Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
98
security advisorysecurity issuebug fixRed Hat Enterprise Linux 9 RHSA-2023:2319-01 Moderate: Git Security
An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: git security and bug fix update Advisory ID: RHSA-2023:2319-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2319 Issue date: 2023-05-09 CVE Names: CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 ==================================================================== 1. Summary: An update for git is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree (CVE-2022-24765) * git: Bypass of safe.directory protections (CVE-2022-29187) *git: exposure of sensitive information to a malicious actor (CVE-2022-39253) * git: git shell function that splits command arguments can lead to arbitrary heap writes. (CVE-2022-39260) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2073414 - CVE-2022-24765 git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree 2107439 - CVE-2022-29187 git: Bypass of safe.directory protections 2137422 - CVE-2022-39253 git: exposure of sensitive information to a malicious actor 2137423 - CVE-2022-39260 git: git shell function that splits command arguments can lead to arbitrary heap writes. 2139379 - Rebase git to 2.39 version [rhel-9.2] 6. Package List: Red Hat Enterprise Linux AppStream (v.9): Source: git-2.39.1-1.el9.src.rpm aarch64: git-2.39.1-1.el9.aarch64.rpm git-core-2.39.1-1.el9.aarch64.rpm git-core-debuginfo-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-2.39.1-1.el9.aarch64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.aarch64.rpm git-daemon-2.39.1-1.el9.aarch64.rpm git-daemon-debuginfo-2.39.1-1.el9.aarch64.rpm git-debuginfo-2.39.1-1.el9.aarch64.rpm git-debugsource-2.39.1-1.el9.aarch64.rpm git-subtree-2.39.1-1.el9.aarch64.rpm noarch: git-all-2.39.1-1.el9.noarch.rpm git-core-doc-2.39.1-1.el9.noarch.rpm git-email-2.39.1-1.el9.noarch.rpm git-gui-2.39.1-1.el9.noarch.rpm git-instaweb-2.39.1-1.el9.noarch.rpm git-svn-2.39.1-1.el9.noarch.rpm gitk-2.39.1-1.el9.noarch.rpm gitweb-2.39.1-1.el9.noarch.rpm perl-Git-2.39.1-1.el9.noarch.rpm perl-Git-SVN-2.39.1-1.el9.noarch.rpm ppc64le: git-2.39.1-1.el9.ppc64le.rpm git-core-2.39.1-1.el9.ppc64le.rpm git-core-debuginfo-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-2.39.1-1.el9.ppc64le.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.ppc64le.rpm git-daemon-2.39.1-1.el9.ppc64le.rpm git-daemon-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debuginfo-2.39.1-1.el9.ppc64le.rpm git-debugsource-2.39.1-1.el9.ppc64le.rpm git-subtree-2.39.1-1.el9.ppc64le.rpm s390x: git-2.39.1-1.el9.s390x.rpm git-core-2.39.1-1.el9.s390x.rpm git-core-debuginfo-2.39.1-1.el9.s390x.rpm git-credential-libsecret-2.39.1-1.el9.s390x.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.s390x.rpm git-daemon-2.39.1-1.el9.s390x.rpm git-daemon-debuginfo-2.39.1-1.el9.s390x.rpm git-debuginfo-2.39.1-1.el9.s390x.rpm git-debugsource-2.39.1-1.el9.s390x.rpm git-subtree-2.39.1-1.el9.s390x.rpm x86_64: git-2.39.1-1.el9.x86_64.rpm git-core-2.39.1-1.el9.x86_64.rpm git-core-debuginfo-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-2.39.1-1.el9.x86_64.rpm git-credential-libsecret-debuginfo-2.39.1-1.el9.x86_64.rpm git-daemon-2.39.1-1.el9.x86_64.rpm git-daemon-debuginfo-2.39.1-1.el9.x86_64.rpm git-debuginfo-2.39.1-1.el9.x86_64.rpm git-debugsource-2.39.1-1.el9.x86_64.rpm git-subtree-2.39.1-1.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-24765 https://access.redhat.com/security/cve/CVE-2022-29187 https://access.redhat.com/security/cve/CVE-2022-39253 https://access.redhat.com/security/cve/CVE-2022-39260 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo03tzjgjWX9erEAQhYSg//bKkon2hHN6jSsXXntqw9ViT5zo9r/KTD cV+t7GM4ipVK8j4EW8EnQKrJBWAzsEhqM2vh9MvM/PpTQ2I/JP53YbTed0qgxE3T SU07XMVbh1BA7OKyJ+eKfWJLBT03/VzzaepqQPwyHyFDAegJ/L9DlZOkHc9NJrfa R+N2Hde/TmUlnRl737ltWtQHE1QSTV1PQZuXb3AEWm6FDe7O62F0GpsuIWj1z8oo IIDLHRjp/mCqT6/A70NIRQvcwhLfRYYMOezKL80iGi7WwRokwEScDFE+gzB9FLrf pjNBFZkQVVxMVYOejArmPuLINaEdZJo/HAOiEtw9gOTzALyKFbWwOHDmSzz1hgbz kqFtZgwnpVZNs3UubXCgWeP4aU9xueZeyBHKNQKVERODtrKFt5jbpPrXu6qGyP9O 6GSgMbUDO5OMqOhTKQiMbKj5gO2DfOIO6vNP5eFwvSXPJG0ZlPIzAJD1cwZdtsVK wWBIMfjjc8zUh8OYm+CWg/lgpZLkQxe/wtFcC7Pw1u7nkN95npMXM3O75R8xe1zg xsa+wzjCmVRwrO2gLnT7/NUkY3saShCvBD+A82trnasbVlI/49oiojZY1PI3CZtz afQDlfLvgygNkV3e5CGe5p9PILwmFbrpALV43dEz6eY+MbeuoE6I7ON8tYtmx4Ds hOpSLJjOLjE=YQQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 09, 2023
Red Hat
98
security advisoryRed Hat Enterprise Linuxupdate instructionsRed Hat Enterprise Linux 8.2: RHSA-2022-0305-01 Moderate: Java Update
An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: java-1.8.0-openjdk security update Advisory ID: RHSA-2022:0305-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0305 Issue date: 2022-01-27 CVE Names: CVE-2022-21248 CVE-2022-21282 CVE-2022-21283 CVE-2022-21293 CVE-2022-21294 CVE-2022-21296 CVE-2022-21299 CVE-2022-21305 CVE-2022-21340 CVE-2022-21341 CVE-2022-21360 CVE-2022-21365 ==================================================================== 1. Summary: An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) (CVE-2022-21248) * OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) (CVE-2022-21282) * OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) (CVE-2022-21283) * OpenJDK: Incomplete checks of StringBuffer andStringBuilder during deserialization (Libraries, 8270392) (CVE-2022-21293) * OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) (CVE-2022-21294) * OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) (CVE-2022-21296) * OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP, 8270646) (CVE-2022-21299) * OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) (CVE-2022-21305) * OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) (CVE-2022-21340) * OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) (CVE-2022-21341) * OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) (CVE-2022-21360) * OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) (CVE-2022-21365) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 All running instances of OpenJDK Java must be restarted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2041400 - CVE-2022-21283 OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813) 2041417 - CVE-2022-21293 OpenJDK: Incomplete checks of StringBuffer and StringBuilder during deserialization (Libraries, 8270392) 2041427 - CVE-2022-21294 OpenJDK: Incorrect IdentityHashMap size checks during deserialization (Libraries, 8270416) 2041435 - CVE-2022-21282 OpenJDK: Insufficient URI checks in the XSLT TransformerImpl (JAXP, 8270492) 2041439 - CVE-2022-21296 OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498) 2041472 - CVE-2022-21299 OpenJDK: Infinite loop related to incorrect handling of newlines in XMLEntityScanner (JAXP,8270646) 2041491 - CVE-2022-21360 OpenJDK: Excessive memory allocation in BMPImageReader (ImageIO, 8273756) 2041785 - CVE-2022-21365 OpenJDK: Integer overflow in BMPImageReader (ImageIO, 8273838) 2041801 - CVE-2022-21248 OpenJDK: Incomplete deserialization class filtering in ObjectInputStream (Serialization, 8264934) 2041878 - CVE-2022-21305 OpenJDK: Array indexing issues in LIRGenerator (Hotspot, 8272014) 2041884 - CVE-2022-21340 OpenJDK: Excessive resource use when reading JAR manifest attributes (Libraries, 8272026) 2041897 - CVE-2022-21341 OpenJDK: Insufficient checks when deserializing exceptions in ObjectInputStream (Serialization, 8272236) 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.2): Source: java-1.8.0-openjdk-1.8.0.322.b06-1.el8_2.src.rpm aarch64: java-1.8.0-openjdk-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-debugsource-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.aarch64.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el8_2.aarch64.rpm noarch: java-1.8.0-openjdk-javadoc-1.8.0.322.b06-1.el8_2.noarch.rpm java-1.8.0-openjdk-javadoc-zip-1.8.0.322.b06-1.el8_2.noarch.rpm ppc64le: java-1.8.0-openjdk-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-debugsource-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.ppc64le.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el8_2.ppc64le.rpm s390x: java-1.8.0-openjdk-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-debugsource-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.322.b06-1.el8_2.s390x.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el8_2.s390x.rpm x86_64: java-1.8.0-openjdk-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-accessibility-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-debuginfo-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-debugsource-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-demo-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-demo-debuginfo-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-demo-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-devel-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-devel-debuginfo-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-devel-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-headless-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-headless-debuginfo-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-headless-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-slowdebug-debuginfo-1.8.0.322.b06-1.el8_2.x86_64.rpm java-1.8.0-openjdk-src-1.8.0.322.b06-1.el8_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-21248 https://access.redhat.com/security/cve/CVE-2022-21282 https://access.redhat.com/security/cve/CVE-2022-21283 https://access.redhat.com/security/cve/CVE-2022-21293 https://access.redhat.com/security/cve/CVE-2022-21294 https://access.redhat.com/security/cve/CVE-2022-21296 https://access.redhat.com/security/cve/CVE-2022-21299 https://access.redhat.com/security/cve/CVE-2022-21305 https://access.redhat.com/security/cve/CVE-2022-21340 https://access.redhat.com/security/cve/CVE-2022-21341 https://access.redhat.com/security/cve/CVE-2022-21360 https://access.redhat.com/security/cve/CVE-2022-21365 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYfLjGtzjgjWX9erEAQj4Ig/+PYf9yR7/ZR9UFUoL3Nfo3XRTRr4ICKjd iXuYkrRNCP3M38rxRlnj1PZ0T3oPG4EKQpkUikMrVcg4d+mAyZBw//X7fGZ+cQw1 L8XN+zH7dijQQ1/wKWLMWMFMKK8pnsaC54jjdYAIHH8QKJDzpa9OTQ4KVkpkrLDX /JXxVWqCddfJ+3ZAxKICVMvXcVidwM4EFacaeVLSr0lqK1Q4cSowYVyiZbZcC7/b IjJ7scRf169A/vgQ9L6QXHBppi5YG4kf0mTNwU8v72CQU6qzHIZmh2zfYZAFDkGU yk79VMpu5aknhzQPZexivq1+CCzvrDzVW2Q2g5ilHhEb++jipFrN5s9m5G3io+yl Rh12XjkQ0zI4Dkp4L8Dt533+LZ5r9tgqcrzDylDos1nHDwMTu27fGEKom67UzUwY m7ajNa8s2JTZP6wmflB/nbojrLVRhtnzmyvcp++ZOSFxT+DYPuKwWYJK9VODYPnM /KbqLnUF0X+C105jKUscxQk+FwMYNtgEMsEqwfPtExstBZN42jkeadsfT9UTxdl6 l8eN4WPubvOJO67qGH+CU9LFWd2OMAtKfQ0qhQRQkJWER8eOfE3f/jOM4yDcE8T+ ZF1baFCczu27pVdPearM+HWMpwR5lAmuKm7Oduf4ztaXjIB2eVN0OG/YcNwOMaBC q7Vgw+drR3w=IsEM -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 27, 2022
Red Hat
98
security advisorysecurity issueRed HatRed Hat 8: RHSA-2021:1611-01 Moderate Systemd Update Summary
An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: systemd security, bug fix, and enhancement update Advisory ID: RHSA-2021:1611-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1611 Issue date: 2021-05-18 CVE Names: CVE-2019-3842 CVE-2020-13776 ==================================================================== 1. Summary: An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842) * systemd:Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1668521 - CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" 1740657 - [RFE] NUMA aware CPU affinity setting in systemd unit files 1755287 - localectl set-locale should issue an error message when trying to set a nonexistent locale 1764282 - systemd[XXXXX]: Failed to connect to API bus: Connection refused 1812972 - backport request: allow instantiated units to be enabled via presets 1819868 - systemd excessively reads mountinfo and udev is dense OpenShift environments 1845534 - CVE-2020-13776 systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits 1862714 - LIBSYSTEMD_VERSION value format change crashes systemd-python pip install 1865840 - systemd-tmpfiles request for backport 1868831 - FreezerState is incorrectly updated on system running cgroup v1 1868877 - Enabling the smack feature on the host may cause the container to fail to start 1870638 - RFE: Add an option to Socket units to clear the data before listening again 1871139 - [systemd] systemd-resolved.service:33: Unknown lvalue 'ProtectSystems' in section 'Service' 1880270 - "Failed to start user service, ignoring" when masking user@.service 1885553 - "systemd --user" can dump core upon session closing 1887181 - Backport PassPacketInfo= support into systemd of RHEL8 1888912 - SELinux policy change not visible to systemd until daemon-reexec 1889996 - backport vconsole-setup: downgrade log message when setting font fails on dummy console 6. Package List: Red Hat Enterprise Linux BaseOS (v.8): Source: systemd-239-45.el8.src.rpm aarch64: systemd-239-45.el8.aarch64.rpm systemd-container-239-45.el8.aarch64.rpm systemd-container-debuginfo-239-45.el8.aarch64.rpm systemd-debuginfo-239-45.el8.aarch64.rpm systemd-debugsource-239-45.el8.aarch64.rpm systemd-devel-239-45.el8.aarch64.rpm systemd-journal-remote-239-45.el8.aarch64.rpm systemd-journal-remote-debuginfo-239-45.el8.aarch64.rpm systemd-libs-239-45.el8.aarch64.rpm systemd-libs-debuginfo-239-45.el8.aarch64.rpm systemd-pam-239-45.el8.aarch64.rpm systemd-pam-debuginfo-239-45.el8.aarch64.rpm systemd-tests-239-45.el8.aarch64.rpm systemd-tests-debuginfo-239-45.el8.aarch64.rpm systemd-udev-239-45.el8.aarch64.rpm systemd-udev-debuginfo-239-45.el8.aarch64.rpm ppc64le: systemd-239-45.el8.ppc64le.rpm systemd-container-239-45.el8.ppc64le.rpm systemd-container-debuginfo-239-45.el8.ppc64le.rpm systemd-debuginfo-239-45.el8.ppc64le.rpm systemd-debugsource-239-45.el8.ppc64le.rpm systemd-devel-239-45.el8.ppc64le.rpm systemd-journal-remote-239-45.el8.ppc64le.rpm systemd-journal-remote-debuginfo-239-45.el8.ppc64le.rpm systemd-libs-239-45.el8.ppc64le.rpm systemd-libs-debuginfo-239-45.el8.ppc64le.rpm systemd-pam-239-45.el8.ppc64le.rpm systemd-pam-debuginfo-239-45.el8.ppc64le.rpm systemd-tests-239-45.el8.ppc64le.rpm systemd-tests-debuginfo-239-45.el8.ppc64le.rpm systemd-udev-239-45.el8.ppc64le.rpm systemd-udev-debuginfo-239-45.el8.ppc64le.rpm s390x: systemd-239-45.el8.s390x.rpm systemd-container-239-45.el8.s390x.rpm systemd-container-debuginfo-239-45.el8.s390x.rpm systemd-debuginfo-239-45.el8.s390x.rpm systemd-debugsource-239-45.el8.s390x.rpm systemd-devel-239-45.el8.s390x.rpm systemd-journal-remote-239-45.el8.s390x.rpm systemd-journal-remote-debuginfo-239-45.el8.s390x.rpm systemd-libs-239-45.el8.s390x.rpm systemd-libs-debuginfo-239-45.el8.s390x.rpm systemd-pam-239-45.el8.s390x.rpm systemd-pam-debuginfo-239-45.el8.s390x.rpm systemd-tests-239-45.el8.s390x.rpm systemd-tests-debuginfo-239-45.el8.s390x.rpm systemd-udev-239-45.el8.s390x.rpm systemd-udev-debuginfo-239-45.el8.s390x.rpm x86_64: systemd-239-45.el8.i686.rpm systemd-239-45.el8.x86_64.rpm systemd-container-239-45.el8.i686.rpm systemd-container-239-45.el8.x86_64.rpm systemd-container-debuginfo-239-45.el8.i686.rpm systemd-container-debuginfo-239-45.el8.x86_64.rpm systemd-debuginfo-239-45.el8.i686.rpm systemd-debuginfo-239-45.el8.x86_64.rpm systemd-debugsource-239-45.el8.i686.rpm systemd-debugsource-239-45.el8.x86_64.rpm systemd-devel-239-45.el8.i686.rpm systemd-devel-239-45.el8.x86_64.rpm systemd-journal-remote-239-45.el8.x86_64.rpm systemd-journal-remote-debuginfo-239-45.el8.i686.rpm systemd-journal-remote-debuginfo-239-45.el8.x86_64.rpm systemd-libs-239-45.el8.i686.rpm systemd-libs-239-45.el8.x86_64.rpm systemd-libs-debuginfo-239-45.el8.i686.rpm systemd-libs-debuginfo-239-45.el8.x86_64.rpm systemd-pam-239-45.el8.x86_64.rpm systemd-pam-debuginfo-239-45.el8.i686.rpm systemd-pam-debuginfo-239-45.el8.x86_64.rpm systemd-tests-239-45.el8.x86_64.rpm systemd-tests-debuginfo-239-45.el8.i686.rpm systemd-tests-debuginfo-239-45.el8.x86_64.rpm systemd-udev-239-45.el8.x86_64.rpm systemd-udev-debuginfo-239-45.el8.i686.rpm systemd-udev-debuginfo-239-45.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYKPtN9zjgjWX9erEAQh1fw/9G0b1Nor53kXGEjIF5mkaTXpmJWYf1e+f 7fs7L0GIw5ecxzTx0dltY8yR2tLsGoGcCxHFQlTIBULu57RsHbR+cHsTG4iAMCW5 tFC1/CCNftao0Gr8LQu3a/XoIDQX3mKEvjly1Ry0g2nw/C126e0YYJwqPGRn7eIJ K98tUTD+wYd+UT+DKNBXmbc51+nZ4L+Bt2goBtc0NPxBI8IkpNExUmZV6e9UAxl6 dznK/EIjmCQucrfpEeg1c0DnxZIGU3zIfIM8C+s9vyeyKSfY0tdY++FcOQBMz5ms 8MG3CykDZWxnBJ4w9ta052BV7yYeJFHxpkMKR1q9JkAJj1zhnoDhm3v0l6qkrhrG oJfwkgZEbZkCXeixa2R7VO7aHhmdcpurv3RaBebRX5OvPdjppjkeKtxW/mp8BeSB XQPhIUpxPR2KZnjwY9P9AnUFq549BsPs9wHSSxagQaY+GRu7nLs2R0I4QD/KGsvB CG/Nm0xBCq9brFYTPFyTa9bPpqCMwWDqJlAFuO9+5fhvIiVQLHaovzMlOJOyKBUm /JMZ2s3azB6pLD/fiG+tmc4dNJ/bhC37n9++9zWG3USy3f33f/m7ELVGG2eVZ2mh W+vmCuFPoHokguaVkorCXEc5tT6tEKpsYqvPfa80GAEBadEQAjqFyg4AtBL5z4jx gSR+956dHOo=K4AI -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 18, 2021
Red Hat
98
security advisorybug fixbindRed Hat Enterprise Linux 8: RHSA-2020-1845-01 Moderate: Bind Security Fix
An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: bind security, bug fix, and enhancement update Advisory ID: RHSA-2020:1845-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:1845 Issue date: 2020-04-28 CVE Names: CVE-2019-6477 ==================================================================== 1. Summary: An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The following packages have been upgraded to a later upstream version: bind (9.11.13). (BZ#1704328) Security Fix(es): * bind: TCP Pipelining doesn't limit TCP clients on a single connection (CVE-2019-6477) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed inthe References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, the BIND daemon (named) will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1664863 - [RFE] named: stale-answer support 1679766 - system test dnssec: Bind algorithm ED448 is broken 1704328 - Rebase bind to latest minor release 9.11.13 1759845 - python-bind's isc.parsetab must be regenerated after python-ply has been updated 1773617 - CVE-2019-6477 bind: TCP Pipelining doesn't limit TCP clients on a single connection 1790879 - named allocates new memory on each reload 6. Package List: Red Hat Enterprise Linux AppStream (v.8): aarch64: bind-9.11.13-3.el8.aarch64.rpm bind-chroot-9.11.13-3.el8.aarch64.rpm bind-debuginfo-9.11.13-3.el8.aarch64.rpm bind-debugsource-9.11.13-3.el8.aarch64.rpm bind-devel-9.11.13-3.el8.aarch64.rpm bind-export-libs-debuginfo-9.11.13-3.el8.aarch64.rpm bind-libs-9.11.13-3.el8.aarch64.rpm bind-libs-debuginfo-9.11.13-3.el8.aarch64.rpm bind-libs-lite-9.11.13-3.el8.aarch64.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.aarch64.rpm bind-lite-devel-9.11.13-3.el8.aarch64.rpm bind-pkcs11-9.11.13-3.el8.aarch64.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.aarch64.rpm bind-pkcs11-devel-9.11.13-3.el8.aarch64.rpm bind-pkcs11-libs-9.11.13-3.el8.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.aarch64.rpm bind-pkcs11-utils-9.11.13-3.el8.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.aarch64.rpm bind-sdb-9.11.13-3.el8.aarch64.rpm bind-sdb-chroot-9.11.13-3.el8.aarch64.rpm bind-sdb-debuginfo-9.11.13-3.el8.aarch64.rpm bind-utils-9.11.13-3.el8.aarch64.rpm bind-utils-debuginfo-9.11.13-3.el8.aarch64.rpm noarch: bind-license-9.11.13-3.el8.noarch.rpm python3-bind-9.11.13-3.el8.noarch.rpm ppc64le: bind-9.11.13-3.el8.ppc64le.rpm bind-chroot-9.11.13-3.el8.ppc64le.rpm bind-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-debugsource-9.11.13-3.el8.ppc64le.rpm bind-devel-9.11.13-3.el8.ppc64le.rpm bind-export-libs-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-libs-9.11.13-3.el8.ppc64le.rpm bind-libs-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-libs-lite-9.11.13-3.el8.ppc64le.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-lite-devel-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-devel-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-libs-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-utils-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-sdb-9.11.13-3.el8.ppc64le.rpm bind-sdb-chroot-9.11.13-3.el8.ppc64le.rpm bind-sdb-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-utils-9.11.13-3.el8.ppc64le.rpm bind-utils-debuginfo-9.11.13-3.el8.ppc64le.rpm s390x: bind-9.11.13-3.el8.s390x.rpm bind-chroot-9.11.13-3.el8.s390x.rpm bind-debuginfo-9.11.13-3.el8.s390x.rpm bind-debugsource-9.11.13-3.el8.s390x.rpm bind-devel-9.11.13-3.el8.s390x.rpm bind-export-libs-debuginfo-9.11.13-3.el8.s390x.rpm bind-libs-9.11.13-3.el8.s390x.rpm bind-libs-debuginfo-9.11.13-3.el8.s390x.rpm bind-libs-lite-9.11.13-3.el8.s390x.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.s390x.rpm bind-lite-devel-9.11.13-3.el8.s390x.rpm bind-pkcs11-9.11.13-3.el8.s390x.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.s390x.rpm bind-pkcs11-devel-9.11.13-3.el8.s390x.rpm bind-pkcs11-libs-9.11.13-3.el8.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.s390x.rpm bind-pkcs11-utils-9.11.13-3.el8.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.s390x.rpm bind-sdb-9.11.13-3.el8.s390x.rpm bind-sdb-chroot-9.11.13-3.el8.s390x.rpm bind-sdb-debuginfo-9.11.13-3.el8.s390x.rpm bind-utils-9.11.13-3.el8.s390x.rpm bind-utils-debuginfo-9.11.13-3.el8.s390x.rpm x86_64: bind-9.11.13-3.el8.x86_64.rpm bind-chroot-9.11.13-3.el8.x86_64.rpm bind-debuginfo-9.11.13-3.el8.i686.rpm bind-debuginfo-9.11.13-3.el8.x86_64.rpm bind-debugsource-9.11.13-3.el8.i686.rpm bind-debugsource-9.11.13-3.el8.x86_64.rpm bind-devel-9.11.13-3.el8.i686.rpm bind-devel-9.11.13-3.el8.x86_64.rpm bind-export-libs-debuginfo-9.11.13-3.el8.i686.rpm bind-export-libs-debuginfo-9.11.13-3.el8.x86_64.rpm bind-libs-9.11.13-3.el8.i686.rpm bind-libs-9.11.13-3.el8.x86_64.rpm bind-libs-debuginfo-9.11.13-3.el8.i686.rpm bind-libs-debuginfo-9.11.13-3.el8.x86_64.rpm bind-libs-lite-9.11.13-3.el8.i686.rpm bind-libs-lite-9.11.13-3.el8.x86_64.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.i686.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.x86_64.rpm bind-lite-devel-9.11.13-3.el8.i686.rpm bind-lite-devel-9.11.13-3.el8.x86_64.rpm bind-pkcs11-9.11.13-3.el8.x86_64.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.i686.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.x86_64.rpm bind-pkcs11-devel-9.11.13-3.el8.i686.rpm bind-pkcs11-devel-9.11.13-3.el8.x86_64.rpm bind-pkcs11-libs-9.11.13-3.el8.i686.rpm bind-pkcs11-libs-9.11.13-3.el8.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.i686.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.x86_64.rpm bind-pkcs11-utils-9.11.13-3.el8.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.i686.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.x86_64.rpm bind-sdb-9.11.13-3.el8.x86_64.rpm bind-sdb-chroot-9.11.13-3.el8.x86_64.rpm bind-sdb-debuginfo-9.11.13-3.el8.i686.rpm bind-sdb-debuginfo-9.11.13-3.el8.x86_64.rpm bind-utils-9.11.13-3.el8.x86_64.rpm bind-utils-debuginfo-9.11.13-3.el8.i686.rpm bind-utils-debuginfo-9.11.13-3.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v.8): Source: bind-9.11.13-3.el8.src.rpm aarch64: bind-debuginfo-9.11.13-3.el8.aarch64.rpm bind-debugsource-9.11.13-3.el8.aarch64.rpm bind-export-devel-9.11.13-3.el8.aarch64.rpm bind-export-libs-9.11.13-3.el8.aarch64.rpm bind-export-libs-debuginfo-9.11.13-3.el8.aarch64.rpm bind-libs-debuginfo-9.11.13-3.el8.aarch64.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.aarch64.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.aarch64.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.aarch64.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.aarch64.rpm bind-sdb-debuginfo-9.11.13-3.el8.aarch64.rpm bind-utils-debuginfo-9.11.13-3.el8.aarch64.rpm ppc64le: bind-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-debugsource-9.11.13-3.el8.ppc64le.rpm bind-export-devel-9.11.13-3.el8.ppc64le.rpm bind-export-libs-9.11.13-3.el8.ppc64le.rpm bind-export-libs-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-libs-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-sdb-debuginfo-9.11.13-3.el8.ppc64le.rpm bind-utils-debuginfo-9.11.13-3.el8.ppc64le.rpm s390x: bind-debuginfo-9.11.13-3.el8.s390x.rpm bind-debugsource-9.11.13-3.el8.s390x.rpm bind-export-devel-9.11.13-3.el8.s390x.rpm bind-export-libs-9.11.13-3.el8.s390x.rpm bind-export-libs-debuginfo-9.11.13-3.el8.s390x.rpm bind-libs-debuginfo-9.11.13-3.el8.s390x.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.s390x.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.s390x.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.s390x.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.s390x.rpm bind-sdb-debuginfo-9.11.13-3.el8.s390x.rpm bind-utils-debuginfo-9.11.13-3.el8.s390x.rpm x86_64: bind-debuginfo-9.11.13-3.el8.i686.rpm bind-debuginfo-9.11.13-3.el8.x86_64.rpm bind-debugsource-9.11.13-3.el8.i686.rpm bind-debugsource-9.11.13-3.el8.x86_64.rpm bind-export-devel-9.11.13-3.el8.i686.rpm bind-export-devel-9.11.13-3.el8.x86_64.rpm bind-export-libs-9.11.13-3.el8.i686.rpm bind-export-libs-9.11.13-3.el8.x86_64.rpm bind-export-libs-debuginfo-9.11.13-3.el8.i686.rpm bind-export-libs-debuginfo-9.11.13-3.el8.x86_64.rpm bind-libs-debuginfo-9.11.13-3.el8.i686.rpm bind-libs-debuginfo-9.11.13-3.el8.x86_64.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.i686.rpm bind-libs-lite-debuginfo-9.11.13-3.el8.x86_64.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.i686.rpm bind-pkcs11-debuginfo-9.11.13-3.el8.x86_64.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.i686.rpm bind-pkcs11-libs-debuginfo-9.11.13-3.el8.x86_64.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.i686.rpm bind-pkcs11-utils-debuginfo-9.11.13-3.el8.x86_64.rpm bind-sdb-debuginfo-9.11.13-3.el8.i686.rpm bind-sdb-debuginfo-9.11.13-3.el8.x86_64.rpm bind-utils-debuginfo-9.11.13-3.el8.i686.rpm bind-utils-debuginfo-9.11.13-3.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-6477 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXqhWVNzjgjWX9erEAQgR1Q//RjXW2iql7AkR/NuHmVIDGQ8+hCIyXZgT 1SgvYkBUDQaosnMWo7WH3W88FH35BFOZN9VZBTZDHgqS6kvHYDoV7pcFZ1h3I2/H 816IHlKGZuLBQvMZg4uqBhsOpzVhEDeFl/3+ogCD8lnxwQYGsWMHlSuU4IPJJ3H0 C97LVcEn5/hVI2lgyBd+NP569RW0chd3XirT3Y6Mxblaw81Lr8zGnugcTXxkl6eS ouZYYfd+wL+zVhIkB4CAUuVap8GTDgJ+ZySuLXY06RQbeCYqEz0QdWaspptpqUnp Ol4hpehUEVcyKeHlUh5tfJKNjudVg5rPQStC8icnGQyx8D6KD6kJFsv95Sw+B+fA 3u5pz0dZdt++SZOejOsAfyMEe/aW5Tr45gBJilWVafI6n901cgZeY1CoYZK3dj/F UZYs5ExXbmkukAnIq/WvDljTnLLRgmLV1YyNAg8QGbfirFibQfylOGrLqj5hY4nv rYmzj+ckCvNbj/dXY/YBgZnhnF4StvyUv5YYmjJphOKaKco9dmKTnSwAowuxqYBA oAiyu4Bu25gAKcuSRsNbQyxLsjRlDGsAcwHUgSWez5QPYI8VqipBkbeZNxrUAY22 wYw3cVvTlDQNxo6DZEmOfactEjuBnLxzJkasEJVboV6flaGnYKXy/5pET5kdQFV6 5E0kHa44suk=CzFA -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 28, 2020
•Important
Red Hat
98
security advisorysecurity fixred hat enterprise linuxRedHat Enterprise Linux: RHSA-2019-1236 Moderate: .NET Core DoS Threat
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security and bug fix update Advisory ID: RHSA-2019:1236-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:1236 Issue date: 2019-05-15 CVE Names: CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 ==================================================================== 1. Summary: Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, rh-dotnet22-dotnet and rh-dotnet22-curl are now available for .NET Core on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.16, 1.1.13, 2.1.11, and 2.2.5. Security Fix(es): * dotNET: timeouts for regular expressions are not enforced (CVE-2019-0820) * dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denialof Service (CVE-2019-0980) * dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Re-enable bash completion in rh-dotnet22-dotnet (BZ#1654863) * Error rebuilding rh-dotnet22-curl in CentOS (BZ#1678932) * Broken apphost caused by unset DOTNET_ROOT (BZ#1703479) * Make bash completion compatible with rh-dotnet22 packages (BZ#1705259) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1654863 - Re-enable bash completion in rh-dotnet22-dotnet 1678932 - Error rebuilding rh-dotnet22-curl in CentOS 1703479 - Broken apphost caused by unset DOTNET_ROOT 1703508 - Update to .NET Core 1.1.13 1704454 - Update to .NET Core 1.0.16 1704934 - Update to .NET Core Runtime 2.2.5 and SDK 2.2.107 1705147 - Update to .NET Core Runtime 2.1.11 and SDK 2.1.507 1705259 - Make bash completion compatible with rh-dotnet22 packages 1705502 - CVE-2019-0980 dotNET: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service 1705504 - CVE-2019-0981 dotNET: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service 1705506 - CVE-2019-0820 dotNET: timeouts for regular expressions are not enforced 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise LinuxComputeNode (v. 7): Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v.7): Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.16-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.16-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.13-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.13-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v.7): Source: rh-dotnet21-2.1-10.el7.src.rpm rh-dotnet21-dotnet-2.1.507-2.el7.src.rpm x86_64: rh-dotnet21-2.1-10.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.11-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.507-2.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.507-2.el7.x86_64.rpm rh-dotnet21-runtime-2.1-10.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet22-2.2-7.el7.src.rpm rh-dotnet22-curl-7.61.1-2.el7.src.rpm rh-dotnet22-dotnet-2.2.107-2.el7.src.rpm x86_64: rh-dotnet22-2.2-7.el7.x86_64.rpm rh-dotnet22-curl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-curl-debuginfo-7.61.1-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.5-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.107-2.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.107-2.el7.x86_64.rpm rh-dotnet22-libcurl-7.61.1-2.el7.x86_64.rpm rh-dotnet22-libcurl-devel-7.61.1-2.el7.x86_64.rpm rh-dotnet22-runtime-2.2-7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-0820 https://access.redhat.com/security/cve/CVE-2019-0980 https://access.redhat.com/security/cve/CVE-2019-0981 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBXNyKvtzjgjWX9erEAQiFIQ//RuDdkjwFrjsW69TloyogPym1x5uZp2eB hMR1l6l3YTE5ZIeCz7nn86P7IYtLAOiYj5ynjNbGT7aHrM7/R4REedYYqCFxWuu3 3N6vgg/ap1fB+0XdNX+PFNWm/orYRiVr6jyZs2hX4LSDLsQwHuOqVoDcApAHnggH kCRpaxlTEaG9/wyIY3Zvd7ZasxfVUfzhlpzpw25kq6OFJyIokWnVE8G+vs5KS3GQ pTir+3hMc3as8RQVCnWNZoeUhSUemZHvq5MyQqwLCeMFf6CvUTe04oDrMp7FUJHa UcImbcSzzrx3kBvFFmIv6D1uCetuRTrMaXBuOlZcpCJUcnHncvb1OvFhqAeGO6uN NqNnDyRUbyX2cHKpyYTUIfZsCsgKIOBHZNU911URlqnvHAu0LlgAOM0r1uXU48Wg z+LtgnFTDbRmFEspKpN98z4whSL8BnMR8VS/FmPfXo2ApFvipofCK+kPStU0lXZB n7xn4PJyKfst8xUkRfwJ09/GpN328i7QtH53aQG0HCQzKRhxswnc86aQnPW95RWP DPd4EAB74Bq1pEYqRN/gai6bhFsoCS0agf+M7lqBN8ZnQOScj5HD5hy8fsPvB1xD /I5I1sIOJ+Ar0FaCfZqFoXKncap0cp/bBJlHvfCpze4yISy7h6t2E/4l59Zs1xhm KCZo5tPFVoU=dJ6F -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 15, 2019
Red Hat
98
security advisorybug fixarbitrary code executionModerate glibc Vulnerability Patch for Red Hat Enterprise Linux 6
An update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: glibc security and bug fix update Advisory ID: RHSA-2017:0680-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:0680.html Issue date: 2017-03-21 CVE Names: CVE-2014-9761 CVE-2015-8776 CVE-2015-8778 CVE-2015-8779 ==================================================================== 1. Summary: An update for glibc is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot functioncorrectly. Security Fix(es): * A stack overflow vulnerability was found in nan* functions that could cause applications, which process long strings with the nan function, to crash or, potentially, execute arbitrary code. (CVE-2014-9761) * It was found that out-of-range time values passed to the strftime() function could result in an out-of-bounds memory access. This could lead to application crash or, potentially, information disclosure. (CVE-2015-8776) * An integer overflow vulnerability was found in hcreate() and hcreate_r() functions which could result in an out-of-bounds memory access. This could lead to application crash or, potentially, arbitrary code execution. (CVE-2015-8778) * A stack based buffer overflow vulnerability was found in the catopen() function. An excessively long string passed to the function could cause it to crash or, potentially, execute arbitrary code. (CVE-2015-8779) Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 For the update to take effect, all services linked to the glibc library must be restarted, or the system rebooted. 5. Bugs fixed (https://bugzilla.redhat.com/): 1012343 - Thread issue in glibc can cause the application to not get any identity information 1101858 - glibc: Add el_GR@euro, ur_IN, and wal_ET locales 1223095 - access to uninitialized memory in getaddrinfo if nscd is running 1270950 - getaddrinfo() takes long time when lots of IP addresses are configured 1300299 - CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() 1300303 - CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r 1300310 - CVE-2014-9761 glibc: Unbounded stack allocation in nan* functions 1300312 - CVE-2015-8779 glibc:Unbounded stack allocation in catopen function 1338673 - glibc: GCC 6 enablement for struct sockaddr_storage [el6] 1373646 - tzdata-update uses default umask 1416496 - getaddrinfo() call returns wrong IPv6 address if nscd is used 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.209.el6.src.rpm i386: glibc-2.12-1.209.el6.i686.rpm glibc-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-devel-2.12-1.209.el6.i686.rpm glibc-headers-2.12-1.209.el6.i686.rpm glibc-utils-2.12-1.209.el6.i686.rpm nscd-2.12-1.209.el6.i686.rpm x86_64: glibc-2.12-1.209.el6.i686.rpm glibc-2.12-1.209.el6.x86_64.rpm glibc-common-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.x86_64.rpm glibc-devel-2.12-1.209.el6.i686.rpm glibc-devel-2.12-1.209.el6.x86_64.rpm glibc-headers-2.12-1.209.el6.x86_64.rpm glibc-utils-2.12-1.209.el6.x86_64.rpm nscd-2.12-1.209.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-static-2.12-1.209.el6.i686.rpm x86_64: glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.x86_64.rpm glibc-static-2.12-1.209.el6.i686.rpm glibc-static-2.12-1.209.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v.6): Source: glibc-2.12-1.209.el6.src.rpm x86_64: glibc-2.12-1.209.el6.i686.rpm glibc-2.12-1.209.el6.x86_64.rpm glibc-common-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.x86_64.rpm glibc-devel-2.12-1.209.el6.i686.rpm glibc-devel-2.12-1.209.el6.x86_64.rpm glibc-headers-2.12-1.209.el6.x86_64.rpm glibc-utils-2.12-1.209.el6.x86_64.rpm nscd-2.12-1.209.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.x86_64.rpm glibc-static-2.12-1.209.el6.i686.rpm glibc-static-2.12-1.209.el6.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: glibc-2.12-1.209.el6.src.rpm i386: glibc-2.12-1.209.el6.i686.rpm glibc-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-devel-2.12-1.209.el6.i686.rpm glibc-headers-2.12-1.209.el6.i686.rpm glibc-utils-2.12-1.209.el6.i686.rpm nscd-2.12-1.209.el6.i686.rpm ppc64: glibc-2.12-1.209.el6.ppc.rpm glibc-2.12-1.209.el6.ppc64.rpm glibc-common-2.12-1.209.el6.ppc64.rpm glibc-debuginfo-2.12-1.209.el6.ppc.rpm glibc-debuginfo-2.12-1.209.el6.ppc64.rpm glibc-debuginfo-common-2.12-1.209.el6.ppc.rpm glibc-debuginfo-common-2.12-1.209.el6.ppc64.rpm glibc-devel-2.12-1.209.el6.ppc.rpm glibc-devel-2.12-1.209.el6.ppc64.rpm glibc-headers-2.12-1.209.el6.ppc64.rpm glibc-utils-2.12-1.209.el6.ppc64.rpm nscd-2.12-1.209.el6.ppc64.rpm s390x: glibc-2.12-1.209.el6.s390.rpm glibc-2.12-1.209.el6.s390x.rpm glibc-common-2.12-1.209.el6.s390x.rpm glibc-debuginfo-2.12-1.209.el6.s390.rpm glibc-debuginfo-2.12-1.209.el6.s390x.rpm glibc-debuginfo-common-2.12-1.209.el6.s390.rpm glibc-debuginfo-common-2.12-1.209.el6.s390x.rpm glibc-devel-2.12-1.209.el6.s390.rpm glibc-devel-2.12-1.209.el6.s390x.rpm glibc-headers-2.12-1.209.el6.s390x.rpm glibc-utils-2.12-1.209.el6.s390x.rpm nscd-2.12-1.209.el6.s390x.rpm x86_64: glibc-2.12-1.209.el6.i686.rpm glibc-2.12-1.209.el6.x86_64.rpm glibc-common-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.x86_64.rpm glibc-devel-2.12-1.209.el6.i686.rpm glibc-devel-2.12-1.209.el6.x86_64.rpm glibc-headers-2.12-1.209.el6.x86_64.rpm glibc-utils-2.12-1.209.el6.x86_64.rpm nscd-2.12-1.209.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v.6): i386: glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-static-2.12-1.209.el6.i686.rpm ppc64: glibc-debuginfo-2.12-1.209.el6.ppc.rpm glibc-debuginfo-2.12-1.209.el6.ppc64.rpm glibc-debuginfo-common-2.12-1.209.el6.ppc.rpm glibc-debuginfo-common-2.12-1.209.el6.ppc64.rpm glibc-static-2.12-1.209.el6.ppc.rpm glibc-static-2.12-1.209.el6.ppc64.rpm s390x: glibc-debuginfo-2.12-1.209.el6.s390.rpm glibc-debuginfo-2.12-1.209.el6.s390x.rpm glibc-debuginfo-common-2.12-1.209.el6.s390.rpm glibc-debuginfo-common-2.12-1.209.el6.s390x.rpm glibc-static-2.12-1.209.el6.s390.rpm glibc-static-2.12-1.209.el6.s390x.rpm x86_64: glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.x86_64.rpm glibc-static-2.12-1.209.el6.i686.rpm glibc-static-2.12-1.209.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.209.el6.src.rpm i386: glibc-2.12-1.209.el6.i686.rpm glibc-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-devel-2.12-1.209.el6.i686.rpm glibc-headers-2.12-1.209.el6.i686.rpm glibc-utils-2.12-1.209.el6.i686.rpm nscd-2.12-1.209.el6.i686.rpm x86_64: glibc-2.12-1.209.el6.i686.rpm glibc-2.12-1.209.el6.x86_64.rpm glibc-common-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.x86_64.rpm glibc-devel-2.12-1.209.el6.i686.rpm glibc-devel-2.12-1.209.el6.x86_64.rpm glibc-headers-2.12-1.209.el6.x86_64.rpm glibc-utils-2.12-1.209.el6.x86_64.rpm nscd-2.12-1.209.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.6): i386: glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-static-2.12-1.209.el6.i686.rpm x86_64: glibc-debuginfo-2.12-1.209.el6.i686.rpm glibc-debuginfo-2.12-1.209.el6.x86_64.rpm glibc-debuginfo-common-2.12-1.209.el6.i686.rpm glibc-debuginfo-common-2.12-1.209.el6.x86_64.rpm glibc-static-2.12-1.209.el6.i686.rpm glibc-static-2.12-1.209.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2014-9761 https://access.redhat.com/security/cve/CVE-2015-8776 https://access.redhat.com/security/cve/CVE-2015-8778 https://access.redhat.com/security/cve/CVE-2015-8779 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFY0PUyXlSAg2UNWIIRAhr6AJ41TwpX4GlTdzHFMpTodtlmlfMZTwCfQ0pd XJUoh8+cFg11T95uhak9bLA=V1Eh -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Mar 21, 2017
Red Hat
98
security advisoryRed Hatinformation leakRed Hat: RHSA-2012-0059-01 Moderate: OpenSSL Security Issues
Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: openssl security update Advisory ID: RHSA-2012:0059-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2012:0059.html Issue date: 2012-01-24 CVE Names: CVE-2011-4108 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 ==================================================================== 1. Summary: Updated openssl packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security (DTLS) protocolimplementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. (CVE-2011-4108) An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection. (CVE-2011-4576) A denial of service flaw was found in the RFC 3779 implementation in OpenSSL. A remote attacker could use this flaw to make an application using OpenSSL exit unexpectedly by providing a specially-crafted X.509 certificate that has malformed RFC 3779 extension data. (CVE-2011-4577) It was discovered that OpenSSL did not limit the number of TLS/SSL handshake restarts required to support Server Gated Cryptography. A remote attacker could use this flaw to make a TLS/SSL server using OpenSSL consume an excessive amount of CPU by continuously restarting the handshake. (CVE-2011-4619) All OpenSSL users should upgrade to these updated packages, which contain backported patches to resolve these issues. For the update to take effect, all services linked to the OpenSSL library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 771770 - CVE-2011-4108 openssl: DTLS plaintext recovery attack 771775 - CVE-2011-4576 openssl: uninitialized SSL 3.0 padding 771778 - CVE-2011-4577 openssl: malformed RFC 3779 data can cause assertion failures 771780 - CVE-2011-4619 openssl: SGC restart DoS attack 6. Package List: Red Hat Enterprise Linux Desktop (v.6): Source: i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server (v.6): Source: i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm ppc64: openssl-1.0.0-20.el6_2.1.ppc.rpm openssl-1.0.0-20.el6_2.1.ppc64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc.rpm openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-devel-1.0.0-20.el6_2.1.ppc.rpm openssl-devel-1.0.0-20.el6_2.1.ppc64.rpm s390x: openssl-1.0.0-20.el6_2.1.s390.rpm openssl-1.0.0-20.el6_2.1.s390x.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390.rpm openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-devel-1.0.0-20.el6_2.1.s390.rpm openssl-devel-1.0.0-20.el6_2.1.s390x.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm ppc64: openssl-debuginfo-1.0.0-20.el6_2.1.ppc64.rpm openssl-perl-1.0.0-20.el6_2.1.ppc64.rpm openssl-static-1.0.0-20.el6_2.1.ppc64.rpm s390x: openssl-debuginfo-1.0.0-20.el6_2.1.s390x.rpm openssl-perl-1.0.0-20.el6_2.1.s390x.rpm openssl-static-1.0.0-20.el6_2.1.s390x.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: i386: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-1.0.0-20.el6_2.1.i686.rpm openssl-1.0.0-20.el6_2.1.x86_64.rpm openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-devel-1.0.0-20.el6_2.1.i686.rpm openssl-devel-1.0.0-20.el6_2.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v.6): Source: i386: openssl-debuginfo-1.0.0-20.el6_2.1.i686.rpm openssl-perl-1.0.0-20.el6_2.1.i686.rpm openssl-static-1.0.0-20.el6_2.1.i686.rpm x86_64: openssl-debuginfo-1.0.0-20.el6_2.1.x86_64.rpm openssl-perl-1.0.0-20.el6_2.1.x86_64.rpm openssl-static-1.0.0-20.el6_2.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://access.redhat.com/security/cve/CVE-2011-4108 https://access.redhat.com/security/cve/CVE-2011-4576 https://access.redhat.com/security/cve/CVE-2011-4577 https://access.redhat.com/security/cve/CVE-2011-4619 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPHySOXlSAg2UNWIIRAlYpAKCQCY5k4gZ5VKOHZekEaWFHDNjGZwCZAdR3 CJl5iUxU4cxJLOsSBESSRVs=PMiS -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list
Jan 24, 2012
Red Hat
98
security advisorybuffer overflowred hat enterprise linuxUbuntu Linux: USN-2009-1102-1 Moderate: Cscope Memory Leak
An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.. ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cscope security update Advisory ID: RHSA-2009:1102-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2009:1102.html Issue date: 2009-06-15 CVE Names: CVE-2004-2541 CVE-2009-0148 ==================================================================== 1. Summary: An updated cscope package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Workstation (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 3. Description: cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. (CVE-2004-2541, CVE-2009-0148) All users of cscope are advised to upgrade to this updated package, which contains backported patches to fix these issues. All running instances of cscope must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at 5. Bugs fixed (http://bugzilla.redhat.com/): 490667 - CVE-2004-2541, CVE-2009-0148 cscope: multiple buffer overflows 6. Package List: RHEL Desktop Workstation (v. 5client): Source: i386: cscope-15.5-15.1.el5_3.1.i386.rpm cscope-debuginfo-15.5-15.1.el5_3.1.i386.rpm x86_64: cscope-15.5-15.1.el5_3.1.x86_64.rpm cscope-debuginfo-15.5-15.1.el5_3.1.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: i386: cscope-15.5-15.1.el5_3.1.i386.rpm cscope-debuginfo-15.5-15.1.el5_3.1.i386.rpm ia64: cscope-15.5-15.1.el5_3.1.ia64.rpm cscope-debuginfo-15.5-15.1.el5_3.1.ia64.rpm ppc: cscope-15.5-15.1.el5_3.1.ppc.rpm cscope-debuginfo-15.5-15.1.el5_3.1.ppc.rpm s390x: cscope-15.5-15.1.el5_3.1.s390x.rpm cscope-debuginfo-15.5-15.1.el5_3.1.s390x.rpm x86_64: cscope-15.5-15.1.el5_3.1.x86_64.rpm cscope-debuginfo-15.5-15.1.el5_3.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package 7. References: https://www.cve.org/CVERecord?id=CVE-2004-2541 https://www.cve.org/CVERecord?id=CVE-2009-0148 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2009 Red Hat, Inc. . Routine security enhancement for cscope in Red Hat Enterprise Linux aimed at mitigating several buffer overflow vulnerabilities. Ensure your system remains protected!. Cscope Security Fix, Red Hat Updates, Buffer Overflow Remediation. . LinuxSecurity.com Team
Jun 16, 2009
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!