Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Tue, 19 Apr 2016 08:55:30 -0500 Reply-To: Pat RieheckySender: Security Errata for Scientific Linux From: Pat Riehecky Subject: FASTBUGS for SL 7x x86_64 now available MIME-Version: 1.0 Message-ID: <571638D2.6020206@fnal.gov> The following FASTBUGS have been uploaded to x86_64: fence-agents-all-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-apc-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-apc-snmp-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-bladecenter-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-brocade-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-cisco-mds-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-cisco-ucs-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-common-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-compute-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-drac5-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-eaton-snmp-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-emerson-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-eps-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-hpblade-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-ibmblade-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-ifmib-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-ilo2-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-ilo-moonshot-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-ilo-mp-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-ilo-ssh-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-intelmodular-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-ipdu-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-ipmilan-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-kdump-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-mpath-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-rhevm-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-rsa-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-rsb-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-scsi-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-virsh-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-vmware-soap-4.0.11-27.el7_2.7.x86_64.rpm fence-agents-wti-4.0.11-27.el7_2.7.x86_64.rpm libguestfs-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-bash-completion-1.28.1-1.55.el7_2.2.noarch.rpm libguestfs-devel-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-gfs2-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-gobject-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-gobject-devel-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-gobject-doc-1.28.1-1.55.el7_2.2.noarch.rpm libguestfs-java-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-java-devel-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-javadoc-1.28.1-1.55.el7_2.2.noarch.rpm libguestfs-man-pages-ja-1.28.1-1.55.el7_2.2.noarch.rpm libguestfs-man-pages-uk-1.28.1-1.55.el7_2.2.noarch.rpm libguestfs-rescue-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-rsync-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-tools-1.28.1-1.55.el7_2.2.noarch.rpm libguestfs-tools-c-1.28.1-1.55.el7_2.2.x86_64.rpm libguestfs-xfs-1.28.1-1.55.el7_2.2.x86_64.rpm lua-guestfs-1.28.1-1.55.el7_2.2.x86_64.rpm ocaml-libguestfs-1.28.1-1.55.el7_2.2.x86_64.rpm ocaml-libguestfs-devel-1.28.1-1.55.el7_2.2.x86_64.rpm perl-Sys-Guestfs-1.28.1-1.55.el7_2.2.x86_64.rpm python-libguestfs-1.28.1-1.55.el7_2.2.x86_64.rpm resource-agents-3.9.5-54.el7_2.9.x86_64.rpm ruby-libguestfs-1.28.1-1.55.el7_2.2.x86_64.rpm virt-v2v-1.28.1-1.55.el7_2.2.x86_64.rpm Date: Wed, 20 Apr 2016 21:03:31 -0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Critical: java-1.8.0-openjdk on SL6.x i386/x86_64 MIME-Version: 1.0 Message-ID: <20160420210331.4963.26738@slpackages.fnal.gov> Synopsis: Critical: java-1.8.0-openjdk security update Advisory ID: SLSA-2016:0651-1 Issue Date: 2016-04-20 CVE Numbers: CVE-2016-0686 CVE-2016-0687 CVE-2016-0695 CVE-2016-3425 CVE-2016-3426 CVE-2016-3427 -- Security Fix(es): * Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2016-0686, CVE-2016-0687) * It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. (CVE-2016-3427) * It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed. (CVE-2016-3425) * It was discovered that the GCM (Galois/Counter Mode) implementation in the JCE component in OpenJDK used a non-constant time comparison when comparing GCM authentication tags. A remote attacker could possibly use this flaw to determine the value of the authentication tag. (CVE-2016-3426) * It was discovered that the Security component in OpenJDK failed to check the digest algorithm strength when generating DSA signatures. The use of a digest weaker than the key strength could lead to the generation of signatures that were weaker than expected. (CVE-2016-0695) -- SL6 x86_64 java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.x86_64.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.x86_64.rpm i386 java-1.8.0-openjdk-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-debuginfo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-headless-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-demo-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-demo-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-devel-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-devel-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-headless-debug-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-src-1.8.0.91-0.b14.el6_7.i686.rpm java-1.8.0-openjdk-src-debug-1.8.0.91-0.b14.el6_7.i686.rpm noarch java-1.8.0-openjdk-javadoc-1.8.0.91-0.b14.el6_7.noarch.rpm java-1.8.0-openjdk-javadoc-debug-1.8.0.91-0.b14.el6_7.noarch.rpm - Scientific Linux Development Team