CVE-2021-3800 |
| Description | GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib2: Possible privilege escalation thourgh pkexec and aliases (CVE-2021-3800) * glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink (CVE-2021-28153) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4386: gcc security and bug fix update (Low)oval-com.redhat.rhsa-def-20214386 lowRHSA-2021:4386 CVE-2018-20673
RHSA-2021:4386: gcc security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214386 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4386, CVE-2018-20673 |
| Description | The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * libiberty: Integer overflow in demangle_template() function (CVE-2018-20673) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4387: libssh security update (Low)oval-com.redhat.rhsa-def-20214387 lowRHSA-2021:4387 CVE-2020-16135
RHSA-2021:4387: libssh security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214387 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4387, CVE-2020-16135 |
| Description | libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fix(es): * libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL (CVE-2020-16135) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4393: cups security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214393 mediumRHSA-2021:4393 CVE-2020-10001
RHSA-2021:4393: cups security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214393 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4393, CVE-2020-10001 |
| Description | The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: access to uninitialized buffer in ipp.c (CVE-2020-10001) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4396: sqlite security update (Moderate)oval-com.redhat.rhsa-def-20214396 mediumRHSA-2021:4396 CVE-2019-13750 CVE-2019-13751 CVE-2019-19603 CVE-2019-5827 CVE-2020-13435
RHSA-2021:4396: sqlite security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214396 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4396, CVE-2019-13750, CVE-2019-13751, CVE-2019-19603, CVE-2019-5827, CVE-2020-13435 |
| Description | SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces (CVE-2019-5827) * sqlite: dropping of shadow tables not restricted in defensive mode (CVE-2019-13750) * sqlite: fts3: improve detection of corrupted records (CVE-2019-13751) * sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS (CVE-2019-19603) * sqlite: NULL pointer dereference in sqlite3ExprCodeTarget() (CVE-2020-13435) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4399: python3 security update (Moderate)oval-com.redhat.rhsa-def-20214399 mediumRHSA-2021:4399 CVE-2021-3426
RHSA-2021:4399: python3 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214399 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4399, CVE-2021-3426 |
| Description | Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python: Information disclosure via pydoc (CVE-2021-3426) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4404: kexec-tools security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20214404 lowRHSA-2021:4404 CVE-2021-20269
RHSA-2021:4404: kexec-tools security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214404 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4404, CVE-2021-20269 |
| Description | The kexec-tools packages contain the /sbin/kexec binary and utilities that together form the user-space component of the kernel's kexec feature. The /sbin/kexec binary facilitates a new kernel to boot using the kernel's kexec feature either on a normal or a panic reboot. The kexec fastboot mechanism allows booting a Linux kernel from the context of an already running kernel. Security Fix(es): * kexec-tools: incorrect permissions on kdump dmesg file (CVE-2021-20269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4408: libsolv security and bug fix update (Low)oval-com.redhat.rhsa-def-20214408 lowRHSA-2021:4408 CVE-2021-3200
RHSA-2021:4408: libsolv security and bug fix update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214408 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4408, CVE-2021-3200 |
| Description | The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fix(es): * libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c (CVE-2021-3200) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4409: libgcrypt security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214409 mediumRHSA-2021:4409 CVE-2021-33560
RHSA-2021:4409: libgcrypt security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214409 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4409, CVE-2021-33560 |
| Description | The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. Security Fix(es): * libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm (CVE-2021-33560) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4413: tpm2-tools security and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214413 mediumRHSA-2021:4413 CVE-2021-3565
RHSA-2021:4413: tpm2-tools security and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214413 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4413, CVE-2021-3565 |
| Description | The tpm2-tools packages add a set of utilities for management and utilization of Trusted Platform Module (TPM) 2.0 devices from user space. Security Fix(es): * tpm2-tools: fixed AES wrapping key in tpm2_import (CVE-2021-3565) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4424: openssl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214424 mediumRHSA-2021:4424 CVE-2021-23840 CVE-2021-23841
RHSA-2021:4424: openssl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214424 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4424, CVE-2021-23840, CVE-2021-23841 |
| Description | OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4426: ncurses security update (Moderate)oval-com.redhat.rhsa-def-20214426 mediumRHSA-2021:4426 CVE-2019-17594 CVE-2019-17595
RHSA-2021:4426: ncurses security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214426 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4426, CVE-2019-17594, CVE-2019-17595 |
| Description | The ncurses (new curses) library routines are a terminal-independent method of updating character screens with reasonable optimization. The ncurses packages contain support utilities including a terminfo compiler tic, a decompiler infocmp, clear, tput, tset, and a termcap conversion tool captoinfo. Security Fix(es): * ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c (CVE-2019-17594) * ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c (CVE-2019-17595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4432: bluez security update (Moderate)oval-com.redhat.rhsa-def-20214432 mediumRHSA-2021:4432 CVE-2020-26558
RHSA-2021:4432: bluez security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214432 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4432, CVE-2020-26558 |
| Description | The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (Red Hat), and pcmcia configuration files. Security Fix(es): * bluez: Passkey Entry protocol of the Bluetooth Core is vulnerable to an impersonation attack (CVE-2020-26558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate)oval-com.redhat.rhsa-def-20214451 mediumRHSA-2021:4451 CVE-2021-20231 CVE-2021-20232 CVE-2021-3580
RHSA-2021:4451: gnutls and nettle security, bug fix, and enhancement update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214451 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4451, CVE-2021-20231, CVE-2021-20232, CVE-2021-3580 |
| Description | The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space. The following packages have been upgraded to a later upstream version: gnutls (3.6.16). (BZ#1956783) Security Fix(es): * nettle: Remote crash in RSA decryption via manipulated ciphertext (CVE-2021-3580) * gnutls: Use after free in client key_share extension (CVE-2021-20231) * gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c (CVE-2021-20232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4455: python-pip security update (Low)oval-com.redhat.rhsa-def-20214455 lowRHSA-2021:4455 CVE-2021-3572
RHSA-2021:4455: python-pip security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214455 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4455, CVE-2021-3572 |
| Description | pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index (PyPI). pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Security Fix(es): * python-pip: Incorrect handling of unicode separators in git references (CVE-2021-3572) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4464: dnf security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214464 mediumRHSA-2021:4464 CVE-2021-3445
RHSA-2021:4464: dnf security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214464 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4464, CVE-2021-3445 |
| Description | dnf is a package manager that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments. Security Fix(es): * libdnf: Signature verification bypass via signature placed in the main RPM header (CVE-2021-3445) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4489: rpm security, bug fix, and enhancement update (Low)oval-com.redhat.rhsa-def-20214489 lowRHSA-2021:4489 CVE-2021-20266
RHSA-2021:4489: rpm security, bug fix, and enhancement update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214489 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4489, CVE-2021-20266 |
| Description | The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fix(es): * rpm: missing length checks in hdrblobInit() (CVE-2021-20266) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4510: lua security update (Low)oval-com.redhat.rhsa-def-20214510 lowRHSA-2021:4510 CVE-2020-24370
RHSA-2021:4510: lua security update (Low)
| Rule ID | oval-com.redhat.rhsa-def-20214510 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | low |
| Identifiers and References | Identifiers: RHSA-2021:4510, CVE-2020-24370 |
| Description | The lua packages provide support for Lua, a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Security Fix(es): * lua: segmentation fault in getlocal and setlocal functions in ldebug.c (CVE-2020-24370) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4511: curl security and bug fix update (Moderate)oval-com.redhat.rhsa-def-20214511 mediumRHSA-2021:4511 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925
RHSA-2021:4511: curl security and bug fix update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214511 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4511, CVE-2021-22876, CVE-2021-22898, CVE-2021-22925 |
| Description | The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: Leak of authentication credentials in URL via automatic Referer (CVE-2021-22876) * curl: TELNET stack contents disclosure (CVE-2021-22898) * curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure (CVE-2021-22925) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4513: libsepol security update (Moderate)oval-com.redhat.rhsa-def-20214513 mediumRHSA-2021:4513 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087
RHSA-2021:4513: libsepol security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214513 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4513, CVE-2021-36084, CVE-2021-36085, CVE-2021-36086, CVE-2021-36087 |
| Description | The libsepol library provides an API for the manipulation of SELinux binary policies. It is used by checkpolicy (the policy compiler) and similar tools, as well as by programs like load_policy that need to perform specific transformations on binary policies (for example, customizing policy boolean settings). Security Fix(es): * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36084) * libsepol: use-after-free in __cil_verify_classperms() (CVE-2021-36085) * libsepol: use-after-free in cil_reset_classpermission() (CVE-2021-36086) * libsepol: heap-based buffer overflow in ebitmap_match_any() (CVE-2021-36087) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4517: vim security update (Moderate)oval-com.redhat.rhsa-def-20214517 mediumRHSA-2021:4517 CVE-2021-3778 CVE-2021-3796
RHSA-2021:4517: vim security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214517 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4517, CVE-2021-3778, CVE-2021-3796 |
| Description | Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c (CVE-2021-3778) * vim: use-after-free in nv_replace() in normal.c (CVE-2021-3796) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4519: autotrace security update (Moderate)oval-com.redhat.rhsa-def-20214519 mediumRHSA-2021:4519 CVE-2019-19004 CVE-2019-19005
RHSA-2021:4519: autotrace security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214519 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4519, CVE-2019-19004, CVE-2019-19005 |
| Description | AutoTrace is a program for converting bitmaps to vector graphics. Security Fix(es): * autotrace: bitmap double free in main.c allows attackers to cause an unspecified impact (CVE-2019-19005) * autotrace: integer overflow in input-bmp.c (CVE-2019-19004) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4526: mingw-glib2 security, bug fix, and enhancement update (Important)oval-com.redhat.rhsa-def-20214526 highRHSA-2021:4526 CVE-2021-27218 CVE-2021-27219
RHSA-2021:4526: mingw-glib2 security, bug fix, and enhancement update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214526 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4526, CVE-2021-27218, CVE-2021-27219 |
| Description | GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. The following packages have been upgraded to a later upstream version: mingw-glib2 (2.66.7). (BZ#1935248, BZ#1939111) Security Fix(es): * glib: integer overflow in g_bytes_new function on 64-bit platforms due to an implicit cast from 64 bits to 32 bits (CVE-2021-27219) * glib: integer overflow in g_byte_array_new_take function when called with a buffer of 4GB or more on a 64-bit platform (CVE-2021-27218) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. |
RHSA-2021:4537: httpd:2.4 security update (Important)oval-com.redhat.rhsa-def-20214537 highRHSA-2021:4537 CVE-2021-20325
RHSA-2021:4537: httpd:2.4 security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214537 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4537, CVE-2021-20325 |
| Description | The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in Red Hat Enterprise Linux 8.5 (CVE-2021-20325) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4585: gcc-toolset-10-gcc security update (Moderate)oval-com.redhat.rhsa-def-20214585 mediumRHSA-2021:4585 CVE-2021-42574
RHSA-2021:4585: gcc-toolset-10-gcc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214585 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4585, CVE-2021-42574 |
| Description | The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: "-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.) "-Wbidirectional=none", which turns the warning off. "-Wbidirectional=any", which warns about any use of bidirectional characters. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4586: gcc-toolset-11-gcc security update (Moderate)oval-com.redhat.rhsa-def-20214586 mediumRHSA-2021:4586 CVE-2021-42574
RHSA-2021:4586: gcc-toolset-11-gcc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214586 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4586, CVE-2021-42574 |
| Description | The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: "-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.) "-Wbidirectional=none", which turns the warning off. "-Wbidirectional=any", which warns about any use of bidirectional characters. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4587: gcc security update (Moderate)oval-com.redhat.rhsa-def-20214587 mediumRHSA-2021:4587 CVE-2021-42574
RHSA-2021:4587: gcc security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214587 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4587, CVE-2021-42574 |
| Description | The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in gcc in order to facilitate detection of BiDi Unicode characters: This update implements a new warning option -Wbidirectional to warn about possibly dangerous bidirectional characters. There are three levels of warning supported by gcc: "-Wbidirectional=unpaired", which warns about improperly terminated BiDi contexts. (This is the default.) "-Wbidirectional=none", which turns the warning off. "-Wbidirectional=any", which warns about any use of bidirectional characters. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4590: rust-toolset:rhel8 security update (Moderate)oval-com.redhat.rhsa-def-20214590 mediumRHSA-2021:4590 CVE-2021-42574
RHSA-2021:4590: rust-toolset:rhel8 security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214590 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4590, CVE-2021-42574 |
| Description | Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in rust in order to facilitate detection of BiDi Unicode characters: Rust introduces two new lints to detect and reject code containing the affected codepoints. These new deny-by-default lints detect affected codepoints in string literals and comments. The lints will prevent source code file containing these codepoints from being compiled. If your code has legitimate uses for the codepoints we recommend replacing them with the related escape sequence. The error messages will suggest the right escapes to use. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4591: gcc-toolset-11-annobin security update (Moderate)oval-com.redhat.rhsa-def-20214591 mediumRHSA-2021:4591 CVE-2021-42574
RHSA-2021:4591: gcc-toolset-11-annobin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214591 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4591, CVE-2021-42574 |
| Description | Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4592: gcc-toolset-10-annobin security update (Moderate)oval-com.redhat.rhsa-def-20214592 mediumRHSA-2021:4592 CVE-2021-42574
RHSA-2021:4592: gcc-toolset-10-annobin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214592 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4592, CVE-2021-42574 |
| Description | Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4593: annobin security update (Moderate)oval-com.redhat.rhsa-def-20214593 mediumRHSA-2021:4593 CVE-2021-42574
RHSA-2021:4593: annobin security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214593 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4593, CVE-2021-42574 |
| Description | Annobin provides a compiler plugin to annotate and tools to examine compiled binary files. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in annobin in order to facilitate detection of BiDi Unicode characters: This update of annobin adds a new annocheck test to detect the presence of multibyte characters in symbol names. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4594: gcc-toolset-11-binutils security update (Moderate)oval-com.redhat.rhsa-def-20214594 mediumRHSA-2021:4594 CVE-2021-42574
RHSA-2021:4594: gcc-toolset-11-binutils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214594 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4594, CVE-2021-42574 |
| Description | The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4595: binutils security update (Moderate)oval-com.redhat.rhsa-def-20214595 mediumRHSA-2021:4595 CVE-2021-42574
RHSA-2021:4595: binutils security update (Moderate)
| Rule ID | oval-com.redhat.rhsa-def-20214595 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | medium |
| Identifiers and References | Identifiers: RHSA-2021:4595, CVE-2021-42574 |
| Description | The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fix(es): * Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks (CVE-2021-42574) The following changes were introduced in binutils in order to facilitate detection of BiDi Unicode characters: Tools which display names or strings (readelf, strings, nm, objdump) have a new command line option --unicode / -U which controls how Unicode characters are handled. Using "--unicode=default" will treat them as normal for the tool. This is the default behaviour when --unicode option is not used. Using "--unicode=locale" will display them according to the current locale. Using "--unicode=hex" will display them as hex byte values. Using "--unicode=escape" will display them as Unicode escape sequences. Using "--unicode=highlight" will display them as Unicode escape sequences highlighted in red, if supported by the output device. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4619: freerdp security update (Important)oval-com.redhat.rhsa-def-20214619 highRHSA-2021:4619 CVE-2021-41159 CVE-2021-41160
RHSA-2021:4619: freerdp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214619 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4619, CVE-2021-41159, CVE-2021-41160 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: improper client input validation for gateway connections allows to overwrite memory (CVE-2021-41159) * freerdp: improper region checks in all clients allow out of bound write to memory (CVE-2021-41160) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
RHSA-2021:4622: freerdp security update (Important)oval-com.redhat.rhsa-def-20214622 highRHSA-2021:4622 CVE-2021-41159 CVE-2021-41160
RHSA-2021:4622: freerdp security update (Important)
| Rule ID | oval-com.redhat.rhsa-def-20214622 |
| Result | notapplicable |
| Multi-check rule | no |
| Time | 2021-11-14T19:34:06+09:00 |
| Severity | high |
| Identifiers and References | Identifiers: RHSA-2021:4622, CVE-2021-41159, CVE-2021-41160 |
| Description | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: improper client input validation for gateway connections allows to overwrite memory (CVE-2021-41159) * freerdp: improper region checks in all clients allow out of bound write to memory (CVE-2021-41160) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. |
Red Hat and Red Hat Enterprise Linux are either registered trademarks or
trademarks of Red Hat, Inc. in the United States and other countries. All other names are registered trademarks
or trademarks of their respective companies.